CN112039654A - Electric meter data security acquisition method for resisting man-in-the-middle attack - Google Patents
Electric meter data security acquisition method for resisting man-in-the-middle attack Download PDFInfo
- Publication number
- CN112039654A CN112039654A CN202010870067.6A CN202010870067A CN112039654A CN 112039654 A CN112039654 A CN 112039654A CN 202010870067 A CN202010870067 A CN 202010870067A CN 112039654 A CN112039654 A CN 112039654A
- Authority
- CN
- China
- Prior art keywords
- data
- electric meter
- center
- meter data
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000008569 process Effects 0.000 claims abstract description 17
- 230000006854 communication Effects 0.000 claims abstract description 14
- 230000005540 biological transmission Effects 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims abstract description 11
- 238000005457 optimization Methods 0.000 claims abstract description 4
- 238000010606 normalization Methods 0.000 claims description 8
- 230000005611 electricity Effects 0.000 claims description 7
- 238000013475 authorization Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 239000000203 mixture Substances 0.000 claims description 2
- 238000012546 transfer Methods 0.000 claims description 2
- 239000002994 raw material Substances 0.000 claims 1
- 230000006870 function Effects 0.000 description 14
- 239000011159 matrix material Substances 0.000 description 8
- 238000012795 verification Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000004140 cleaning Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101150098958 CMD1 gene Proteins 0.000 description 1
- 101100382321 Caenorhabditis elegans cal-1 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention discloses an electric meter data security acquisition method for resisting man-in-the-middle attack, which comprises the steps of encrypting and authenticating the identity between an electric meter data center and a data acquisition center and the identity of an intelligent electric meter by using an AES (advanced encryption standard) optimization strategy; the intelligent ammeter returns ammeter data to the data acquisition center by executing the instruction sent by the data acquisition center; and transmitting the electric meter data to a data storage center through the data acquisition center to finish the acquisition of the electric meter data. The invention integrates RSA and AES algorithms, provides IRSA _ AES identity authentication, realizes double-encryption identity authentication, solves the problem of man-in-the-middle attack in the data acquisition process of defending the intelligent electric meter, and realizes the whole set of safety protection from data acquisition to transmission and the high-efficiency and safety communication of the intelligent electric meter.
Description
Technical Field
The invention relates to the technical field of electric power safety, in particular to an ammeter data safety acquisition method for resisting man-in-the-middle attack.
Background
At present, most of electric meters used by domestic and foreign users are electronic electric energy meters, for example: single-phase electric energy meter, two-phase electric energy meter and three electric energy meters. Most domestic intelligent electric meters adopt a DL/T645 protocol, the protocol is designed primarily, only the integrity of functions and the reliability of electric meter data transmission are considered, and excessive consideration is not made for the safety of data.
The intelligent electric meter has the following problems when collecting data and transmitting the data. The data acquisition unit and the intelligent electric meter lack identity authentication and authority discrimination, the data of the intelligent electric meter is acquired by the data acquisition unit and collected by the data aggregator and then transmitted to the data storage center, and in the process, the data acquired by the intelligent electric meter is transmitted in a plaintext form. An illegal person attacks the communication network by a man-in-the-middle attack means to obtain the control authority, and eavesdropping and intercepting the metering data to cause the disorder of the metering data and the error of the key parameter. This will cause leakage of electricity consumption information and cause immeasurable loss in the aspects of user and power grid pricing. In order to solve the problem, a plurality of protection devices are available on the market at present to realize the theft protection of the data of the intelligent electric meter, but most of the protection devices adopt hardware devices, the development and maintenance costs are high, the expandability is poor, the anti-theft intelligent electric meter data means is limited, and meanwhile, the real-time monitoring and reporting in the data acquisition process of the intelligent electric meter cannot be realized.
Disclosure of Invention
This section is for the purpose of summarizing some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. In this section, as well as in the abstract and the title of the invention of this application, simplifications or omissions may be made to avoid obscuring the purpose of the section, the abstract and the title, and such simplifications or omissions are not intended to limit the scope of the invention.
The present invention has been made in view of the above-mentioned conventional problems.
Therefore, the invention provides an ammeter data security acquisition method for resisting man-in-the-middle attack, which is used for preventing the man-in-the-middle attack problem of the intelligent ammeter in the data acquisition process and realizing the efficient and secure communication of the intelligent ammeter.
In order to solve the technical problems, the invention provides the following technical scheme: encrypting and authenticating the identity between an electric meter data center and a data acquisition center and the identity of an intelligent electric meter by using an AES (advanced encryption standard) optimization strategy; the intelligent ammeter returns ammeter data to the data acquisition center by executing the instruction sent by the data acquisition center; and transmitting the electric meter data to a data storage center through the data acquisition center to finish the acquisition of the electric meter data.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the encryption authentication comprises that the data acquisition center firstly encrypts the information to be verified by using an AES algorithm, the key of the AES is encrypted by using an optimized RSA algorithm, the authentication times N are limited in the authentication process, and if the authentication failure times exceed N or are equal to N, the system authentication is automatically stopped.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the optimized RSA algorithm comprises the steps that based on the RSA big prime number principle, a fast exponential algorithm is adopted, summation and modulus are not changed, and the size of two multipliers is reduced.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the instruction comprises that the data acquisition center sends an acquisition command and an authentication request to the electric meter data center by using the authorization number of the acquisition unit.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: after the authentication request, the method further comprises the steps of comparing a generated message digest with a message digest sent by the data acquisition center through a hash function, if the comparison result is consistent, the verification is successful, the electric meter data center sends the instruction to the intelligent electric meter, and the electric meter data are returned to the data acquisition center; otherwise, the authentication fails and the service is denied.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the returned electric meter data comprises the steps of sequentially checking the normalization and the integrity of the data returned by the intelligent electric meter based on a DLT \645 protocol, clearing all data which do not accord with the normalization, and encrypting all data which accord with the normalization.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the DLT \645 protocol comprises that the establishment and the release of a communication link in the communication process of the DLT \645 protocol are controlled by an information frame sent by a master station; each frame comprises a frame start character, a secondary station geological domain, a control code, a data domain length, a data domain and a frame information longitudinal check code, and each part comprises a plurality of bytes.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: each byte consists of 8-bit binary codes, and 11 bits are added with a start bit (0), an even check bit and a stop bit (1) during transmission; the transmission sequence of the bytes is "0D 0D 1D 2D 3D 4D 5D 6D 7P 1"; where D0 is the least significant bit of the byte and D7 is the most significant bit of the byte, the transfer follows the low-order-first-high order principle.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the intelligent electric meter receives and executes the instruction and returns a corresponding standard format; the data acquisition center extracts four bytes of 'DI' in the data identification code3、DI2、DI1、DI0And sequentially matching the legality and the security of the acquired and extracted data and matching the IP and the MAC value.
As a preferred scheme of the electric meter data security acquisition method for resisting man-in-the-middle attack, the method comprises the following steps: the MAC value comprises a short data block of fixed length generated by an authentication function using a message and a double-play shared key.
The invention has the beneficial effects that: the invention integrates RSA and AES algorithms, provides IRSA _ AES identity authentication, realizes double-encryption identity authentication, solves the problem of man-in-the-middle attack in the data acquisition process of defending the intelligent electric meter, and realizes the whole set of safety protection from data acquisition to transmission and the high-efficiency and safety communication of the intelligent electric meter.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise. Wherein:
fig. 1 is a schematic flow chart of a method for securely acquiring meter data against man-in-the-middle attack according to a first embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an encryption authentication process of a method for collecting meter data securely against man-in-the-middle attack according to a first embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an anomaly detection and monitoring of a method for safely collecting meter data against man-in-the-middle attacks according to a first embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
Furthermore, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
The present invention will be described in detail with reference to the drawings, wherein the cross-sectional views illustrating the structure of the device are not enlarged partially in general scale for convenience of illustration, and the drawings are only exemplary and should not be construed as limiting the scope of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
Meanwhile, in the description of the present invention, it should be noted that the terms "upper, lower, inner and outer" and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation and operate, and thus, cannot be construed as limiting the present invention. Furthermore, the terms first, second, or third are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected and connected" in the present invention are to be understood broadly, unless otherwise explicitly specified or limited, for example: can be fixedly connected, detachably connected or integrally connected; they may be mechanically, electrically, or directly connected, or indirectly connected through intervening media, or may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1
Referring to fig. 1 to 3, a first embodiment of the present invention provides a method for safely collecting meter data against man-in-the-middle attacks, including:
s1: and encrypting and authenticating the identity between the electric meter data center and the data acquisition center and the identity of the intelligent electric meter by using an AES (advanced encryption standard) optimization strategy.
The data acquisition center firstly encrypts information to be verified by using an Advanced Encryption Standard (AES) algorithm, the sent verification information is encrypted by an AES key, the AES key is an optimized RSA (rivest Shamir Adleman) -encrypted key, the authentication frequency N is limited in the authentication process, and if the authentication failure frequency exceeds N or is equal to N, the system authentication is automatically stopped, so that the system authentication can effectively cope with exhaustive attack.
It should be noted that: AES is an advanced encryption standard in cryptography, with a block length fixed to 128 bits and a key length of 128, 192, or 256 bits; the AES encryption process operates on a 4 x 4 Byte matrix, also known as a "state", whose initial value is a block of plaintext (one element size in the matrix is a Byte in the block of plaintext). During encryption, each round of AES encryption cycle (except the last round) comprises the following 4 steps:
a) AddRoundKey (Key adding)
In each encryption cycle, a round key is generated from the master key, and the size of the round key is the same as that of the original matrix, so that the round key is subjected to exclusive-or operation with each corresponding byte in the original matrix.
b) SubBytes (byte substitution)
Each byte in the matrix is transformed by an 8-bit non-linear substitution function S-box.
c) ShiftRows (line shift)
Each row is cyclically shifted to the left by some offset. In AES (block size 128 bits), the first row remains unchanged and each byte in the second row is cyclically shifted one lattice to the left. Similarly, the third and fourth rows are cyclically shifted to the left by two and three offsets, respectively. The pattern of cyclic shifts in this step is the same for blocks of 128 bits and 192 bits. After ShiftRows, each column in the matrix is composed of elements in each different column in the input matrix.
d) MixColumns (Mixed column)
This step uses linear conversion to mix four bytes per inlining in order to fully mix the operations of the various straight rows in the matrix.
The principle of the RSA algorithm is: decrypting the data encrypted by the public key by using the private key; the data encrypted using the private key is decrypted using the public key.
Exhaustive attacks are attack methods in cryptanalysis that examine every possible solution and find the correct one.
Preferably, aiming at the problem that the encryption tends to reduce the data acquisition speed, the RSA algorithm is optimized by adopting a Fast exponential algorithm (Fast RSA (C, D, N)) based on the RSA large prime number principle. The purpose is to reduce the size of two multipliers and further reduce the operation amount by changing the calculation principle on the premise of not changing summation and module calculation.
The process of reducing the multiplier size is described as follows:
firstly, prime numbers P and Q are found out;
then, the common modulus N-P-Q is calculated, and the Euler function is calculated
The public key E is calculated and,
the private key D is calculated and,
encryption: firstly, bit string grouping is carried out on plaintext, so that the decimal number corresponding to each group is less than n, then encryption is carried out on each group m in sequence, the sequence formed by ciphertext of all groups is the encryption result of the original message, namely m satisfies the condition that m is more than or equal to 0<n, the encryption algorithm is: c ═ ME mod N;
And (3) decryption: m ═ CD mod N;
If M is>(N-1)/2, performing M1=N-M;
If C>(N-1)/2&If D is 1, then C is executed1=N-C,M1=M(mod N);
And finally, returning to M to ensure the encryption and decryption speed of the electric meter data.
Wherein E is an integer, and E and
is a relatively prime number; m is a plaintext space, which is a set of all possible plaintext M, which is a meaningful set of characters or bits, or a message that can be obtained by some open encoding standard; c is a ciphertext space, which is a set of all possible ciphertexts C, and the ciphertext is an output obtained by applying some kind of disguise or transformation to the plaintext, and can also be regarded as an indirectly understandable character or bit set.
S2: the intelligent electric meter returns electric meter data to the data acquisition center through an instruction sent by the data acquisition center.
The instruction is that the data acquisition center sends an acquisition command and an authentication request to the electric meter data center by using the authorization number of the acquisition device.
The message is subjected to abstract and signature by a hash function and then is transmitted to an electric meter data center, wherein the hash function is an irreversible one-way cryptosystem which converts input with any length into output with fixed length; after the electric meter data center receives the information and the signature, the received information is subjected to message digest processing through a Hash function, the generated message digest (the information after the signature is removed) is compared with the message digest sent by the data acquisition center, if the data are consistent, the verification is successful, the electric meter data center sends an acquisition command to the intelligent electric meter, the electric meter data are acquired, and if the data are not consistent, the verification fails, and the service is refused.
It should be noted that the data collection center and the electric meter data center use a hash function to digest the message, and the two communication parties use a unified mechanism to generate keys, and compare the collected message with the message digest sent by the data collection center, if the comparison is consistent, the identity authentication is successful, otherwise, the identity authentication fails, the task is rejected, the authentication times N are limited for the two and three authentications, and the occurrence of exhaustive attack is avoided.
Before data acquisition, emptying all resources and data text boxes which are used; setting all relevant parameters such as time t, address Adress, voltage quantity H _ Energy, power P _ Energy and the like; the data acquisition center starts to establish connection with an electric meter data center, establishes N command object connection attributes aiming at N electric meters, and executes a cmd1.connection ═ conn1 command; after the connection is established, the data acquisition String strreadmeterld 'XXXXXXX', a reading meter sp.write (XX, 0, XX), reading voltage, current and other instructions are sent.
Further, data returned by the intelligent electric meter based on the DLT \645 protocol are sequentially checked for normalization and integrity, byte cleaning is carried out on the data which are not in accordance with the normalization and are incomplete in field, and RSA _ SUAN and FastRSA (C, D, N) encryption functions are called to encrypt the normalized data. During encryption, the RSA _ ENCRYPT () function generates a key pair Ek, and the electricity meter data is encrypted by utilizing the key pair Ek to generate a ciphertext C.
Specifically, the establishment and release of a communication link in the DLT \645 protocol convention communication process are controlled by an information frame sent by a master station; each frame comprises a frame start symbol, a secondary station geological domain, a control code, a data domain length, a data domain and a frame information longitudinal check code, each part comprises a plurality of bytes, and each byte consists of 8-bit binary codes.
S3: and the data acquisition center transmits the electric meter data to the data storage center to finish the acquisition of the electric meter data.
The data acquisition center transmits an acquisition instruction to the intelligent electric meter according to DLT \645 specification, the intelligent electric meter is required to transmit data, the intelligent electric meter receives and executes the instruction and returns to a corresponding specification format, the data transmission is started, and a start bit (0), an even check bit and a stop bit (1) are added during the transmission, wherein 11 bits are total; the transmission sequence of bytes is "0D 0D 1D 2D 3D 4D 5D 6D 7P 1"; wherein D0 is the least significant bit of the byte, D7 is the most significant bit of the byte, and the transmission follows the principle of low bit first and high bit last.
And the data acquisition unit performs data cleaning and RSA encryption processing operations on the acquired data, uploads the data to the data management center, and finally transmits the ciphertext C to the data storage center.
It should be noted that the data collection center extracts the data identifierFour bytes in the code "DI3、DI2、DI1、DI0And sequentially matching the legality and the security of the acquired and extracted data and matching the IP and the MAC value. The MAC generates a short data block with fixed length by using a message and a secret key shared by the two parties through an authentication function, and the safety of the MAC depends on a Hash function, so the MAC is also called the Hash function with the secret key and can be used for data originating authentication and integrity check.
Preferably, in the embodiment, the RSA and AES algorithms are fused, the IRSA _ AES identity authentication is proposed, the double encryption identity authentication is realized, and the operation rate is improved by reducing the multiplier to optimize the RSA algorithm; the cryptograph is started to collect and transmit the data of the intelligent electric meter, when a man-in-the-middle attacks the communication line, hacker information is immediately picked off and reported to an administrator, the administrator immediately takes measures for preventing and controlling the attack, the problem of man-in-the-middle eavesdropping is effectively solved, better safety protection is realized on the communication line, and meanwhile, the problem of inattention caused by long-term artificial monitoring of the administrator is greatly reduced.
Example 2
The technical effects adopted in the method are verified, the original RSA identity authentication method is selected and the method is adopted for comparison test, and the test results are compared by means of scientific demonstration to verify the real effect of the method.
The principle of the original RSA algorithm is that it is a large number calculation, the algorithm can only encrypt 117 characters, the original text data using the RSA algorithm also needs to consider whether its data type is String or Object, and the RSA algorithm is only used for encryption of small data. The RSA algorithm has a decryption time much longer than the encryption time, which is typically several tens of times longer than the encryption time.
The IRSA _ AES authentication mechanism of the invention enhances the security of data transmission by fusing the AES algorithm and the RSA algorithm. In order to better verify the difference between the method and the traditional encryption method, RSA, AES and the method are respectively used for encryption comparison;
and (3) testing environment:
a CPU: intel Core i7-4712MQ CPU 2.3 GHz; memory: 8 GB; and OS: win 764 bits.
Compiled at Microsoft Visual C + +. NET 2017, and the command is executed: cryptotest b. The time required to execute the command is shown in table 1; the security of each algorithm is shown in table 2.
Table 1: a time comparison table required for encryption using the conventional encryption algorithm and the encryption algorithm of the present invention.
As can be seen from the table I, the IRSA _ AES is superior to the traditional algorithms RSA and AES in terms of the number of requested processes per second for different user loads and the response time under different user loads, and in the same unit time, the RSA algorithm can process 2757 bytes averagely, the AES algorithm can process 5147 bytes averagely, and the IRSA _ AES algorithm of the invention processes 6433 bytes averagely.
Table two: security comparison tables for conventional encryption algorithms and the encryption algorithm of the present invention.
It can be known from the table two that the decoding time of each algorithm increases with the increase of the number of bytes of the key, and in the same key length, the decoding time of the IRSA _ AES algorithm is longer than that of the RSA algorithm and that of the ASE algorithm, which indicates that the security of the IRSA _ AES algorithm is superior to that of the conventional algorithm.
In the authentication process, the invention effectively prevents violent attack by limiting the authentication times N; data transmitted through the encrypted transmission line is effective against eavesdropping by a man in the middle of the communication line. In the data acquisition process, a protection mechanism is started, problematic log information is extracted, a report is generated and transmitted to an administrator, the problems that a large amount of log information cannot be focused and the like are effectively solved for workers, the acquired data are stored in a data center, and when a national power grid, a client and the like need the data, the data can be directly called and decrypted by using a decryption algorithm. In addition, the invention belongs to software development, has low development and maintenance cost and the traditional hardware attack-resistant cost, has good expansibility, and simultaneously reduces the energy consumption of engineering and managers.
It should be noted that the above-mentioned embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the claims of the present invention.
Claims (10)
1. An ammeter data security acquisition method for resisting man-in-the-middle attack is characterized in that: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
encrypting and authenticating the identity between the electric meter data center and the data acquisition center and the identity of the intelligent electric meter by using an AES (advanced encryption standard) optimization strategy;
the intelligent ammeter returns ammeter data to the data acquisition center by executing the instruction sent by the data acquisition center;
and transmitting the electric meter data to a data storage center through the data acquisition center to finish the acquisition of the electric meter data.
2. A method for securely collecting meter data against man-in-the-middle attacks as recited in claim 1, further comprising: the encrypted authentication includes, in part,
the data acquisition center firstly utilizes an AES algorithm to encrypt information to be verified, a secret key of the AES algorithm is encrypted by an optimized RSA algorithm, the authentication times N are limited in the authentication process, and if the authentication failure times exceed N or are equal to N, system authentication is automatically stopped.
3. A method for securely collecting meter data against man-in-the-middle attacks as claimed in claim 1 or 2, characterized in that: the optimized RSA algorithm includes the following steps,
based on the RSA big prime number principle, a fast exponential algorithm is adopted, summation and modulus are not changed, and the size of two multipliers is reduced.
4. A method for securely collecting meter data against man-in-the-middle attacks as recited in claim 3, further comprising: the instructions may include, in part,
and the data acquisition center sends an acquisition command and an authentication request to the electric meter data center by using the authorization number of the acquisition unit.
5. An electricity meter data security collection method against man-in-the-middle attacks as recited in claim 4, further comprising: after the authentication request, the method further comprises,
comparing the generated message digest with the message digest sent by the data acquisition center through a hash function, if the comparison result is consistent, successfully verifying, sending the instruction to the intelligent ammeter by the ammeter data center, and returning the ammeter data to the data acquisition center; otherwise, the authentication fails and the service is denied.
6. An electricity meter data security collection method against man-in-the-middle attacks as recited in claim 5, further comprising: the return meter data includes the return meter data including,
and sequentially checking the normalization and the integrity of the data returned by the intelligent electric meter based on a DLT \645 protocol, clearing all the data which do not accord with the normalization, and encrypting all the data which accord with the normalization.
7. An electricity meter data security collection method for defending against man-in-the-middle attacks as recited in claim 6, further comprising: the DLT \645 protocol includes that,
the establishment and the release of a communication link in the appointed communication process are controlled by an information frame sent by a master station;
each frame comprises a frame start character, a slave station geological domain, a control code, a data domain length, a data domain and a frame information longitudinal check code, and each part comprises a plurality of bytes.
8. An electricity meter data security collection method for defending against man-in-the-middle attacks as recited in claim 7, further comprising: the bytes include a number of bytes that include,
each byte consists of 8-bit binary codes, and a start bit (0), an even check bit and a stop bit (1) are added during transmission, so that 11 bits are total;
the transmission sequence of the bytes is "0D 0D 1D 2D 3D 4D 5D 6D 7P 1"; where D0 is the least significant bit of the byte and D7 is the most significant bit of the byte, the transfer follows the low-order-first-high order principle.
9. An electricity meter data security collection method for defending against man-in-the-middle attacks as recited in claim 8, further comprising: also comprises the following steps of (1) preparing,
the intelligent electric meter receives and executes the instruction and returns to a corresponding standard format;
the data acquisition center extracts four bytes of 'DI' in the data identification code3、DI2、DI1、DI0And sequentially matching the legality and the security of the acquired and extracted data and matching the IP and the MAC value.
10. A method for securely collecting meter data against man-in-the-middle attacks as recited in claim 9, further comprising: the MAC value may include, for example,
a short block of fixed length is generated by an authentication function using a message and a double-playing shared key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010870067.6A CN112039654A (en) | 2020-08-26 | 2020-08-26 | Electric meter data security acquisition method for resisting man-in-the-middle attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010870067.6A CN112039654A (en) | 2020-08-26 | 2020-08-26 | Electric meter data security acquisition method for resisting man-in-the-middle attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112039654A true CN112039654A (en) | 2020-12-04 |
Family
ID=73581518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010870067.6A Pending CN112039654A (en) | 2020-08-26 | 2020-08-26 | Electric meter data security acquisition method for resisting man-in-the-middle attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039654A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113744437A (en) * | 2021-09-15 | 2021-12-03 | 南京润海科星物联网智能科技有限公司 | Intelligent house renting management method and system |
| CN114023060A (en) * | 2021-11-10 | 2022-02-08 | 国网江苏省电力有限公司营销服务中心 | Intelligent power consumption data acquisition and uploading method and system based on repeater |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060251248A1 (en) * | 2005-05-03 | 2006-11-09 | Jesse Lipson | Public key cryptographic methods and systems with preprocessing |
| US20070147621A1 (en) * | 2003-04-30 | 2007-06-28 | Elad Barkan | Cryptoanalysis method and system |
| US20120189122A1 (en) * | 2011-01-20 | 2012-07-26 | Yi-Li Huang | Method with dynamic keys for mutual authentication in wireless communication environments without prior authentication connection |
| CN103618610A (en) * | 2013-12-06 | 2014-03-05 | 上海千贯节能科技有限公司 | Information safety algorithm based on energy information gateway in smart power grid |
-
2020
- 2020-08-26 CN CN202010870067.6A patent/CN112039654A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070147621A1 (en) * | 2003-04-30 | 2007-06-28 | Elad Barkan | Cryptoanalysis method and system |
| US20060251248A1 (en) * | 2005-05-03 | 2006-11-09 | Jesse Lipson | Public key cryptographic methods and systems with preprocessing |
| US20120189122A1 (en) * | 2011-01-20 | 2012-07-26 | Yi-Li Huang | Method with dynamic keys for mutual authentication in wireless communication environments without prior authentication connection |
| CN103618610A (en) * | 2013-12-06 | 2014-03-05 | 上海千贯节能科技有限公司 | Information safety algorithm based on energy information gateway in smart power grid |
Non-Patent Citations (1)
| Title |
|---|
| 董伟伟等: "一种基于RAHRM 的电表数据安全采集传输方法", 上海电力大学学报, vol. 36, no. 4, pages 336 - 340 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113744437A (en) * | 2021-09-15 | 2021-12-03 | 南京润海科星物联网智能科技有限公司 | Intelligent house renting management method and system |
| CN114023060A (en) * | 2021-11-10 | 2022-02-08 | 国网江苏省电力有限公司营销服务中心 | Intelligent power consumption data acquisition and uploading method and system based on repeater |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111541677B (en) | Safe hybrid encryption method based on narrowband Internet of things | |
| CN111131148B (en) | Aggregation method and system capable of protecting privacy data and facing smart power grid | |
| US20210367753A1 (en) | Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption | |
| CN111294366A (en) | Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid | |
| CA2690755C (en) | System and method of per-packet keying | |
| Xin | A mixed encryption algorithm used in internet of things security transmission system | |
| CN113691380B (en) | Multidimensional private data aggregation method in smart power grid | |
| Saxena et al. | Dynamic secrets and secret keys based scheme for securing last mile smart grid wireless communication | |
| CN104023013A (en) | Data transmission method, server side and client | |
| CN103095696A (en) | Identity authentication and key agreement method suitable for electricity consumption information collection system | |
| CN112235107B (en) | Data transmission method, device, equipment and storage medium | |
| Saxena et al. | Efficient signature scheme for delivering authentic control commands in the smart grid | |
| CN106850191A (en) | The encryption and decryption method and device of distributed memory system communication protocol | |
| CN114915970B (en) | PUF-based lightweight intelligent meter batch authentication method and gateway | |
| CN113312608B (en) | Electric power metering terminal identity authentication method and system based on time stamp | |
| CN105281910A (en) | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method | |
| CN114826656A (en) | Trusted data link transmission method and system | |
| CN112039654A (en) | Electric meter data security acquisition method for resisting man-in-the-middle attack | |
| CN113329014A (en) | Information transmission device based on electric power thing networking encryption communication authentication | |
| CN111490874B (en) | Distribution network safety protection method, system, device and storage medium | |
| Cho et al. | PALDA: Efficient privacy-preserving authentication for lossless data aggregation in Smart Grids | |
| CN106230840A (en) | A kind of command identifying method of high security | |
| Sun et al. | A dynamic secret-based encryption method in smart grids wireless communication | |
| CN110224827B (en) | Encrypted edge Internet of things gateway | |
| CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |