CN103716163B - SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard - Google Patents

SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard Download PDF

Info

Publication number
CN103716163B
CN103716163B CN201310681442.2A CN201310681442A CN103716163B CN 103716163 B CN103716163 B CN 103716163B CN 201310681442 A CN201310681442 A CN 201310681442A CN 103716163 B CN103716163 B CN 103716163B
Authority
CN
China
Prior art keywords
message
ciphertext
asdu
critical data
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310681442.2A
Other languages
Chinese (zh)
Other versions
CN103716163A (en
Inventor
王智东
王钢
黎永昌
陈俊威
林跃欢
马新华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN201310681442.2A priority Critical patent/CN103716163B/en
Publication of CN103716163A publication Critical patent/CN103716163A/en
Application granted granted Critical
Publication of CN103716163B publication Critical patent/CN103716163B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a SV message encryption and decryption method meeting the IEC61850-9-2 (LE) standard. The method comprises the following steps: extracting key data, reflecting an actual sampling value, in each ASDU of a SV message and combining the key data into a to-be-encrypted data block according to the sequence of the ASDUs; using a TEA algorithm to encrypt the to-be-encrypted data block to obtain an equal-length cipher text; cutting the cipher text and covering the position of the key data according to the sequence of the ASDUs to obtain an encrypted SV message; extracting a section of cipher text in the key data position of each ASDU of the encrypted SV message and combining the cipher text into a cipher text block according to the sequence of the ASDUs; using the TEA algorithm to decrypt the cipher text block to obtain an equal-length key data block; and cutting the key data block and covering the positions of the sections of cipher texts according to the sequence of the ASDUs to obtain a decrypted SV message. The integrity, confidentiality and real-time property of the SV message can be effectively guaranteed.

Description

One kind meets the sv message encipher-decipher method of iec61850-9-2 (le) standard
Technical field
The present invention relates to power communication field of information security technology is and in particular to one kind meets iec61850 92 (le) mark Accurate sv message encipher-decipher method.
Background technology
In electric power communication network, meet the sampled value transmitting message (sv message) of iec61850 92 (le) standard In contain real-time electric quantity information, to the protection of power system, measurement and control be extremely important;And should Frequently, data volume is big for message transmissions, in the case of the normal operation of power system, occupies most of band of powerline network Width, its safety, accuracy and real-time largely affect the reliability of Operation of Electric Systems.
And, under the background being increasingly widely applied in the intelligent grid with digital transformer substation as representative, Sv electric power message be possible to trans-regional, across electrical grid transmission so that it such as is more likely eavesdropped, is attacked, being distorted at intrusion event, its Importance in terms of security information for power system is more prominent.
However, lacking the effective ways that the sv message information very high to requirement of real-time is encrypted in prior art.Cause This, need the confidentiality strengthening sv electric power message using encryption and decryption technology badly;But message encryption and decryption generally requires larger time-consuming, and sv Message has hard real time and requires.According to the regulation of iec61850 standard, the communication delay of sv signal should be less than 4ms.As On the basis of where meeting sv message real-time performance, realize the integrity of sv message and confidentiality becomes the key of problem.
Content of the invention
It is an object of the invention to overcoming the deficiencies in the prior art, provide that a kind of privacy degrees are high, encryption and decryption take less and What hardware adaptive mechanism was strong meets the sv message encipher-decipher method of iec61850 92 (le) standard.
In order to achieve the above object, the technical solution used in the present invention is, one kind meets iec61850 92 (le) standard Sv message encipher-decipher method, comprise the following steps:
S1, encryption
Whether there is crc32 check code, if no, crc32 fortune is carried out to sv message in s11, the fcr block of inspection sv message Calculate, the crc32 check code of gained is positioned in the fcr block of sv message;
Each asdu(Application service data unit in s12, extraction sv message) the interior key reflecting sampled value substantial numerical Data, becomes be-encrypted data block by asdu sequential combination;
S13, treat encrypted data chunk using tea algorithm and be encrypted and obtain isometric ciphertext;
S14, ciphertext is cut, cover described critical data position by asdu order, obtain the sv message encrypted;
S2, deciphering
Each section of ciphertext of the critical data position of each asdu in s21, the sv message of extraction encryption, by asdu sequential combination Become ciphertext blocks;
S22, described ciphertext blocks are decrypted with tea algorithm obtain isometric critical chunk;
S23, critical chunk is cut, cover described each section of ciphertext position, sv message after being deciphered by asdu order;
S24, to deciphering after sv message carry out crc32 verification, if verification pass through, retain described sv message, complete decipher; Otherwise, abandon described sv message.
More specifically, described crc32 verification is CRC (cyclic redundancy check, crc) school Test, for the mistake that is likely to occur after detecting or verify sv message encryption and decryption, transmission or preserving it is ensured that the integrity of message.
More specifically, the critical data of described sv message is the dataset(analog quantity sampled value in each asdu) in Actual sample value (actualvalues).
In AES and key length one timing, reduce the time-consuming core of encryption and decryption sv message and be to reduce required encryption Message length.By analyzing the information in each domain of sv message, extract the key message of message, in its real-time and confidentiality Obtain balance.According to iec61850 standard, sv message adopts iso/iec802.3 agreement in data link layer, by mac address field, Tpid(marker protocol identify) domain, tci(mark control information) domain, ethertype(Ethernet type of message) domain, appid(should With mark) domain, length(length) domain, reserved1(retain 1) domain, reserved2(retain 2) domain and apdu(application protocol Data cell, i.e. message content) domain composition.The frame structure of sv, as shown in table 1.Mac address field, tpid domain, tci domain, Ethertype domain, appid domain, length domain, the content in reserved1, reserved2 domain mainly characterize the communication of sv message Information and the related basic contents that communicate such as message length, do not comprise in the essence such as the analog quantity sampled value of sv message reflection Hold, therefore keep the content of these content domain constant, be not encrypted.
The frame structure of table 1sv message
The power system flesh and blood such as analog quantity sampled value is concentrated mainly on apdu domain.Apdu domain is by noasdu(asdu number Mesh) and sequenceofasdu(asdu data sequence) constitute.Sequenceofasdu is made up of multiple asdu orders Sequence.The frame structure of the apdu of sv message, as shown in table 2.
The frame structure of the apdu of table 2sv message
Each asdu(Application service data unit) by svid, smpcnt(sample counter), confrev(configuration version Number), smpsynch(synchronous mark) and dataset(sampled value) etc. domain constitute, its frame structure is as shown in table 3.
The asdu structure of table 3sv message
Asdu characterizes the analog quantity sampled value flesh and blood that sv message is comprised, and its confidentiality directly determines sv message Overall confidentiality.Svid, smpcnt, confrev, smpsynch data content in asdu is not directed to analog quantity sampling Value Data, need not be encrypted.So only place is encrypted to the dataset data of true storage analog quantity sampled value Reason.In dataset, frame structure as shown in table 4, at most can comprise 8 tunnel analog quantity sampled values, the simulation of each road in each dataset Amount is made up of the actual sample value (actualvalues) of 4 bytes and quality explanation (q) of 4 bytes, and q is only used for labelling The quality of this sampled value need not participate in encrypting, therefore actual sample value (actualvalues) is the pass really needing to be encrypted Key data.
Table 4dataset structure
More specifically, the step of s12: extract the critical data of first analog quantity of dataset of asdu1 first, and then Extract the critical data of second analog quantity of dataset of asdu1, the critical data of asdu1 is extracted and completed followed by extract The critical data of asdu2, in the above sequence until asdun, finally obtains the be-encrypted data block that length is 256*n bit.
More specifically, described tea algorithm is Tiny Encryption Algorithm (tiny encryption algorithm, tea), it It is easy to describe and executes, the real-time of sv message can be met while ensureing sv message security;And, it adopts 128bit key is encrypted, to the data of 64bit length, the ciphertext obtaining 64bit, and sv message overall critical data length is The integral multiple of 64bit, therefore be encrypted when encrypted data chunk is treated using tea algorithm, the meeting obtaining is and be-encrypted data block Isometric ciphertext, need not be filled with to critical data.
More specifically, the step of s14: in units of 32bit, ciphertext is cut, each section of ciphertext after cutting is pressed asdu suitable Sequence covers described critical data position, obtains the sv message encrypted.
More specifically, the step of s21: extract the critical data position of first analog quantity of dataset of asdu1 first Ciphertext, and then extract the ciphertext of the critical data position of second analog quantity of dataset of asdu1, the critical data position of asdu1 The ciphertext put extracts the ciphertext of the critical data position completing followed by extract asdu2, in the above sequence up to asdun, finally Obtain the ciphertext blocks that length is 256*n bit;
More specifically, the step of s23: in units of 32bit, critical chunk is cut, by each section of pass bond number after cutting Cover described each section of ciphertext position, the sv message after being deciphered according to by asdu order.
With respect to prior art, the invention has the beneficial effects as follows:
(1) the sv message that efficient tea cryptographic algorithm is applied to reflect electrical quantity sampling value substantial numerical is closed by the present invention In key data, both ensured the safety of critical data, and turn avoid in full application AES time-consuming and be difficult to meet electricity The requirement of power real time information system;Can be illustrated with example below: assume that in sv message, 8 effective asdu(of presence are most There may be 8 effective asdu), then the length of message original text full text (not including fcr block) is 34+751=785 byte, therein Critical data is 8*8*4=256 byte, accounts for the 32.6% of full text, then the encryption and decryption data amount of the present invention is relative to full text encryption and decryption Method decreases 67.4%;When the effective asdu number in sv message is less, the advantage of the present invention becomes apparent from, if in sv message Only exist 1 effective asdu, then (not including fcr block) length is 34+124=158 byte to message original text in full, key therein Data is 8*4=32 byte, accounts for the 20.25% of full text, then the encryption and decryption workload of this algorithm subtracts relative to the method for full text encryption and decryption Lack 79.75%.
(2) present invention preserves the crc32 to message original text full text and verify (check code is positioned in fcr block), greatly Ensure the integrity of message.
Brief description
Fig. 1 meets the sv message encryption method flow diagram of iec61850 92 (le) standard for the present invention.
Fig. 2 meets the sv message decryption method flow chart of iec61850 92 (le) standard for the present invention.
Specific embodiment
Further illustrate the present invention with reference to the accompanying drawings and examples, but the scope of protection of present invention is not limited to reality Apply the scope of example statement.Those skilled in the art is made in the case of the spirit and scope without departing substantially from the present invention Other changes and modifications, are included in the range of claims protection.
Embodiment
The present embodiment, one kind meets the sv message encipher-decipher method of iec61850 92 (le) standard, comprising:
As shown in figure 1, sv message encryption method has a step in detail below:
S 1, encryption
Whether there is crc32 check code, if no, crc32 fortune is carried out to sv message in s 11, the fcr block of inspection sv message Calculate, the crc32 check code of gained is positioned in the fcr block of sv message;
The actualvalues data of first analog quantity in s 12, the first dataset of extraction asdu1, and then extract The actualvalues data of second analog quantity in the dataset of asdu1, the critical data of asdu1 is extracted and is completed followed by Extract the actualvalues data of asdu2, in the above sequence until asdun, finally obtaining length is the to be added of 256*n bit Ciphertext data block;
S 13, treat encrypted data chunk using tea algorithm and be encrypted and obtain isometric ciphertext;
S 14, ciphertext is cut, cover described critical data position by asdu order, obtain the sv message encrypted;
As shown in Fig. 2 sv message decryption method has a step in detail below:
S 2, deciphering
The number of the actualvalues Data Position of first analog quantity in s 21, the first dataset of extraction asdu1 According to, so extract asdu1 dataset in second analog quantity actualvalues Data Position data, the pass of asdu1 Key data is extracted and is completed the data of the actualvalues Data Position followed by extracting asdu2, in the above sequence until Asdun, finally obtains the ciphertext blocks that length is 256*n bit;
S 22, described ciphertext blocks are decrypted with tea algorithm obtain isometric critical chunk;
S 23, critical chunk is cut, cover described each section of ciphertext position by asdu order, after decipher, sv reports Literary composition;
S 24, to deciphering after sv message carry out crc32 verification, if verification pass through, retain described sv message, complete solve Close;Otherwise, abandon described sv message.
The present embodiment operation principle:
The sv message critical data content extracting reflection electrical quantity sampling value substantial numerical carries out encryption and decryption, and encryption adopts Tea algorithm, and using crc32 technology, sv message is verified.
Above-described embodiment is the present invention preferably embodiment, but embodiments of the present invention are not subject to above-described embodiment Limit, other any spirit without departing from the present invention and the change made under principle, modification, replacement, combine, simplify, All should be equivalent substitute mode, be included within protection scope of the present invention.

Claims (5)

1. one kind meets the sv message encipher-decipher method of iec61850 92 (le) standard it is characterised in that comprising the following steps:
S1, encryption
Whether there is crc32 check code, if no, sv message is carried out with crc32 computing, institute in s11, the fcr block of inspection sv message The crc32 check code obtaining is positioned in the fcr block of sv message;
In each asdu in s12, extraction sv message, the critical data of reflection sampled value substantial numerical, is become by asdu sequential combination Be-encrypted data block;
S13, treat encrypted data chunk using tea algorithm and be encrypted and obtain isometric ciphertext;
S14, ciphertext is cut, cover described critical data position by asdu order, obtain the sv message encrypted, particularly as follows: with Ciphertext is cut by 32bit for unit, each section of ciphertext after cutting is pressed asdu order and covers described critical data position, added Close sv message;
S2, deciphering
Each section of ciphertext of the critical data position of each asdu in s21, the sv message of extraction encryption, by asdu sequential combination Cheng Mi Civilian block;
S22, described ciphertext blocks are decrypted with tea algorithm obtain isometric critical chunk;
S23, critical chunk is cut, cover described each section of ciphertext position by asdu order, sv message after being deciphered, specifically For: in units of 32bit, critical chunk is cut, each section of critical data after cutting is pressed asdu order and covers described each section Ciphertext position, the sv message after being deciphered;
S24, to deciphering after sv message carry out crc32 verification, if verification pass through, retain described sv message, complete decipher;No Then, abandon described sv message.
2. one kind according to claim 1 meets the sv message encipher-decipher method of iec61850 92 (le) standard, and it is special Levy and be: described crc32 verification is CRC verification, for detect or verify sv message encryption and decryption, transmission or The mistake that is likely to occur after preservation is it is ensured that the integrity of message.
3. one kind according to claim 1 meets the sv message encipher-decipher method of iec61850 92 (le) standard, and it is special Levy and be: the critical data of described sv message is the actual sample value in the dataset in each asdu.
4. one kind according to claim 1 meets the sv message encipher-decipher method of iec61850 92 (le) standard, and it is special Levy and be, the step of s12: extract the critical data of first analog quantity of dataset of asdu1 first, and then extract asdu1's The critical data of second analog quantity of dataset, the critical data of asdu1 extracts the pass bond number completing followed by extract asdu2 According in the above sequence until asdun, finally obtaining the be-encrypted data block that length is 256*n bit.
5. one kind according to claim 1 meets the sv message encipher-decipher method of iec61850 92 (le) standard, and it is special Levy and be, the step of s21: extract the ciphertext of the critical data position of first analog quantity of dataset of asdu1 first, and then Extract the ciphertext of the critical data position of second analog quantity of dataset of asdu1, the ciphertext of the critical data position of asdu1 Extract the ciphertext completing the critical data position followed by extracting asdu2, in the above sequence until asdun, finally obtain length Ciphertext blocks for 256*n bit.
CN201310681442.2A 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard Active CN103716163B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310681442.2A CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310681442.2A CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Publications (2)

Publication Number Publication Date
CN103716163A CN103716163A (en) 2014-04-09
CN103716163B true CN103716163B (en) 2017-01-25

Family

ID=50408775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310681442.2A Active CN103716163B (en) 2013-12-12 2013-12-12 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard

Country Status (1)

Country Link
CN (1) CN103716163B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105099656B (en) * 2015-08-20 2020-01-03 中国电力科学研究院 Encrypted merging unit for metering
CN109040120A (en) * 2018-09-13 2018-12-18 南京工程学院 A kind of SV message encryption and decryption method based on IEC61850 standard

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007120172A2 (en) * 2005-08-01 2007-10-25 Asier Technology Corporation Encrypting a plaintext message with authentication
CN102281203A (en) * 2011-09-08 2011-12-14 航天科工深圳(集团)有限公司 Method and system for transmitting IEC101 protocol message
CN102316107A (en) * 2011-09-08 2012-01-11 航天科工深圳(集团)有限公司 Method for IEC104 protocol message transmission and system
CN102377571A (en) * 2011-11-15 2012-03-14 航天科工深圳(集团)有限公司 Method and system for implementing IEC104 message transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007120172A2 (en) * 2005-08-01 2007-10-25 Asier Technology Corporation Encrypting a plaintext message with authentication
CN102281203A (en) * 2011-09-08 2011-12-14 航天科工深圳(集团)有限公司 Method and system for transmitting IEC101 protocol message
CN102316107A (en) * 2011-09-08 2012-01-11 航天科工深圳(集团)有限公司 Method for IEC104 protocol message transmission and system
CN102377571A (en) * 2011-11-15 2012-03-14 航天科工深圳(集团)有限公司 Method and system for implementing IEC104 message transmission

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《A Comprehensive Investigation of Wireless LAN for IEC 61850–Based Smart Distribution Substation Applications》;Palak P. Parikh等;《IEEE transactions on industrial informatics》;20130831;第9卷(第3期);全文 *
《电力系统实时数据通信加密方案》;宋磊等;《电力系统自动化》;20040725;第28卷(第14期);全文 *

Also Published As

Publication number Publication date
CN103716163A (en) 2014-04-09

Similar Documents

Publication Publication Date Title
CN111709038B (en) File encryption and decryption method, distributed storage system, device and storage medium
CN104460657B (en) A kind of method for realizing industrial control system movement O&M protection, apparatus and system
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
CN106789015B (en) Intelligent power distribution network communication safety system
CN103581173B (en) Safe data transmission method, system and device based on industrial Ethernet
CN103888444B (en) A kind of safe distribution of electric power authentication device and its method
CN104702466B (en) A kind of process layer safety test system and method based on IEC62351
Rodríguez et al. A fixed-latency architecture to secure GOOSE and sampled value messages in substation systems
CN107483192A (en) A kind of data transmission method and device based on quantum communication
CN110912877B (en) Data transmitting and receiving method and device based on IEC61850 model in transformer substation
CN105516204A (en) Method for high-security network data storage
WO2005092001A3 (en) Methods and apparatus for confidentiality protection for fibre channel common transport
Coppolino et al. Exposing vulnerabilities in electric power grids: An experimental approach
CN104281815A (en) Method and system for encrypting and decrypting file
CN103716163B (en) SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard
CN103475482B (en) A kind of scene based on field service terminal adds encapsulation method
CN106850517A (en) A kind of method, apparatus and system for solving intranet and extranet repeat logon
CN104639328B (en) A kind of GOOSE message authentication method and system
CN104639330B (en) A kind of GOOSE message completeness certification method
CN109040120A (en) A kind of SV message encryption and decryption method based on IEC61850 standard
CN102404324A (en) System for sensing safety of node data of Internet of things
Qassim et al. Securing IEC60870-5-101 communication protocol using SCADA cryptographic and device authentication gateway
CN107644169A (en) A kind of data guard method and data protection system
CN109255225A (en) Hard disc data security control apparatus based on dual-identity authentication
CN103546274B (en) Method for achieving dynamic short message encryption between cell-phone application procedure and host

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant