CN115242390A - Energy storage control data packet transmission method and assembly based on timestamp - Google Patents

Energy storage control data packet transmission method and assembly based on timestamp Download PDF

Info

Publication number
CN115242390A
CN115242390A CN202211170132.XA CN202211170132A CN115242390A CN 115242390 A CN115242390 A CN 115242390A CN 202211170132 A CN202211170132 A CN 202211170132A CN 115242390 A CN115242390 A CN 115242390A
Authority
CN
China
Prior art keywords
key
data packet
time information
receiving end
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211170132.XA
Other languages
Chinese (zh)
Other versions
CN115242390B (en
Inventor
于智
刘双宇
王娟
陈雷金
吴越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Situoruiji Technology Co ltd
Original Assignee
Hangzhou Situoruiji Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Situoruiji Technology Co ltd filed Critical Hangzhou Situoruiji Technology Co ltd
Priority to CN202211170132.XA priority Critical patent/CN115242390B/en
Publication of CN115242390A publication Critical patent/CN115242390A/en
Application granted granted Critical
Publication of CN115242390B publication Critical patent/CN115242390B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an energy storage control data packet transmission method based on a timestamp, which comprises the following steps: the sending end obtains the first time information of the first confirmation information and the first key exclusive OR to obtain a second key; the sending end adds the second key into the first data packet to obtain a second data packet, and sends the second data packet to the receiving end for the first time; the receiving end analyzes the second key of the second data packet to obtain the first key, if the first key is consistent with the verification key stored in the receiving end, the second confirmation information is returned to the sending end and the operation of the first data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the first data packet. The invention solves the technical problem that the repeated sending of the attacker causes serious influence on the execution equipment, and effectively improves the safety of the system.

Description

Energy storage control data packet transmission method and assembly based on timestamp
Technical Field
The invention relates to a data encryption algorithm, in particular to a method and a system for energy storage control data packet transmission based on a timestamp.
Background
The power grid energy storage joint regulation and control needs a large amount of embedded transmission terminals, computers and other equipment to carry out data communication so as to ensure normal operation. Due to the high security requirement of the device, the data packet must be sent by the device trusted by both parties to ensure that the data is normal. The traditional method is that the security keys of both sides are added in the data packet, when the other side reads the data packet, the key is analyzed to be consistent with the key stored by the other side, and then the other side is recognized as the credible equipment to receive the data packet. In the communication process, when a data packet transmitted in the middle is intercepted, the data packet can be sent for multiple times to attack the terminal, so that the key analysis is bypassed, the terminal executes the same operation for multiple times, and serious consequences are caused to a power grid.
Disclosure of Invention
In order to solve the technical problem that the prior art repeatedly sends and intercepts data packets to bypass a secret key to attack a power grid terminal, the invention provides an energy storage control data packet transmission method based on a timestamp, which comprises the following steps:
the sending end obtains first time information of the first confirmation information, and the first time information is subjected to exclusive or with the first key to obtain a second key;
the sending end adds the second key into the first data packet to obtain a second data packet, and sends the second data packet to the receiving end for the first time; the first data packet comprises an operation for controlling the energy storage system;
the receiving end analyzes a second key of the second data packet, analyzes the second key based on the first time information to obtain a third key, if the third key is consistent with the verification key stored in the receiving end, the receiving end returns second confirmation information to the sending end and executes the operation of the first data packet, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the first data packet; after the operation of executing the first data packet is completed, returning third confirmation information comprising the state of the energy storage system after the operation of executing the first data packet is completed to the sending end;
if the sending end receives second confirmation information returned by the receiving end, second time information is calculated based on the second confirmation information, and a fourth secret key is formed by the second time information and the first secret key; adding the fourth key into the third data packet to obtain a fourth data packet, and sending the fourth data packet to the receiving end; the third data packet comprises an operation of controlling the energy storage system determined based on third confirmation information;
the second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of bits of an unlimited character string.
Preferably, the second time information is calculated in the following manner: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information.
Preferably, the energy storage control data packet transmission method based on the timestamp further includes an initialization process, where the initialization process includes storing the first key and the initial time information at the sending end, and storing the verification key and the initial time information at the receiving end; the verification key is used for verifying whether the first key obtained by analysis is consistent or not; the initial time information stored at the sending end is used as first time information to obtain a second key through first calculation; and the initial time information stored at the receiving end is used as the first time information to analyze the second key for the first time to obtain a third key.
Preferably, the second time information is used at the receiving end for analyzing the third key to obtain a fifth key, if the fifth key is consistent with the verification key, the fourth confirmation information is returned to the sending end and the operation of the third data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information comprising the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
Preferably, a character string of the timestamp of the second confirmation information is a 14-bit character string; the first integer is a prime number less than 14.
The utility model provides an energy storage control data packet transmission subassembly based on timestamp, includes sending end and receiving terminal, the sending end includes: the system comprises a sending end storage module, a sending end key module and a sending end data packet encryption module;
the sending end storage module is used for storing a first key and initial time information;
the sending end key module is used for acquiring first time information of the first confirmation information, and performing exclusive OR on the first time information and the first key to acquire a second key; if the sending end receives second confirmation information returned by the receiving end, second time information is calculated based on the second confirmation information, and a fourth secret key is formed by the second time information and the first secret key;
the sending end data packet encryption module adds a second key into the first data packet to obtain a second data packet and sends the second data packet to a receiving end; adding the fourth key into the third data packet to obtain a fourth data packet and sending the fourth data packet to the receiving end; the first data packet comprises an operation for controlling the energy storage system; the third data packet comprises an operation of controlling the energy storage system determined based on third confirmation information;
the receiving end includes: the device comprises a receiving end storage module, a receiving end key module and a receiving end data packet decryption module;
the receiving end storage module is used for storing a verification key;
the receiving end key module is used for analyzing a second key of the second data packet, analyzing the second key based on the first time information to obtain a third key, and returning second confirmation information to the sending end if the third key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not return any information to the sending end; after the operation of executing the first data packet is completed, returning third confirmation information comprising the state of the energy storage system after the operation of executing the first data packet is completed to the sending end;
the receiving end data packet execution module is used for executing the operation of the first data packet if the first key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not execute the operation of the first data packet;
the second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of unlimited character string bits.
Preferably, the second time information is calculated in the following manner: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information.
Preferably, the energy storage control data packet transmission method based on the timestamp further comprises an initialization process, wherein the initialization process is to store a first key and initial time information at a sending end and store a verification key and initial time information at a receiving end; the verification key is used for verifying whether the first key obtained by analysis is consistent or not; the initial time information stored at the sending end is used as first time information to obtain a second key through first calculation; and the initial time information stored at the receiving end is used as the first time information to analyze the second key for the first time to obtain a third key.
Preferably, the second time information is used at the receiving end for analyzing the third key to obtain a fifth key, if the fifth key is consistent with the verification key, the fourth confirmation information is returned to the sending end and the operation of the third data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information including the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
Preferably, a character string of the timestamp of the second confirmation information is a 14-bit character string; the first integer is a prime number less than 14.
The invention combines the time stamp and the original key by the character string to obtain the remainder, and the remainder is used as the removed digit to carry out key calculation, so that the character string length of each key depends on the time stamp and the remainder to determine and realize elastic change, and the randomness and the encryption of the key are improved; aiming at an energy storage control scene, on the basis of self-adaptive balance of a receiving end under the condition of no sending end instruction, a two-layer structure of receiving confirmation information and executing confirmation information is designed, and a dangerous control instruction generated by copying data after a data packet is cut off is effectively avoided based on a timestamp of the confirmation information, so that the safety of a system is improved; the optimized data packet traversal method flow design can reduce the monitoring of the attack behavior which has no influence on the receiving end, such as only eavesdropping or non-copying forwarding and the like, has good scene practicability, avoids redundant calculation, and has high calculation efficiency.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for providing energy storage control packet transmission based on timestamps according to an embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced otherwise than as specifically described herein, and thus the scope of the present invention is not limited by the specific embodiments disclosed below.
Example one
The embodiment provides a method for transmitting a timestamp-based energy storage control data packet, as shown in fig. 1, including:
an initial initialization process: storing a first key and initial time information at a sending end, and storing a verification key and initial time information at a receiving end; the verification key is used for verifying whether the verification key is consistent with the first key obtained by analysis; the initial time information stored at the sending end is used as first time information to obtain a second key through first calculation; and the initial time information stored at the receiving end is used as the first time information to analyze the second key for the first time to obtain a third key.
And the sending end acquires the first time information of the first confirmation information, and the first time information is subjected to exclusive OR with the first key to acquire a second key. And the sending end adds the second key into the first data packet to obtain a second data packet, and sends the second data packet to the receiving end for the first time. The first data packet includes an operation to control the energy storage system.
The receiving end analyzes a second key of the second data packet, analyzes the second key based on the first time information to obtain a third key, if the third key is consistent with the verification key stored in the receiving end, the receiving end returns second confirmation information to the sending end and executes the operation of the first data packet, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the first data packet; and after the operation of executing the first data packet is completed, returning third confirmation information comprising the state of the energy storage system after the operation of executing the first data packet is completed to the sending end.
If the sending end receives second confirmation information returned by the receiving end, second time information is calculated based on the second confirmation information, and a fourth secret key is formed by the second time information and the first secret key; adding the fourth key into the third data packet to obtain a fourth data packet, and sending the fourth data packet to the receiving end; the third data packet includes an operation of controlling the energy storage system determined based on the third acknowledgement information.
The second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of unlimited character string bits. The second time information is calculated in the following manner: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information. Preferably, a character string of the timestamp of the second confirmation information is a 14-bit character string; the first integer is a prime number less than 14.
The second time information is used for analyzing the third key at the receiving end to obtain a fifth key, if the fifth key is consistent with the verification key, fourth confirmation information is returned to the sending end and the operation of a third data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information comprising the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
The utility model provides an energy storage control data packet transmission subassembly based on timestamp, includes sending end and receiving terminal, the sending end includes: the device comprises a sending end storage module, a sending end key module and a sending end data packet encryption module.
The sending end storage module is used for storing a first key and initial time information.
The sending end key module is used for acquiring first time information of the first confirmation information, and performing exclusive OR on the first time information and the first key to acquire a second key; and if the sending end receives second confirmation information returned by the receiving end, calculating second time information based on the second confirmation information, and forming a fourth secret key by the second time information and the first secret key.
The sending end data packet encryption module adds a second key into the first data packet to obtain a second data packet and sends the second data packet to a receiving end; adding the fourth key into the third data packet to obtain a fourth data packet and sending the fourth data packet to the receiving end; the first data packet comprises an operation for controlling the energy storage system; the third data packet includes an operation of controlling the energy storage system determined based on the third acknowledgement information.
The receiving end includes: the device comprises a receiving end storage module, a receiving end key module and a receiving end data packet decryption module.
The receiving end storage module is used for storing the verification key.
The receiving end key module is used for analyzing a second key of the second data packet, analyzing the second key based on the first time information to obtain a third key, and returning second confirmation information to the sending end if the third key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not return any information to the sending end; and after the operation of executing the first data packet is completed, returning third confirmation information including the state of the energy storage system after the operation of executing the first data packet is completed to the sending end.
The receiving end data packet execution module is used for executing the operation of the first data packet if the first key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not execute the operation of the first data packet.
The second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of unlimited character string bits. The second time information is calculated in the following manner: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information. Preferably, a character string of the timestamp of the second confirmation information is a 14-bit character string; the first integer is a prime number less than 14.
The receiving end data packet execution module is used for executing the operation of the first data packet if the first key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not execute the operation of the first data packet;
the second time information is used for analyzing the third key at the receiving end to obtain a fifth key, if the fifth key is consistent with the verification key, fourth confirmation information is returned to the sending end and the operation of a third data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information including the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
In the embodiment, the remainder is obtained by combining the timestamp and the original key by using the character string, and the remainder is used as the removed digit to perform key calculation, so that the length of the character string of the key at each time depends on the timestamp and the remainder to determine and realize elastic change, and the randomness and the encryption property of the key are improved; aiming at an energy storage control scene, on the basis that a receiving end can be in self-adaptive balance without a sending end instruction, a two-layer structure of receiving confirmation information and executing confirmation information is designed, a danger control instruction generated by copying data after a data packet is intercepted is effectively avoided based on a timestamp of the confirmation information, and the safety of a system is improved; the optimized data packet penetration method flow design can reduce the monitoring of the attack behavior which does not influence the receiving end, such as only eavesdropping or non-copying forwarding, and the like, has good scene practicability, avoids redundant calculation, and has high calculation efficiency.
Example two
The embodiment provides an energy storage control data packet transmission method based on a timestamp, which comprises the following steps:
and (5) initializing. Each of the transmitting end a and the receiving end B stores a public key integer k, for example, k =288672553. The transmitting end a and the receiving end B each store a time information character string s, for example, s =985876928241.
When the sending end A sends the data packet to the receiving end B for the first time, the sending end A takes the first 8-bit character from the time information character string s, for example, takes s out 1 =98587692, will s 1 Conversion of bit integer to y 1 E.g. above, y 1 =98587692. Public key k stored by sending end A 1 And y 1 Exclusive or, taking the absolute value to obtain the encryption key x, x = -368369454. And adding the encryption key into the first data packet to be provided with the indication action to obtain a second data packet, and sending the second data packet to the receiving end B.
When receiving end B receives the data packet, the second data packet is decrypted to obtain encryption key x. Taking the first 8-bit character from the time information string, e.g. s 2 =98587692, converting s 2 Conversion of bit integer to y 2 E.g. example, y 2 =98587692. Obtaining a decryption key k from an encryption key 2 =288672553. Judgment of k 2 And whether k stored at the receiving end is oneIf k is so 2 If the k is inconsistent with the k stored in the receiving end, no information is returned, and no operation in the first data packet is executed; if k is 2 If the k is consistent with the k stored in the receiving end, the data packet is credible, the erasing in the first data packet is executed, and the confirmation information is returned.
The returned acknowledgement information is added with a timestamp of the reception of the second packet, for example, the "Received the command 2022-02-22" is returned. All the digits of the time stamp of the second packet are added to the end of the time information string, for example, "20220222153840" is added after the string in the above example, and the time information string becomes "9858769220220222153840". The remainder m of the added 14-bit string "20220222153840" to 13 is calculated, e.g., m = 20222153840%13=7 in the above example. And deleting m characters of the front remainder of the time character string '9858769220220222153840' to obtain a new time information character string s =220220222153840.
The mode of the key formed by cutting the original time information character string based on the remainder after supplementing the time stamp character string is adopted, the key changes along with the time stamp, the unpredictable number of characters of the key fluctuates along with the time stamp, the dynamic degree is high, the flexibility is high, the cracking difficulty is high, and the calculated amount is low.
After the sender a receives the acknowledgment information, the time information is obtained from the acknowledgment information, and the time information obtained in this embodiment is 2022-02-22. All the digits of the time stamp of the second packet are added to the end of the time information string, for example, "20220222153840" is added after the string in the above example, and the time information string becomes "zero". The remainder m of the added 14-bit string "20220222153840" to 13 is calculated, e.g., m = 20222153840%13=7 in the above example. And deleting m characters of the front remainder of the time character string '9858769220220222153840' to obtain a new time information character string s =220220222153840.
And when a new data packet is sent by the receiving end next time, executing a sending process based on the changed time information character string, and checking by the receiving end based on the time information character string obtained by the timestamp of the data packet last time.
The embodiment is applied to energy storage control, and under a normal condition, the receiving end is in a self-stable state, that is, under the condition that no other instruction exists, the receiving end adaptively adjusts the system state to reach balance, and the external instruction control is not needed. Only when the receiving end receives an unreasonable instruction may a system failure occur. Therefore, the data packet transmission of this embodiment focuses on avoiding unreasonable external instruction input through a simple and effective manner, but due to the self-stability of the receiving end, certain data transmission loss does not cause serious dangerous influence on the receiving end, and sporadic data packet loss belongs to an acceptable range for balancing calculation efficiency and avoiding dangerous redundancy. The common dangerous scene is that a sending end sends an abnormal instruction, or a receiving end jumps out of a self-stable state due to multiple times of sending the same normal instruction and iteration to cause execution abnormity.
The acknowledgement message includes an acknowledgement of receipt of the first data packet and an acknowledgement of completion of the first data packet operation. The design of the two-stage confirmation flow avoids the failure of the confirmation information affecting the received data packet under the condition of execution failure, effectively distinguishes whether the reason of the execution failure is reception failure or execution failure, and accurately judges whether the reason of the execution failure belongs to attacked or abnormal reception of a receiving end.
When a sending end a communicates with a receiving end B, if an execution task of a first data packet sent to the receiving end B by the sending end is to increase the device temperature by 10 °, if a middle attacked C intercepts a second data packet, the following possible situations occur:
if the attacker C only executes the eavesdropping operation after intercepting and sends the second data packet for one time, the receiving end B executes the operation of increasing the temperature of the equipment by 10 degrees, and the operation executed by the receiving end is not different from the operation executed by directly obtaining the second data packet from the sending end, so that no serious result is generated.
If the attacker C does not send the second data packet after interception, the receiving end B is in a self-stable state, and no serious result is generated. And when the sending end A does not obtain the confirmation information received by the data packet sent by the receiving end B and the confirmation information of the state of the receiving end after execution for a long time, sending early warning information to the energy storage control system, and sending a second data packet to the receiving end B for the second time. If the attacker C intercepts and captures the data packet transmission twice at the same time and sends the data packet transmission to the receiving end B at the same time, the receiving end B does not execute the operation and sends early warning investigation to the energy storage control system when receiving the data packet sent for the first time again because the data packet sent for the first time has no feedback confirmation information along with the early warning information, and the operation is executed after waiting for the investigation. In the process, the receiving end B keeps a self-stable state, and the generation of serious consequences is avoided.
If the attacker C knows the execution task of the second data packet by sending the second data packet once, that is, raising the temperature by 10 °, copying the second data packet and sending the same data packet multiple times to damage the receiving end B or the device executed by the second data packet, for example, sending the data packet multiple times to the receiving end B so that the raised temperature is too high, thereby achieving the damage. Under the above situation, each time a data packet is received, new acknowledgement information is generated, and the new acknowledgement information brings new timestamp change, the timestamp change causes that a key after decryption of a data packet sent after a second data packet is abnormal, and the key is inconsistent with the last time fed back time information, the receiving end B does not perform the operation of the data packet sent after the second data packet, and only performs the task of the second data packet once, that is, the device temperature is increased by 10 °, which is undoubtedly equal to the effect directly performed by the sending end a sending the data packet to the receiving end B, and no serious consequence is generated.
The embodiment effectively prevents a third party from eavesdropping the data packet and carrying out data injection attack. When the third party only executes eavesdropping forwarding, no influence is caused on data communication, and when the third party attacks by copying data packets, redundant data packets are ignored, so that the safety of the system is not influenced. In the embodiment, the remainder is obtained by combining the timestamp and the original key by using the character string, and the remainder is used as the removed digit to perform key calculation, so that the length of the character string of the key at each time depends on the timestamp and the remainder to determine and realize elastic change, and the randomness and the encryption property of the key are improved; aiming at an energy storage control scene, on the basis of self-adaptive balance of a receiving end under the condition of no sending end instruction, a two-layer structure of receiving confirmation information and executing confirmation information is designed, and a danger control instruction generated by copying data after a data packet is intercepted is effectively avoided based on a timestamp of the confirmation information, so that the safety of a system is improved; the optimized data packet penetration method flow design can reduce the monitoring of the attack behavior which does not influence the receiving end, such as only eavesdropping or non-copying forwarding, and the like, has good scene practicability, avoids redundant calculation, and has high calculation efficiency.
The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the embodiments. It will be apparent, however, to one skilled in the art that the embodiments may be practiced without the specific details. Thus, the foregoing descriptions of specific embodiments described herein are presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the embodiments to the precise forms disclosed. It will be apparent to those skilled in the art that many modifications and variations are possible in light of the above teaching. Further, as used herein to refer to the position of a component, the terms above and below, or their synonyms, do not necessarily refer to an absolute position relative to an external reference, but rather to a relative position of the component with reference to the drawings.
Moreover, the foregoing drawings and description include many concepts and features that may be combined in various ways to achieve various benefits and advantages. Thus, features, components, elements and/or concepts from various different figures may be combined to produce embodiments or implementations not necessarily shown or described in this specification. Furthermore, not all features, components, elements and/or concepts shown in a particular figure or description are necessarily required to be in any particular embodiment and/or implementation. It is to be understood that such embodiments and/or implementations fall within the scope of the present description.

Claims (10)

1. A method for energy storage control data packet transmission based on time stamp is characterized by comprising the following steps:
the sending end obtains first time information of the first confirmation information, and the first time information is subjected to exclusive or with the first key to obtain a second key;
the sending end adds the second key into the first data packet to obtain a second data packet, and sends the second data packet to the receiving end for the first time; the first data packet comprises an operation for controlling the energy storage system;
the receiving end analyzes a second key of the second data packet, analyzes the second key based on the first time information to obtain a third key, if the third key is consistent with the verification key stored in the receiving end, the receiving end returns second confirmation information to the sending end and executes the operation of the first data packet, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the first data packet; after the operation of executing the first data packet is completed, returning third confirmation information including the state of the energy storage system after the operation of executing the first data packet is completed to the sending end;
if the sending end receives second confirmation information returned by the receiving end, second time information is calculated based on the second confirmation information, and a fourth secret key is formed by the second time information and the first secret key; adding the fourth key into the third data packet to obtain a fourth data packet, and sending the fourth data packet to the receiving end; the third data packet comprises an operation of controlling the energy storage system determined based on third confirmation information;
the second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of unlimited character string bits.
2. The timestamp-based energy storage control data packet transmission method as claimed in claim 1, wherein the second time information is calculated by: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information.
3. The timestamp-based energy storage control packet transmission method as claimed in claim 1, wherein the timestamp-based energy storage control packet transmission method further comprises an initialization procedure, wherein the initialization procedure is to store the first key and the initial time information at the transmitting end, and store the verification key and the initial time information at the receiving end; the verification key is used for verifying whether the first key obtained by analysis is consistent or not; the initial time information stored at the sending end is used as first time information to obtain a second key through first calculation; and the initial time information stored at the receiving end is used as the first time information to analyze the second key for the first time to obtain a third key.
4. The energy storage control data packet transmission method based on the timestamp as claimed in claim 3, wherein the second time information is used at the receiving end to parse the third key to obtain a fifth key, if the fifth key is consistent with the verification key, the fourth confirmation information is returned to the sending end and the operation of the third data packet is executed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not execute the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information including the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
5. The timestamp-based energy storage control data packet transmission method as claimed in claim 2, wherein the string of the timestamp of the second acknowledgement information is a 14-bit string; the first integer is a prime number less than 14.
6. The utility model provides an energy storage control data package transmission subassembly based on timestamp, its characterized in that, includes sending end and receiving terminal, the sending end includes: the system comprises a sending end storage module, a sending end key module and a sending end data packet encryption module;
the sending end storage module is used for storing a first secret key and initial time information;
the sending end key module is used for acquiring first time information of the first confirmation information, and performing exclusive OR on the first time information and the first key to acquire a second key; if the sending end receives second confirmation information returned by the receiving end, second time information is calculated based on the second confirmation information, and a fourth secret key is formed by the second time information and the first secret key;
the sending end data packet encryption module adds a second key into the first data packet to obtain a second data packet and sends the second data packet to a receiving end; adding the fourth key into the third data packet to obtain a fourth data packet and sending the fourth data packet to the receiving end; the first data packet comprises an operation for controlling the energy storage system; the third data packet comprises an operation of controlling the energy storage system determined based on third confirmation information;
the receiving end includes: the system comprises a receiving end storage module, a receiving end key module and a receiving end data packet decryption module;
the receiving end storage module is used for storing a verification key;
the receiving end key module is used for analyzing a second key of the second data packet, analyzing the second key based on the first time information to obtain a third key, and returning second confirmation information to the sending end if the third key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not return any information to the sending end; after the operation of executing the first data packet is completed, returning third confirmation information comprising the state of the energy storage system after the operation of executing the first data packet is completed to the sending end;
the receiving end data packet execution module is used for executing the operation of the first data packet if the first key is consistent with the verification key stored in the receiving end; otherwise, the receiving end does not execute the operation of the first data packet;
the second time information is calculated based on a time stamp of second confirmation information, and the first time information and the second time information are integers with the same number of unlimited character string bits.
7. The timestamp based power storage control packet transmission assembly as claimed in claim 6, wherein the second time information is calculated by: and supplementing a character string of a time stamp of second confirmation information at the tail of the character string of the first time information to obtain a second time information character string, calculating a first remainder of the second time information character string to the first integer, and deleting a first remainder of characters before the second time information character string to obtain second time information.
8. The timestamp-based energy storage control packet transmission assembly as claimed in claim 6, wherein the timestamp-based energy storage control packet transmission method further comprises an initialization process, wherein the initialization process is to store the first key and the initial time information at the transmitting end, and store the verification key and the initial time information at the receiving end; the verification key is used for verifying whether the verification key is consistent with the first key obtained by analysis; the initial time information stored at the sending end is used as first time information to obtain a second key through first calculation; and the initial time information stored at the receiving end is used as the first time information to analyze the second key for the first time to obtain a third key.
9. The timestamp based energy storage control data packet transmission assembly as claimed in claim 8, wherein the second time information is used at the receiving end for parsing the third key to obtain a fifth key, if the fifth key is consistent with the verification key, the fourth confirmation information is returned to the sending end and the operation of the third data packet is performed, otherwise, the receiving end does not return any information to the sending end, and the receiving end does not perform the operation of the third data packet; and after the operation of executing the third data packet is completed, returning fifth confirmation information comprising the state of the energy storage system after the operation of executing the third data packet is completed to the sending end.
10. The timestamp-based energy storage control data packet transmission method as claimed in claim 7, wherein the string of the timestamp of the second acknowledgement information is a 14-bit string; the first integer is a prime number less than 14.
CN202211170132.XA 2022-09-26 2022-09-26 Energy storage control data packet transmission method and assembly based on timestamp Active CN115242390B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211170132.XA CN115242390B (en) 2022-09-26 2022-09-26 Energy storage control data packet transmission method and assembly based on timestamp

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211170132.XA CN115242390B (en) 2022-09-26 2022-09-26 Energy storage control data packet transmission method and assembly based on timestamp

Publications (2)

Publication Number Publication Date
CN115242390A true CN115242390A (en) 2022-10-25
CN115242390B CN115242390B (en) 2023-01-06

Family

ID=83667287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211170132.XA Active CN115242390B (en) 2022-09-26 2022-09-26 Energy storage control data packet transmission method and assembly based on timestamp

Country Status (1)

Country Link
CN (1) CN115242390B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009303249A (en) * 2009-09-18 2009-12-24 Mitsubishi Electric Corp Storage device
US20100049875A1 (en) * 2008-08-19 2010-02-25 Feitian Technologies Co., Ltd. Method for time source calibration and system thereof
CN111555872A (en) * 2020-04-30 2020-08-18 平安科技(深圳)有限公司 Communication data processing method, device, computer system and storage medium
CN111565177A (en) * 2020-04-26 2020-08-21 蘑菇车联信息科技有限公司 Vehicle-mounted machine data encryption transmission method and device
CN111741034A (en) * 2020-08-27 2020-10-02 北京安帝科技有限公司 Data transmission method, first terminal and second terminal
CN113301537A (en) * 2021-05-19 2021-08-24 闪耀现实(无锡)科技有限公司 Method, apparatus, electronic device and storage medium for establishing communication connection
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114448714A (en) * 2022-02-25 2022-05-06 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium
US20220209951A1 (en) * 2020-08-31 2022-06-30 Beijing Sensetime Technology Development Co., Ltd. Authentication method, apparatus and device, and computer-readable storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100049875A1 (en) * 2008-08-19 2010-02-25 Feitian Technologies Co., Ltd. Method for time source calibration and system thereof
JP2009303249A (en) * 2009-09-18 2009-12-24 Mitsubishi Electric Corp Storage device
CN111565177A (en) * 2020-04-26 2020-08-21 蘑菇车联信息科技有限公司 Vehicle-mounted machine data encryption transmission method and device
CN111555872A (en) * 2020-04-30 2020-08-18 平安科技(深圳)有限公司 Communication data processing method, device, computer system and storage medium
CN111741034A (en) * 2020-08-27 2020-10-02 北京安帝科技有限公司 Data transmission method, first terminal and second terminal
US20220209951A1 (en) * 2020-08-31 2022-06-30 Beijing Sensetime Technology Development Co., Ltd. Authentication method, apparatus and device, and computer-readable storage medium
CN113301537A (en) * 2021-05-19 2021-08-24 闪耀现实(无锡)科技有限公司 Method, apparatus, electronic device and storage medium for establishing communication connection
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114448714A (en) * 2022-02-25 2022-05-06 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115242390B (en) 2023-01-06

Similar Documents

Publication Publication Date Title
Blanchet Symbolic and computational mechanized verification of the ARINC823 avionic protocols
CN111555872B (en) Communication data processing method, device, computer system and storage medium
US8547201B2 (en) Protective-control measuring system and device and data transmission method
CN115242392B (en) Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN112039654A (en) Electric meter data security acquisition method for resisting man-in-the-middle attack
KR101731645B1 (en) Method of processing data protected against fault injection attacks and associated device
Wagner et al. Take a bite of the reality sandwich: revisiting the security of progressive message authentication codes
CN111294211A (en) USB network card data encryption and decryption method based on RNDIS
CN113225180A (en) Method and system for protecting communication key
CN115242390B (en) Energy storage control data packet transmission method and assembly based on timestamp
CN110417804B (en) Bidirectional identity authentication encryption communication method and system suitable for single-chip microcomputer implementation
CN117097551A (en) Industrial control system communication protocol security enhancement method, system, equipment and storage medium
Jolfaei et al. A lightweight integrity protection scheme for fast communications in smart grid
CN112714070A (en) Communication method, device, system and storage medium
CN113784342B (en) Encryption communication method and system based on Internet of things terminal
Strenzke Solutions for the storage problem of McEliece public and private keys on memory-constrained platforms
CN105306437A (en) Network security encryption and verification method
CN113922945A (en) Message integrity authentication method based on key information
Wang et al. Design and implementation of secure and reliable information interaction architecture for digital twins
CN114390518A (en) Encryption method, device, equipment and storage medium
CN110213257B (en) High-safety IP secret communication method based on true random stream exclusive or encryption
CN113347168A (en) Protection method and system based on zero trust model
CN112910630A (en) Method and device for replacing expanded key
Groza et al. On the use of one-way chain based authentication protocols in secure control systems
Ulz et al. Towards trustworthy data in networked control systems: A hardware-based approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant