CN115174157A - Relay protection remote operation and maintenance network security multistage blocking method and system - Google Patents
Relay protection remote operation and maintenance network security multistage blocking method and system Download PDFInfo
- Publication number
- CN115174157A CN115174157A CN202210669174.1A CN202210669174A CN115174157A CN 115174157 A CN115174157 A CN 115174157A CN 202210669174 A CN202210669174 A CN 202210669174A CN 115174157 A CN115174157 A CN 115174157A
- Authority
- CN
- China
- Prior art keywords
- message
- blocking
- safety
- module
- remote operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000000903 blocking effect Effects 0.000 title claims abstract description 201
- 238000012423 maintenance Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 49
- 238000012544 monitoring process Methods 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 17
- 238000013475 authorization Methods 0.000 claims description 15
- 230000002457 bidirectional effect Effects 0.000 claims description 8
- 230000010354 integration Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract description 4
- 238000004458 analytical method Methods 0.000 description 5
- 238000011160 research Methods 0.000 description 5
- 230000006378 damage Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000002787 reinforcement Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00002—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by monitoring
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00006—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
- H02J13/00028—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment involving the use of Internet protocols
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00032—Systems characterised by the controlled or operated power network elements or equipment, the power network elements or equipment not otherwise provided for
- H02J13/00036—Systems characterised by the controlled or operated power network elements or equipment, the power network elements or equipment not otherwise provided for the elements or equipment being or involving switches, relays or circuit breakers
- H02J13/0004—Systems characterised by the controlled or operated power network elements or equipment, the power network elements or equipment not otherwise provided for the elements or equipment being or involving switches, relays or circuit breakers involved in a protection system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
- Selective Calling Equipment (AREA)
Abstract
A relay protection remote operation and maintenance network security multistage blocking method and a system analyze the defects of the existing network security measures, identify risk points and weak links of a relay protection remote operation and maintenance system, clarify network environments suitable and unsuitable for blocking, and form a multi-level and omnibearing risk blocking deployment scheme. And grading the safety risk by combining the hazard degree and the risk probability, establishing a safety risk multistage blocking strategy, and providing a decision basis for network safety multistage blocking. Finally, a message multi-stage blocking module and a one-key blocking type emergency control module are designed and developed, and the intrinsic safety level of the relay protection remote operation and maintenance network is greatly improved.
Description
Technical Field
The invention belongs to the technical field of power system dispatching automation, and particularly relates to a relay protection remote operation and maintenance network security multistage blocking method and system.
Background
With the continuous improvement of the informatization and intellectualization level of the domestic power grid industry, higher requirements are provided for the network safety protection of the power monitoring system. In recent years, the state has come out of relevant laws and regulations and top-level design documents. With the national emphasis on the safety protection of the power monitoring system, the continuous forward development of the safety protection technology is promoted. In 2017, technical staff of network security of the power monitoring system gradually find that malicious code protection equipment based on a blacklist mechanism cannot protect novel viruses, propose to apply defense of a white list to malicious code protection measures, and start pilot application in power grid enterprises.
Network security can be divided regionally into border security and device-ontology security (intrinsic security). In the prior art, the boundary security in China mainly conforms to the protection measures of security partitioning, network dedication, longitudinal authentication and transverse isolation. In the aspect of body safety, the intrinsic safety capability of the secondary system is insufficient. The intrinsic safety of the equipment has the problems of light protection of heavy functions, more operating system and application bugs, missing safety strategies, insufficient robustness of a communication protocol, lack of encryption and authentication, non-minimum cutting of dangerous services and systems, non-localization of the operating system and the like. In the aspect of intrinsic safety of remote operation and maintenance of equipment, new equipment of an intelligent substation is widely applied, operation and maintenance work of secondary equipment in the substation becomes more complex, the problem of functions of most operation and maintenance master station systems is mainly solved at present, and safety consideration is relatively insufficient. Once the boundary protection is broken, immeasurable loss is brought to the operation of the whole power grid.
At present, intrinsic safety becomes a hotspot of power system research, and the main research aspects comprise establishing the body safety capability of equipment, realizing autonomous control of equipment hardware and basic components and comprehensively improving the endogenous safety of the equipment from the hardware and software level; establishing the robustness of a sound network protocol, and having safety protection measures such as access control, data confidentiality, record audit and the like; the autonomous control of the communication protocol in the station is developed to replace the related operation of MMS communication and the compiling work of technical specifications; research and verification of trusted computing in a host device is conducted. In view of the essential safety key technology of relay protection remote operation and maintenance, at present, deep research is still lacked, and especially a relay protection remote operation and maintenance network safety multistage blocking method is not reported.
The relay protection remote operation and maintenance network comprises a main station, a substation, a channel, secondary equipment and other links, wherein each link may have network security risks, and network security intrusion in any link may affect normal operation of the system and even damage the power grid. Therefore, research is conducted on the current risks and safety situations of all links, and corresponding safety strategy measures are made to block safety invasion and eliminate risks, so that the current important work is achieved.
With the increasing importance of network security, especially the release and popularization of the specifications of the equal security 2.0 and the like, more and more network security measures are applied to the relay protection remote maintenance system to realize the monitoring and processing of network security intrusion, such as firewall and gateway security policies, vulnerability scanning and reinforcement, authority management enhancement, security software deployment and the like. The security policy measures can monitor and process various security intrusions, and the security risks of each link are reduced. Existing security measures also have some disadvantages:
1) The existing security measures are mostly based on computer network security technology, only prevent security intrusion from a computer software system and a computer network layer, and pay little attention to security risks of a business application layer. Due to lack of understanding of a business system, the risk of a business layer is difficult to identify;
2) The existing safety measures mainly concern the safety inside the links, and less concern the overall safety of an application system consisting of all the links, such as whether the data communication among all the links is credible, whether the transmitted data is in compliance and the like;
3) In order to ensure that the safety measures do not influence the operation of the service system, except for white lists, firewall safety strategies and other measures, most of the existing safety measures only realize monitoring and alarming on network risks, and do not directly block the safety risks according to the found risks, so that risk processing delay is caused to a certain extent, and the risk degree of the risks is increased.
Disclosure of Invention
In order to solve the defects in the prior art, the invention aims to provide a relay protection remote operation and maintenance network security multistage blocking method and system. And grading the safety risk by combining the hazard degree and the risk probability, establishing a safety risk multistage blocking strategy, and providing a decision basis for network safety multistage blocking. Finally, a message multi-level blocking module and a one-key blocking type emergency control module are designed and developed, and the intrinsic safety level of the relay protection remote operation and maintenance network is greatly improved.
The invention adopts the following technical scheme.
The invention provides a relay protection remote operation and maintenance network security multistage blocking method, data in a relay protection remote operation and maintenance system pass through a device, a substation, a channel and a main station, and the relay protection remote operation and maintenance system realizes monitoring and protection of the device, the substation, the channel and the main station from network intrusion from a computer information security level.
The method comprises the following steps:
step 1, monitoring network intrusion risks of secondary equipment, substations, channels and a main station; determining that a first safety blocking module is installed at a main station and a second safety blocking module is installed at a sub-station based on network intrusion risk;
step 2, installing a one-key blocking module with a hard opening on a channel between the master station and the substation;
step 3, closing the hard-open back one-key blocking module to put into operation; the message is monitored on line by utilizing the first safety blocking module and the second safety blocking module, and the message on-line monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification;
and 4, when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module forbids a downlink control command sent from the master station to the substation.
Preferably, the step 3 of performing online monitoring on the message by the first security blocking module and the second security blocking module includes:
step 3.1, carrying out message encryption verification on the channel based on an encryption algorithm; entering the step 3.2 by the message passing the encryption verification; otherwise, blocking the message;
step 3.2, performing bidirectional identity authentication between the master station and the substation based on the encryption algorithm and the dispatching digital certificate; entering the step 3.3 by the message passing the identity authentication; otherwise, blocking the message;
step 3.3, extracting message characteristics, passing verification when the message characteristics are matched with the message compliance rules, and transmitting the message to a corresponding service application end; otherwise, blocking the message.
Preferably, in step 3.1, the encryption algorithm comprises a cryptographic SM2 algorithm; and encrypting the message based on the SM2 algorithm at the message sending end, and decrypting the message based on the SM2 algorithm at the message receiving end.
Preferably, step 3.2 comprises:
step 3.2.1, the digital certificate scheduling system issues a digital certificate for identifying the identity of the master station for the master station and issues a digital certificate for identifying the identity of the slave station for the slave station;
step 3.2.2, after the transmission control protocol link is established, the bidirectional identity authentication of the master station and the substation is completed based on the safety authentication protocol; entering step 2.2.3 after passing the two-way identity authentication;
and 3.2.3, the master station and the substation generate encryption keys through a key negotiation mechanism and encrypt messages transmitted between the master station and the substation.
Preferably, step 3.3 comprises:
step 3.3.1, extracting message characteristics; the message characteristics include: message type, message format, message service attribute, message behavior attribute and message statistical attribute;
step 3.3.2, establishing a message compliance rule respectively based on the legality of the communication object, the legality of the format, the legality of the business logic and the legality of the behavior mode; storing the message compliance rules in a message compliance expert database; each report compliance rule comprises non-compliance report characteristics, a risk degree, a tolerable degree and blocking measures, wherein each blocking measure is determined according to the risk degree and the tolerable degree;
step 3.3.3, carrying out hazard classification on the illegal message based on the risk degree, and determining a message compliance blocking strategy by combining the judgment probability of the illegal message; the message compliance blocking strategy is a combination of multiple blocking measures;
step 3.3.4, applying a message compliance expert library and a message compliance blocking strategy to perform compliance verification on the message; and when the message is matched as an unconventional message, blocking the message according to a blocking strategy.
Preferably, in step 4, when the message that cannot pass the message compliance verification is blocked, the active upload information sent by the substation to the master station is not affected, and the initialization, the total call, and the data call of the interaction between the master station and the substation are not affected.
In another aspect, the present invention provides a relay protection remote operation and maintenance network security multistage blocking system, including: the system comprises a first safety blocking module, a second safety blocking module and a one-key blocking module; the message is monitored on line by utilizing a first safety blocking module and a second safety blocking module; the on-line monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification; and when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module is used for forbidding a downlink control command sent from the master station to the substation.
The first safety blocking module is a software function module arranged on the master station communication module, and the second safety blocking module is a software function module arranged on the slave station communication module.
The first safety blocking module and the second safety blocking module each include: the system comprises a bottom link and message processing unit, a message blocking and filtering unit, a scheduling certificate identity verification unit, an encryption and decryption verification unit, a message group behavior mode knowledge base, a message validity knowledge base, a service message processing unit, a blocking alarm unit and a blocking history recording unit.
The one-key-blocking module includes: hard opening, one-key blocking button and gateway function integration unit;
when the hard switch is switched on and off, the one-key blocking module is put into operation, and when the hard switch is switched off and on, the one-key blocking module quits the operation;
the gateway function integration unit is used for integrating the functions of the remote operation and maintenance safety control authorization authentication gateway; the integrated functions include: the system comprises a gateway function, a time setting function, a message authentication function, an applicable protocol, a configuration function, an alarm and report function, log storage and query, a safety requirement, an equipment state indicator light and a deployment position.
Compared with the prior art, the method has the advantages that the defects of the existing network security measures are fully analyzed, the risk points and weak links of the relay protection remote operation and maintenance system are identified, the network environment suitable for blocking and the network environment not suitable for blocking are determined, and a multi-level and all-directional risk blocking deployment scheme is formed. And further, grading the safety risk by combining the hazard degree and the risk probability, establishing a safety risk multistage blocking strategy, and providing a decision basis for network safety multistage blocking. Finally, a message multi-stage blocking module and a one-key blocking type emergency control module are designed and developed, and the intrinsic safety level of the relay protection remote operation and maintenance network is greatly improved.
Drawings
Fig. 1 illustrates a safety protection measure of a relay protection remote operation and maintenance system in an embodiment of the present invention;
FIG. 2 is a diagram of a multi-level verification blocking strategy in an embodiment of the present invention;
FIG. 3 is a flow chart of message compliance verification in an embodiment of the present invention;
FIG. 4 is a block system architecture diagram in an embodiment of the present invention;
FIG. 5 is a flow chart of one-key blocking in an embodiment of the present invention.
Detailed Description
The present application is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present application is not limited thereby.
The invention provides a relay protection remote operation and maintenance network security multistage blocking method, data in a relay protection remote operation and maintenance system passes through a device, a substation, a channel and a main station, and the relay protection remote operation and maintenance system realizes monitoring and protection of the device, the substation, the channel and the main station from network intrusion on the computer information security level.
The method comprises the following steps:
step 1, monitoring the network intrusion risk of secondary equipment, substations, channels and master stations; and determining to install a first safety blocking module at the main station and a second safety blocking module at the sub-station based on the network intrusion risk.
In this embodiment, for links such as a main station, a channel, a substation, and a device in the relay protection remote operation and maintenance system, it is considered to deploy the intrusion blocking modules at the main station and the substation respectively, and it is not considered to deploy the intrusion blocking modules at the channel and the device temporarily, as shown in fig. 1, for the following reasons:
1) In the channel link, at present, the limitation on communication objects (source and destination) and communication ports is mainly realized through a network security policy on a gateway, the protection on transmission data is realized through a longitudinal encryption device, and the security risk on the channel link is better blocked. Meanwhile, the channel link is not provided with a functional module of a business application system, so that an intrusion blocking module of an application layer is difficult to deploy on the channel link.
2) The number of manufacturers related to the device link is large, the resource of the device is limited, the online task analysis required by intrusion blocking brings a large load to the device, and the service function of the device is easily influenced.
It can be seen in fig. 1 that the safeguards of the master station, substations and devices include, but are not limited to: white list configuration, vulnerability scanning and reinforcement, optimized security policy configuration, authority management enhancement and security software deployment; safeguards for the channel include, but are not limited to: firewall and gateway security policies, security software deployment, and longitudinal encryption.
And 2, installing a one-key blocking module with a hard opening on a channel between the main station and the substation.
Step 3, closing the hard-open back one-key blocking module to put into operation; the message is monitored on line by utilizing the first safety blocking module and the second safety blocking module, and the message on-line monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification.
Preferably, the step 3 of performing online monitoring on the message by the first security blocking module and the second security blocking module includes:
step 3.1, carrying out message encryption verification on the channel based on an encryption algorithm; entering the step 3.2 by the message passing the encryption verification; otherwise, blocking the message.
Specifically, in step 3.1, the encryption algorithm comprises a cryptographic SM2 algorithm; and encrypting the message based on the SM2 algorithm at the message sending end, and decrypting the message based on the SM2 algorithm at the message receiving end.
The factors in the aspects of security, efficiency, cost and the like are comprehensively considered, and only message encryption is adopted for the operation and maintenance channel in the embodiment.
Step 3.2, performing bidirectional identity authentication between the master station and the substation based on an encryption algorithm and a scheduling digital certificate; entering the step 3.3 by the message passing the identity authentication; otherwise, blocking the message.
The information-protecting main station and the sub-station need to carry out security authentication before data message transmission, and data transmission can be carried out only after the security authentication of the two stations. And the two-way identity authentication between the information-protecting main station and the substation is realized by adopting a state secret SM2 algorithm and a scheduling digital certificate.
Specifically, step 3.2 comprises:
and 3.2.1, the dispatching digital certificate system issues a digital certificate for identifying the identity of the master station for the master station and issues a digital certificate for identifying the identity of the substation for the substation.
Step 3.2.2, after the transmission control protocol link is established, the bidirectional identity authentication of the master station and the substation is completed based on the safety authentication protocol; and 2.2.3 after the bidirectional identity authentication is passed.
And 3.2.3, the master station and the substation generate an encryption key through a key negotiation mechanism, and the message transmitted between the master station and the substation is encrypted.
The confidentiality and integrity of data transmission are ensured, after the TCP link is established, the two communication parties firstly communicate and authenticate the identity, and only after the TCP link passes the authentication, the data interaction on the service is allowed.
Step 3.3, extracting message characteristics, passing verification when the message characteristics are matched with the message compliance rules, and transmitting the message to a corresponding service application end; otherwise, blocking the message. The message compliance verification flow is shown in fig. 3.
Specifically, step 3.3 comprises:
step 3.3.1, extracting message characteristics; the message characteristics include: message type, message format, message service attribute, message behavior attribute and message statistical attribute;
step 3.3.2, establishing a message compliance rule respectively based on the legality of the communication object, the legality of the format, the legality of the business logic and the legality of the behavior mode; storing the message compliance rules in a message compliance expert database; each report compliance rule comprises non-compliance report characteristics, risk degree, tolerable degree and blocking measures, and each blocking measure is determined according to the risk degree and the tolerable degree.
The data structure of the message compliance expert library rules is shown in table 1.
Table 1 compliance expert database rule data structure
Step 3.3.3, carrying out hazard classification on the illegal message based on the risk degree, and determining a message compliance blocking strategy by combining the judgment probability of the illegal message; wherein, the message compliance blocking strategy is a combination of a plurality of blocking measures.
Specific blocking measures are determined according to the attributes of risk degree, tolerable degree and the like of the non-compliant message, and the blocking measures include but are not limited to network disconnection, link maintenance only, message blocking only, alarm prompting only, abnormal message recording only and the like.
The blocking strategy is closely related to the harm degree (risk degree) of the message, the damage of the illegal message is graded, the specific blocking measure is determined by combining the judgment probability of the illegal message, and the message compliance blocking strategy is shown in table 2.
Table 2 message compliance blocking strategy
Step 3.3.4, applying a message compliance expert library and a message compliance blocking strategy to perform compliance verification on the message; and when the message is matched as an unconventional message, blocking the message according to a blocking strategy.
And 4, when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module forbids a downlink control command sent from the master station to the substation.
Specifically, in step 4, when the message that cannot pass the message compliance verification is blocked, the active uploading information sent by the substation to the master station is not affected, and the initialization, the total call and the data call of the interaction between the master station and the substation are not affected.
The function architecture of the message multistage blocking module is shown in fig. 4, that is, the message multistage blocking module is respectively constructed at the master station end and the substation end, on-line monitoring and analysis are performed on the received message according to the message compliance rule, and blocking is performed according to a blocking strategy when a non-compliance message is found. The functional module is arranged without adopting a mode of increasing external hardware, but software functional modules are added on the communication modules of the main station and the substation to respectively realize the blocking functions of the main station and the substation.
In another aspect, the present invention provides a relay protection remote operation and maintenance network security multistage blocking system, including: the system comprises a first safety blocking module, a second safety blocking module and a one-key blocking module; the message is monitored on line by utilizing a first safety blocking module and a second safety blocking module; the online monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification; and when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module is used for forbidding a downlink control command sent from the master station to the substation.
The first safety blocking module is a software function module arranged on the master station communication module, and the second safety blocking module is a software function module arranged on the slave station communication module.
The first safety blocking module and the second safety blocking module each include: the system comprises a bottom link and message processing unit, a message blocking and filtering unit, a scheduling certificate identity verification unit, an encryption and decryption verification unit, a message group behavior mode knowledge base, a message legality knowledge base, a service message processing unit, a blocking alarm unit and a blocking history recording unit.
The one-key-blocking module includes: hard opening, one-key blocking button and gateway function integration unit;
when the hard switch is closed, the one-key blocking module is put into operation, and when the hard switch is opened and closed, the one-key blocking module exits from operation;
the gateway function integration unit is used for integrating the functions of the remote operation and maintenance safety control authorization authentication gateway; the integrated functions include: the system comprises a gateway function, a time setting function, a message authentication function, an applicable protocol, a configuration function, an alarm and a report, log storage and query, a safety requirement, an equipment state indicator light and a deployment position.
In this embodiment, the one-key blocking module may perform manual intervention to block the intelligent recorder from executing any issued command in an emergency. The blocking flow of the one-key blocking module is shown in fig. 5, when the user presses the one-key blocking button, the downlink control command sent from the master station to the slave station is prohibited, and other data are as follows: the interaction of actively uploading information, initialization and total calling, data calling and the like is not affected.
According to the difference of the blocking position and the blocking mode, the invention adopts the mode of an independent blocking device, namely, an independent one-key blocking device with a hard opening is added on a channel between a main station and a sub station, and the blocking function is put in or quitted after the hard opening is shifted. When the blocking function is put into use, the message sent from the front or the channel is monitored and analyzed, and the downlink control command is blocked. Meanwhile, considering that a relay protection remote control authorization gateway exists between the main station and the sub station, in order to avoid the problems of system complexity improvement, message delay increase and the like caused by the fact that too much hardware is connected in series, the function of combining the relay protection remote control authorization gateway in the blocking device is further considered, namely the remote operation and maintenance safety management and control gateway.
The scheme considers that the functions of the authorization and authentication gateway are integrated in a one-key blocking device to form a safety monitoring device integrating multiple safety functions of one-key blocking, application of message intrusion detection, message encryption/decryption, control authorization and the like.
According to technical specification (approval draft) of remote control authorization gateway for relay protection, the authorization and authentication gateway mainly has the functions of permission policy configuration, downlink message analysis, remote control command identification, control command authentication (legal release, illegal failure) and the like, and simultaneously has log recording and query functions of operation such as configuration, control command authentication and the like, wherein the message analysis function requirement is similar to the function requirement of a one-key blocking device, and in addition, the safety requirement, the bypass requirement and the like of the authorization and authentication gateway are also similar to the function requirement of the one-key blocking device. Detailed functional requirements of the authorization authentication gateway, corresponding functional requirements of the corresponding one-key blocking function, and integration measures are shown in table 3.
TABLE 3 functional requirements and integration measures
It can be seen that, in addition to the authorization authentication at the service level, the gateway function, the message analysis and blocking (invalidation) function, the applicable protocol, the log record and query, the alarm, the security and other basic function requirements of the authorization authentication gateway are similar to those of the one-key blocking function. Therefore, the remote operation and maintenance safety control gateway is feasible by integrating the functions of the authorization and authentication gateway and one-key blocking, and the authorization and authentication gateway is replaced on the basis of realizing the one-key blocking function.
Compared with the prior art, the method has the advantages that the defects of the existing network security measures are fully analyzed, the risk points and weak links of the relay protection remote operation and maintenance system are identified, the network environment suitable and unsuitable for blocking is determined, and a multi-level and all-around risk blocking deployment scheme is formed. And further, grading the safety risk by combining the hazard degree and the risk probability, establishing a safety risk multistage blocking strategy, and providing a decision basis for network safety multistage blocking. Finally, a message multi-stage blocking module and a one-key blocking type emergency control module are designed and developed, and the intrinsic safety level of the relay protection remote operation and maintenance network is greatly improved.
The present applicant has described and illustrated embodiments of the present invention in detail with reference to the accompanying drawings, but it should be understood by those skilled in the art that the above embodiments are merely preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not for limiting the scope of the present invention, and on the contrary, any improvement or modification made based on the spirit of the present invention should fall within the scope of the present invention.
Claims (10)
1. A relay protection remote operation and maintenance network security multistage blocking method is characterized in that data in a relay protection remote operation and maintenance system passes through a device, a substation, a channel and a main station, and the relay protection remote operation and maintenance system monitors and protects the device, the substation, the channel and the main station from network intrusion from a computer information security level; characterized in that the method comprises:
step 1, monitoring network intrusion risks of secondary equipment, substations, channels and a main station; determining that a first safety blocking module is installed at a main station and a second safety blocking module is installed at a sub-station based on network intrusion risk;
step 2, installing a one-key blocking module with a hard opening on a channel between the master station and the substation;
step 3, closing the hard-open back one-key blocking module to put into operation; the message is monitored on line by utilizing the first safety blocking module and the second safety blocking module, and the message on-line monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification;
and 4, when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module forbids a downlink control command sent from the master station to the substation.
2. The relay protection remote operation and maintenance network security multistage blocking method and system according to claim 1, characterized in that:
the step 3 of monitoring the message online by the first safety blocking module and the second safety blocking module comprises:
step 3.1, carrying out message encryption verification on the channel based on an encryption algorithm; entering the step 3.2 by the message passing the encryption verification; otherwise, blocking the message;
step 3.2, performing bidirectional identity authentication between the master station and the substation based on an encryption algorithm and a scheduling digital certificate; entering the step 3.3 by the message passing the identity authentication; otherwise, blocking the message;
step 3.3, extracting message characteristics, passing verification when the message characteristics are matched with the message compliance rules, and transmitting the message to a corresponding service application end; otherwise, blocking the message.
3. The relay protection remote operation and maintenance network security multistage blocking method and system according to claim 2,
in step 3.1, the encryption algorithm comprises a national secret SM2 algorithm; and encrypting the message based on the SM2 algorithm at the message sending end, and decrypting the message based on the SM2 algorithm at the message receiving end.
4. The relay protection remote operation and maintenance network security multistage blocking method and system according to claim 3,
step 3.2 comprises:
step 3.2.1, the dispatching digital certificate system signs a digital certificate for the master station to identify the master station identity and signs a digital certificate for the slave station to identify the slave station identity;
step 3.2.2, after the transmission control protocol link is established, the bidirectional identity authentication of the master station and the substation is completed based on the safety authentication protocol; entering step 2.2.3 after passing the bidirectional identity authentication;
and 3.2.3, the master station and the substation generate an encryption key through a key negotiation mechanism, and the message transmitted between the master station and the substation is encrypted.
5. The relay protection remote operation and maintenance network security multistage blocking method and system according to claim 4,
step 3.3 comprises:
step 3.3.1, extracting message characteristics; the message characteristics include: message type, message format, message service attribute, message behavior attribute and message statistical attribute;
step 3.3.2, establishing a message compliance rule respectively based on the legality, the format legality, the business logic legality and the behavior mode legality of the communication object; storing the message compliance rules in a message compliance expert database; each report compliance rule comprises non-compliance report characteristics, risk degree, tolerable degree and blocking measures, and each blocking measure is determined according to the risk degree and the tolerable degree;
step 3.3.3, carrying out hazard classification on the illegal message based on the risk degree, and determining a message compliance blocking strategy by combining the judgment probability of the illegal message; wherein, the message compliance blocking strategy is a combination of a plurality of blocking measures;
step 3.3.4, applying a message compliance expert library and a message compliance blocking strategy to carry out compliance verification on the message; and when the message is matched as an unconventional message, blocking the message according to a blocking strategy.
6. The relay protection remote operation and maintenance network security multistage blocking method according to claim 1,
in step 4, when the message which cannot pass the message compliance verification is blocked, the active uploading information sent by the substation to the main station is not affected, and the initialization, the total calling and the data calling of the interaction between the main station and the substation are not affected.
7. A relay protection remote operation and maintenance network security multistage blocking system for realizing the relay protection remote operation and maintenance network security multistage blocking method of any one of claims 1 to 6,
the system comprises: the system comprises a first safety blocking module, a second safety blocking module and a one-key blocking module; the message is monitored on line by utilizing a first safety blocking module and a second safety blocking module; the online monitoring comprises the following steps: message encryption verification, scheduling certificate identity verification and message compliance verification; and when the message cannot pass the message compliance verification of the first safety blocking module and/or the second safety blocking module, the one-key blocking module is used for forbidding a downlink control command sent from the master station to the substation.
8. The relay protection remote operation and maintenance network security multistage blocking system according to claim 1,
the first safety blocking module is a software function module arranged on the master station communication module, and the second safety blocking module is a software function module arranged on the slave station communication module.
9. The relay protection remote operation and maintenance network security multi-level blocking system according to claim 1,
the first and second safety blocking modules each include: the system comprises a bottom link and message processing unit, a message blocking and filtering unit, a scheduling certificate identity verification unit, an encryption and decryption verification unit, a message group behavior mode knowledge base, a message validity knowledge base, a service message processing unit, a blocking alarm unit and a blocking history recording unit.
10. The relay protection remote operation and maintenance network security multi-level blocking system according to claim 7,
the one-key-blocking module includes: hard opening, one-key blocking button and gateway function integration unit;
when the hard switch is closed, the one-key blocking module is put into operation, and when the hard switch is opened and closed, the one-key blocking module exits from operation;
the gateway function integration unit is used for integrating the functions of the remote operation and maintenance safety control authorization authentication gateway; the integrated functions include: the system comprises a gateway function, a time setting function, a message authentication function, an applicable protocol, a configuration function, an alarm and a report, log storage and query, a safety requirement, an equipment state indicator light and a deployment position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669174.1A CN115174157B (en) | 2022-06-14 | 2022-06-14 | Relay protection remote operation and maintenance network security multistage blocking method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669174.1A CN115174157B (en) | 2022-06-14 | 2022-06-14 | Relay protection remote operation and maintenance network security multistage blocking method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115174157A true CN115174157A (en) | 2022-10-11 |
| CN115174157B CN115174157B (en) | 2023-10-27 |
Family
ID=83484789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210669174.1A Active CN115174157B (en) | 2022-06-14 | 2022-06-14 | Relay protection remote operation and maintenance network security multistage blocking method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174157B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115643030A (en) * | 2022-10-25 | 2023-01-24 | 国网重庆市电力公司电力科学研究院 | Power distribution network safety multistage blocking emergency response system and method |
| CN116405329A (en) * | 2023-06-08 | 2023-07-07 | 国网山西省电力公司晋城供电公司 | Network security risk blocking device and system for power monitoring system |
| CN117294538A (en) * | 2023-11-27 | 2023-12-26 | 华信咨询设计研究院有限公司 | Bypass detection and blocking method and system for data security risk behaviors |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350520A (en) * | 2008-09-17 | 2009-01-21 | 中国南方电网有限责任公司 | Protection control system and method base on electric network synthesis information |
| CN205429891U (en) * | 2016-03-25 | 2016-08-03 | 国网福建省电力有限公司 | Net post that joins in marriage that communication module was encrypted in configuration goes up switch FTU controller |
| CN109905371A (en) * | 2019-01-24 | 2019-06-18 | 国网河南省电力公司电力科学研究院 | Two-way encrypted authentication system and its application method |
| CN111107086A (en) * | 2019-12-19 | 2020-05-05 | 中国南方电网有限责任公司 | Remote control switching method for protocol defense device |
| CN113311809A (en) * | 2021-05-28 | 2021-08-27 | 苗叶 | Industrial control system-based safe operation and maintenance instruction blocking device and method |
| CN113688681A (en) * | 2021-07-23 | 2021-11-23 | 广东电网有限责任公司广州供电局 | Gateway-based relay protection working state determination method and device and intelligent gateway |
| CN113783722A (en) * | 2021-08-20 | 2021-12-10 | 中国南方电网有限责任公司超高压输电公司贵阳局 | Remote modification fixed value control method and device, computer equipment and storage medium |
-
2022
- 2022-06-14 CN CN202210669174.1A patent/CN115174157B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350520A (en) * | 2008-09-17 | 2009-01-21 | 中国南方电网有限责任公司 | Protection control system and method base on electric network synthesis information |
| CN205429891U (en) * | 2016-03-25 | 2016-08-03 | 国网福建省电力有限公司 | Net post that joins in marriage that communication module was encrypted in configuration goes up switch FTU controller |
| CN109905371A (en) * | 2019-01-24 | 2019-06-18 | 国网河南省电力公司电力科学研究院 | Two-way encrypted authentication system and its application method |
| CN111107086A (en) * | 2019-12-19 | 2020-05-05 | 中国南方电网有限责任公司 | Remote control switching method for protocol defense device |
| CN113311809A (en) * | 2021-05-28 | 2021-08-27 | 苗叶 | Industrial control system-based safe operation and maintenance instruction blocking device and method |
| CN113688681A (en) * | 2021-07-23 | 2021-11-23 | 广东电网有限责任公司广州供电局 | Gateway-based relay protection working state determination method and device and intelligent gateway |
| CN113783722A (en) * | 2021-08-20 | 2021-12-10 | 中国南方电网有限责任公司超高压输电公司贵阳局 | Remote modification fixed value control method and device, computer equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| HONGYU CHEN, ET.AL: "Multi-Level_Fusion_of_the_Multi-Receptive_Fields_Contextual_Networks_and_Disparity_Network_for_Pairwise_Semantic_Stereo", IGARSS 2019 * |
| 方圆;张永梅;郭洋;: "电力行业移动互联网应用与安全防护分析", 智能城市, no. 16 * |
| 王志皓;安宁钰;张鹏;王雪;: "可信网络通信技术产业发展与解决方案探讨", 信息安全与通信保密, no. 02 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115643030A (en) * | 2022-10-25 | 2023-01-24 | 国网重庆市电力公司电力科学研究院 | Power distribution network safety multistage blocking emergency response system and method |
| CN116405329A (en) * | 2023-06-08 | 2023-07-07 | 国网山西省电力公司晋城供电公司 | Network security risk blocking device and system for power monitoring system |
| CN116405329B (en) * | 2023-06-08 | 2024-02-27 | 国网山西省电力公司晋城供电公司 | Network security risk blocking device and system for power monitoring system |
| CN117294538A (en) * | 2023-11-27 | 2023-12-26 | 华信咨询设计研究院有限公司 | Bypass detection and blocking method and system for data security risk behaviors |
| CN117294538B (en) * | 2023-11-27 | 2024-04-02 | 华信咨询设计研究院有限公司 | Bypass detection and blocking method and system for data security risk behaviors |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115174157B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115174157B (en) | Relay protection remote operation and maintenance network security multistage blocking method and system | |
| Shrestha et al. | A methodology for security classification applied to smart grid infrastructures | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| Coates et al. | A trust system architecture for SCADA network security | |
| CN115150208B (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN115314286A (en) | Safety guarantee system | |
| CN113382076A (en) | Internet of things terminal security threat analysis method and protection method | |
| CN115550069A (en) | Intelligent charging system for electric automobile and safety protection method thereof | |
| US11627161B2 (en) | One-way transfer device with secure reverse channel | |
| Dolezilek et al. | Cybersecurity based on IEC 62351 and IEC 62443 for IEC 61850 systems | |
| CN112202773B (en) | Computer network information security monitoring and protection system based on internet | |
| KR102190618B1 (en) | Apparatus and method for securing train control message | |
| CN117040741A (en) | Method and device for safely transmitting data based on FTTR networking mode | |
| CN116684875A (en) | Communication security authentication method for electric power 5G network slice | |
| CN111314382A (en) | Network safety protection method suitable for high-frequency emergency control system | |
| Silveira et al. | Cyber vulnerability assessment of a digital secondary system in an electrical substation | |
| Guo et al. | Research on the application risk of computer network security technology | |
| CN114143028A (en) | Data cross-region safe transmission method and system based on electric power spot transaction service scene | |
| CN112565279A (en) | Sensor signal processing system based on safety network | |
| Baocheng et al. | The research of security in NB-IoT | |
| CN117220752B (en) | Satellite-ground data transmission link safety transmission system and method | |
| Hupp et al. | Cybersecurity certification recommendations for interconnected grid edge devices and inverter based resources | |
| CN115225415B (en) | Password application platform for new energy centralized control system and monitoring and early warning method | |
| Tefek et al. | A Smart Grid Ontology: Vulnerabilities, Attacks, and Security Policies | |
| CN116405329B (en) | Network security risk blocking device and system for power monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |