CN112953968A - Power distribution terminal operation and maintenance communication method and device based on security authentication - Google Patents
Power distribution terminal operation and maintenance communication method and device based on security authentication Download PDFInfo
- Publication number
- CN112953968A CN112953968A CN202110342050.8A CN202110342050A CN112953968A CN 112953968 A CN112953968 A CN 112953968A CN 202110342050 A CN202110342050 A CN 202110342050A CN 112953968 A CN112953968 A CN 112953968A
- Authority
- CN
- China
- Prior art keywords
- message
- algorithm
- power distribution
- distribution terminal
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000006854 communication Effects 0.000 title claims abstract description 52
- 238000004891 communication Methods 0.000 title claims abstract description 45
- 238000012423 maintenance Methods 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 119
- 230000005540 biological transmission Effects 0.000 abstract description 13
- 230000004224 protection Effects 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 2
- 230000035772 mutation Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a power distribution terminal operation and maintenance communication method and device based on security authentication, and relates to the technical field of operation and maintenance of power distribution systems. According to the distribution terminal operation and maintenance communication method based on the safety certification, a group of keys are generated, a sender encrypts a packed plaintext through an MD5 algorithm and an SM2 algorithm and then transmits data, and a receiver decrypts the plaintext by adopting a principle of a corresponding decryption method to obtain a corresponding plaintext. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved.
Description
Technical Field
The invention relates to the technical field of operation and maintenance of power distribution systems, in particular to a power distribution terminal operation and maintenance communication method and device based on security authentication.
Background
Along with the rapid development of the national smart grid technology, the scale of the distribution network automation system is gradually enlarged, and a distribution terminal is a central hub for realizing the distribution network automation, so that the situation that the manufacturers of the distribution terminals are inexhaustible on the market appears. Because power distribution terminal equipment manufacturers are thousands of manufacturers, each manufacturer utilizes respective maintenance software, and the communication between the power distribution terminal and the maintenance software is carried out almost in a plaintext mode. The communication mode using plaintext transmission lacks consideration on resisting attacks, has great potential safety hazard and poor safety of data information transmission.
Disclosure of Invention
The invention aims to provide a power distribution terminal operation and maintenance communication method and device based on security authentication, which are used for solving the problems of unsafe plaintext transmission and poor data information transmission security in the prior art.
In a first aspect, an embodiment of the present application provides a power distribution terminal operation and maintenance communication method based on security authentication, where the power distribution terminal operation and maintenance communication method based on security authentication includes the following steps:
generating a set of keys; the key comprises a private key stored in the maintenance end and a public key stored in the power distribution terminal;
encrypting the packed plaintext by using the secret key through an MD5 algorithm and an SM2 algorithm to obtain an encrypted message;
and decrypting the received encrypted message by using the key through an MD5 algorithm and an SM2 algorithm to obtain a decrypted message.
In the implementation process, by generating a group of keys, the sender encrypts the packed plaintext through the MD5 algorithm and the SM2 algorithm and then transmits data, and the receiver decrypts the plaintext by adopting the principle of a corresponding decryption method to obtain the corresponding plaintext. The SM2 algorithm requires a smaller key length than other public key algorithms, with equal security requirements. Meanwhile, the MD5 algorithm has modification resistance and collision resistance, namely, the MD5 values obtained by modifying the original data by 1 byte are greatly different; knowing the original data and its MD5 value, it is very difficult to find a data (i.e. a forged data) with the same MD5 value, so that the MD5 algorithm can be applied to encrypt the message with higher security level during the encryption process to further improve the security. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved.
Based on the first aspect, in some embodiments of the present invention, the step of encrypting the packed plaintext by using the MD5 algorithm and the SM2 algorithm through the secret key to obtain the encrypted message includes the following steps:
acquiring a packed plaintext;
encrypting the packaged plaintext by using an MD5 algorithm to obtain a first encrypted message;
the first encrypted message is encrypted by the SM2 algorithm using the key to obtain an encrypted message.
Based on the first aspect, in some embodiments of the present invention, the step of encrypting the first encrypted message by using the SM2 algorithm using the key to obtain the encrypted message includes the following steps:
acquiring a current Unix timestamp, and adding the Unix timestamp to the tail end of the first encrypted message to obtain a second encrypted message;
and encrypting the second encrypted message by using the SM2 algorithm by using the key to obtain an encrypted message.
In the implementation process, the Unix timestamp is added at the end of the message, so that the message is considered to be a legal message only within legal time, and the security of the message is further guaranteed.
Based on the first aspect, in some embodiments of the present invention, the step of encrypting the packed plaintext by using the MD5 algorithm using the key to obtain the first encrypted message includes the following steps:
judging whether the plaintext is a remote control message, if so, encrypting through an MD5 algorithm to obtain a first encrypted message; if not, the plain text is taken as the first encrypted message.
Based on the first aspect, in some embodiments of the present invention, the step of decrypting the received encrypted message by using the MD5 algorithm and the SM2 algorithm through the key to obtain a decrypted message includes the following steps:
acquiring an encrypted message;
decrypting the encrypted message by using the secret key through an SM2 algorithm to obtain a first decrypted message;
acquiring a Unix timestamp of each frame of message in the first decrypted message;
and judging the Unix timestamp of each frame of message to obtain a decrypted message.
Based on the first aspect, in some embodiments of the present invention, the step of determining the Unix timestamp of each frame of packet to obtain a decrypted packet includes the following steps:
b1, judging whether the Unix timestamp is in the allowed range, and if the Unix timestamp exceeds the allowed range, discarding the frame message; if so, go to step B2;
b2, judging whether the frame message is a remote control message, if so, judging whether to execute remote control operation and obtain a decrypted message; if not, judging other message formats and obtaining the decrypted message.
Based on the first aspect, in some embodiments of the present invention, the step of determining whether to perform a remote control operation and obtain a decrypted message includes the steps of:
judging whether the hash value of the remote control message exists in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded.
Based on the first aspect, in some embodiments of the present invention, it is determined whether a hash value of a remote control message exists in a current hash value table, and if so, a remote control operation is performed and a decrypted message is obtained; if not, the step of discarding the frame message comprises the following steps:
acquiring an information body address and a single command SCO/double command DCO in a remote control message;
judging whether the information body address and the single command SCO/double command DCO can be found in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded.
In a second aspect, an embodiment of the present application provides a power distribution terminal operation and maintenance communication device based on security authentication, including:
a key generation module for generating a set of keys; the key comprises a private key stored in the maintenance end and a public key stored in the power distribution terminal;
the encryption module is used for encrypting the packaged plaintext by using a secret key through an MD5 algorithm and an SM2 algorithm to obtain an encrypted message;
and the decryption module is used for decrypting the received encrypted message by using the key through the MD5 algorithm and the SM2 algorithm to obtain a decrypted message.
In the implementation process, a group of keys are generated through the key generation module, the sender encrypts the packed plaintext through the MD5 algorithm and the SM2 algorithm of the encryption module and then transmits the data, and the receiver decrypts the plaintext through the decryption module by adopting the principle of the corresponding decryption method to obtain the corresponding plaintext. The SM2 algorithm requires a smaller key length than other public key algorithms, with equal security requirements. Meanwhile, the MD5 algorithm has modification resistance and collision resistance, namely, the MD5 values obtained by modifying the original data by 1 byte are greatly different; knowing the original data and its MD5 value, it is very difficult to find a data (i.e. a forged data) with the same MD5 value, so that the MD5 algorithm can be applied to encrypt the message with higher security level during the encryption process to further improve the security. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved. In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory for storing one or more programs; a processor. The program or programs, when executed by a processor, implement the method of any of the first aspects as described above.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory for storing one or more programs; a processor. When one or more programs are executed by a processor, implementing a method as in any one of the first aspects above
The embodiment of the invention at least has the following advantages or beneficial effects:
the embodiment of the invention provides a power distribution terminal operation and maintenance communication method and device based on security authentication, wherein a group of keys are generated, a sender encrypts a packed plaintext through an MD5 algorithm and an SM2 algorithm and then transmits data, and a receiver decrypts the plaintext by adopting a corresponding decryption method principle to obtain a corresponding plaintext. The message with higher security level is encrypted by the MD5 algorithm in the encryption process, so that the security can be further improved. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a power distribution terminal operation and maintenance communication method based on security authentication according to an embodiment of the present invention;
fig. 2 is a block diagram of a power distribution terminal operation and maintenance communication device based on security authentication according to an embodiment of the present invention;
fig. 3 is a flowchart of determining a remote control message according to an embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.
Icon: 110-a key generation module; 120-an encryption module; 130-a decryption module; 101-a memory; 102-a processor; 103-communication interface.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Examples
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Referring to fig. 1, fig. 1 is a flowchart of a power distribution terminal operation and maintenance communication method based on security authentication according to an embodiment of the present invention. The power distribution terminal operation and maintenance communication method based on the safety certification comprises the following steps:
step S110: generating a set of keys; the key comprises a private key stored at the maintenance end and a public key stored at the power distribution terminal, and the key can be a key of the SM2 algorithm. A set of keys may be generated by third party software, the set of keys comprising a private key and a public key in pair, the public key being public and the private key being secret. And storing a private key in the generated group of keys in a maintenance end, wherein the maintenance end is provided with software for maintaining the power distribution terminal, and storing a public key in the generated group of keys in the power distribution terminal.
Step S120: and encrypting the packaged plaintext by using the secret key through an MD5 algorithm and an SM2 algorithm to obtain an encrypted message. The method comprises the following steps:
firstly, acquiring a packed plaintext; the plaintext refers to messages under DL/T634.5101 and DL/T634.5104 communication regulations, and the messages comprise link establishment, initialization completion, total calling, remote signaling mutation, remote measuring mutation, SOE, clock synchronization, reset process, test command, file service, electric energy calling command, remote parameter reading and writing, fault recording, historical data file, software upgrading and the like. The power distribution terminal obtains the packed plaintext sent by the maintenance terminal, and the maintenance terminal obtains the packed plaintext sent by the power distribution terminal.
Then, the packed plaintext is encrypted by the MD5 algorithm to obtain a first encrypted message. The method specifically comprises the following steps:
judging whether the plaintext is a remote control message, if so, encrypting through an MD5 algorithm to obtain a first encrypted message; if not, the plain text is taken as the first encrypted message. In the actual communication process, the remote control message has a higher level and needs to be given stronger safety control, so that the MD5 algorithm encryption is performed once in the encryption process to ensure the information transmission to be complete and consistent. When the plaintext is not a remote control message, the MD5 algorithm encryption is not required. The principle of the MD5 algorithm is that the MD5 code processes the input information in 512-bit packets, each packet is divided into 16 32-bit sub-packets, and after a series of processing, the output of the algorithm is composed of four 32-bit packets, and a 128-bit hash value is generated by concatenating the four 32-bit packets.
And finally, encrypting the first encrypted message by using the key through an SM2 algorithm to obtain an encrypted message.
The SM2 algorithm is an asymmetric encryption algorithm that requires two keys: a Public Key (Public Key) and a Private Key (Private Key), the Public Key and the Private Key being paired, and if the Public Key is used to encrypt data, only the corresponding Private Key can be used to decrypt the data; if data is encrypted with a private key, it can only be decrypted with the corresponding public key, which is called an asymmetric encryption algorithm because two different keys are used for encryption and decryption.
The SM2 algorithm process is as follows: the SM2 algorithm uses the equation: y is2=x3+ax+b
Selecting element G of Ep (a, b) such that the order n of G is a large prime number; the order of G refers to the minimum value of n satisfying nG ═ O;
secret selection integer k, calculation B ═ kG, then public (p, a, B, G, B), B public key, secret k, k private key.
Encrypting a message M: the message M is first transformed to a point Pm in Ep (a, b), then a random number r is selected, the ciphertext Cm is calculated { rG, Pm + rP), and if r is such that rG or rP is O, r is reselected.
Decrypting the message Cm: (Pm + rP) -k (rg) -Pm + rkG-krG-Pm.
Step S130: and decrypting the received encrypted message by using the key through an MD5 algorithm and an SM2 algorithm to obtain a decrypted message. The method comprises the following steps:
firstly, acquiring an encrypted message; the power distribution terminal obtains the encrypted message sent by the maintenance terminal, and the maintenance terminal obtains the encrypted plaintext sent by the power distribution terminal.
Then, decrypting the encrypted message by using the key through an SM2 algorithm to obtain a first decrypted message; the power distribution terminal decrypts the encrypted message by using the public key, and the maintenance terminal decrypts the encrypted message by using the private key.
And then, acquiring the Unix timestamp of each frame of message in the first decrypted message. The Unix timestamp is a representation of time, defined as the total number of seconds from Greenwich time 1970, 01, 00 hours 00 minutes 00 seconds, to date.
And finally, judging the Unix timestamp of each frame of message to obtain a decrypted message. The message must be considered as a legal message within a legal time, so that the decrypted message is obtained by decryption.
Clear data in the power distribution terminal operation and maintenance communication method based on the safety certification conforms to the implementation rule of the power distribution automation system application DL/T634.5101-2002 or the implementation rule of the power distribution automation system application DL/T634.5104-2009.
In the implementation process, by generating a group of keys, the sender encrypts the packed plaintext through the MD5 algorithm and the SM2 algorithm and then transmits data, and the receiver decrypts the plaintext by adopting the principle of a corresponding decryption method to obtain the corresponding plaintext. The SM2 algorithm requires a smaller key length than other public key algorithms, with equal security requirements. Meanwhile, the MD5 algorithm has modification resistance and collision resistance, namely, the MD5 values obtained by modifying the original data by 1 byte are greatly different; knowing the original data and its MD5 value, it is very difficult to find a data (i.e. a forged data) with the same MD5 value, so that the MD5 algorithm can be applied to encrypt the message with higher security level during the encryption process to further improve the security. The message with different levels can be subjected to different safety protections by combining the MD5 algorithm and the SM2 algorithm to encrypt the plaintext, so that the message safety is ensured, and the encryption time is saved. Therefore, illegal personnel can not steal the data in the communication process and can not decrypt the data even if the communication data is stolen, thereby greatly improving the communication safety performance of the distribution network automation system and ensuring the property safety of people
The step of encrypting the first encrypted message by using the key through the SM2 algorithm to obtain the encrypted message comprises the following steps:
acquiring a current Unix timestamp, and adding the Unix timestamp to the tail end of the first encrypted message to obtain a second encrypted message; the Unix timestamp is transmitted in a low-front-high-back mode, and occupies 4 bytes.
And encrypting the second encrypted message by using the SM2 algorithm by using the key to obtain an encrypted message.
In the implementation process, the Unix timestamp is added at the end of the message, so that the message is considered to be a legal message only within legal time, and the security of the message is further guaranteed.
The step of judging the Unix timestamp of each frame of message to obtain a decrypted message comprises the following steps:
b1, judging whether the Unix timestamp is in the allowed range, and if the Unix timestamp exceeds the allowed range, discarding the frame message; if so, go to step B2; judging whether the Unix timestamp is in an allowed range, firstly, acquiring the Unix timestamp of the current system, then comparing the Unix timestamp of the current system with the Unix timestamp of each frame of message acquired in the first decrypted message, if the Unix timestamp of each frame of message is in the Unix timestamp range of the current system, executing message judgment, namely step B2, and if the Unix timestamp of each frame of message is not in the Unix timestamp range of the current system, discarding the frame of message.
B2, judging whether the frame message is a remote control message, if so, judging whether to execute remote control operation and obtain a decrypted message; if not, judging other message formats and obtaining the decrypted message. During the transmission of messages, some messages have a higher level and need to be subjected to security control, such as remote control messages. Therefore, in the encryption process, if the message with the higher level can be encrypted by the MD5 algorithm and then encrypted by other methods, a corresponding judgment needs to be made during decryption to judge whether the message is a remote control message or not so as to take corresponding operations, and finally, a corresponding plaintext is obtained. The remote control message is a message after the Unix timestamp is removed, and the length of the remote control message is fixed.
The step of judging whether to execute remote control operation and obtain the decrypted message comprises the following steps:
judging whether the hash value of the remote control message exists in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded. In the process of encryption, the remote control message is encrypted by the MD5 algorithm, so that the MD5 algorithm decryption is required when the encrypted message is received and then decrypted. The MD5 algorithm is a safe hash algorithm, two different plaintexts are input, the same output value cannot be obtained, and the original plaintexts cannot be obtained according to the output values, namely the process is irreversible; therefore, no existing algorithm exists for decrypting the MD5, only an exhaustion method can be used, after possible plaintext is hashed by the MD5 algorithm, the obtained hash value and original data form a one-to-one mapping table, and the original plaintext corresponding to a cracked password is found out from the mapping table through matching by comparing the hash value of the MD5 algorithm of the cracked password in the table.
Judging whether the hash value of the remote control message exists in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the step of discarding the frame message comprises the following steps:
acquiring an information body address and a single command SCO/double command DCO in a remote control message;
judging whether the information body address and the single command SCO/double command DCO can be found in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded.
Referring to fig. 3, fig. 3 is a flowchart for determining a remote control message according to an embodiment of the present invention. Firstly, determining a type identifier in an Application service Data Unit, as shown in the figure, TI of an ASDU is 45/46, where the ASDU is a shorthand of an Application Server Data Unit and is denoted as an Application service Data Unit, and TI is the type identifier; if the message is a remote control message, acquiring an information body address and a single command SCO/double command DCO encrypted by MD5 in the ASDU; if the ASDU is not the remote control message, executing the operation of the type identification corresponding to the corresponding ASDU; and after the information body address encrypted by the MD5 in the ASDU and the single command SCO/double command DCO are acquired, whether the data of the array standard are matched or not is searched, if so, remote control operation is executed, and if not, no response is made.
Based on the same inventive concept, the invention further provides a power distribution terminal operation and maintenance communication device based on security authentication, please refer to fig. 2, and fig. 2 is a block diagram of a power distribution terminal operation and maintenance communication device based on security authentication according to an embodiment of the present invention. This distribution terminal operation and maintenance communication device based on safety certification includes:
a key generation module 110 for generating a set of keys; the key comprises a private key stored in the maintenance end and a public key stored in the power distribution terminal;
the encryption module 120 is configured to encrypt the packed plaintext by using the secret key through an MD5 algorithm and an SM2 algorithm, so as to obtain an encrypted message;
and the decryption module 130 is configured to decrypt the received encrypted message through the MD5 algorithm and the SM2 algorithm by using the key, so as to obtain a decrypted message.
In the implementation process, a group of keys is generated by the key generation module 110, the sender encrypts the packed plaintext by the MD5 algorithm and the SM2 algorithm of the encryption module 120 and then transmits the data, and the receiver decrypts the packed plaintext by the decryption module 130 by using the principle of the corresponding decryption method to obtain the corresponding plaintext. The SM2 algorithm requires a smaller key length than other public key algorithms, with equal security requirements. Meanwhile, the MD5 algorithm has modification resistance and collision resistance, namely, the MD5 values obtained by modifying the original data by 1 byte are greatly different; knowing the original data and its MD5 value, it is very difficult to find a data (i.e. a forged data) with the same MD5 value, so that the MD5 algorithm can be applied to encrypt the message with higher security level during the encryption process to further improve the security. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved.
Referring to fig. 4, fig. 4 is a schematic structural block diagram of an electronic device according to an embodiment of the present disclosure. The electronic device comprises a memory 101, a processor 102 and a communication interface 103, wherein the memory 101, the processor 102 and the communication interface 103 are electrically connected with each other directly or indirectly to realize the transmission or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 101 may be configured to store software programs and modules, such as program instructions/modules corresponding to the security authentication-based power distribution terminal operation and maintenance communication device provided in the embodiment of the present application, and the processor 102 executes the software programs and modules stored in the memory 101, thereby executing various functional applications and data processing. The communication interface 103 may be used for communicating signaling or data with other node devices.
The Memory 101 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 102 may be an integrated circuit chip having signal processing capabilities. The Processor 102 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 4 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 4 or have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented using hardware, software, or a combination thereof.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In summary, according to the power distribution terminal operation and maintenance communication method and device based on the security certification provided by the embodiment of the present application, a group of keys is generated, a sender encrypts a packed plaintext through an MD5 algorithm and an SM2 algorithm and then transmits data, and a receiver decrypts the plaintext by using a principle of a corresponding decryption method to obtain a corresponding plaintext. The SM2 algorithm requires a smaller key length than other public key algorithms, with equal security requirements. Meanwhile, the MD5 algorithm has modification resistance and collision resistance, namely, the MD5 values obtained by modifying the original data by 1 byte are greatly different; knowing the original data and its MD5 value, it is very difficult to find a data (i.e. a forged data) with the same MD5 value, so that the MD5 algorithm can be applied to encrypt the message with higher security level during the encryption process to further improve the security. The messages with different levels can be subjected to different safety protections by combining the MD5 algorithm with the SM2 algorithm to encrypt the plaintext, so that the encryption time is saved while the message safety is ensured, the safety performance of the communication of the distribution network automation system is greatly improved, and the safety of data information transmission in the communication process is improved.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A power distribution terminal operation and maintenance communication method based on security certification is characterized by comprising the following steps:
generating a set of keys; the key comprises a private key stored in the maintenance end and a public key stored in the power distribution terminal;
encrypting the packaged plaintext by using the secret key through an MD5 algorithm and an SM2 algorithm to obtain an encrypted message;
and decrypting the received encrypted message by using the key through an MD5 algorithm and an SM2 algorithm to obtain a decrypted message.
2. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 1, wherein the step of encrypting the packaged plain text by using the secret key through the MD5 algorithm and the SM2 algorithm to obtain the encrypted message comprises the following steps:
acquiring a packed plaintext;
encrypting the packaged plaintext by using an MD5 algorithm to obtain a first encrypted message;
and encrypting the first encrypted message by using the key through an SM2 algorithm to obtain an encrypted message.
3. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 2, wherein the step of encrypting the first encrypted message by using the key through an SM2 algorithm to obtain the encrypted message comprises the following steps:
acquiring a current Unix timestamp, and adding the Unix timestamp to the tail end of the first encrypted message to obtain a second encrypted message;
and encrypting the second encrypted message by using the key through an SM2 algorithm to obtain an encrypted message.
4. The power distribution terminal operation and maintenance communication method based on the security authentication as claimed in claim 2, wherein the step of encrypting the packaged plaintext by using the MD5 algorithm to obtain the first encrypted message comprises the following steps:
judging whether the plaintext is a remote control message or not, and if so, encrypting through an MD5 algorithm to obtain a first encrypted message; and if not, taking the plain text as a first encryption message.
5. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 1, wherein the step of decrypting the received encrypted message by using the secret key through the MD5 algorithm and the SM2 algorithm to obtain the decrypted message comprises the following steps:
acquiring an encrypted message;
decrypting the encrypted message by using the secret key through an SM2 algorithm to obtain a first decrypted message;
acquiring a Unix timestamp of each frame of message in the first decrypted message;
and judging the Unix timestamp of each frame of message to obtain a decrypted message.
6. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 5, wherein the step of determining the Unix timestamp of each frame of the message to obtain the decrypted message comprises the following steps:
b1, judging whether the Unix timestamp is in an allowed range, and if the Unix timestamp is beyond the allowed range, discarding the frame message; if so, go to step B2;
b2, judging whether the frame message is a remote control message, if so, judging whether to execute remote control operation and obtain a decrypted message; if not, judging other message formats and obtaining the decrypted message.
7. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 6, wherein the step of determining whether to execute the remote control operation and obtain the decrypted message comprises the steps of:
judging whether the hash value of the remote control message exists in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded.
8. The power distribution terminal operation and maintenance communication method based on the security certification as claimed in claim 7, wherein the current hash value table is judged whether to have the hash value of the remote control message, if yes, remote control operation is executed and a decrypted message is obtained; if not, the step of discarding the frame message comprises the following steps:
acquiring an information body address and a single command SCO/double command DCO in the remote control message;
judging whether the message body address and the single command SCO/double command DCO can be found in the current hash value table, if so, executing remote control operation and obtaining a decrypted message; if not, the frame message is discarded.
9. A power distribution terminal operation and maintenance communication device based on safety certification is characterized by comprising:
a key generation module for generating a set of keys; the key comprises a private key stored in the maintenance end and a public key stored in the power distribution terminal;
the encryption module is used for encrypting the packaged plaintext by using the secret key through an MD5 algorithm and an SM2 algorithm to obtain an encrypted message;
and the decryption module is used for decrypting the received encrypted message by using the secret key through an MD5 algorithm and an SM2 algorithm to obtain a decrypted message.
10. An electronic device, comprising:
a memory for storing one or more programs;
a processor;
the one or more programs, when executed by the processor, implement the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110342050.8A CN112953968A (en) | 2021-03-30 | 2021-03-30 | Power distribution terminal operation and maintenance communication method and device based on security authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110342050.8A CN112953968A (en) | 2021-03-30 | 2021-03-30 | Power distribution terminal operation and maintenance communication method and device based on security authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112953968A true CN112953968A (en) | 2021-06-11 |
Family
ID=76230991
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110342050.8A Pending CN112953968A (en) | 2021-03-30 | 2021-03-30 | Power distribution terminal operation and maintenance communication method and device based on security authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112953968A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676445A (en) * | 2021-07-05 | 2021-11-19 | 国网上海能源互联网研究院有限公司 | Method and system suitable for transmitting files of power distribution Internet of things |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178956A (en) * | 2011-12-24 | 2013-06-26 | 湖南省电力勘测设计院 | Method for realizing encrypted authentication of distribution automation remote control command |
| US20140325225A1 (en) * | 2013-04-27 | 2014-10-30 | Quantron Inc. | Self-authenticated method with timestamp |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN108111306A (en) * | 2018-01-03 | 2018-06-01 | 珠海科诺威配网自动化股份有限公司 | A kind of communication means between power distribution automation main station and distribution power automation terminal |
| WO2020155794A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Timestamp-based encryption and authentication method, timestamp-based encryption and authentication system, and computer device |
| CN112073421A (en) * | 2020-09-14 | 2020-12-11 | 深圳市腾讯计算机系统有限公司 | Communication processing method, communication processing device, terminal and storage medium |
-
2021
- 2021-03-30 CN CN202110342050.8A patent/CN112953968A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178956A (en) * | 2011-12-24 | 2013-06-26 | 湖南省电力勘测设计院 | Method for realizing encrypted authentication of distribution automation remote control command |
| US20140325225A1 (en) * | 2013-04-27 | 2014-10-30 | Quantron Inc. | Self-authenticated method with timestamp |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN108111306A (en) * | 2018-01-03 | 2018-06-01 | 珠海科诺威配网自动化股份有限公司 | A kind of communication means between power distribution automation main station and distribution power automation terminal |
| WO2020155794A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Timestamp-based encryption and authentication method, timestamp-based encryption and authentication system, and computer device |
| CN112073421A (en) * | 2020-09-14 | 2020-12-11 | 深圳市腾讯计算机系统有限公司 | Communication processing method, communication processing device, terminal and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 黄国政 等: "一种远动遥控防误创新技术研究", 《广东电力》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676445A (en) * | 2021-07-05 | 2021-11-19 | 国网上海能源互联网研究院有限公司 | Method and system suitable for transmitting files of power distribution Internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| US11914754B2 (en) | Cryptographic method for verifying data | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN110611670A (en) | API request encryption method and device | |
| CN107094108A (en) | The method for being connected to the part of data/address bus and encryption function being realized in the part | |
| EP3086585B1 (en) | Method and system for securing data communicated in a network | |
| US11956367B2 (en) | Cryptographic method for verifying data | |
| CN110166489B (en) | Data transmission method, system, equipment and computer medium in Internet of things | |
| CN114499837B (en) | Message leakage prevention method, device, system and equipment | |
| CN114567431A (en) | Security authentication method for unidirectional transmission | |
| CN117318941B (en) | Method, system, terminal and storage medium for distributing preset secret key based on in-car network | |
| CN112953968A (en) | Power distribution terminal operation and maintenance communication method and device based on security authentication | |
| CN108965310A (en) | The anti-tamper encryption implementation method of crossing and device on a kind of batch data | |
| WO2024021958A1 (en) | Communication processing method and system, client, communication server and supervision server | |
| CN115102768B (en) | Data processing method and device and computer equipment | |
| CN112115461A (en) | Equipment authentication method and device, computer equipment and storage medium | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| CN112367329B (en) | Communication connection authentication method, device, computer equipment and storage medium | |
| CN114785527A (en) | Data transmission method, device, equipment and storage medium | |
| CN113489589A (en) | Data encryption and decryption method and device and electronic equipment | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN117714055B (en) | In-vehicle network communication method based on identity information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210611 |