CN111740817A - Code tampering detection method and system for concentrator in electric power data acquisition system - Google Patents

Code tampering detection method and system for concentrator in electric power data acquisition system Download PDF

Info

Publication number
CN111740817A
CN111740817A CN202010553448.1A CN202010553448A CN111740817A CN 111740817 A CN111740817 A CN 111740817A CN 202010553448 A CN202010553448 A CN 202010553448A CN 111740817 A CN111740817 A CN 111740817A
Authority
CN
China
Prior art keywords
code
concentrator
codes
filing
data acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010553448.1A
Other languages
Chinese (zh)
Inventor
王玥
吉杨
李祯祥
刘卿
张卫欣
王季孟
王崇
李蓓
严晶晶
丁欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Tianjin Electric Power Co Ltd, Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202010553448.1A priority Critical patent/CN111740817A/en
Publication of CN111740817A publication Critical patent/CN111740817A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C25/00Arrangements for preventing or correcting errors; Monitoring arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The invention relates to a code tampering detection method of a concentrator in a power data acquisition system, which comprises the following steps: step 1: each concentrator manufacturer records and uploads concentrator codes according to an expansion protocol; step 2, managing the uploaded filing codes by using a database, and automatically classifying the codes; step 3, establishing TCP communication with a filing system running on a remote server by using a code extraction terminal, downloading filing codes after finishing sorting, finally transmitting the filing codes to a code comparison terminal, extracting the codes from a concentrator by using the code extraction terminal, and transmitting the extracted codes to the code comparison terminal; and 4, step 4: and calculating MD5 values of the downloaded recorded code and the extracted code by using MD5, wherein if the values are the same, the code is not tampered, and otherwise, the code is tampered maliciously. The invention can ensure the safety of the concentrator operating environment from the source. The detection means is efficient and rapid, and the later function expansion is facilitated.

Description

Code tampering detection method and system for concentrator in electric power data acquisition system
Technical Field
The invention belongs to the field of electric power data processing, and relates to a code tampering detection method and system for a concentrator in an electric power data acquisition system.
Background
In the power collection system, in order to ensure the correctness of data, the CRC32 (cyclic redundancy check) is often used for checking the consistency of files.
The cyclic redundancy check is a hash function for generating a short fixed bit check code according to data such as a network data packet or a computer file, and is mainly used for detecting or checking errors which may occur after data transmission or storage. The generated numbers are calculated before transmission or storage and appended to the data, and then the receiving side performs a check calculation to determine whether the received data has changed. The function is widely used because it is easy to use binary computer hardware, easy to perform mathematical analysis, and especially good at detecting errors caused by transmission channel interference.
CRC is one type of checksum and is the remainder of a division of two byte data streams by binary division (no carry, using XOR instead of subtraction). Wherein the dividend is a binary representation of the information data stream for which a checksum needs to be calculated; the divisor is a predefined binary number of length (n +1), usually expressed as a polynomial coefficient. Before division, n 0's are added after the information data.
When CRC check is used, the same generator polynomial g (x) is used by the sender and receiver, g (x) is a GF (2) polynomial, and the coefficients of the first and last bits of g (x) must be 1.
The CRC processing method comprises the following steps: the sender divides the binary polynomial t (x) of the sending data by g (x) to obtain a remainder y (x) as a CRC check code. And during checking, judging whether the data frame has errors or not according to whether the calculated correction result is 0 or not. The specific steps for generating the polynomial of order r are as follows.
A sender:
1) adding r 0's after the binary polynomial t (x) of the transmitted m-bit data, expanding to m + r bits to accommodate the check code of the r bits, and adding 0 to obtain the binary polynomial T (x);
2) dividing T (x) by the generator polynomial g (x) to obtain the remainder y (x) of r bits, which is the calculated CRC check code;
3) adding y (x) to the end of t (x), wherein the data s (x) is a character string to be transmitted and contains a CRC check code; since s (x) t (x) y (x), s (x) is definitely divisible by g (x).
The receiving side:
1) receiving data n (x), where n (x) is m + r bits of data including a CRC check code, m bits are data, and r bits are the CRC check code;
2) and calculating n (x) divided by g (x), wherein if the remainder is 0, the transmission process has no errors, and otherwise, the transmission process has errors. The tail r bits of data are removed from n (x), and the original data are obtained.
Although CRC is very useful in error detection, CRC does not reliably check data integrity (i.e., no change in data) because the CRC polynomial is a linear structure that can be very easily changed intentionally to maintain the CRC unchanged. The error detection capability of the CRC depends on the order of the critical polynomial and the particular critical polynomial used. The error polynomial is the result of the exclusive or of the received message codeword and the correct message codeword. The CRC algorithm cannot detect errors if and only if the error code polynomial can be divided exactly by the CRC polynomial.
Second, the CRC32 value may be subject to TCP attacks during transmission, and the CRC32 presents a potential risk of being tampered with by a human.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a code tampering detection method for a concentrator in a power data acquisition system.
The document consistency detection uses MD5 to reduce the probability of collision between different documents. After the file code is extracted, MD5 is calculated, instead of MD5, the file code is sent to the code comparison terminal.
The technical problem to be solved by the invention is realized by the following technical scheme:
a code tampering detection method for a concentrator in a power data acquisition system is characterized by comprising the following steps: the method comprises the following steps:
step 1: each concentrator manufacturer records and uploads the sorted concentrator codes which meet the regulations according to the expansion protocols;
step 2, managing the filing codes uploaded in the step 1 by utilizing a MongoDB database, and automatically classifying the codes by adopting a TF-IDF word weight technology based on artificial intelligence so as to facilitate the filing and downloading of a subsequent code comparison terminal;
step 3, establishing TCP communication with a filing system running on a remote server by using a code extraction terminal, then downloading the filing codes sorted and classified in the step 2, finally transmitting the filing codes to a code comparison terminal, extracting the codes from a concentrator by using the code extraction terminal, and then transmitting the extracted codes to the code comparison terminal;
and 4, step 4: and (3) calculating MD5 values of the recorded code downloaded in the step (3) and the extracted code by using MD5, wherein if the values are the same, the code is not tampered, otherwise, the code is maliciously tampered, and finally, the tampering detection of the concentrator code is completed.
And, the concentrator manufacturers use RSA encryption algorithm + AES encryption algorithm when uploading the concentrator codes.
Moreover, before extracting the code from the concentrator by using the code extraction terminal, the existing national network 698 protocol needs to be expanded, attributes and methods for file code transmission are added, and then the code is extracted.
A code tampering detection system for a concentrator in a power data acquisition system, characterized by: the system comprises a source code filing module, a concentrator code extracting module and a code comparing module;
the source code filing module is used for uploading all concentrator codes and code related information through a filing system, and a system administrator can perform auditing after filing and uploading;
the concentrator code extraction module is used for extracting codes of a concentrator which leaves a factory by using a code extraction terminal;
the code comparison module is used for carrying out record downloading on the concentrator with the model designated by a manufacturer through the record server, and comparing the downloaded code with the extracted code on the code comparison terminal so as to determine whether the code of the concentrator is tampered.
Furthermore, the code related information includes at least one of: code, time, code version, concentrator model, byte size, and vendor information.
The invention has the advantages and beneficial effects that:
according to the code tampering detection method and system for the concentrator in the electric power data acquisition system, file codes are conveniently extracted through protocol expansion, and then the MD5 is calculated, so that manual tampering in the value calculation process is avoided. Because the MD5 value is not transmitted, the possibility of TCP attack is reduced.
The code tampering detection method can ensure the safety of the concentrator operating environment from the source. The detection means is efficient and rapid, and the later function expansion is facilitated. Meanwhile, the method is also verified to have advancement and correctness in a large number of comparison experiments, and the safe and stable operation of the power utilization information acquisition system in a complex environment can be powerfully guaranteed.
Drawings
FIG. 1 is a flow chart of a method of the present invention;
FIG. 2 is a schematic block diagram of the system of the present invention;
FIG. 3 is a diagram of a concentrator code extraction module design according to the present invention;
fig. 4 is an extended attribute and function table of the national network 698 protocol of the present invention.
Detailed Description
The present invention is further illustrated by the following specific examples, which are intended to be illustrative, not limiting and are not intended to limit the scope of the invention.
The method of the invention is to detect whether the code is tampered in the use of the concentrator, and fig. 2 is a schematic diagram of the system of the invention, and the innovation is as follows: the system comprises a source code filing module, a concentrator code extracting module and a code comparing module;
the source code filing module is used for uploading all concentrator codes and code related information through a filing system, and a system administrator can perform auditing after filing and uploading;
the concentrator code extraction module is used for extracting codes of a concentrator which leaves a factory by using a code extraction terminal;
the code comparison module is used for carrying out record downloading on the concentrator with the model designated by a manufacturer through the record server, and comparing the downloaded code with the extracted code on the code comparison terminal so as to determine whether the code of the concentrator is tampered.
Now, a concentrator that is allowed to leave a meter factory in the south of the river and based on a national network 698 extension protocol is taken as a test object, and the following environment is taken as an example of a test platform: intel Core i5-4460@3.20GHz and 8GB of memory. Under the platform, tamper detection is performed on the code of the concentrator.
Firstly, a work person in a permission ammeter factory uploads a concentrator code to a filing system, and FIG. 1 is a flow chart of the detection method, according to step 1, in order to ensure the safety in the data transmission process, a hybrid encryption technology is used, a message is encrypted by a symmetric cipher, a session key used in the symmetric cipher encryption is generated through a pseudo-random number, then the session key is encrypted by a public key cipher, and finally, a key used in the public key cipher encryption is given from the outside of the hybrid cipher system.
After successful uploading, according to the step 2, the MongoDB database is used for managing the record codes uploaded in the step 1, so that the record codes can be conveniently downloaded subsequently. Meanwhile, the codes are automatically classified by adopting the artificial intelligence-based TF-IDF word weight technology, so that the subsequent code comparison terminal can conveniently carry out record downloading, and the material resources and the labor cost are saved;
the MongoDB database is used for managing code data, the supported data structure is very loose and is in a json-like bson format, and therefore more complex data types can be stored.
Regarding the code extraction module to obtain the code from the concentrator, the module design diagram is shown in fig. 3, and the functions and attributes of the specific protocol extension are shown in fig. 4.
The code extraction module downloads records from the recording system for next code comparison, and in order to ensure smooth and reliable communication between the code extraction terminal and the recording system, a connection-oriented, reliable and byte stream-based transport layer communication protocol TCP is used.
According to the step 3, the slave station sends a login frame to the master station, and after the master station replies the login frame, the master station and the slave station have the condition of transmitting the concentrator code. And the master station acquires the name, the path and the size of the concentrator code file by using the equipment management type extended attribute in the table 1, and then sends a downlink code file extraction message to the slave station concentrator. And after receiving the downlink message, the slave station sends a message containing a concentrator code to the master station, wherein the size and the offset address of the code segment transmitted in the message are specified by the master station.
Finally, in step 4, the comparison terminal uses the MD5 message digest algorithm to calculate the MD5 of the filing file and the extracted file respectively, if the two are the same, the concentrator code is not tampered, otherwise, the concentrator code is tampered.
The invention provides another important means for ensuring the normal operation of the power data acquisition system, and the safety problem of the prior power utilization equipment focuses more on the application software level and neglects the safety problem of the code level. The security of the running environment of the concentrator is detected from the code level for the first time, the code extraction of the concentrator is realized by expanding the protocol of the national network 698, and a method is provided for comparing whether the code of the concentrator is tampered or not.
Compared with the conventional CRC32 verification, the MD5 has stronger file verification performance and more excellent safety and accuracy.
MD full Message Digest, also called Message Digest algorithm, MD5 evolved from MD2/3/4, MD5 hash length is usually 128 bits, and is one of the hash algorithms widely used at present, mainly used for cryptographic encryption and file verification.
The MD5 reliability is not reversible firstly, and secondly the MD5 code has a high degree of discreteness, i.e. a small change in the original information results in a large change in MD5, and finally the probability of having the same MD5 code between different information is very low since the MD code length is 128 bits.
With the present invention, instead of calculating the CRC32 in advance as described earlier, the MD5 value can be calculated by itself after the code is extracted and stored in the concentrator. There are two problems with calculating ahead, one in that during calculation and storage in the concentrator, CRC32 may be maliciously modified by man, causing the true value to be different from the value written into the concentrator; the CRC32 value calculated in advance is subjected to TCP attack and is possibly artificially tampered in the process of comparing the request transmission of the terminal, and a little security risk exists.
By combining the two points, the invention is convenient to extract the file code through protocol extension, and then calculates the MD5, thereby avoiding the manual tampering in the value calculation process. Because the MD5 value is not transmitted, the possibility of TCP attack is reduced.
The code tampering detection method can ensure the safety of the concentrator operating environment from the source. The detection means is efficient and rapid, and the later function expansion is facilitated. Meanwhile, the method is also verified to have advancement and correctness in a large number of comparison experiments, and the safe and stable operation of the power utilization information acquisition system in a complex environment can be powerfully guaranteed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (5)

1. A code tampering detection method for a concentrator in a power data acquisition system is characterized by comprising the following steps: the method comprises the following steps:
step 1: each concentrator manufacturer records and uploads the sorted concentrator codes which meet the regulations according to the expansion protocols;
step 2, managing the recorded codes uploaded in the step 1 by utilizing a MongoDB database, and automatically classifying the codes by adopting a TF-IDF word weight technology based on artificial intelligence;
step 3, establishing TCP communication with a filing system running on a remote server by using a code extraction terminal, then downloading the filing codes sorted and classified in the step 2, finally transmitting the filing codes to a code comparison terminal, extracting the codes from a concentrator by using the code extraction terminal, and then transmitting the extracted codes to the code comparison terminal;
and 4, step 4: and (3) calculating MD5 values of the recorded code downloaded in the step (3) and the extracted code by using MD5, wherein if the values are the same, the code is not tampered, otherwise, the code is maliciously tampered, and finally, the tampering detection of the concentrator code is completed.
2. The code tampering detection method for the concentrator in the electric power data acquisition system according to claim 1, characterized in that: and when the concentrator code is filed and uploaded by each concentrator manufacturer, the RSA encryption algorithm and the AES encryption algorithm are used.
3. The code tampering detection method for the concentrator in the electric power data acquisition system according to claim 1, characterized in that: before extracting codes from the concentrator by using the code extraction terminal, the existing national network 698 protocol needs to be expanded, attributes and methods for file code transmission are added, and then the codes are extracted.
4. Detection system is tampered to code of concentrator among electric power data acquisition system which characterized in that: the system comprises a source code filing module, a concentrator code extracting module and a code comparing module;
the source code filing module is used for uploading all concentrator codes and code related information through a filing system, and a system administrator can perform auditing after filing and uploading;
the concentrator code extraction module is used for extracting codes of a concentrator which leaves a factory by using a code extraction terminal;
the code comparison module is used for carrying out record downloading on the concentrator with the model designated by a manufacturer through the record server, and comparing the downloaded code with the extracted code on the code comparison terminal so as to determine whether the code of the concentrator is tampered.
5. The system for detecting code tampering of a concentrator in an electric power data acquisition system according to claim 4, wherein: the code related information comprises at least one of the following: code, time, code version, concentrator model, byte size, and vendor information.
CN202010553448.1A 2020-06-17 2020-06-17 Code tampering detection method and system for concentrator in electric power data acquisition system Pending CN111740817A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010553448.1A CN111740817A (en) 2020-06-17 2020-06-17 Code tampering detection method and system for concentrator in electric power data acquisition system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010553448.1A CN111740817A (en) 2020-06-17 2020-06-17 Code tampering detection method and system for concentrator in electric power data acquisition system

Publications (1)

Publication Number Publication Date
CN111740817A true CN111740817A (en) 2020-10-02

Family

ID=72649426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010553448.1A Pending CN111740817A (en) 2020-06-17 2020-06-17 Code tampering detection method and system for concentrator in electric power data acquisition system

Country Status (1)

Country Link
CN (1) CN111740817A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615723A (en) * 2020-12-17 2021-04-06 武汉大学 Source machine code comparison method based on RSA digital signature

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615723A (en) * 2020-12-17 2021-04-06 武汉大学 Source machine code comparison method based on RSA digital signature
CN112615723B (en) * 2020-12-17 2021-09-14 武汉大学 Source machine code comparison method based on RSA digital signature

Similar Documents

Publication Publication Date Title
CN108664223B (en) Distributed storage method and device, computer equipment and storage medium
US8108536B1 (en) Systems and methods for determining the trustworthiness of a server in a streaming environment
CN108270874B (en) Application program updating method and device
US9305055B2 (en) Method and apparatus for analysing data packets
US7533331B2 (en) System and method for securely adding redundancy to an electronic message
CN104618498A (en) Data resource synchronizing method and server
CN104363271B (en) Document breakpoint transmission method and device
CN104579558A (en) Method for detecting integrity in data transmission process
CN104661042A (en) Method, device and system for transmitting transport stream
CN111740817A (en) Code tampering detection method and system for concentrator in electric power data acquisition system
CN110008757B (en) Data protection method and system in updating of terminal firmware of Internet of things
CN111131278A (en) Data processing method and device, computer storage medium and electronic equipment
CN108170461B (en) Differential upgrade package generation method, differential upgrade method and device
CN109586920A (en) A kind of trust authentication method and device
WO2003107201A1 (en) Method and system for authenticating a software
CN111324914A (en) File transmission method, device, server, equipment and medium
CN111045856A (en) Method, apparatus and computer program product for managing application systems
CN111130788A (en) Data processing method and system, data reading method and iSCSI server
US10931463B2 (en) Cryptographic verification of a compressed archive
CN109981291A (en) A kind of mixing packet signature method
KR102177411B1 (en) Method for managing industrial control systems via physical one-way encryption remote monitoring
CN109347639B (en) Method and device for generating serial number
CN110661759B (en) Access detection method and device
US20200265148A1 (en) Method for executing falsification check of data transmitted from data recording device including processor and a/d converter, and data recording device for performing the method
CN112804030A (en) Data checking method based on CRC + MD5 hash function bidirectional communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination