CN103716163B - SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard - Google Patents

SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard Download PDF

Info

Publication number
CN103716163B
CN103716163B CN201310681442.2A CN201310681442A CN103716163B CN 103716163 B CN103716163 B CN 103716163B CN 201310681442 A CN201310681442 A CN 201310681442A CN 103716163 B CN103716163 B CN 103716163B
Authority
CN
China
Prior art keywords
message
key data
ciphertext
asdu
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310681442.2A
Other languages
Chinese (zh)
Other versions
CN103716163A (en
Inventor
王智东
王钢
黎永昌
陈俊威
林跃欢
马新华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN201310681442.2A priority Critical patent/CN103716163B/en
Publication of CN103716163A publication Critical patent/CN103716163A/en
Application granted granted Critical
Publication of CN103716163B publication Critical patent/CN103716163B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a SV message encryption and decryption method meeting the IEC61850-9-2 (LE) standard. The method comprises the following steps: extracting key data, reflecting an actual sampling value, in each ASDU of a SV message and combining the key data into a to-be-encrypted data block according to the sequence of the ASDUs; using a TEA algorithm to encrypt the to-be-encrypted data block to obtain an equal-length cipher text; cutting the cipher text and covering the position of the key data according to the sequence of the ASDUs to obtain an encrypted SV message; extracting a section of cipher text in the key data position of each ASDU of the encrypted SV message and combining the cipher text into a cipher text block according to the sequence of the ASDUs; using the TEA algorithm to decrypt the cipher text block to obtain an equal-length key data block; and cutting the key data block and covering the positions of the sections of cipher texts according to the sequence of the ASDUs to obtain a decrypted SV message. The integrity, confidentiality and real-time property of the SV message can be effectively guaranteed.

Description

一种符合IEC61850-9-2(LE)标准的SV报文加解密方法A method for encrypting and decrypting SV message conforming to IEC61850-9-2(LE) standard

技术领域technical field

本发明涉及电力通信信息安全技术领域,具体涉及一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法。The invention relates to the technical field of electric power communication information security, in particular to an SV message encryption and decryption method conforming to the IEC61850-9-2 (LE) standard.

背景技术Background technique

在电力系统通信网络中,符合IEC61850‐9‐2(LE)标准的采样值传输报文(SV报文)中包含了实时电气量信息,对电力系统的保护、测量以及控制具有极其重要的意义;而且该报文传输频繁,数据量大,在电力系统正常运行的情况下,占据了电力通信网络的大部分带宽,其安全性、准确性和实时性很大程度上影响着电力系统运行的可靠性。In the power system communication network, the sampling value transmission message (SV message) conforming to the IEC61850‐9‐2 (LE) standard contains real-time electrical quantity information, which is of great significance to the protection, measurement and control of the power system ; Moreover, the message is transmitted frequently and has a large amount of data. In the case of normal operation of the power system, it occupies most of the bandwidth of the power communication network, and its security, accuracy and real-time performance greatly affect the operation of the power system. reliability.

而且,在以数字化变电站为代表的智能电网中得到越来越广泛的应用的背景下,SV电力报文有可能跨区域、跨电网传输,使得其更可能遭受窃听、攻击、篡改等入侵事件,其在电力信息安全方面的重要性愈发突出。Moreover, in the context of more and more applications in smart grids represented by digital substations, SV power messages may be transmitted across regions and grids, making them more likely to suffer from intrusion events such as eavesdropping, attacks, and tampering. Its importance in power information security is becoming more and more prominent.

然而,现有技术中缺乏对实时性要求很高的SV报文信息进行加密的有效方法。因此,亟需采用加解密技术加强SV电力报文的保密性;但报文加解密一般需要较大耗时,而SV报文具有严格的实时性要求。根据IEC61850标准的规定,SV信号的通信延迟应小于4ms。如何在满足SV报文实时性的基础上,实现SV报文的完整性和保密性成为了问题的关键。However, the prior art lacks an effective method for encrypting SV message information with high real-time requirements. Therefore, it is urgent to use encryption and decryption technology to enhance the confidentiality of SV power messages; however, message encryption and decryption generally take a lot of time, and SV messages have strict real-time requirements. According to the provisions of the IEC61850 standard, the communication delay of the SV signal should be less than 4ms. How to realize the integrity and confidentiality of the SV message on the basis of satisfying the real-time nature of the SV message becomes the key to the problem.

发明内容Contents of the invention

本发明的目的在于克服现有技术的不足,提供一种保密程度高、加解密耗时少和硬件适应性强的符合IEC61850‐9‐2(LE)标准的SV报文加解密方法。The purpose of the present invention is to overcome the deficiencies of the prior art, and provide a method for encrypting and decrypting SV messages conforming to the IEC61850-9-2 (LE) standard with high confidentiality, less time-consuming encryption and decryption, and strong hardware adaptability.

为了达到上述目的,本发明采用的技术方案是,一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,包括以下步骤:In order to achieve the above object, the technical solution adopted in the present invention is, a kind of SV message encryption and decryption method conforming to IEC61850‐9‐2 (LE) standard, comprising the following steps:

S1、加密S1, encryption

S11、检查SV报文的FCR块中是否存在CRC32校验码,若无则对SV报文进行CRC32运算,所得的CRC32校验码放置于SV报文的FCR块中;S11, check whether there is a CRC32 check code in the FCR block of the SV message, if not, perform a CRC32 operation on the SV message, and place the CRC32 check code of the gained in the FCR block of the SV message;

S12、提取SV报文中每个ASDU(应用服务数据单元)内反映采样值实质数值的关键数据,按ASDU顺序组合成为待加密数据块;S12. Extract the key data reflecting the substantial value of the sampling value in each ASDU (Application Service Data Unit) in the SV message, and combine them into a data block to be encrypted according to the order of the ASDU;

S13、采用TEA算法对待加密数据块进行加密得到等长密文;S13. Using the TEA algorithm to encrypt the data block to be encrypted to obtain equal-length ciphertext;

S14、将密文切割,按ASDU顺序覆盖所述关键数据位置,得到加密的SV报文;S14, cutting the ciphertext, covering the key data positions according to the ASDU sequence, and obtaining encrypted SV messages;

S2、解密S2, decryption

S21、提取加密的SV报文中每个ASDU的关键数据位置的各段密文,按ASDU顺序组合成密文块;S21, extracting each section of ciphertext in the key data position of each ASDU in the encrypted SV message, and combining them into ciphertext blocks in order of ASDU;

S22、对所述密文块用TEA算法进行解密得到等长关键数据块;S22. Decrypt the ciphertext block using the TEA algorithm to obtain an equal-length key data block;

S23、将关键数据块切割,按ASDU顺序覆盖所述各段密文位置,得到解密后SV报文;S23. Cutting the key data block, covering the positions of each section of ciphertext according to the order of ASDU, and obtaining the decrypted SV message;

S24、对解密后SV报文进行CRC32校验,如果校验通过,保留所述SV报文,完成解密;否则,丢弃所述SV报文。S24. Perform a CRC32 check on the decrypted SV message. If the check passes, keep the SV message and complete the decryption; otherwise, discard the SV message.

更具体的,所述CRC32校验是循环冗余校验码(Cyclic Redundancy Check,CRC)校验,用来检测或校验SV报文加解密、传输或者保存后可能出现的错误,保证报文的完整性。More specifically, the CRC32 check is a cyclic redundancy check code (Cyclic Redundancy Check, CRC) check, which is used to detect or check errors that may occur after the SV message is encrypted, decrypted, transmitted or saved, and ensures that the message integrity.

更具体的,所述SV报文的关键数据是每个ASDU内的Dataset(模拟量采样值)中的实际采样值(ActualValues)。More specifically, the key data of the SV message is the actual sampled values (ActualValues) in the Dataset (analog sampled values) in each ASDU.

在加密算法和密钥长度一定时,降低加解密SV报文耗时的核心在于减少所需加密的报文长度。通过分析SV报文各个域的信息,提取报文的关键信息,在其实时性和保密性中取得平衡。根据IEC61850标准,SV报文在数据链路层采用ISO/IEC802.3协议,由MAC地址域、TPID(标志协议标识)域、TCI(标识控制信息)域、EtherType(以太网报文类型)域、APPID(应用标识)域、Length(长度)域、Reserved1(保留1)域、Reserved2(保留2)域和APDU(应用协议数据单元,即报文内容)域组成。SV的帧结构,如表1所示。MAC地址域、TPID域、TCI域、EtherType域、APPID域、Length域、Reserved1、Reserved2域的内容主要表征SV报文的通信信息和报文长度等通信相关的基础内容,并不包含SV报文反映的模拟量采样值等实质内容,因此保持这些内容域的内容不变,不进行加密处理。When the encryption algorithm and key length are constant, the key to reducing the time-consuming encryption and decryption of SV packets is to reduce the length of the required encrypted packets. By analyzing the information in each field of the SV message, the key information of the message is extracted, and a balance is achieved between its real-time and confidentiality. According to the IEC61850 standard, the SV message adopts the ISO/IEC802.3 protocol at the data link layer, which consists of the MAC address field, TPID (label protocol identification) field, TCI (identification control information) field, and EtherType (Ethernet message type) field , APPID (application identification) domain, Length (length) domain, Reserved1 (reserved 1) domain, Reserved2 (reserved 2) domain and APDU (application protocol data unit, that is, message content) domain. The frame structure of SV is shown in Table 1. The contents of the MAC address field, TPID field, TCI field, EtherType field, APPID field, Length field, Reserved1, and Reserved2 fields mainly represent the communication-related basic content such as the communication information and message length of the SV message, and do not include the SV message. Therefore, the content of these content fields remains unchanged and no encryption is performed.

表1SV报文的帧结构Table 1 Frame structure of SV message

模拟量采样值等电力系统实质内容主要集中在APDU域。APDU域由noASDU(ASDU数目)以及SequenceOfASDU(ASDU数据序列)构成。SequenceOfASDU是由多个ASDU顺序构成的序列。SV报文的APDU的帧结构,如表2所示。The essential content of the power system such as the analog sampling value is mainly concentrated in the APDU domain. The APDU field is composed of noASDU (ASDU number) and SequenceOfASDU (ASDU data sequence). SequenceOfASDU is a sequence composed of multiple ASDUs in sequence. The frame structure of the APDU of the SV message is shown in Table 2.

表2SV报文的APDU的帧结构Table 2 The frame structure of the APDU of the SV message

每个ASDU(应用服务数据单元)由svID、smpCnt(采样计数器)、confRev(配置版本号)、smpSynch(同步标志)以及Dataset(采样值)等域构成,其帧结构如表3所示。Each ASDU (Application Service Data Unit) consists of fields such as svID, smpCnt (sampling counter), confRev (configuration version number), smpSynch (synchronization flag), and Dataset (sampling value). The frame structure is shown in Table 3.

表3SV报文的ASDU结构Table 3 ASDU structure of SV message

ASDU表征了SV报文所包含的模拟量采样值实质内容,其保密性直接决定了SV报文整体的保密性。ASDU中的svID、smpCnt、ConfRev、smpSynch数据内容不直接涉及模拟量采样值数据,无需进行加密处理。所以只对真实储存模拟量采样值的Dataset数据进行加密处理。Dataset中帧结构如表4所示,每个Dataset中最多可包含8路模拟量采样值,每一路模拟量由4个字节的实际采样值(ActualValues)以及4个字节的品质说明(Q)构成,Q仅用于标记该采样值的品质无需参与加密,故实际采样值(ActualValues)即为真正需要进行加密的关键数据。ASDU characterizes the essential content of the analog sampling value contained in the SV message, and its confidentiality directly determines the overall confidentiality of the SV message. The svID, smpCnt, ConfRev, and smpSynch data content in the ASDU does not directly involve the analog sample value data, and does not need to be encrypted. Therefore, only the Dataset data that actually stores the analog sampling value is encrypted. The frame structure in the Dataset is shown in Table 4. Each Dataset can contain up to 8 channels of analog sampling values, and each channel of analog is composed of 4 bytes of actual sampling values (ActualValues) and 4 bytes of quality description (Q ), Q is only used to mark the quality of the sampled value and does not need to participate in encryption, so the actual sampled value (ActualValues) is the key data that really needs to be encrypted.

表4Dataset结构Table 4Dataset structure

更具体的,S12的步骤:首先提取ASDU1的DataSet第一个模拟量的关键数据,进而提取ASDU1的DataSet第二个模拟量的关键数据,ASDU1的关键数据提取完成后接着提取ASDU2的关键数据,按以上顺序直至ASDUn,最后得到长度为256*n Bit的待加密数据块。More specifically, the step of S12: first extract the key data of the first analog quantity of the DataSet of ASDU1, and then extract the key data of the second analog quantity of the DataSet of ASDU1, and then extract the key data of ASDU2 after the key data extraction of ASDU1 is completed, Follow the above sequence until ASDUn, and finally get the data block to be encrypted with a length of 256*n Bit.

更具体的,所述TEA算法是微型加密算法(Tiny Encryption Algorithm,TEA),它易于描述和执行,能够在保证SV报文保密性的同时满足SV报文的实时性;而且,它采用128Bit密钥对64Bit长度的数据进行加密得到64Bit的密文,而SV报文总体关键数据长度为64Bit的整数倍,故当采用TEA算法对待加密数据块进行加密,得到的会是与待加密数据块等长密文,无需对关键数据进行填充。More specifically, the TEA algorithm is a tiny encryption algorithm (Tiny Encryption Algorithm, TEA), which is easy to describe and execute, and can satisfy the real-time performance of the SV message while ensuring the confidentiality of the SV message; The key encrypts the data of 64Bit length to obtain 64Bit ciphertext, and the overall key data length of the SV message is an integer multiple of 64Bit, so when the TEA algorithm is used to encrypt the data block to be encrypted, the result will be the same as the data block to be encrypted. Long ciphertext, no need to pad key data.

更具体的,S14的步骤:以32Bit为单位将密文切割,将切割后的各段密文按ASDU顺序覆盖所述关键数据位置,得到加密的SV报文。More specifically, the step of S14: cutting the ciphertext in units of 32Bit, and covering the key data positions with each section of ciphertext after cutting in order of ASDU, to obtain an encrypted SV message.

更具体的,S21的步骤:首先提取ASDU1的DataSet第一个模拟量的关键数据位置的密文,进而提取ASDU1的DataSet第二个模拟量的关键数据位置的密文,ASDU1的关键数据位置的密文提取完成后接着提取ASDU2的关键数据位置的密文,按以上顺序直至ASDUn,最后得到长度为256*n Bit的密文块;More specifically, the step of S21: first extract the ciphertext of the key data position of the first analog quantity of the DataSet of ASDU1, and then extract the ciphertext of the key data position of the second analog quantity of the DataSet of ASDU1, the key data position of the ASDU1 After the ciphertext extraction is completed, then extract the ciphertext of the key data position of ASDU2, follow the above sequence until ASDUn, and finally obtain a ciphertext block with a length of 256*n Bit;

更具体的,S23的步骤:以32Bit为单位将关键数据块切割,将切割后的各段关键数据按ASDU顺序覆盖所述各段密文位置,得到解密后的SV报文。More specifically, the step of S23: cutting the key data block in units of 32Bit, and covering the position of each piece of ciphertext with the cut pieces of key data according to the order of ASDU, to obtain the decrypted SV message.

相对于现有技术,本发明的有益效果是:Compared with the prior art, the beneficial effects of the present invention are:

(1)本发明将高效的TEA密码算法应用于反映电气量采样值实质数值的SV报文关键数据中,既保障了关键数据的安全性,又避免了全文应用加密算法耗时长而难以满足电力实时信息系统的要求;可以用以下例子来说明:假设SV报文中存在8个有效的ASDU(最多可存在8个有效的ASDU),则报文原文全文(不包括FCR块)的长度为34+751=785字节,其中的关键数据为8*8*4=256字节,占全文的32.6%,则本发明的加解密数据量相对全文加解密的方法减少了67.4%;当SV报文中的有效ASDU数较少时,本发明的优势更为明显,若SV报文中仅存在1个有效ASDU,则报文原文全文(不包括FCR块)长度为34+124=158字节,其中的关键数据为8*4=32字节,占全文的20.25%,则本算法的加解密工作量相对全文加解密的方法减少了79.75%。(1) The present invention applies the efficient TEA cryptographic algorithm to the key data of the SV message reflecting the substantial value of the sampling value of the electrical quantity, which not only ensures the security of the key data, but also avoids the time-consuming application of the encryption algorithm in the full text and is difficult to meet the power requirements. The requirements of the real-time information system; the following example can be used to illustrate: Assuming that there are 8 valid ASDUs in the SV message (there can be 8 valid ASDUs at most), the length of the full text of the message (excluding the FCR block) is 34 +751=785 bytes, the key data wherein is 8*8*4=256 bytes, accounts for 32.6% of the full text, then the encryption and decryption data amount of the present invention reduces 67.4% relative to the method for full text encryption and decryption; When the number of effective ASDUs in the text is small, the advantages of the present invention are more obvious. If there is only one effective ASDU in the SV message, the length of the original text of the message (excluding the FCR block) is 34+124=158 bytes , where the key data is 8*4=32 bytes, accounting for 20.25% of the full text, and the encryption and decryption workload of this algorithm is reduced by 79.75% compared with the full text encryption and decryption method.

(2)本发明保留了对报文原文全文的CRC32校验(校验码放置于FCR块中),极大地保障了报文的完整性。(2) The present invention retains the CRC32 check of the full text of the message (the check code is placed in the FCR block), which greatly guarantees the integrity of the message.

附图说明Description of drawings

图1为本发明符合IEC61850‐9‐2(LE)标准的SV报文加密方法流程图。Fig. 1 is the flow chart of the SV message encryption method conforming to the IEC61850-9-2 (LE) standard of the present invention.

图2为本发明符合IEC61850‐9‐2(LE)标准的SV报文解密方法流程图。Fig. 2 is the flow chart of the SV message decryption method conforming to the IEC61850-9-2 (LE) standard of the present invention.

具体实施方式detailed description

下面结合附图和实施例进一步说明本发明,但本发明要求保护的范围并不限于实施例表述的范围。对本领域的技术人员在不背离本发明的精神及保护范围的情况下做出的其它的变化和修改,仍包括在权利要求书保护的范围内。The present invention will be further described below in conjunction with the accompanying drawings and examples, but the protection scope of the present invention is not limited to the range expressed in the examples. Other changes and modifications made by those skilled in the art without departing from the spirit and protection scope of the present invention are still included in the protection scope of the claims.

实施例Example

本实施例,一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,包括:In this embodiment, a method for encrypting and decrypting SV messages conforming to the IEC61850-9-2 (LE) standard includes:

如图1所示,SV报文加密方法有以下具体步骤:As shown in Figure 1, the SV message encryption method has the following specific steps:

S‐1、加密S-1. Encryption

S‐11、检查SV报文的FCR块中是否存在CRC32校验码,若无则对SV报文进行CRC32运算,所得的CRC32校验码放置于SV报文的FCR块中;S-11. Check whether there is a CRC32 check code in the FCR block of the SV message, if not, perform CRC32 calculation on the SV message, and place the obtained CRC32 check code in the FCR block of the SV message;

S‐12、首先提取ASDU1的DataSet中第一个模拟量的ActualValues数据,进而提取ASDU1的DataSet中第二个模拟量的ActualValues数据,ASDU1的关键数据提取完成后接着提取ASDU2的ActualValues数据,按以上顺序直至ASDUn,最后得到长度为256*n Bit的待加密数据块;S-12. First extract the ActualValues data of the first analog quantity in the DataSet of ASDU1, and then extract the ActualValues data of the second analog quantity in the DataSet of ASDU1. After the key data extraction of ASDU1 is completed, then extract the ActualValues data of ASDU2, press the above The sequence is up to ASDUn, and finally the data block to be encrypted with a length of 256*n Bit is obtained;

S‐13、采用TEA算法对待加密数据块进行加密得到等长密文;S-13. Use the TEA algorithm to encrypt the data block to be encrypted to obtain equal-length ciphertext;

S‐14、将密文切割,按ASDU顺序覆盖所述关键数据位置,得到加密的SV报文;S-14, cutting the ciphertext, covering the key data position according to the ASDU order, and obtaining the encrypted SV message;

如图2所示,SV报文解密方法有以下具体步骤:As shown in Figure 2, the SV message decryption method has the following specific steps:

S‐2、解密S-2. Decryption

S‐21、首先提取ASDU1的DataSet中第一个模拟量的ActualValues数据位置的数据,进而提取ASDU1的DataSet中第二个模拟量的ActualValues数据位置的数据,ASDU1的关键数据提取完成后接着提取ASDU2的ActualValues数据位置的数据,按以上顺序直至ASDUn,最后得到长度为256*n Bit的密文块;S-21. First extract the data of the first analog ActualValues data position in the DataSet of ASDU1, and then extract the data of the second analog ActualValues data position in the DataSet of ASDU1. After the key data extraction of ASDU1 is completed, then extract ASDU2 The data of the ActualValues data position, according to the above sequence until ASDUn, finally get a ciphertext block with a length of 256*n Bit;

S‐22、对所述密文块用TEA算法进行解密得到等长关键数据块;S-22. Decrypt the ciphertext block with the TEA algorithm to obtain a key data block of equal length;

S‐23、将关键数据块切割,按ASDU顺序覆盖所述各段密文位置,得到解密后SV报文;S-23. Cut the key data blocks, cover the positions of each section of ciphertext according to the order of ASDU, and obtain the decrypted SV message;

S‐24、对解密后SV报文进行CRC32校验,如果校验通过,保留所述SV报文,完成解密;否则,丢弃所述SV报文。S-24. Perform a CRC32 check on the decrypted SV message. If the check passes, keep the SV message and complete the decryption; otherwise, discard the SV message.

本实施例工作原理:The working principle of this embodiment:

提取反映电气量采样值实质数值的SV报文关键数据内容进行加解密,加密采用TEA算法,并使用CRC32技术对SV报文进行校验。The key data content of the SV message that reflects the actual value of the electrical quantity sampling value is extracted for encryption and decryption. The encryption uses the TEA algorithm, and the SV message is verified using the CRC32 technology.

上述实施例为本发明较佳的实施方式,但本发明的实施方式并不受上述实施例的限制,其他的任何未背离本发明的精神实质与原理下所作的改变、修饰、替代、组合、简化,均应为等效的置换方式,都包含在本发明的保护范围之内。The above-mentioned embodiment is a preferred embodiment of the present invention, but the embodiment of the present invention is not limited by the above-mentioned embodiment, and any other changes, modifications, substitutions, combinations, Simplifications should be equivalent replacement methods, and all are included in the protection scope of the present invention.

Claims (5)

1.一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,其特征在于,包括以下步骤:1. A method for encrypting and decrypting SV messages conforming to the IEC61850‐9‐2 (LE) standard, characterized in that it comprises the following steps: S1、加密S1, encryption S11、检查SV报文的FCR块中是否存在CRC32校验码,若无则对SV报文进行CRC32运算,所得的CRC32校验码放置于SV报文的FCR块中;S11, check whether there is a CRC32 check code in the FCR block of the SV message, if not, perform a CRC32 operation on the SV message, and place the CRC32 check code of the gained in the FCR block of the SV message; S12、提取SV报文中每个ASDU内反映采样值实质数值的关键数据,按ASDU顺序组合成为待加密数据块;S12. Extract the key data reflecting the substantial value of the sampling value in each ASDU in the SV message, and combine them into data blocks to be encrypted according to the order of the ASDUs; S13、采用TEA算法对待加密数据块进行加密得到等长密文;S13. Using the TEA algorithm to encrypt the data block to be encrypted to obtain equal-length ciphertext; S14、将密文切割,按ASDU顺序覆盖所述关键数据位置,得到加密的SV报文,具体为:以32Bit为单位将密文切割,将切割后的各段密文按ASDU顺序覆盖所述关键数据位置,得到加密的SV报文;S14, cutting the ciphertext, covering the key data positions according to the ASDU sequence, and obtaining the encrypted SV message, specifically: cutting the ciphertext in units of 32Bit, and covering each segment of the ciphertext after cutting according to the ASDU sequence Key data location, get encrypted SV message; S2、解密S2, decryption S21、提取加密的SV报文中每个ASDU的关键数据位置的各段密文,按ASDU顺序组合成密文块;S21, extracting each section of ciphertext in the key data position of each ASDU in the encrypted SV message, and combining them into ciphertext blocks in order of ASDU; S22、对所述密文块用TEA算法进行解密得到等长关键数据块;S22. Decrypt the ciphertext block using the TEA algorithm to obtain an equal-length key data block; S23、将关键数据块切割,按ASDU顺序覆盖所述各段密文位置,得到解密后SV报文,具体为:以32Bit为单位将关键数据块切割,将切割后的各段关键数据按ASDU顺序覆盖所述各段密文位置,得到解密后的SV报文;S23, cut the key data block, cover the positions of the ciphertexts in the order of ASDU, and obtain the decrypted SV message, specifically: cut the key data block in units of 32Bit, and divide the key data of each segment after cutting according to the ASDU Sequentially cover the positions of each section of ciphertext to obtain the decrypted SV message; S24、对解密后SV报文进行CRC32校验,如果校验通过,保留所述SV报文,完成解密;否则,丢弃所述SV报文。S24. Perform a CRC32 check on the decrypted SV message. If the check passes, keep the SV message and complete the decryption; otherwise, discard the SV message. 2.根据权利要求1所述的一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,其特征在于:所述CRC32校验是循环冗余校验码校验,用来检测或校验SV报文加解密、传输或者保存后可能出现的错误,保证报文的完整性。2. A kind of SV message encryption and decryption method conforming to the IEC61850-9-2 (LE) standard according to claim 1, characterized in that: the CRC32 check is a cyclic redundancy check code check, used for Detect or verify errors that may occur after SV message encryption, decryption, transmission or storage, to ensure the integrity of the message. 3.根据权利要求1所述的一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,其特征在于:所述SV报文的关键数据是每个ASDU内的Dataset中的实际采样值。3. A kind of SV message encryption and decryption method conforming to the IEC61850-9-2 (LE) standard according to claim 1, characterized in that: the key data of the SV message is in the Dataset in each ASDU actual sampled value. 4.根据权利要求1所述的一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,其特征在于,S12的步骤:首先提取ASDU1的DataSet第一个模拟量的关键数据,进而提取ASDU1的DataSet第二个模拟量的关键数据,ASDU1的关键数据提取完成后接着提取ASDU2的关键数据,按以上顺序直至ASDUn,最后得到长度为256*n Bit的待加密数据块。4. A kind of SV message encryption and decryption method conforming to the IEC61850-9-2 (LE) standard according to claim 1, characterized in that, the step of S12: first extract the key data of the first analog quantity of the DataSet of ASDU1 , and then extract the key data of the second analog quantity of the DataSet of ASDU1, and then extract the key data of ASDU2 after the key data of ASDU1 is extracted, follow the above sequence until ASDUn, and finally obtain the data block to be encrypted with a length of 256*n Bit. 5.根据权利要求1所述的一种符合IEC61850‐9‐2(LE)标准的SV报文加解密方法,其特征在于,S21的步骤:首先提取ASDU1的DataSet第一个模拟量的关键数据位置的密文,进而提取ASDU1的DataSet第二个模拟量的关键数据位置的密文,ASDU1的关键数据位置的密文提取完成后接着提取ASDU2的关键数据位置的密文,按以上顺序直至ASDUn,最后得到长度为256*n Bit的密文块。5. A kind of SV message encryption and decryption method conforming to the IEC61850‐9‐2 (LE) standard according to claim 1, characterized in that, the step of S21: first extract the key data of the first analog quantity of the DataSet of ASDU1 Then extract the ciphertext of the key data position of the second analog quantity of the DataSet of ASDU1. After the ciphertext extraction of the key data position of ASDU1 is completed, then extract the ciphertext of the key data position of ASDU2, according to the above sequence until ASDUn , and finally get a ciphertext block with a length of 256*n Bit.
CN201310681442.2A 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard Active CN103716163B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310681442.2A CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310681442.2A CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Publications (2)

Publication Number Publication Date
CN103716163A CN103716163A (en) 2014-04-09
CN103716163B true CN103716163B (en) 2017-01-25

Family

ID=50408775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310681442.2A Active CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Country Status (1)

Country Link
CN (1) CN103716163B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105099656B (en) * 2015-08-20 2020-01-03 中国电力科学研究院 Encrypted merging unit for metering
CN109040120A (en) * 2018-09-13 2018-12-18 南京工程学院 A kind of SV message encryption and decryption method based on IEC61850 standard

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007120172A2 (en) * 2005-08-01 2007-10-25 Asier Technology Corporation Encrypting a plaintext message with authentication
CN102281203A (en) * 2011-09-08 2011-12-14 航天科工深圳(集团)有限公司 Method and system for transmitting IEC101 protocol message
CN102316107A (en) * 2011-09-08 2012-01-11 航天科工深圳(集团)有限公司 Method for IEC104 protocol message transmission and system
CN102377571A (en) * 2011-11-15 2012-03-14 航天科工深圳(集团)有限公司 Method and system for implementing IEC104 message transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007120172A2 (en) * 2005-08-01 2007-10-25 Asier Technology Corporation Encrypting a plaintext message with authentication
CN102281203A (en) * 2011-09-08 2011-12-14 航天科工深圳(集团)有限公司 Method and system for transmitting IEC101 protocol message
CN102316107A (en) * 2011-09-08 2012-01-11 航天科工深圳(集团)有限公司 Method for IEC104 protocol message transmission and system
CN102377571A (en) * 2011-11-15 2012-03-14 航天科工深圳(集团)有限公司 Method and system for implementing IEC104 message transmission

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《A Comprehensive Investigation of Wireless LAN for IEC 61850–Based Smart Distribution Substation Applications》;Palak P. Parikh等;《IEEE transactions on industrial informatics》;20130831;第9卷(第3期);全文 *
《电力系统实时数据通信加密方案》;宋磊等;《电力系统自动化》;20040725;第28卷(第14期);全文 *

Also Published As

Publication number Publication date
CN103716163A (en) 2014-04-09

Similar Documents

Publication Publication Date Title
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
CN104579646B (en) Method, device and circuit that the limited monotonic transformation of clobber book and encryption and decryption thereof are applied
CN102300210B (en) LTE Non-Access Stratum ciphertext decryption methods and its monitoring signaling device
CN101738516B (en) Electronic electric energy meter and data secure transmission method thereof
CN103888444B (en) A kind of safe distribution of electric power authentication device and its method
CN105610953B (en) A kind of distribution type data synchronous system and method
Armenia et al. A flexible phasor data concentrator design leveraging existing software technologies
EP1865650A4 (en) A method and system for encrypting and decrypting the on demand stream media data in wmv format
KR101512502B1 (en) Ami security system applied with hardware security module
CN111211901A (en) 5G-based distribution network communication secure transmission method, system, device and storage medium
CN105516204A (en) Method for high-security network data storage
CN106131207A (en) A kind of method and system bypassing audit HTTPS packet
CN112954048A (en) Internet of things system based on internet of things encryption gateway
CN103716163B (en) SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard
CN102281203A (en) Method and system for transmitting IEC101 protocol message
Trammell et al. Specification of the IP flow information export (IPFIX) file format
CN104639328B (en) A kind of GOOSE message authentication method and system
CN114826748B (en) Audio and video stream data encryption method and device based on RTP, UDP and IP protocols
CN104639330B (en) A kind of GOOSE message completeness certification method
CN103354637B (en) A kind of internet-of-things terminal M2M communication encrypting method
CN102984221B (en) A kind of transfer approach of power remote terminal
CN112188240B (en) Private transmission method of video data
CN111083129A (en) Data secure transmission method, heterogeneous data transmission layer and system
CN102368704A (en) Encryption and decryption methods and systems thereof for hardware of superspeed optical packet switching network
CN106604275B (en) Information transmission encryption and decryption method and system based on mobile internet

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant