CN114553404A - Power distribution longitudinal encryption method and system based on quantum encryption - Google Patents

Power distribution longitudinal encryption method and system based on quantum encryption Download PDF

Info

Publication number
CN114553404A
CN114553404A CN202210104966.4A CN202210104966A CN114553404A CN 114553404 A CN114553404 A CN 114553404A CN 202210104966 A CN202210104966 A CN 202210104966A CN 114553404 A CN114553404 A CN 114553404A
Authority
CN
China
Prior art keywords
power distribution
distribution terminal
terminal
quantum
master station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210104966.4A
Other languages
Chinese (zh)
Inventor
卢虹宇
蔡月明
刘明祥
张强
周俊
王文轩
樊轶
刘遐龄
杨涛
何钊睿
陈亚楼
邹航
蒋海生
孙建东
张驰
陆凡
王佳
高煜钦
陈琛
陈娜
徐晨
刘润苗
孙淑云
孙健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
NARI Nanjing Control System Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Original Assignee
State Grid Corp of China SGCC
NARI Nanjing Control System Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, NARI Nanjing Control System Co Ltd, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd, State Grid Electric Power Research Institute filed Critical State Grid Corp of China SGCC
Priority to CN202210104966.4A priority Critical patent/CN114553404A/en
Publication of CN114553404A publication Critical patent/CN114553404A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a power distribution longitudinal encryption method and a power distribution longitudinal encryption system based on quantum encryption, wherein the method applies quantum characteristics and generates an absolute safe quantum key based on a BB84 principle; the bidirectional authentication technology based on the digital certificate realizes bidirectional identity authentication between the power distribution terminal and the power distribution master station and between the power distribution terminal and the security gateway, and effectively prevents attack forms such as forged terminal identity, replay attack and the like; and the confidentiality and the integrity of the service data are ensured by utilizing a data encryption and message authentication technology based on a symmetric cryptographic algorithm.

Description

Power distribution longitudinal encryption method and system based on quantum encryption
Technical Field
The invention relates to a quantum encryption-based power distribution longitudinal encryption method and system, and belongs to the technical field of power distribution network communication safety.
Background
With the deepened development of smart power grids and global energy internet, power communication networks tend to be open and interactive more and more, information security problems are propagated continuously, and potential safety hazards such as identity counterfeiting, replay attack, information leakage and the like appear in network communication. In order to guarantee safe and stable operation of a power grid, hidden dangers existing in time are found, power supply quality and reliability are improved, a power distribution encryption safety scheme is implemented, the requirement of network safety protection of a power distribution automation system is met, and the problem that the current power distribution network needs to be solved urgently is solved. The key is easy to crack, and the electric power communication network mostly adopts a classic password system, so that the safety and reliability of data transmission interaction in the communication network cannot be completely guaranteed.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a quantum encryption-based power distribution longitudinal encryption method and system, so as to solve the problems of illegal operations such as information leakage, replay attack, identity forgery and the like in the longitudinal communication process of a power distribution network system, improve the confidentiality, integrity and authentication of power distribution service data, and ensure the safety and reliability of the operation of a power distribution network.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the invention provides a quantum encryption-based longitudinal encryption method for power distribution, which comprises the following steps:
generating a symmetric quantum key based on the quantum key network QKD;
the quantum key generated by the quantum key network QKD is distributed to a power distribution main station and a power distribution terminal;
the method comprises the steps that bidirectional identity authentication is respectively carried out on a power distribution terminal and a security gateway, and the power distribution terminal and a power distribution main station, and communication connection is established between the power distribution main station and the power distribution terminal after the authentication is passed;
and the authenticated power distribution master station and the authenticated power distribution terminal perform service data interaction based on the acquired quantum key.
Further, performing bidirectional identity authentication on the power distribution terminal and the security gateway includes:
the power distribution master station initiates a request for connecting with a power distribution terminal to the security gateway; meanwhile, the security gateway initiates a TCP connection with the power distribution terminal;
the security gateway generates a random number R1, sends the random number R1 to the power distribution terminal and stores the random number, and the power distribution terminal acquires the random number R2, signs the random number R1+ R2 and sends the random number R2 to the power distribution master station;
the security gateway verifies the validity of the signature by using the power distribution terminal certificate, and the identity authentication of the power distribution master station on the power distribution terminal is completed after the verification;
the security gateway signs the random number R2 of the power distribution terminal and sends a signature result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the security gateway, and the identity authentication of the security gateway by the power distribution terminal is completed and authentication confirmation information is returned;
and the security gateway returns the successful connection result to the power distribution main station.
Further, carrying out two-way authentication to power distribution terminal and distribution main website includes:
the power distribution master station acquires a random number R1 of the power distribution master station from the power distribution encryption authentication device and sends the random number to the power distribution terminal;
the power distribution terminal acquires the random number R2, signs the R1+ R2 and sends the signed random number to the power distribution main station, and stores the R1;
the power distribution master station verifies the signature validity of the power distribution terminal, and the identity of the power distribution master station to the power distribution terminal is verified;
the power distribution master station signs the random number R2 of the power distribution terminal and sends the result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the power distribution main station, and the verification is completed through the identity authentication of the power distribution terminal to the power distribution main station and the authentication confirmation information is returned.
Further, the authenticated power distribution master station and power distribution terminal perform service data interaction based on the acquired quantum key, including:
if the information acquisition type message is interacted between the power distribution main station and the power distribution terminal, the data interaction process is,
the power distribution terminal encrypts the service message to be uploaded based on the acquired quantum key by combining an encryption algorithm and calculates a message authentication code MAC,
the ciphertext data and the message authentication code MAC are used as data fields of the uplink message and are sent to the power distribution master station;
after receiving the message, the power distribution master station verifies the correctness of the message authentication code MAC;
and decrypting the message which is verified to be correct to obtain plaintext data.
Further, the authenticated power distribution master station and power distribution terminal perform service data interaction based on the acquired quantum key, including:
if the interaction between the power distribution main station and the power distribution terminal is a control message, the data interaction process is,
the power distribution master station adds random number and time factor authentication to a service message to be issued and carries out signature;
encrypting the signature data and the original message data by using the acquired quantum key and then sending the encrypted signature data and the encrypted original message data to a power distribution terminal;
the power distribution terminal decrypts the received data to obtain original message data and signature data, judges the instruction timeliness and verifies the correctness of the signature of the power distribution main station;
and if the verification is not correct, returning error information of the power distribution main station, and if the verification is correct, executing related operation.
Further, the method also comprises the following steps of periodically updating the quantum key:
the power distribution master station sends a command for acquiring the version number of the key to the power distribution terminal, and the power distribution terminal reads the version number of the symmetric key and returns the version number to the power distribution master station;
the power distribution master station judges the key version of the power distribution terminal through the key version number and obtains an updated quantum key through a quantum key network QKD;
the power distribution master station signs the updated quantum key and symmetrically encrypts the quantum key at the last time;
the power distribution master station sends the encrypted data and the signature result to the power distribution terminal;
the power distribution terminal decrypts the acquired data and verifies the signature;
and the distribution terminal sends the quantum key passing the signature verification to the security chip or the quantum U shield to update the quantum key.
The invention also provides a power distribution longitudinal encryption system based on quantum encryption, which comprises: the system comprises a power distribution terminal, a power distribution master station, a quantum key network QKD, an offline quantum key charging system and an authentication module;
the power distribution terminal and the power distribution master station are both sides of communication;
the quantum key network QKD is used for generating symmetric quantum keys of both communication parties;
the distribution main station and the distribution terminal are used for carrying out service data interaction based on the quantum key acquired from the quantum key network QKD;
the authentication module is used for performing bidirectional identity authentication on the power distribution terminal and the security gateway, the power distribution terminal and the power distribution main station respectively, and after the authentication is passed, the power distribution main station is in communication connection with the power distribution terminal.
Furthermore, the power distribution master station is accessed to the quantum key network QKD through the quantum channel, and the quantum keys of the power distribution master station and the power distribution terminal are obtained regularly.
Furthermore, the power distribution terminal is configured with a security chip or a quantum U shield, and the security chip or the quantum U shield of the power distribution terminal is accessed to the quantum key network QKD through the offline quantum key charging system to obtain the quantum key.
Further, the authentication module is specifically configured to,
generating a random number R1 through a security gateway, sending the random number R1 to a power distribution terminal, storing the random number, taking the random number R2 by the power distribution terminal, signing R1+ R2 and sending the signed random number to a power distribution main station;
verifying the signature validity by using a power distribution terminal certificate through the security gateway, and completing the identity authentication of the power distribution master station on the power distribution terminal after verification;
signing the random number R2 of the power distribution terminal through the security gateway, and sending a signature result to the power distribution terminal;
verifying the correctness of the signature of the security gateway through the power distribution terminal, and verifying the identity authentication of the security gateway by the power distribution terminal and returning authentication confirmation information;
returning a successful connection result to the power distribution master station through the security gateway;
and the number of the first and second groups,
acquiring a random number R1 of the power distribution main station from the power distribution encryption authentication device through the power distribution main station, and sending the random number to the power distribution terminal;
the random number R2 is obtained through the power distribution terminal, the signature of R1+ R2 is sent to the power distribution main station, and R1 is stored;
verifying the signature validity of the power distribution terminal through the power distribution master station, and verifying the identity of the power distribution terminal by the power distribution master station;
signing the random number R2 of the power distribution terminal through the power distribution master station, and sending a result to the power distribution terminal;
and verifying the correctness of the signature of the power distribution main station through the power distribution terminal, and verifying the identity authentication of the power distribution main station through the power distribution terminal and returning authentication confirmation information.
Furthermore, the system also comprises an updating module,
the update module is specifically configured to perform,
sending a key version number obtaining instruction to the power distribution terminal through the power distribution master station, reading the symmetric key version number by the power distribution terminal, and returning the symmetric key version number to the power distribution master station;
judging the key version of the power distribution terminal through the key version number by the power distribution master station, and acquiring an updated quantum key through a quantum key network QKD;
signing the updated quantum key through the power distribution master station, and symmetrically encrypting by using the last quantum key;
sending the encrypted data and the signature result to a power distribution terminal through a power distribution master station;
decrypting the acquired data and verifying the signature through the power distribution terminal;
and sending the quantum key passing the signature verification to a security chip or a quantum U shield through the power distribution terminal to update the quantum key.
Compared with the prior art, the invention has the following beneficial effects:
the invention is based on the quantum key, unconditionally ensures the safety of data communication, and the key has no risk of being broken by modeling simulation; through the authentication technology of the digital certificate, the bidirectional identity authentication of the power distribution terminal and the power distribution security access gateway is realized, and attack forms such as counterfeit terminal identity, replay attack and the like are effectively prevented; combining domestic cryptographic algorithms SM1, SM2 and SM3, and integrating time and random number factors, a scheme for processing the service message by using a symmetric encryption algorithm, an asymmetric encryption algorithm and a Hash algorithm is provided, so that timeliness, authentication, integrity and the like of the message in the interactive process are realized; and a domestic security chip is adopted to realize storage, management and cryptographic operation of the terminal key.
Drawings
Fig. 1 is an overall architecture diagram of a power distribution vertical encryption system provided by an embodiment of the present invention;
FIG. 2 is a schematic diagram of quantum key generation provided by an embodiment of the present invention;
fig. 3 is a flow of bidirectional identity authentication provided in an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
It should be noted that in the description of the present invention, the terms "front", "rear", "left", "right", "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention but do not require that the present invention must be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. As used in the description of the present invention, the terms "front," "back," "left," "right," "up," "down" and "in" refer to directions in the drawings, and the terms "inner" and "outer" refer to directions toward and away from, respectively, the geometric center of a particular component.
The invention provides a power distribution network dispatching automation main station, a substation and a terminal, wherein the communication among the main station, the substation and the terminal is called longitudinal communication, and the invention provides a power distribution longitudinal encryption method based on quantum encryption, which comprises the following steps:
generating a symmetric quantum key based on the quantum key network QKD;
the quantum key generated by the quantum key network QKD is distributed to a power distribution main station and a power distribution terminal;
the method comprises the steps that bidirectional identity authentication is respectively carried out on a power distribution terminal and a security gateway, the power distribution terminal and a power distribution main station, and communication connection is established between the power distribution main station and the power distribution terminal after authentication is passed;
and the authenticated power distribution master station and the authenticated power distribution terminal perform service data interaction based on the acquired quantum key.
The invention provides a power distribution longitudinal encryption method based on quantum encryption, which comprises the following steps:
step one, adopting a BB84 protocol in a quantum key system, using a quantum basic device and a core quantum device, and encoding by both communication sides by using the polarization state of photons to generate a symmetrical quantum key.
Specifically, the quantum key generation process is shown in fig. 2, and includes the following processes:
(11) the quantum signal source of Alice forms an encoding base of Alice after being modulated by the random number generator, and quantum states are continuously sent to Bob through a quantum channel.
(12) And a random number generator of Bob randomly selects and generates a measuring basis, compares the Alice coding basis with the Bob measuring basis, and takes the same basis vector arrangement of the Alice coding basis and the Bob measuring basis as a secret key in a quantum detector of Bob.
(13) The communication key is extracted by Bob and Alice cannot know the key content, so Bob sends its own measurement basis back to Alice through the quantum channel.
(14) And after receiving the measurement basis of the Bob, the Alice compares the measurement basis with the coding basis of the Alice to measure, so that the secret key is restored, and the Alice also knows the content of the secret key.
In the present embodiment, both communication parties refer to a power distribution master station and a power distribution terminal.
And step two, the quantum key generated in the step one is used for carrying out distribution terminal initial key charging on the media such as the encryption chip, the quantum U shield and the like by adopting an offline quantum key charging system, and the storage key is destroyed by opening the cover.
And step three, the power distribution master station is accessed into the QKD quantum key management network through the quantum channel, and the master station and the terminal quantum key are obtained regularly.
Step four, based on the digital certificate technology, the two-way identities of the power distribution terminal, the power distribution security access gateway (security gateway) and the power distribution master station are respectively identified,
the specific implementation process is shown in fig. 3, and includes:
(41) the power distribution master station initiates a connection request to the power distribution safety access gateway to request to be connected with the power distribution terminal; meanwhile, the security gateway initiates TCP connection with the power distribution terminal, and bidirectional identity authentication between the security gateway and the power distribution terminal is carried out;
the authentication process is as follows:
the security gateway generates a random number R1 and sends the random number R1 to the power distribution terminal, the power distribution terminal acquires the random number R2, signs the random number R1+ R2 and sends the signed random number R1+ R2 to the power distribution main station, and meanwhile, the power distribution terminal stores R1;
the security gateway verifies the validity of the signature by using the terminal certificate, and the identity authentication of the security gateway on the power distribution terminal is completed after the verification;
then the security gateway signs the random number R2 of the power distribution terminal and sends the signature result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the security gateway, and the identity authentication of the security gateway by the power distribution terminal is completed and authentication confirmation information is returned;
and after the authentication is successful, the security gateway returns the successful connection result to the power distribution master station.
It should be noted that, in the following description,
it should be noted that the security gateway is provided with an encryption module, and the encryption module is provided with cryptographic algorithms SM1 and SM2 for signing random numbers.
(42) The power distribution main station initiates connection with the power distribution terminal based on the security gateway, and performs bidirectional identity authentication of the power distribution main station and the power distribution terminal;
the authentication process is as follows:
the power distribution master station acquires a random number R1 of the power distribution master station from a power distribution encryption authentication device (cipher machine) and sends the random number to a power distribution terminal;
the power distribution terminal takes a random number R2, signs the R1+ R2 and sends the signed result to the power distribution main station, and meanwhile, the power distribution terminal stores R1;
the power distribution master station verifies the signature validity of the power distribution terminal, and the identity of the power distribution master station to the power distribution terminal is verified;
then the power distribution master station signs a power distribution terminal random number R2 and sends the result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the power distribution main station, and the verification is completed through the identity authentication of the power distribution terminal to the power distribution main station and the authentication confirmation information is returned.
It should be noted that the power distribution terminal is internally provided with a special encryption chip, and the encryption chip is internally provided with a random number acquisition method and a national encryption algorithm, so that the random number acquisition method and the national encryption algorithm can be directly called, and meanwhile, a corresponding encryption algorithm can also be called.
(43) And after the authentication is successful, the power distribution master station and the power distribution terminal perform service message interaction.
And step five, based on quantum keys in the encryption chip, combining domestic commercial cryptographic algorithms SM1, SM2 and SM3, synthesizing time and random number factors, and using a scheme of processing the distribution service message by using symmetric encryption, asymmetric encryption and a Hash algorithm to realize safe communication interaction, wherein the main interaction flow is as follows:
(51) the power distribution master station and the power distribution terminal interact common service messages, for example, the power distribution terminal sends messages, the power distribution terminal encrypts the messages to be sent and calculates a message authentication code MAC based on the quantum key obtained in the third step and in combination with a state secret SM1 algorithm, and ciphertext data and the MAC are used as a data domain of an uplink message and sent to the power distribution master station; after the power distribution master station receives the message, the integrity of the data is verified (the correctness of the MAC is verified), and the plaintext data is obtained through decryption.
(52) The method comprises the steps that a power distribution main station and a power distribution terminal interact important service messages, for example, the power distribution main station sends messages, the power distribution main station adds random numbers and time factor authentication to the messages to be sent, signs are carried out by using SM1 and SM3 algorithms, and contents such as signature data and original message data are encrypted and then sent to the power distribution terminal; after the power distribution terminal receives the data, the data are decrypted firstly to obtain original text and signature data, the instruction timeliness is judged, the correctness of the signature of the power distribution main station is verified, the incorrect information of the power distribution main station is incorrectly returned, and the relevant operation is correctly executed.
It should be noted that, the general service message refers to remote signaling, remote measurement, and the like, and belongs to information acquisition type messages; the important service message refers to a remote control and parameter downloading message and refers to a control message.
It should be noted that, in the operation process, the power distribution terminal and the power distribution master station encrypt the service data in a "destroy after use" and "one-time pad" manner, and need to periodically update the secret key, based on the initial quantum secret key and the digital certificate in the encryption chip, the power distribution master station signs and symmetrically encrypts the secret key after obtaining the updated quantum secret key, and issues the secret key to the power distribution terminal, and after the terminal decrypts and verifies the signature, the secret key is updated to the encryption chip, and the specific flow is as follows:
(61) the power distribution master station sends a command for acquiring the version number of the key to the power distribution terminal, and the power distribution terminal reads the version number of the symmetric key and returns the version number to the power distribution master station;
(62) the power distribution master station judges the key version of the power distribution terminal according to the key version number, acquires an updated key through a QKD quantum key management system, signs the quantum key, symmetrically encrypts the quantum key before use, and sends derived key data and a signature result to the power distribution terminal;
(63) and after receiving the key updating message, the power distribution terminal decrypts the data and verifies the signature, and after the signature is verified correctly, the data is directly sent to the security chip to complete key updating, and if the key updating message is wrong, error information of successful updating or unsuccessful updating is returned.
Another embodiment of the present invention further provides a quantum encryption based power distribution longitudinal encryption system, referring to fig. 1, including: the system comprises a power distribution terminal, a power distribution master station, a quantum key network QKD, an offline quantum key charging system and an authentication module;
the power distribution terminal and the power distribution master station are two communication parties;
the quantum key network QKD is used for generating symmetric quantum keys of both communication parties;
the power distribution master station is accessed to the quantum key network QKD through the quantum channel to obtain a power distribution master station and a power distribution terminal quantum key;
the power distribution terminal is provided with a security chip or a quantum U shield, and the security chip or the quantum U shield of the power distribution terminal is accessed to a quantum key network QKD through an offline quantum key filling system to obtain a quantum key;
the power distribution main station and the power distribution terminal are used for carrying out service data interaction based on the quantum key acquired from the quantum key network QKD;
the authentication module is used for performing bidirectional identity authentication on the power distribution terminal and the security gateway, and the power distribution terminal and the power distribution main station respectively, so that communication connection is established between the power distribution main station and the power distribution terminal.
In particular, the authentication module is specifically configured to,
generating a random number R1 through a security gateway, sending the random number R1 to a power distribution terminal, storing the random number, taking the random number R2 by the power distribution terminal, signing R1+ R2 and sending the signed random number to a power distribution main station;
verifying the signature validity by using a power distribution terminal certificate through the security gateway, and completing the identity authentication of the power distribution master station on the power distribution terminal after verification;
signing the random number R2 of the power distribution terminal through the security gateway, and sending a signature result to the power distribution terminal;
verifying the correctness of the signature of the security gateway through the power distribution terminal, and verifying the identity authentication of the security gateway by the power distribution terminal and returning authentication confirmation information;
returning a successful connection result to the power distribution master station through the security gateway;
and the number of the first and second groups,
acquiring a random number R1 of the power distribution main station from the power distribution encryption authentication device through the power distribution main station, and sending the random number to the power distribution terminal;
the random number R2 is obtained through the power distribution terminal, the signature of R1+ R2 is sent to the power distribution main station, and R1 is stored;
verifying the signature validity of the power distribution terminal through the power distribution master station, and verifying the identity of the power distribution terminal by the power distribution master station;
signing the random number R2 of the power distribution terminal through the power distribution master station, and sending a result to the power distribution terminal;
and verifying the correctness of the signature of the power distribution main station through the power distribution terminal, and verifying the identity authentication of the power distribution main station through the power distribution terminal and returning authentication confirmation information.
In particular, it further comprises an update module, in particular for,
sending a command for acquiring the version number of the key to the power distribution terminal through the power distribution master station, reading the version number of the symmetric key by the power distribution terminal, and returning the version number to the power distribution master station;
judging the key version of the power distribution terminal through the key version number by the power distribution master station, and acquiring an updated quantum key through a quantum key network QKD;
signing the updated quantum key through the power distribution master station, and symmetrically encrypting by using the last quantum key;
sending the encrypted data and the signature result to a power distribution terminal through a power distribution master station;
decrypting the acquired data and verifying the signature through the power distribution terminal;
and sending the quantum key passing the signature verification to a security chip or a quantum U shield through the power distribution terminal to update the quantum key.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (11)

1. A power distribution longitudinal encryption method based on quantum encryption is characterized by comprising the following steps:
generating a symmetric quantum key based on the quantum key network QKD;
the quantum key generated by the quantum key network QKD is distributed to a power distribution main station and a power distribution terminal;
the method comprises the steps that bidirectional identity authentication is respectively carried out on a power distribution terminal and a security gateway, the power distribution terminal and a power distribution main station, and communication connection is established between the power distribution main station and the power distribution terminal after authentication is passed;
and the authenticated power distribution master station and the authenticated power distribution terminal perform service data interaction based on the acquired quantum key.
2. The method for longitudinally encrypting power distribution based on quantum encryption as claimed in claim 1, wherein the bidirectional identity authentication of the power distribution terminal and the security gateway comprises:
the power distribution master station initiates a request for connecting with a power distribution terminal to the security gateway; meanwhile, the security gateway initiates a TCP connection with the power distribution terminal;
the security gateway generates a random number R1 and sends the random number R1 to the power distribution terminal for storage, and the power distribution terminal obtains the random number R2 and sends the R1+ R2 signature to the power distribution master station;
the security gateway verifies the validity of the signature by using the power distribution terminal certificate, and the identity authentication of the power distribution master station on the power distribution terminal is completed after the verification;
the security gateway signs the random number R2 of the power distribution terminal and sends a signature result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the security gateway, and the identity authentication of the security gateway by the power distribution terminal is completed and authentication confirmation information is returned;
and the security gateway returns the successful connection result to the power distribution main station.
3. The power distribution longitudinal encryption method based on quantum encryption as claimed in claim 1, wherein the bidirectional identity authentication of the power distribution terminal and the power distribution main station comprises:
the power distribution master station acquires a random number R1 of the power distribution master station from the power distribution encryption authentication device and sends the random number to the power distribution terminal;
the power distribution terminal acquires the random number R2, signs the R1+ R2 and sends the signed random number to the power distribution main station, and stores the R1;
the power distribution master station verifies the signature validity of the power distribution terminal, and the identity of the power distribution master station to the power distribution terminal is verified;
the power distribution master station signs the random number R2 of the power distribution terminal and sends the result to the power distribution terminal;
the power distribution terminal verifies the correctness of the signature of the power distribution main station, and the verification is completed through the identity authentication of the power distribution terminal to the power distribution main station and the authentication confirmation information is returned.
4. The method for longitudinally encrypting power distribution based on quantum encryption according to claim 1, wherein the authenticated power distribution master station and the authenticated power distribution terminal perform service data interaction based on the acquired quantum key, and the method comprises the following steps:
if the information acquisition type message is interacted between the power distribution main station and the power distribution terminal, the data interaction process is,
the power distribution terminal encrypts the service message to be uploaded based on the acquired quantum key by combining an encryption algorithm and calculates a message authentication code MAC,
the ciphertext data and the message authentication code MAC are used as data fields of the uplink message and are sent to the power distribution master station;
after receiving the message, the power distribution master station verifies the correctness of the message authentication code MAC;
and decrypting the message which is verified to be correct to obtain plaintext data.
5. The method for longitudinally encrypting power distribution based on quantum encryption according to claim 1, wherein the authenticated power distribution master station and the authenticated power distribution terminal perform service data interaction based on the acquired quantum key, and the method comprises the following steps:
if the interaction between the power distribution main station and the power distribution terminal is a control message, the data interaction process is,
the distribution master station adds random number and time factor authentication to a service message to be issued, and performs signature;
encrypting the signature data and the original message data by using the acquired quantum key and then sending the encrypted signature data and the encrypted original message data to a power distribution terminal;
the power distribution terminal decrypts the received data to obtain original message data and signature data, judges the instruction timeliness and verifies the correctness of the signature of the power distribution main station;
and if the verification is not correct, returning error information of the power distribution main station, and if the verification is correct, executing related operation.
6. The method for longitudinally encrypting power distribution based on quantum cryptography according to claim 1, further comprising the steps of periodically updating quantum keys as follows:
the power distribution master station sends a command for acquiring the version number of the key to the power distribution terminal, and the power distribution terminal reads the version number of the symmetric key and returns the version number to the power distribution master station;
the power distribution master station judges the key version of the power distribution terminal through the key version number and obtains an updated quantum key through a quantum key network QKD;
the power distribution master station signs the updated quantum key and symmetrically encrypts the quantum key at the last time;
the power distribution master station sends the encrypted data and the signature result to the power distribution terminal;
the power distribution terminal decrypts the acquired data and verifies the signature;
and the distribution terminal sends the quantum key passing the signature verification to the security chip or the quantum U shield to update the quantum key.
7. A power distribution longitudinal encryption system based on quantum encryption is characterized by comprising: the system comprises a power distribution terminal, a power distribution master station, a quantum key network QKD, an offline quantum key charging system and an authentication module;
the power distribution terminal and the power distribution master station are both sides of communication;
the quantum key network QKD is used for generating symmetric quantum keys of both communication parties;
the distribution main station and the distribution terminal are used for carrying out service data interaction based on the quantum key acquired from the quantum key network QKD;
the authentication module is used for performing bidirectional identity authentication on the power distribution terminal and the security gateway, the power distribution terminal and the power distribution main station respectively, and after the authentication is passed, the power distribution main station is in communication connection with the power distribution terminal.
8. The system of claim 7, wherein the distribution main station accesses the quantum key network QKD through a quantum channel to periodically obtain the distribution main station and the distribution terminal quantum key.
9. The system according to claim 7, wherein the distribution terminal is configured with a security chip or a quantum U shield, and the security chip or the quantum U shield of the distribution terminal accesses the quantum key network QKD through an offline quantum key charging system to obtain the quantum key.
10. A quantum cryptography based longitudinal encryption system for power distribution according to claim 7, wherein said authentication module is specifically configured to,
generating a random number R1 through a security gateway, sending the random number R1 to a power distribution terminal, storing the random number, taking the random number R2 by the power distribution terminal, signing R1+ R2 and sending the signed random number to a power distribution main station;
verifying the validity of the signature by using a power distribution terminal certificate through a security gateway, and completing the identity authentication of a power distribution master station on a power distribution terminal through verification;
signing the random number R2 of the power distribution terminal through the security gateway, and sending a signature result to the power distribution terminal;
verifying the correctness of the signature of the security gateway through the power distribution terminal, and verifying the identity authentication of the security gateway by the power distribution terminal and returning authentication confirmation information;
returning a successful connection result to the power distribution master station through the security gateway;
and the number of the first and second groups,
acquiring a random number R1 of the power distribution main station from the power distribution encryption authentication device through the power distribution main station, and sending the random number to the power distribution terminal;
the random number R2 is obtained through the power distribution terminal, the signature of R1+ R2 is sent to the power distribution main station, and R1 is stored;
verifying the signature validity of the power distribution terminal through the power distribution master station, and verifying the identity of the power distribution terminal by the power distribution master station;
signing the random number R2 of the power distribution terminal through the power distribution master station, and sending a result to the power distribution terminal;
and verifying the correctness of the signature of the power distribution main station through the power distribution terminal, and verifying the identity authentication of the power distribution main station through the power distribution terminal and returning authentication confirmation information.
11. The quantum cryptography-based power distribution longitudinal encryption system according to claim 7, further comprising an update module,
the update module is specifically configured to perform,
sending a key version number obtaining instruction to the power distribution terminal through the power distribution master station, reading the symmetric key version number by the power distribution terminal, and returning the symmetric key version number to the power distribution master station;
judging the key version of the power distribution terminal through the key version number by the power distribution master station, and acquiring an updated quantum key through a quantum key network QKD;
signing the updated quantum key through the power distribution master station, and symmetrically encrypting by using the last quantum key;
sending the encrypted data and the signature result to a power distribution terminal through a power distribution master station;
decrypting the acquired data and verifying the signature through the power distribution terminal;
and sending the quantum key passing the signature verification to a security chip or a quantum U shield through the power distribution terminal to update the quantum key.
CN202210104966.4A 2022-01-28 2022-01-28 Power distribution longitudinal encryption method and system based on quantum encryption Pending CN114553404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210104966.4A CN114553404A (en) 2022-01-28 2022-01-28 Power distribution longitudinal encryption method and system based on quantum encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210104966.4A CN114553404A (en) 2022-01-28 2022-01-28 Power distribution longitudinal encryption method and system based on quantum encryption

Publications (1)

Publication Number Publication Date
CN114553404A true CN114553404A (en) 2022-05-27

Family

ID=81673163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210104966.4A Pending CN114553404A (en) 2022-01-28 2022-01-28 Power distribution longitudinal encryption method and system based on quantum encryption

Country Status (1)

Country Link
CN (1) CN114553404A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0633675A1 (en) * 1993-07-09 1995-01-11 Koninklijke Philips Electronics N.V. A telecommunications network and a main station and a substation for use in such a network
JP2000215280A (en) * 1999-01-26 2000-08-04 Hitachi Ltd Identity certification system
US20060029229A1 (en) * 2004-08-03 2006-02-09 Alexei Trifonov QKD station with EMI signature suppression
JP2011170530A (en) * 2010-02-17 2011-09-01 Tokai Rika Co Ltd Device for setting encryption of authentication system
CN108964898A (en) * 2018-06-28 2018-12-07 安徽继远软件有限公司 It is a kind of that electricity consumption cryptographic communication system and method are matched based on Quantum Secure Communication
CN109257327A (en) * 2017-07-14 2019-01-22 中国电力科学研究院 A kind of the communication message safety interacting method and device of electrical power distribution automatization system
CN109412794A (en) * 2018-08-22 2019-03-01 南京南瑞国盾量子技术有限公司 A kind of quantum key automatic filling method and system adapting to power business
CN111435390A (en) * 2019-01-11 2020-07-21 中国电力科学研究院有限公司 Safety protection method for operation and maintenance tool of power distribution terminal
CN111711686A (en) * 2020-06-15 2020-09-25 江苏方天电力技术有限公司 Safety protection method based on power distribution terminal
CN112152817A (en) * 2020-09-25 2020-12-29 国科量子通信网络有限公司 Quantum key distribution method and system for authentication based on post-quantum cryptography algorithm

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0633675A1 (en) * 1993-07-09 1995-01-11 Koninklijke Philips Electronics N.V. A telecommunications network and a main station and a substation for use in such a network
JP2000215280A (en) * 1999-01-26 2000-08-04 Hitachi Ltd Identity certification system
US20060029229A1 (en) * 2004-08-03 2006-02-09 Alexei Trifonov QKD station with EMI signature suppression
JP2011170530A (en) * 2010-02-17 2011-09-01 Tokai Rika Co Ltd Device for setting encryption of authentication system
CN109257327A (en) * 2017-07-14 2019-01-22 中国电力科学研究院 A kind of the communication message safety interacting method and device of electrical power distribution automatization system
CN108964898A (en) * 2018-06-28 2018-12-07 安徽继远软件有限公司 It is a kind of that electricity consumption cryptographic communication system and method are matched based on Quantum Secure Communication
CN109412794A (en) * 2018-08-22 2019-03-01 南京南瑞国盾量子技术有限公司 A kind of quantum key automatic filling method and system adapting to power business
CN111435390A (en) * 2019-01-11 2020-07-21 中国电力科学研究院有限公司 Safety protection method for operation and maintenance tool of power distribution terminal
CN111711686A (en) * 2020-06-15 2020-09-25 江苏方天电力技术有限公司 Safety protection method based on power distribution terminal
CN112152817A (en) * 2020-09-25 2020-12-29 国科量子通信网络有限公司 Quantum key distribution method and system for authentication based on post-quantum cryptography algorithm

Similar Documents

Publication Publication Date Title
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN111464301B (en) Key management method and system
CN102111265B (en) Method for encrypting secure chip of power system acquisition terminal
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN101409619B (en) Flash memory card and method for implementing virtual special network key exchange
CN111614621B (en) Internet of things communication method and system
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN112702318A (en) Communication encryption method, decryption method, client and server
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN113704736A (en) Lightweight access authentication method and system for power Internet of things equipment based on IBC system
CN109547413B (en) Access control method of convertible data cloud storage with data source authentication
CN112020038A (en) Domestic encryption terminal suitable for rail transit mobile application
CN112165386B (en) Data encryption method and system based on ECDSA
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN114070579A (en) Industrial control service authentication method and system based on quantum key
CN102903226B (en) Data transmission method for communication of intelligent electric meters
CN104753682A (en) Generating system and method of session keys
CN102916810A (en) Method, system and apparatus for authenticating sensor
CN116567624B (en) 5G feeder terminal communication safety protection method, device and storage medium
US20210044435A1 (en) Method for transmitting data from a motor vehicle and method for another vehicle to receive the data through a radio communication channel
CN108882182B (en) Short message encryption and decryption device
CN115801232A (en) Private key protection method, device, equipment and storage medium
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination