CN111510916B - WAMS data encryption and decryption method, device and system - Google Patents

WAMS data encryption and decryption method, device and system Download PDF

Info

Publication number
CN111510916B
CN111510916B CN202010268970.5A CN202010268970A CN111510916B CN 111510916 B CN111510916 B CN 111510916B CN 202010268970 A CN202010268970 A CN 202010268970A CN 111510916 B CN111510916 B CN 111510916B
Authority
CN
China
Prior art keywords
data
data frame
processed
current
frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010268970.5A
Other languages
Chinese (zh)
Other versions
CN111510916A (en
Inventor
方陈
时志雄
凌平
魏新迟
孙丹妮
孙佳麒
陶维青
刘舒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei University of Technology
State Grid Shanghai Electric Power Co Ltd
Original Assignee
Hefei University of Technology
State Grid Shanghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei University of Technology, State Grid Shanghai Electric Power Co Ltd filed Critical Hefei University of Technology
Priority to CN202010268970.5A priority Critical patent/CN111510916B/en
Publication of CN111510916A publication Critical patent/CN111510916A/en
Application granted granted Critical
Publication of CN111510916B publication Critical patent/CN111510916B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • H04W28/065Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information using assembly or disassembly of packets

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a WAMS data encryption and decryption method, device and system, which are applied to an encryption device, and the method comprises the following steps: 1) Receiving a data frame to be processed, and combining the current data frame to be processed and a next data frame to be processed of the current data frame to be processed to obtain first target data; 2) Identifying an encryption flag bit encrypt _ flag of the first target data, and executing the step C when the value of the encrypt _ flag is true; when the value of the encrypt _ flag is false, sending first target data; 3) Encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; and sending out the encrypted data frame to be processed. By applying the embodiment of the invention, the wireless communication frequency is required, and the data security of the power grid is enhanced.

Description

WAMS data encryption and decryption method, device and system
Technical Field
The present invention relates to a data processing method and apparatus, and more particularly, to a method, apparatus and system for encrypting and decrypting WAMS data.
Background
Along with the construction of smart grids, the digitization of power systems is popularized, and smart power Measurement monitoring systems represented by a Wide Area Measurement System (WAMS) are developed vigorously. Compared with the traditional power grid measurement monitoring system, the WAMS technology is used for monitoring the spread of power to a power distribution network by a transformer substation. However, due to the fact that the fixed quantity of the substation nodes is small and the nodes of the power distribution network are complex and variable, part of the node optical fiber lines cannot reach all the nodes in the power distribution network, that is, a large number of monitoring blind spots where the lines are difficult to lay exist in the power distribution network, and therefore measurement monitoring data collected by the nodes need to be transmitted through other communication modes. In order to solve the problem of data transmission, a wireless communication mode is generally adopted at present. The wireless communication network is simple to erect, and the networking is flexible and changeable, so that the wireless communication becomes one of important ways of WAMS communication of the power distribution network.
In the prior art, patent application No. 201810520242.1 discloses a power communication signal transmission system based on TLS encryption, which comprises a power failure analysis system, a power communication system and a TLS encryption system; the invention adopts the plaintext to transmit information, so that the risks of information eavesdropping, information tampering and information hijacking exist, the protocol TLS/SSL has the functions of identity verification, information encryption and integrity verification, the problems can be avoided, and the problems that the devices of the power failure analysis system have no direct coupling relation and have no bottleneck exist. The system has good expansibility and fault tolerance, the structure is simplified, and the reliability is improved; the method supports the transient fault recording requirement and the normal state recording with large capacity and high sampling rate. Under the capacity of 96 analog quantity paths and 192 switching quantity paths, the sampling rate of 10kHz can be supported by a traditional station, and the sampling rate of 4.8kHz can be supported by a digital station, so that the method has strong creativity.
However, the inventor finds that the asymmetric encryption algorithm adopted in the prior art has a technical problem of high data overhead in actual power grid monitoring and measuring work.
Disclosure of Invention
The invention aims to provide a method, a device and a system for encrypting and decrypting WAMS data, so as to solve the technical problem of high data overhead in the prior art.
The invention solves the technical problems through the following technical scheme:
the embodiment of the invention provides a WAMS data encryption method which is applied to an encryption device and comprises the following steps:
step A, receiving a data frame to be processed, and merging the current data frame to be processed and a next data frame to be processed of the current data frame to be processed to obtain first target data;
b, identifying an encryption flag bit encrypt _ flag of the first target data, and executing the step C when the value of the encrypt _ flag is true; when the value of the encrypt _ flag is false, sending the first target data;
step C, encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; and sending out the encrypted data frame to be processed.
Optionally, the marking mode of the encrypt _ flag includes: manual marking, machine automated marking, or manual-machine hybrid marking.
Optionally, the merging the current data frame to be processed and the next data frame to be processed of the current data frame to be processed includes:
writing a data segment in a first data frame to be processed in the current round of merging as a first data segment into an initial data frame, writing a data head in the first data frame to be processed into a data head of the initial data frame, then taking a next data frame to be processed of the first data frame to be processed as the current data frame to be processed, and storing a merging flag bit with a true value into a first set position in a frame data head in the initial data frame;
writing data segments except a data head in a current data frame to be processed into an initial data frame;
judging whether the number of the data frames combined in the current round of combination reaches a preset threshold value or not;
if so, taking the initial data frame as a combined data frame; taking a data frame to be processed after the current data frame to be processed as a first data frame to be processed in the next merging round of the current merging round, returning to execute the step of writing a data segment in the first data frame to be processed in the current merging round as a first data segment into the initial data frame, and writing a data head in the first data frame to be processed into a data head of the initial data frame;
and if not, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step of writing the data segments except the data head in the current data frame to be processed into the initial data frame until the number of the data frames combined in the current round of combination reaches a preset threshold value.
Optionally, when the data segment in the first to-be-processed data frame in the current round of merging process is written into the initial data frame as the first data segment, the data header in the first to-be-processed data frame is written into the data header of the initial data frame, and then the next to-be-processed data frame in the first to-be-processed data frame is used as the current to-be-processed data frame, the method further includes:
and storing the merging flag bit with a true value into a first set position in a frame data header in the initial data frame.
Optionally, the generating process of the encrypted byte mapping table includes:
b1, an encrypted temporary data array is constructed in advance, wherein the encrypted temporary data array comprises a plurality of temporary data;
b2, acquiring a random seed a and a round number t; and judging whether t is greater than zero;
step B3, when t is larger than zero, acquiring a = rand ()% t, and acquiring data in the encrypted byte conversion table by using a formula and an IPtable [256-t ] = IPtemp [ a ]; IPtemp [256] is a temporary data array; IPtable [256] is the encrypted byte mapping table; rand () is a pseudo random number generating function;
b4, judging whether a is smaller than t-1;
step B5, if yes, circularly updating the temporary data in the encrypted temporary data array by using a formula IPtemp [ a ] = IPtemp [ a +1], then updating a by using a = a +1, and returning to execute the step B4 until a is not less than t-1;
and B6, if not, updating the round number by using a formula t = t-1, returning to execute the step 22) until t is not greater than zero, and taking the obtained IPtable [256] as an encrypted byte conversion table.
Optionally, the encrypting the data frame to be processed by using a pre-generated encrypted byte mapping table includes:
step B7, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the encrypted byte conversion table;
step B8, taking the current data frame to be processed after replacing the current character as the encrypted current data frame to be processed, and marking the first two bytes of the encrypted data frame to be processed by using a preset encryption mark, wherein the preset encryption mark comprises: 0X0101; and taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step B7 until the received data frames to be processed are all encrypted.
An embodiment of the present invention further provides a WAMS data decryption method based on any of the foregoing, where the method includes:
step D, receiving first target data containing a data frame to be restored;
step E, under the condition that decryption is needed, decrypting by using a preset decryption byte conversion table;
and step F, taking the decrypted data frame as second target data, and performing the decomplexing processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
Optionally, the step D includes:
sequentially receiving data frames to be restored, reading data of a second set position in a current data frame to be restored in the data frames to be restored, and judging whether the data of the second set position is true;
if yes, executing the step E;
if not, taking the next frame data of the current data frame to be restored as the current data frame to be restored, and returning to the step of reading the data at the second set position in the current data frame to be restored in the data frame to be restored until the encrypted marker bit data is true.
Optionally, the generating process of the decrypted byte mapping table includes:
e1, pre-constructing a decrypted byte transformation table decipherIPtable [256], and enabling the content in the decipherIPtable to be consistent with the content of a temporary data array IPtemp [256 ];
e2, judging whether t corresponding to the current wheel is smaller than 256;
step E3, when t is smaller than 256, updating t by using a formula t = t +1; secondly, in the ith iteration in the current round, when the iteration number in the current round is less than 256, judging whether an encrypted byte conversion table IPtable [ i ] = t is established, if so, updating a decrypted byte conversion table by using a formula decipherIPtable [ t ] = i, then updating the number of rounds by using a formula t = t +1, and returning to execute the step of judging whether t corresponding to the current round is less than 256; if the IPtable [ i ] = t is not established, updating the iteration times by using a formula i = i +1, and returning to execute the step of judging whether the IPtable [ i ] = t is established until i reaches 256;
and E4, when t is not less than 256, using the decipherIPtable [256] as a decryption byte conversion table.
Optionally, the decrypting with the preset decryption byte mapping table includes:
e5, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the decrypted byte conversion table;
e6, taking the current data frame to be processed after the current character is replaced as the decrypted current data frame to be processed; and E5, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step E5 until the received data frame to be processed is decrypted.
Optionally, step F includes:
step F1, taking the decrypted data frame as second target data, and reading a current data segment from a current data frame to be decoded and combined in the second target data;
f2, judging whether the current data segment is the last data segment of the current data frame to be decombined;
step F4, if yes, obtaining a de-merging data frame corresponding to the current data segment according to the sum of the de-merging data frames corresponding to the current data segment and the data segment before the current data segment, and taking a set of the de-merging data frame corresponding to the current data segment and the de-merging data frames corresponding to other data segments as the de-merging data frames;
f5, if not, obtaining a combined data frame corresponding to the current data segment according to the sum of the combined data frames corresponding to the current data segment and the data segment before the current data segment; and taking the next data segment of the current data segment as the current data segment, and returning to execute the step F2 until the data frames to be combined are combined.
The embodiment of the invention also provides a WAMS data encryption device, which comprises:
the first receiving module is used for receiving the data frame to be processed and merging the current data frame to be processed with the next data frame to be processed of the current data frame to be processed to obtain first target data;
the identification module is used for identifying an encryption flag bit encrypt _ flag of the first target data, and when the value of the encrypt _ flag is true, the encryption module is triggered; when the value of the encrypt _ flag is false, sending the first target data;
the encryption module is used for encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; and sending out the encrypted data frame to be processed.
Optionally, the marking mode of the encrypt _ flag includes: manual marking, machine automated marking, or manual-machine hybrid marking.
Optionally, the first receiving module is configured to:
the merging the current data frame to be processed and the next data frame to be processed of the current data frame to be processed includes:
writing a data segment in a first data frame to be processed in the current round of merging as a first data segment into an initial data frame, writing a data head in the first data frame to be processed into a data head of the initial data frame, then taking a next data frame to be processed of the first data frame to be processed as the current data frame to be processed, and storing a merging flag bit with a true value into a first set position in a frame data head in the initial data frame;
writing data segments except a data head in a current data frame to be processed into an initial data frame;
judging whether the number of the data frames combined in the current round of combination reaches a preset threshold value or not;
if so, taking the initial data frame as a combined data frame; taking a data frame to be processed after the current data frame to be processed as a first data frame to be processed in the next round of merging, returning to execute the step of writing a data segment in the first data frame to be processed in the current round of merging as a first data segment into the initial data frame and writing a data head in the first data frame to be processed into a data head of the initial data frame;
and if not, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step of writing the data segments except the data head in the current data frame to be processed into the initial data frame until the number of the data frames combined in the current round of combination reaches a preset threshold value.
Optionally, the encryption module is configured to:
b1, an encrypted temporary data array is constructed in advance, wherein the encrypted temporary data array comprises a plurality of temporary data;
b2, acquiring a random seed a and a round number t; and judging whether t is greater than zero;
step B3, when t is larger than zero, acquiring a = rand ()% t, and acquiring data in the encrypted byte conversion table by using a formula and an IPtable [256-t ] = IPtemp [ a ]; IPtemp [256] is a temporary data array; IPtable [256] is an encrypted byte mapping table; rand () is a pseudo random number generating function;
b4, judging whether a is smaller than t-1;
step B5, if yes, updating the temporary data in the encrypted temporary data array by using a formula IPtemp [ a ] = IPtemp [ a +1], then updating a by using a = a +1, and returning to execute the step B4 until a is not less than t-1;
b6, if not, updating the round number by using a formula t = t-1, returning to execute the step B2 until t is not greater than zero, and taking the obtained IPtable [256] as an encrypted byte conversion table;
the encrypting the data frame to be processed by using the pre-generated encrypted byte mapping table comprises the following steps:
step B7, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the encrypted byte conversion table;
step B8, taking the current data frame to be processed after replacing the current character as the encrypted current data frame to be processed, and marking the first two bytes of the encrypted data frame to be processed by using a preset encryption mark, wherein the preset encryption mark comprises: 0X0101; and taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step B7 until the received data frames to be processed are all encrypted.
An embodiment of the present invention further provides a WAMS data decryption apparatus based on any of the above, where the apparatus includes:
the second receiving module is used for receiving first target data containing a data frame to be restored;
the decryption module is used for decrypting by using a preset decryption byte conversion table under the condition of needing decryption;
and the restoring module is used for taking the decrypted data frame as second target data and performing the decomplexing and processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
Optionally, the second receiving module is configured to:
sequentially receiving data frames to be restored, reading data at a second set position in a current data frame to be restored in the data frames to be restored, and judging whether the data at the second set position is true or not;
if yes, triggering a decryption module;
if not, taking the next frame data of the current data frame to be restored as the current data frame to be restored, and returning to the step of reading the data at the second set position in the current data frame to be restored in the data frame to be restored until the encrypted marker bit data is true.
Optionally, the decryption module is configured to:
e1, pre-constructing a decrypted byte conversion table decipherIPtable [256], and enabling the content in the decipherIPtable to be consistent with the content of a temporary data array IPtemp [256 ];
e2, judging whether t corresponding to the current wheel is smaller than 256;
step E3, when t is smaller than 256, updating t by using a formula t = t +1; secondly, in the ith iteration in the current round, when the iteration number in the current round is less than 256, judging whether an encrypted byte conversion table IPtable [ i ] = t is established, if so, updating a decrypted byte conversion table by using a formula decipherIPtable [ t ] = i, then updating the number of rounds by using a formula t = t +1, and returning to execute the step of judging whether t corresponding to the current round is less than 256; if the IPtable [ i ] = t is not established, updating the iteration times by using a formula i = i +1, and returning to execute the step of judging whether the IPtable [ i ] = t is established until i reaches 256;
and E4, when t is not less than 256, using the decipherIPtable [256] as a decryption byte conversion table.
Optionally, the decryption module is configured to:
e5, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the decrypted byte conversion table;
e6, taking the current data frame to be processed after the current character is replaced as the decrypted current data frame to be processed; and E5, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step E5 until the received data frame to be processed is decrypted.
Optionally, the decryption module is configured to:
step F1, taking the decrypted data frame as second target data, and reading a current data segment from a current data frame to be decoded and combined in the second target data;
f2, judging whether the current data segment is the last data segment of the current data frame to be decombined;
step F4, if yes, obtaining a data frame of the current data segment according to the sum of the data frames of the current data segment and the data segment before the current data segment, and taking the set of the data frame of the current data segment and the data frame of other data segments as the data frame of the current data segment;
f5, if not, obtaining a combined data frame corresponding to the current data segment according to the sum of the combined data frames corresponding to the current data segment and the data segment before the current data segment; and taking the next data segment of the current data segment as the current data segment, and returning to execute the step F2 until the data frames to be combined are combined.
The embodiment of the invention also provides a WAMS data processing system, which comprises: WAMS data encryption device and WAMS data decryption device, wherein,
WAMS data encryption means for performing the encryption method of any one of the above;
WAMS data decryption means for performing the decryption method of any one of the above.
Compared with the prior art, the invention has the following advantages:
(1) By applying the embodiment of the invention, the encrypted byte conversion table is used for carrying out byte replacement in the encryption process so as to further realize encryption, and compared with data operation in an asymmetric encryption algorithm in the prior art, the data overhead can be reduced.
(2) In addition, after the data is encrypted, the data can be prevented from being stolen by a third party.
Drawings
Fig. 1 is a schematic flowchart of a WAMS data encryption method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a WAMA data encryption method according to an embodiment of the present invention;
fig. 3 is a schematic view of an application scenario of a WAMS data encryption method according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a merging process in a WAMS data encryption method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a data structure change in a merging process in a WAMS data encryption method according to an embodiment of the present invention;
fig. 6 is a schematic flowchart illustrating a process of generating an encrypted byte mapping table in a WAMS data encryption method according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of an encryption process in a WAMS data encryption method according to an embodiment of the present invention;
fig. 8 is a schematic diagram illustrating a position of an encryption mark in a WAMS data encryption method according to an embodiment of the present invention;
fig. 9 is a schematic diagram illustrating a principle of a de-merge process in a WAMS data decryption method according to an embodiment of the present invention;
fig. 10 is a schematic diagram illustrating a data structure change during a de-merging process in a WAMS data decryption method according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a WAMS decryption apparatus according to an embodiment of the present invention;
fig. 12 is a data flow chart of a WAMS data processing system according to an embodiment of the present invention.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
The embodiment of the invention provides a method, a device and a system for encrypting and decrypting WAMS data, and firstly introduces the WAMS data encryption method provided by the embodiment of the invention.
Fig. 1 is a schematic flowchart of a WAMS data encryption method according to an embodiment of the present invention; fig. 2 is a schematic diagram illustrating a WAMA data encryption method according to an embodiment of the present invention; as shown in fig. 1 and 2, the method includes:
s101: and receiving a data frame to be processed, and combining the current data frame to be processed and a next data frame to be processed of the current data frame to be processed to obtain first target data.
Fig. 3 is a schematic view of an application scenario of a WAMS data encryption method according to an embodiment of the present invention, and as shown in fig. 3, the WAMS system includes: the system comprises a system main station, data acquisition equipment and a data transmission link, wherein the system main station is integrated with a protection management module, an online decision-making module, a parameter calculation module, a state estimation module, a fault diagnosis module and other application modules, and the modules respectively execute different functions.
Data acquisition apparatus comprising: PMU1, PMU2, and PMUn. Taking PMU1 as an example, PMU1 is a PMU device (synchronous Phasor Measurement Unit). The method comprises the steps that the PMU1 encrypts collected data through an encryptor and then sends the encrypted data to PDC equipment through equipment such as a wireless network, the PDC equipment encrypts the received data and then sends the encrypted data to a decryptor through a power data scheduling network, and the encrypted data are transmitted to a WAMS master station after being processed by the decryptor.
It can be understood that the data transmission mode of other data acquisition devices is the same as the above mode, and the embodiment of the present invention is not described herein again.
In the prior art, a PMU or PDC of a data acquisition device forms data frames of data to be transmitted, and then transmits the data to be transmitted in units of the data frames. The structure of the data frames is shown in fig. 2, each data frame includes a frame data header and a frame data segment, wherein the frame data header includes: a SYNC field, a FRAMESIZE field, and a DC _ IDCODE field; the frame DATA segment stores monitoring measurement DATA, for example, a first DATA frame to be transmitted, that is, a DATA segment in the DATA frame to be processed is a DATA1 field;
the DATA segment in the second DATA frame to be sent is a DATA2 field; and in the same way, the data segment in the nth data frame to be sent is a DATAn field.
The PDC device is a phasor data concentrator.
Specifically, fig. 4 is a schematic diagram illustrating a merging process in a WAMS data encryption method according to an embodiment of the present invention; fig. 5 is a schematic diagram illustrating a change of a data structure in a merging process in a WAMS data encryption method according to an embodiment of the present invention; as shown in fig. 4 and 5, if the current DATA frame to be processed is the first DATA frame to be processed, and the DATA segment therein is DATA1, the DATA segment DATA1 is stored in the initial DATA frame for storing the merged DATA frame to be processed.
Firstly, a queue receives and outputs a data frame to be processed, wherein the data acquisition equipment comprises: one or a combination of PMU and PDC; normally, the DATA segment DATA1 of the current DATA frame to be processed is stored in the first DATA segment bit of the initial DATA frame.
The data acquisition device PMU or PDC may arrange the data frames in a time sequence to obtain a to-be-processed data frame queue, for example, start receiving from a first to-be-processed data frame, and after receiving the first to-be-processed data frame, determine whether the number of the received to-be-processed data frames reaches a preset threshold, if n, it indicates that the merging operation of the data frames of the current round can be performed, that is, step S102 is performed; if not, it means that the data frames to be processed are still received, that is, the next frame data of the first data frame to be processed, that is, the second data frame to be processed, needs to be received until the number of the received data frames to be processed reaches n.
In each round of merging process, before merging the current data frame to be processed, it needs to be judged whether the current data frame to be processed needs to be merged. Generally, whether the merging operation needs to be carried out is judged by judging whether the value of the merging flag bit of the current data frame to be processed is true or false; if the value of the merging flag bit is false, the merging operation is not required to be performed on the current data frame to be processed, and in general, data merging processing is performed on the current data frame to be processed. If the value of the merging flag bit is true, merging operation needs to be performed on the current data frame to be processed. Then, taking a data segment in a first data frame to be processed in the current round of merging as a first data segment to be written into an initial data frame, writing a data head in the first data frame to be processed into a data head of the initial data frame, and taking a next data frame to be processed of the first data frame to be processed as a current data frame to be processed; (ii) a Writing data segments except a data head in a current data frame to be processed into an initial data frame; judging whether the number of the data frames combined in the current round of combination reaches a preset threshold value or not; if so, taking the initial data frame as a data frame after the combination is finished; and executing the step S102 until all the data frames to be processed in the current round of merging are merged; and if not, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step of writing the data segments except the data head in the current data frame to be processed into the initial data frame until the number of the data frames combined in the current round of combination reaches a preset threshold value n.
Further, the flag manner of the encrypt _ flag includes: manual marking, machine-automated marking, or manual-machine hybrid marking. Data collected by which equipment needs to be encrypted can be preset in the system, and then the data collection equipment adds encrypt _ flag into the frame header of the collected data frame.
Step 1), writing a data segment in a first data frame to be processed in the current round of compression process as a first data segment into an initial data frame, and then taking a next data frame to be processed of the first data frame to be processed as a current data frame to be processed;
specifically, fig. 4 is a schematic diagram illustrating a merging process in a WAMS data encryption method according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a change of a data structure in a merging process in a WAMS data encryption method according to an embodiment of the present invention; as shown in fig. 4 and 5, if the current DATA frame to be processed is the first DATA frame to be processed, and the DATA segment therein is DATA1, the DATA segment DATA1 is stored in the initial DATA frame for storing the merged DATA frame to be processed.
Normally, the DATA segment DATA1 of the current DATA frame to be processed is stored in the first DATA segment bit of the initial DATA frame.
In practical applications, since each data frame to be processed in the current round of merging belongs to the same type of data frame, the frame data header of the initial data frame may be consistent with the frame data header of the data frame to be processed.
Step 2), writing the data segment content in the current data frame to be processed into the initial data frame as a second data segment;
specifically, the DATA segment DATA2 is sequentially stored in the second DATA segment bit in the initial DATA frame.
Step C, judging whether the number of the combined data frames in the current round of compression reaches a preset threshold value or not; if yes, executing step 4); if not, taking the next data frame to be processed of the current data frame to be processed as the current data frame to be processed, and executing the step 2).
Specifically, since the last DATA segment of the currently merged DATA frame is DATA2, the number of the to-be-processed DATA frames currently subjected to merging processing is 2;
if 2 is less than the preset threshold value, executing step 2);
if 2 is greater than or equal to the preset threshold, step 4) is performed.
And if the preset threshold value is 5, the judgment result in the step C is to execute the step 2).
Step 4), taking the initial data frame as a combined data frame; and taking the next data frame to be processed after the current data frame to be processed as the current data frame to be processed of the next round of combination of the current round of combination, and executing 6).
Specifically, since the number of the merged to-be-processed data frames reaches the preset threshold, the merging process of the to-be-processed data frames of the current round is finished, and after the merging operation is finished, 2 bytes of 0X0000 content are added to the head of the merged data frame as a flag bit.
Because the monitoring detection data are generated continuously, merging processing of a next round of data frames to be processed is required after the current round of merging is finished; therefore, the second data frame to be processed after the current data frame to be processed, that is, the third data frame to be processed in the queue of data frames to be processed is used as the new current data frame to be processed in the next round of merging process, and then step 1) is executed.
And 5), returning to execute the step of taking the next data frame to be processed of the first data frame to be processed as the current data frame to be processed until the number of the data frames combined in the current round of combination reaches a preset threshold value.
For example, since the number of merged to-be-processed data frames does not reach the preset threshold, the merging process of the to-be-processed data frames of the current round has not yet ended.
And taking the next DATA frame to be processed of the second DATA frame to be processed, namely the third DATA frame to be processed as the current DATA frame to be processed, and then writing the DATA segment DATA3 of the third DATA frame to be processed into the initial DATA frame as a third DATA segment.
It is emphasized that the DATA segment DATA3 is located at a position subsequent to the DATA segment DATA2 in the initial DATA frame.
As shown in fig. 5, a DATA frame including frame DATA header SYNC, frame, DC _ id, and frame DATA segments DATA1, DATA2, DATA3, \ 8230, DATAn is used as an initial DATA frame, and the initial DATA frame is subsequently processed as first target DATA. Further, the set of initial data frames may also be used as the first target data.
In addition, the inventor finds that in actual power grid monitoring and measuring work, because the transmission bandwidth of the communication node in the wireless communication network is limited and the communication node takes on the task of forwarding data of other nodes, the available bandwidth of the communication node is further reduced, and the available bandwidth of the communication node is smaller. Furthermore, the WAMS generates a large amount of monitoring measurement data during the operation process, and high-speed data transmission is required to ensure real-time control over the power grid. This creates a contradiction between the large data volume transmission and the small bandwidth, which is not reconciled, and thus the prior art has a technical problem that the monitoring measurement data cannot be sent out in time.
By applying the embodiment of the invention, the data frame to be processed currently and the data frame to be processed next to the data frame to be processed currently are combined, so that the data volume of the data to be transmitted is reduced, compared with the larger data volume in the prior art, the time for transmitting the combined data frame is shorter, and the data frame to be processed corresponding to the monitoring measurement data can be transmitted in time.
In the prior art, due to technical limitation, a communication node cannot timely send monitoring measurement data, that is, wireless communication also has a problem of low communication frequency. The embodiment of the invention reduces the amount of data to be sent, and further can transmit a large amount of data under the condition of low-frequency communication.
S102: identifying an encryption flag encryption _ flag of first target data, and executing a step S103 when the value of the encryption _ flag is true; and when the value of the encrypt _ flag is false, sending the first target data.
Specifically, the step S102 may include: b1, an encrypted temporary data array is constructed in advance, wherein the encrypted temporary data array comprises a plurality of temporary data;
b2, acquiring a random seed a and a round number t; and judging whether t is greater than zero;
step B3, when t is larger than zero, acquiring a = rand ()% t, and acquiring data in the encrypted byte conversion table by using a formula and an IPtable [256-t ] = IPtemp [ a ]; IPtemp [256] is a temporary data array; IPtable [256] is the encrypted byte mapping table; rand () is a pseudo random number generating function;
b4, judging whether a is smaller than t-1;
step B5, if yes, updating the temporary data in the encrypted temporary data array by using a formula IPtemp [ a ] = IPtemp [ a +1], then updating a by using a = a +1, and returning to execute the step B4 until a is not less than t-1;
and B6, if not, updating the round number by using a formula t = t-1, returning to execute the step B2 until t is not greater than zero, and taking the obtained IPtable [256] as an encrypted byte conversion table.
S103: encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; and sending out the encrypted data frame to be processed.
Specifically, step B7, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the encrypted byte mapping table;
step B8, taking the current data frame to be processed after replacing the current character as the encrypted current data frame to be processed, and marking the first two bytes of the encrypted data frame to be processed by using a preset encryption mark, wherein the preset encryption mark comprises: 0X0101; and taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step B7 until the received data frames to be processed are all encrypted.
Illustratively, when the current data frame to be processed after replacing the current character is taken as the encrypted current data frame to be processed, a preset encryption stamp is used to mark the first two bytes of the encrypted data frame to be processed, where the preset encryption stamp includes: 0X0101.
Fig. 6 is a schematic flowchart of a process of generating an encrypted byte mapping table in a WAMS data encryption method according to an embodiment of the present invention; fig. 7 is a schematic flowchart of an encryption process in a WAMS data encryption method according to an embodiment of the present invention; fig. 8 is a schematic diagram illustrating the position of an encryption mark in a WAMS data encryption method according to an embodiment of the present invention; as shown in figures 6-8 of the drawings,
step I, initializing a temporary data array IPtemp [256] = {0x00,0x01,0x02,0x03 \8230, (8230, 0xFF }, IPtable [256] =0, t =256, and random number a in an encryption device, and executing step II;
step II, executing a srad (time (NULL)) function to obtain a random seed, then taking a = rand ()% t, and enabling IPtable [256-t ] = IPtemp [ a ], and executing step III;
step III, IPtemp [ a ] = IPtemp [ a +1], a = a +1, if a = t-1, step IV is executed, otherwise, step III is executed repeatedly;
step IV, judging whether the value of t is 0 or not, if not, enabling t = t-1, and executing step II; if t =0, finishing the calculation, wherein the IPtable is an encryption substitution table;
step V, initializing IPtemp = IPtable, decipherIPtable [256] = {0x01,0x02,0x03 \8230 \ 8230;, 0xFF }, t =0, and executing step VI;
step VI, judging whether t is smaller than 256, if t =256, finishing the calculation, wherein the decipherIPtable is a decryption substitution table and is stored in a decryption device for decryption;
FIG. 9 is a flowchart of the encryption and decryption process of the byte substitution table, including the following steps:
step (1), calculating the length of a message to be encrypted (decrypted) and storing the length into a frame _ length, and initializing a cycle count i =0;
step (2), finding the value of the position of the encryption byte substitution table IPtable/decryption byte substitution table decipherIPtable by taking the content of the current byte to be encrypted as the encryption byte substitution table, replacing the value with the current byte, and adding 1 to the value of i;
and (3) judging whether the value i is smaller than the frame _ length, if so, continuing to execute the step (2), and if the value i is equal to the frame _ length, finishing encryption (decryption).
The algorithm implementation code is as follows:
Figure BDA0002442365730000131
/>
Figure BDA0002442365730000141
in the prior art, a plurality of hidden dangers exist between the communication of a lower layer measuring device and an upper layer monitoring system of a power system, for example, information interception is carried out, and a third party intercepts power grid parameters which are uploaded to the upper layer monitoring system by the lower layer measuring device so as to know the current power grid operating condition; intercepting an order, wherein an action order issued by the upper monitoring system to the protection device is intercepted by a third party; and (4) tampering the command, wherein a third party disguises as an upper monitoring system to issue a false action command to the protection device so as to cause the protection device to malfunction or refuse to operate. Therefore, the digitization of the power system without a safety communication guarantee mechanism is difficult to avoid the network attack threat of lawless persons, and the burden of guaranteeing the stable operation of the power grid is difficult to undertake.
By applying the embodiment of the invention, the requirement of WAMS wireless communication frequency is reduced, so that the wireless communication technology can be used for WAMS synchronous phasor data transmission. During the encryption process, the encrypted byte conversion table IPtable [256] is used for carrying out byte replacement, so that encryption is realized, and the data security of the power grid is improved; and then the safety and reliability of data wireless communication in the WAMS system can be guaranteed. The invention ensures that the wireless communication can be used for synchronous phasor data transmission and ensures that data and commands circulating in the system are processed to ensure that synchronous phasor information is not stolen by a third party.
In the embodiment of the invention, the communication frequency is reduced by combining a plurality of data frames, and the data content is encrypted by adopting a random byte replacement mode, so that the method and the device are used for realizing the encryption technology of the WAMS wireless communication. Part 2 of a real-time dynamic monitoring system conforming to a GBT26865.2-2011 power system: the data transmission protocol reasonably combines and encrypts the data frame structure at the encryptor, and correspondingly decrypts, combines and restores the data frame structure at the decryptor to realize two functions of data safe transmission and wireless transmission.
In practical applications, on the basis of the embodiment of the present invention shown in fig. 1, the method further includes: and storing the encryption mark with the true value into a second set position in a frame data header in the encrypted combined data frame. Illustratively, a value "1" is written as an encryption flag bit to the fourth bit of the frame data header SYNC in the initial data frame. By applying the embodiment of the invention, whether the unknown data frame is the encrypted data frame or not can be conveniently identified.
Example 2
Fig. 9 is a schematic diagram illustrating a principle of a de-merging process in a WAMS data decryption method according to an embodiment of the present invention; fig. 10 is a schematic diagram of data structure changes during a de-merging process in a WAMS data decryption method according to an embodiment of the present invention, as shown in fig. 9 to fig. 10, embodiment 2 is a decryption method used in match with embodiment 1. The method comprises the following steps:
step D, receiving first target data containing a data frame to be restored;
step E, under the condition that decryption is needed, decrypting by using a preset decryption byte conversion table;
and step F, taking the decrypted data frame as second target data, and performing the decomplexing processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
When the encrypt _ flag is 1, the transmission frame needs to be encrypted, and the message is encrypted by using an encrypted byte substitution table [256] randomly generated during equipment initialization. Then, the processed transmission frame is sent to the decryption device through the wireless communication module via the network core area, and the decryption device may receive three types of transmission frames: 1. the data uploading device comprises an encrypted transmission frame, 2, a transmission frame which is not encrypted but uploaded by the encryption device, and 3, a transmission frame which is directly uploaded from other data uploading devices. In order to classify the three situations, a mode of adding a CIPHER encryption flag bit to the header of the message is adopted for discrimination, if the first two bytes of the message uploaded by an encryption device are 0X0101 or 0X0000, the two bytes are selected as the flag bits to prevent the content of the first byte of the message from being replaced by the set encryption flag bit in the encryption process to cause misoperation, so that the content of the two bytes is adopted as the flag bits to effectively prevent identification errors, when the content of the first two bytes of the message is not 0X0101 or 0X0000, the message can be considered as a normal transmission frame, and the decryption device directly uploads the frame to a data receiving device. When the first two bytes of the message are 0X0101, the message is encrypted, the CIPHERIPtable [256] is decrypted after the CIPHERIPtable is removed, the SYNC content of the first two bytes of the message is checked, and the part 2 of the real-time dynamic monitoring system of the GBT26865.2-2011 electric power system is adopted: a data transmission protocol, wherein when the data transmission protocol is 0XAA03, the message is a data frame and is subjected to de-combination processing; if not, the message is a non-data frame and can be directly uploaded to a data receiving device. And after the transmission frame reaches the decryption device, decryption and combination processing corresponding to the combination encryption are carried out, and the restored data frame is transmitted to the data receiving device, so that the data frame is transmitted in a wireless communication manner, and the power grid information is protected from being stolen by a third party in the transmission process.
The decryption device judges whether an encryption mark exists after receiving a data frame message, if the header of the message has an encryption merging mark of 0x0101, the decryption is carried out, the decrypted transmission frame is uploaded to a data receiving device (PDC, WAMS main station) after being processed, if 2 bytes of the header of the message are 0x0000, the message is only processed by merging, only the message needs to be processed by decoding, and if the first 2 bytes of the message are other contents, the data frame is directly uploaded to the receiving device.
Illustratively, the encryption device executes the steps (1) to (5) to perform data merging:
step (1), setting a variable data _ number equal to 0 for recording the number of data frames processed by merging in the current round;
step (2), reading SYNC, FRAMESIZE, DC _ IDCODE of the first data frame, and writing the head of the newly formed data frame in sequence;
step (3), writing the residual content of the first data frame into the newly formed data frame, and storing the residual content into the data array data in the cache region, wherein 1 is added to the data _ number;
step (4), writing the content behind the DC _ IDCODE field of the next data frame in the cache area into the tail part of the newly formed data frame message, and adding 1 to the data _ number;
step (5), judging whether the data _ number is set _ number, if so, completing the merging of the current round, performing the decombining and restoring at the decryption device, and if the data _ number is less than the set _ number, continuing to execute the step (4);
the decryption device executes the steps (6) to (9) to perform data decryption and combination:
step (6), initializing an original data frame array frame _ original [ set _ number ], storing the first 12 bytes of the decrypted data frame into a buffer area array temp, sequentially comprising 2 bytes SYNC,2 bytes FRAMESIZE and 8 bytes DC _ IDCODE, setting a message reading position read _ length =12, initializing a variable frame _ number =0, recording the restored data frame number, and setting a variable data _ size to record the length of a data frame data part, wherein the data _ size is obtained by subtracting 12 from FRAMESIZE;
step (7), writing the temp content into the headers of all frame _ original in sequence;
step (8), reading a message with the length of data _ size from the read _ length position, and storing the message into the tail of frame _ original [ frame _ number ], wherein read _ length = read _ length + data _ size, and read _ number = read _ number +1;
step (9), judging the value of the read _ number, and executing step (8) if the read _ number is less than the set _ number; if the read _ number is equal to the set _ number, the de-combination ends.
In a specific implementation manner of the embodiment of the present invention, the step D includes:
sequentially receiving the data frames to be restored, reading the first two bytes of data contents in the current data frame to be restored in the data frames to be restored, and if the data contents are 0X0000, executing the step F; if yes, executing step E, and if no, executing step E; if the content is other content, the data frame is directly transmitted to the data receiving device.
In a specific implementation manner of the embodiment of the present invention, the step F includes: reading a first data segment from the received current data frame to be restored as a current data segment; judging whether the current data segment is the last data segment of the current data frame to be decoded and merged; if so, taking the set of the first data segment and the restored data segment as a restored data frame; taking the next data frame to be decombined after the current data frame to be decombined as the current data frame to be decombined for the next decombined of the current round of decombined, and returning to the step of reading the first data segment from the received current data frame to be decombined until the data frames to be restored are restored; and if not, in the current data frame to be combined and disassembled, taking the next data segment of the first data segment as the first data segment to obtain a restored data segment until the data frame to be restored is restored.
In a specific implementation manner of the embodiment of the present invention, the generating process of the decrypted byte mapping table includes:
step E1, a decrypted byte conversion table decipherIPtable [256] is pre-constructed, and the content in the decipherIPtable is consistent with the content of a temporary data array IPtemp [256 ]; e2, judging whether t corresponding to the current wheel is smaller than 256; step E3, when t is less than 256, updating t by using a formula t = t +1; secondly, in the ith iteration in the current round, when the iteration number in the current round is less than 256, judging whether an encrypted byte conversion table IPtable [ i ] = t is established, if so, updating the decrypted byte conversion table by using a formula decipherIPtable [ t ] = i, then updating the number of rounds by using t = t +1, and returning to execute the step of judging whether t corresponding to the current round is less than 256; if the IPtable [ i ] = t is not established, updating the iteration times by using i = i +1, and returning to the step of judging whether the IPtable [ i ] = t is established or not until i reaches 256; and E4, when t is not less than 256, using the decipherIPtable [ ] as a decryption byte conversion table.
Optionally, the decrypting with the preset decryption byte mapping table includes:
e5, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the decrypted byte conversion table; step E6, the current data frame to be processed after replacing the current character is used as the decrypted current data frame to be processed; and E5, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step E5 until the received data frame to be processed is decrypted.
In the embodiment of the invention, the data can be subjected to decombining and decryption, and lower data decryption overhead is realized.
Example 3
Fig. 11 is a schematic structural diagram of a WAMS decryption device according to an embodiment of the present invention, and as shown in fig. 11, corresponding to embodiment 1 of the present invention, embodiment 3 of the present invention further provides a WAMS data encryption device, where the device includes:
a first receiving module 1101, configured to receive a data frame to be processed, and merge a current data frame to be processed with a next data frame to be processed of the current data frame to be processed to obtain first target data;
the identification module 1102 is configured to identify an encryption flag encryption _ flag of the first target data, and trigger the encryption module when the value of the encryption flag encryption _ flag is true; when the value of the encrypt _ flag is false, sending the first target data;
an encryption module 1103, configured to encrypt the to-be-processed data frame by using a pre-generated encrypted byte mapping table; and sending out the encrypted data frame to be processed.
In the embodiment of the invention, the communication frequency is reduced by combining a plurality of data frames, and the data content is encrypted by adopting a DES algorithm, so that the method is used for realizing the WAMS wireless communication encryption technology. Complying with part 2 of a GBT26865.2-2011 power system real-time dynamic monitoring system: the data transmission protocol reasonably merges, merges and encrypts a data frame structure at an encryption device, and adopts corresponding decryption decompression and restoration at a decryption software part to realize two functions of data security transmission and wireless transmission.
In a specific implementation manner of the embodiment of the present invention, the flag manner of the encrypt _ flag includes: manual marking, machine automated marking, or manual-machine hybrid marking.
In a specific implementation manner of the embodiment of the present invention, the first receiving module 1101 is configured to:
the merging the current data frame to be processed and the next data frame to be processed of the current data frame to be processed includes:
writing a data segment in a first data frame to be processed in the current round of merging process into an initial data frame as a first data segment, writing a data head in the first data frame to be processed into the data head of the initial data frame, then taking a next data frame to be processed of the first data frame to be processed as the current data frame to be processed, and storing a merging flag bit with a true value into a first set position in a frame data head in the initial data frame;
writing data segments except data heads in the current data frame to be processed into an initial data frame;
judging whether the number of the data frames combined in the current round of combination reaches a preset threshold value or not;
if so, taking the initial data frame as a combined data frame; taking a data frame to be processed after the current data frame to be processed as a first data frame to be processed in the next round of merging, returning to execute the step of writing a data segment in the first data frame to be processed in the current round of merging as a first data segment into the initial data frame and writing a data head in the first data frame to be processed into a data head of the initial data frame;
if not, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step of writing the data segments except the data head in the current data frame to be processed into the initial data frame until the number of the data frames combined in the current round of combination reaches a preset threshold value.
In a specific implementation manner of the embodiment of the present invention, the encryption module 1103 is configured to:
b1, an encrypted temporary data array is constructed in advance, wherein the encrypted temporary data array comprises a plurality of temporary data;
b2, acquiring a random seed a and a round number t; and judging whether t is greater than zero;
step B3, when t is larger than zero, acquiring a = rand ()% t, and acquiring data in the encrypted byte conversion table by using a formula and an IPtable [256-t ] = IPtemp [ a ]; IPtemp [256] is a temporary data array; IPtable [256] is an encrypted byte mapping table; rand () is a pseudo random number generating function;
b4, judging whether a is smaller than t-1;
step B5, if yes, updating the temporary data in the encrypted temporary data array by using a formula IPtemp [ a ] = IPtemp [ a +1], then updating a by using a = a +1, and returning to execute the step B4 until a is not less than t-1;
b6, if not, updating the round number by using a formula t = t-1, returning to execute the step B2 until t is not greater than zero, and taking the obtained IPtable [256] as an encrypted byte conversion table;
the encrypting the data frame to be processed by using the pre-generated encrypted byte mapping table comprises the following steps:
step B7, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the encrypted byte conversion table;
step B8, taking the current data frame to be processed after replacing the current character as the encrypted current data frame to be processed, and marking the first two bytes of the encrypted data frame to be processed by using a preset encryption mark, wherein the preset encryption mark comprises: 0X0101; and taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step B7 until the received data frames to be processed are all encrypted.
Example 4
Corresponding to embodiment 2 of the present invention, an embodiment of the present invention further provides a WAMS data decryption apparatus, where the apparatus includes: the second receiving module is used for receiving first target data containing a data frame to be restored;
the decryption module is used for decrypting by using a preset decryption byte conversion table under the condition of needing decryption;
and the restoring module is used for taking the decrypted data frame as second target data and performing the decomplexing and processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
In a specific implementation manner of the embodiment of the present invention, the second receiving module is configured to:
sequentially receiving data frames to be restored, reading data at a second set position in a current data frame to be restored in the data frames to be restored, and judging whether the data at the second set position is true or not;
if yes, triggering a decryption module;
if not, taking the next frame data of the current data frame to be restored as the current data frame to be restored, and returning to the step of reading the data at the second set position in the current data frame to be restored in the data frame to be restored until the encrypted marker bit data is true.
In a specific implementation manner of the embodiment of the present invention, the decryption module is configured to:
e1, pre-constructing a decrypted byte conversion table decipherIPtable [256], and enabling the content in the decipherIPtable to be consistent with the content of a temporary data array IPtemp [256 ];
e2, judging whether t corresponding to the current wheel is smaller than 256;
step E3, when t is smaller than 256, updating t by using a formula t = t +1; secondly, in the ith iteration in the current round, when the iteration number in the current round is less than 256, judging whether an encrypted byte conversion table IPtable [ i ] = t is established, if so, updating a decrypted byte conversion table by using a formula decipherIPtable [ t ] = i, then updating the number of rounds by using a formula t = t +1, and returning to execute the step of judging whether t corresponding to the current round is less than 256; if the IPtable [ i ] = t is not established, updating the iteration times by using a formula i = i +1, and returning to execute the step of judging whether the IPtable [ i ] = t is established until i reaches 256;
and E4, when t is not less than 256, using the decipherIPtable [256] as a decryption byte conversion table.
In a specific implementation manner of the embodiment of the present invention, the decryption module is configured to:
e5, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the decrypted byte conversion table;
e6, taking the current data frame to be processed after replacing the current character as the decrypted current data frame to be processed; and E5, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step E5 until the received data frame to be processed is decrypted.
In a specific implementation manner of the embodiment of the present invention, the decryption module is configured to:
step F1, taking the decrypted data frame as second target data, and reading a current data segment from a current data frame to be decoded and combined in the second target data;
f2, judging whether the current data segment is the last data segment of the current data frame to be decoded and merged;
step F4, if yes, obtaining a data frame of the current data segment according to the sum of the data frames of the current data segment and the data segment before the current data segment, and taking the set of the data frame of the current data segment and the data frame of other data segments as the data frame of the current data segment;
f5, if not, obtaining a de-merging data frame corresponding to the current data segment according to the sum of the de-merging data frames corresponding to the current data segment and the data segment before the current data segment; and taking the next data segment of the current data segment as the current data segment, and returning to execute the step F2 until the data frames to be combined are combined.
Example 5
The invention also provides a WAMS data processing system.
Fig. 12 is a data flow chart of a WAMS data processing system according to an embodiment of the present invention. As shown in fig. 12, the system includes the WAMS data encryption means in embodiment 3 and the WAMS data decryption means in embodiment 4, wherein,
WAMS data encryption means for executing the encryption method described in embodiment 1;
WAMS data decryption means for performing the decryption method described in embodiment 2.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A WAMS data encryption method is applied to an encryption device, and comprises the following steps:
step A, receiving a data frame to be processed, and merging the current data frame to be processed and a next data frame to be processed of the current data frame to be processed to obtain first target data;
b, identifying an encryption flag bit encrypt _ flag of the first target data, and executing the step C when the value of the encrypt _ flag is true; when the value of the encrypt _ flag is false, sending the first target data;
step C, encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; sending out the encrypted data frame to be processed;
the generation process of the encrypted byte conversion table comprises the following steps:
b1, an encrypted temporary data array is constructed in advance, wherein the encrypted temporary data array comprises a plurality of temporary data;
b2, acquiring a random seed a and a round number t; and judging whether t is greater than zero;
step B3, when t is larger than zero, acquiring a = rand ()% t, and acquiring data in the encrypted byte conversion table by using a formula and an IPtable [256-t ] = IPtemp [ a ]; IPtemp [256] is a temporary data array; IPtable [256] is an encrypted byte mapping table; rand () is a pseudo random number generating function;
b4, judging whether a is smaller than t-1;
step B5, if yes, updating the temporary data in the temporary data array by using a formula IPtemp [ a ] = IPtemp [ a +1], then updating a by using a = a +1, and returning to execute the step B4 until a is not less than t-1;
b6, if not, updating the round number by using a formula t = t-1, returning to execute the step B2 until t is not greater than zero, and taking the obtained IPtable [256] as an encrypted byte conversion table;
the encrypting the data frame to be processed by using the pre-generated encrypted byte mapping table comprises the following steps:
step B7, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the encrypted byte conversion table;
step B8, taking the current data frame to be processed after replacing the current character as the encrypted current data frame to be processed, and marking the first two bytes of the encrypted data frame to be processed by using a preset encryption mark, wherein the preset encryption mark comprises: 0X0101; and taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step B7 until the received data frames to be processed are all encrypted.
2. The WAMS data encryption method of claim 1, wherein the merging the current data frame to be processed with a next data frame to be processed of the current data frame to be processed includes:
writing a data segment in a first data frame to be processed in the current round of merging as a first data segment into an initial data frame, writing a data head in the first data frame to be processed into a data head of the initial data frame, then taking a next data frame to be processed of the first data frame to be processed as the current data frame to be processed, and storing a merging flag bit with a true value into a first set position in a frame data head in the initial data frame;
writing data segments except data heads in the current data frame to be processed into an initial data frame;
judging whether the number of the data frames combined in the current round of combination reaches a preset threshold value or not;
if so, taking the initial data frame as a combined data frame; taking a data frame to be processed after the current data frame to be processed as a first data frame to be processed in the next merging round of the current merging round, returning to execute the step of writing a data segment in the first data frame to be processed in the current merging round as a first data segment into the initial data frame, and writing a data head in the first data frame to be processed into a data head of the initial data frame;
and if not, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step of writing the data segments except the data head in the current data frame to be processed into the initial data frame until the number of the data frames combined in the current round of combination reaches a preset threshold value.
3. A WAMS data decryption method based on the WAMS data encryption method of any one of claims 1-2, applied to a decryption device, the method comprising:
step D, receiving first target data containing a data frame to be restored;
step E, under the condition that decryption is needed, decrypting by using a preset decryption byte conversion table;
and step F, taking the decrypted data frame as second target data, and performing the decomplexing processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
4. The WAMS data decryption method of claim 3, wherein the step D comprises:
sequentially receiving data frames to be restored, reading data of a second set position in a current data frame to be restored in the data frames to be restored, and judging whether the data of the second set position is true;
if yes, executing the step E;
if not, taking the next frame data of the current data frame to be restored as the current data frame to be restored, and returning to the step of reading the data at the second set position in the current data frame to be restored in the data frame to be restored until the encrypted marker bit data is true.
5. The WAMS data decryption method of claim 3, wherein the generating of the decrypted byte mapping table comprises:
e1, pre-constructing a decrypted byte conversion table decipherIPtable [256], and enabling the content in the decipherIPtable to be consistent with the content of a temporary data array IPtemp [256 ];
e2, judging whether the number t of the current wheel is less than 256;
e3, when t is smaller than 256, updating t by using a formula t = t +1; in the ith iteration in the current round, when the iteration number in the current round is less than 256, judging whether an encrypted byte conversion table IPtable [ i ] = t is established, if so, updating a decrypted byte conversion table by using a formula decipherIPtable [ t ] = i, then updating the number of rounds by using a formula t = t +1, and returning to execute the step of judging whether t corresponding to the current round is less than 256; if the IPtable [ i ] = t is not established, updating the iteration times by using a formula i = i +1, and returning to execute the step of judging whether the IPtable [ i ] = t is established until i reaches 256;
and E4, when t is not less than 256, using the decipherIPtable [256] as a decryption byte conversion table.
6. The WAMS data decryption method of claim 3, wherein the decrypting using the predetermined decrypted byte mapping table comprises:
e5, replacing the current character in the current data frame to be processed in the received data frame to be processed with the character at the same position as the current character in the decrypted byte conversion table;
e6, taking the current data frame to be processed after replacing the current character as the decrypted current data frame to be processed; and E5, taking the next data frame of the current data frame to be processed as the current data frame to be processed, and returning to execute the step E5 until the received data frame to be processed is decrypted.
7. The WAMS data decryption method of claim 3, wherein the step F comprises:
step F1, taking the decrypted data frame as second target data, and reading a current data segment from a current data frame to be decoded and combined in the second target data;
f2, judging whether the current data segment is the last data segment of the current data frame to be decoded and merged;
step F4, if yes, obtaining a data frame of the current data segment according to the sum of the data frames of the current data segment and the data segment before the current data segment, and taking the set of the data frame of the current data segment and the data frame of other data segments as the data frame of the current data segment;
f5, if not, obtaining a de-merging data frame corresponding to the current data segment according to the sum of the de-merging data frames corresponding to the current data segment and the data segment before the current data segment; and taking the next data segment of the current data segment as the current data segment, and returning to execute the step F2 until the data frames to be combined are combined.
8. The WAMS data encryption apparatus according to the WAMS data encryption method of any one of claims 1-2, wherein the apparatus comprises:
the first receiving module is used for receiving the data frame to be processed and combining the current data frame to be processed with the next data frame to be processed of the current data frame to be processed to obtain first target data;
the device comprises an identification module, a first target data processing module and a second target data processing module, wherein the identification module is used for identifying an encryption flag bit encrypt _ flag of first target data, and when the value of the encrypt _ flag is true, the encryption module is triggered; when the value of the encrypt _ flag is false, sending the first target data;
the encryption module is used for encrypting the data frame to be processed by utilizing a pre-generated encrypted byte conversion table; and sending out the encrypted data frame to be processed.
9. A WAMS data decryption apparatus based on the WAMS data decryption method of any one of claims 3 to 7, characterized in that the apparatus comprises:
the second receiving module is used for receiving first target data containing a data frame to be restored;
the decryption module is used for decrypting by using a preset decryption byte conversion table under the condition of needing decryption;
and the restoring module is used for taking the decrypted data frame as second target data and performing the decomplexing and processing on the data frame to be decombined in the second target data according to the difference between the current data frame to be decombined in the second target data and the next data frame to be decombined in the current data frame to be decombined.
10. A WAMS data processing system, the system comprising: a WAMS data encryption device and a WAMS data decryption device, wherein,
WAMS data encryption means for performing the encryption method of any one of claims 1-2;
WAMS data decryption means for performing the decryption method of any one of claims 3 to 7.
CN202010268970.5A 2020-04-08 2020-04-08 WAMS data encryption and decryption method, device and system Active CN111510916B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010268970.5A CN111510916B (en) 2020-04-08 2020-04-08 WAMS data encryption and decryption method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010268970.5A CN111510916B (en) 2020-04-08 2020-04-08 WAMS data encryption and decryption method, device and system

Publications (2)

Publication Number Publication Date
CN111510916A CN111510916A (en) 2020-08-07
CN111510916B true CN111510916B (en) 2023-04-14

Family

ID=71864049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010268970.5A Active CN111510916B (en) 2020-04-08 2020-04-08 WAMS data encryption and decryption method, device and system

Country Status (1)

Country Link
CN (1) CN111510916B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116980890B (en) * 2023-09-20 2023-12-22 北京集度科技有限公司 Information security communication device, method, vehicle and computer program product

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493641A (en) * 2019-08-06 2019-11-22 东软集团股份有限公司 A kind of video file encryption and decryption method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101572877B1 (en) * 2007-09-21 2015-11-30 엘지전자 주식회사 Digital broadcasting receiver and method for controlling the same
CN102130768B (en) * 2010-12-20 2012-11-07 西安西电捷通无线网络通信股份有限公司 Terminal equipment having capability of encrypting and decrypting link layer and data processing method thereof
CN108833058B (en) * 2018-05-25 2020-12-08 国网上海市电力公司 Dynamic data compression and decompression method in communication process of wide area measurement system
CN109120608B (en) * 2018-08-01 2020-11-24 飞天诚信科技股份有限公司 Anti-replay safe communication processing method and device
CN110351281B (en) * 2019-07-15 2021-01-05 珠海格力电器股份有限公司 Universal data frame analysis method, device and equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493641A (en) * 2019-08-06 2019-11-22 东软集团股份有限公司 A kind of video file encryption and decryption method and device

Also Published As

Publication number Publication date
CN111510916A (en) 2020-08-07

Similar Documents

Publication Publication Date Title
CN104486316B (en) A kind of quantum key graduation offer method for improving electric power data transmission security
CN102377566B (en) Security processing device and system for electric meter data
CN104579646B (en) Method, device and circuit that the limited monotonic transformation of clobber book and encryption and decryption thereof are applied
CN103001771A (en) Data transmission security encryption method for metering automation system
CN108881203A (en) Data managing method, electronic equipment, storage medium and system based on block chain
CN110224823B (en) Transformer substation message safety protection method and device, computer equipment and storage medium
KR101512502B1 (en) Ami security system applied with hardware security module
CN103413094A (en) Telemetering encryption system applicable to spacecraft CPU (central processing unit)
CN111510916B (en) WAMS data encryption and decryption method, device and system
US20120036355A1 (en) Method and system for encrypting and decrypting transaction in power network
CN107819778B (en) Electric energy meter certificate initialization method applying TLS protocol
CN116599766B (en) Smart electric meter detection method, device, equipment and storage medium
CN112019552A (en) Internet of things secure communication method
CN116546011A (en) Intelligent substation business data braiding method based on multi-access edge computing technology
CN114866778B (en) Monitoring video safety system
CN106411559A (en) Low voltage transformer area anti-electricity-stealing diagnosis system
CN105187453A (en) Security encryption communication method of fault indicator
CN110097017A (en) Power transmission network special type ammeter monitoring system and method
CN114726628A (en) Unmanned aerial vehicle inspection system and encryption method thereof, unmanned aerial vehicle and ground terminal
CN108924117B (en) Power quality monitoring and inquiring method
CN114650156A (en) Real-time data transmission method and system for Internet of things
CN111934437A (en) Active power distribution network big data transmission method based on behavior mark and lightweight encryption
CN110765475A (en) Virtual electric meter data encryption method, encryption device and encryption system
Baoyi et al. Research on WSN secure communication method based on digital watermark for the monitoring of electric transmission lines
CN107087000A (en) A kind of substation secondary shares the security processing of information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant