CN213244052U - Credible autonomous authentication system for intelligent substation terminal - Google Patents
Credible autonomous authentication system for intelligent substation terminal Download PDFInfo
- Publication number
- CN213244052U CN213244052U CN202022281226.7U CN202022281226U CN213244052U CN 213244052 U CN213244052 U CN 213244052U CN 202022281226 U CN202022281226 U CN 202022281226U CN 213244052 U CN213244052 U CN 213244052U
- Authority
- CN
- China
- Prior art keywords
- trusted
- terminal
- switch
- credible
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 239000003990 capacitor Substances 0.000 claims description 6
- 235000015429 Mirabilis expansa Nutrition 0.000 claims description 4
- 244000294411 Mirabilis expansa Species 0.000 claims description 4
- 235000013536 miso Nutrition 0.000 claims description 4
- 102100039435 C-X-C motif chemokine 17 Human genes 0.000 claims description 3
- 101000889048 Homo sapiens C-X-C motif chemokine 17 Proteins 0.000 claims description 3
- 101100489713 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GND1 gene Proteins 0.000 claims description 3
- 101100489717 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GND2 gene Proteins 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 239000013307 optical fiber Substances 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 9
- 230000008569 process Effects 0.000 abstract description 7
- 230000003993 interaction Effects 0.000 abstract description 3
- 230000009467 reduction Effects 0.000 abstract description 3
- 230000009471 action Effects 0.000 description 21
- 238000005516 engineering process Methods 0.000 description 15
- 230000007123 defense Effects 0.000 description 14
- 230000006399 behavior Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 239000000284 extract Substances 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 125000006850 spacer group Chemical group 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model provides a credible autonomous authentication system of intelligent substation terminal, this system includes: the intelligent terminal, the primary device, the secondary device, the trusted switch, the trusted computer, the trusted computing chip, the authentication server and the feature database, wherein the primary device and the secondary device are connected with the intelligent terminal, the intelligent terminal is connected with the trusted switch, the trusted switch is connected with the trusted computer, the trusted computer is connected with the feature database and the authentication server, the authentication server is connected with the feature database, and the trusted computing chip is arranged in each of the trusted switch, the trusted computer and the authentication server. The utility model provides a credible autonomous system of intelligent substation terminal makes during credible calculation can use terminal information authentication, guarantees intelligent substation process layer and interval layer information interaction safety, and the safety threat of maximum reduction network attack to intelligent substation.
Description
Technical Field
The utility model relates to an intelligent substation terminal security protection technical field especially relates to an intelligent substation terminal credible autonomous authentication system.
Background
Traditional intelligent substation terminal security measures mostly belong to passive defense types, such as digital signature technology, firewall technology, intrusion detection technology and the like, and the processing mode of these technologies to network attack generally is: the system analyzes the attack characteristics after being attacked, the characteristics are added into a defense characteristic library, and the attack can be blocked through characteristic identification when the system is subjected to similar attacks next time, so that the defense effect is achieved. The passive defense technology can only play a role in protecting network attacks, defense always depends on a defense feature library after the attacks, and once technical problems occur in the feature library, the recognition efficiency of attack types can be seriously influenced, so that the intelligent substation equipment is out of order, information is leaked, and even paralysis is caused. Therefore, the passive defense technology lacks timeliness and flexibility, and the security effect is not good.
The active defense technology is a new technology for resisting network attacks, adopts defense ideas and technologies completely different from the traditional defense means, and overcomes the defects of the passive defense technology. For example, honeypot technology, which is used for luring attackers to attack by constructing an operating environment similar to that of an application system, recording the intrusion process, deeply analyzing the attack behavior and extracting the intrusion characteristics. Compared with a passive defense technology, the honeypot technology can collect new attack tools and attack methods, dynamic identification of attack behaviors is achieved, and the protection capability of the system is greatly improved. The honeypot technology can only monitor and analyze the attack behaviors collected aiming at honeypots, the attack types capable of being identified are limited, the protection of some systems with leaks is difficult, and certain safety risks can be brought in the process of deploying honeypots.
In summary, the traditional passive defense has little effect on resisting internal attack of the terminal, and the existing passive defense cannot effectively resist the terminal which is accessed into the transformer substation if the terminal is infected with virus or launches malicious attack. Almost all attack events are initiated by the terminal, and if the terminal can be safely evaluated when being accessed into the intelligent substation, the access of the terminal which does not meet the requirements is limited or blocked, and malicious attack events are controlled from the root. Due to the characteristics of large quantity and various types of user terminals, the terminal trusted access technology can be considered to authenticate and authorize the terminal, but the traditional terminal information authentication mode only authenticates the terminal identity when the terminal is accessed, and does not dynamically monitor the terminal behavior in real time, that is, when the terminal is accessed into a network, the terminal cannot be guaranteed to be always safe and trusted in the operation process, and can be illegally misused, remotely controlled and the like, so that a series of illegal operations are performed.
SUMMERY OF THE UTILITY MODEL
The utility model aims at providing an intelligent substation terminal credible autonomous authentication system makes the credible calculation can use terminal information authentication in, guarantees intelligent substation process layer and interval layer information interaction safety, and the safety threat of furthest reduction network attack to intelligent substation.
In order to achieve the above object, the utility model provides a following scheme:
an intelligent substation terminal credible autonomous authentication system, the system comprises: the intelligent terminal, the primary device, the secondary device, the trusted switch, the trusted computer, the trusted computing chip, the authentication server and the feature database, wherein the primary device and the secondary device are connected with the intelligent terminal, the intelligent terminal is connected with the trusted switch, the trusted switch is connected with the trusted computer, the trusted computer is connected with the feature database and the authentication server, the authentication server is connected with the feature database, and the trusted computing chip is arranged in each of the trusted switch, the trusted computer and the authentication server.
Optionally, the trusted computing chip and the intelligent terminal are in communication connection through an SPI interface.
Optionally, the trusted computing chip is a Z32H330 chip, a pin VCC1, a pin VCC2, and a pin VCC3 of the trusted computing chip are all connected to the voltage input connector VA, a pin VSS1, a pin VSS2, a pin GND1, and a pin GND2 are all grounded, a pin TPMRST is respectively connected to one end of the switch SW1 and one end of the capacitor C1, the other end of the switch SW1 is connected to one end of the resistor R1, the other end of the resistor R1 is connected to the other end of the capacitor C1 and then grounded, and a pin MISO, a pin MOSI, a pin CLK, and a pin CS are respectively connected to the connection terminal J1 of the SPI interface.
Optionally, the intelligent terminal is a CDS-601, the trusted switch is a TA-S5800, and the trusted computer uses a Window Vista system.
Optionally, the intelligent terminal is connected to the primary device through a cable, and is connected to the secondary device through an optical fiber.
According to the utility model provides a concrete embodiment, the utility model discloses a following technological effect: the utility model provides a credible autonomous authentication system of intelligent substation terminal, through the operation information (such as divide-shut brake signal, break circuit signal etc.) and the secondary equipment of intelligent terminal collection primary equipment to primary equipment's control, protection information, set up credible switch between intelligent terminal and credible computer, the information that gathers intelligent terminal is transmitted to credible computer through credible switch retransmission to all embed credible computing chip in credible switch, unfortunately computer and authentication server, strengthen the credible autonomous authentication of each link; the trusted computer can perform format processing on the equipment action information to enable the equipment action information to meet the authentication format and then transfer the equipment action information to the authentication server; the authentication server can adopt an identity authentication mechanism to perform identity authentication and integrity measurement on the equipment action information; the authentication server is connected with the characteristic database, the characteristic database extracts and collects real-time behavior evidence of the equipment action information, compares the real-time behavior evidence with the structured characteristic information in the characteristic database, and periodically judges whether the behavior evidence is credible or not; in addition, the trusted computing chip is connected into the system through various pin connection modes, so that the trusted computing can be applied to terminal information authentication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic structural view of a trusted self-control authentication system of an intelligent substation terminal according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a trusted computing chip.
Reference numerals: 100. an intelligent terminal; 101. primary equipment; 102. secondary equipment; 103. a trusted switch; 104. a trusted computer; 105. a trusted computing chip; 106. an authentication server; 107. a feature database.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative work belong to the protection scope of the present invention.
The utility model aims at providing an intelligent substation terminal credible autonomous authentication system makes the credible calculation can use terminal information authentication in, guarantees intelligent substation process layer and interval layer information interaction safety, and the safety threat of furthest reduction network attack to intelligent substation.
In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention is described in detail with reference to the accompanying drawings and the detailed description.
As shown in fig. 1, the embodiment of the utility model provides an intelligent substation terminal credible autonomy authentication system, include: the intelligent substation process control system comprises an intelligent terminal 100, primary equipment 101, secondary equipment 102, a trusted switch 103, a trusted computer 104, a trusted computing chip 105, an authentication server 106 and a feature database 107, wherein the primary equipment 101 and the secondary equipment 102 are connected with the intelligent terminal 100, the intelligent terminal 100 is connected with the trusted switch 103, the trusted switch 103 is connected with the trusted computer 104, the trusted computer 104 is connected with the feature database 107 and the authentication server 106, the authentication server 106 is connected with the feature database 107, the trusted switch 103, the trusted computer 104 and the authentication server 106 are all internally provided with the trusted computing chip 105, the intelligent terminal 100 is intelligent substation process layer equipment, is connected with the primary equipment 101 through a cable and connected with the secondary equipment 102 through an optical fiber, and control information of the intelligent terminal 100 is forwarded to the trusted computer 104 through the trusted switch 103, the trusted computer 104 relies on the trusted computing chip 105 to perform integrity check on the control information of the intelligent terminal 100 and send a request to the authentication server 106 for authentication, the authentication server 106 performs feature comparison on the information and the structured information in the feature database 107, if the information meets the trusted requirement, the control information is allowed to be sent to the spacer layer, and if the information does not meet the trusted requirement, the illegal information is stored in the feature database 107.
As shown in fig. 2, the trusted computing chip 105 is in communication connection with the intelligent terminal 100 through an SPI interface, the trusted computing chip 105 is a Z32H330 chip and is responsible for processing complex cryptographic operations, a pin VCC1, a pin VCC2, and a pin VCC3 of the trusted computing chip 105 are all connected to a voltage input connector VA, and a pin VSS, a pin VSS1, a pin VSS2, a pin GND1, and a pin GND2 are all grounded to form a path for supplying power to the chip; the pin TPMRST is respectively connected with one end of the switch SW1 and one end of the capacitor C1, the other end of the switch SW1 is connected with one end of the resistor R1, the other end of the resistor R1 is connected with the other end of the capacitor C1 and then grounded, and access control of the trusted computing chip 105 and the intelligent terminal 100 is achieved; pin MISO links to each other through SPI _ MISO agreement and binding post J1 of SPI interface, realize trusted computer chip 105 to intelligent terminal 100's data input, pin MOSI passes through SPI _ MOSI agreement and links to each other with binding post J1 of SPI interface, realize intelligent terminal 100 to trusted computer chip 105's data input, pin CLK passes through SPI _ CLK agreement and links to each other with binding post J1 of SPI interface, realize the clock signal control among the circuit connection, pin CS passes through SPI _ CS agreement and links to each other with binding post J1 of SPI interface, enable signal control among the realization circuit connection.
The intelligent terminal 100 is a CDS-601, the trusted switch 103 is a TA-S5800, and the trusted computer 104 uses a Windows vista system.
The implementation steps of the intelligent substation terminal credible autonomous authentication system are as follows: the intelligent terminal collects operation information (such as switching-on and switching-off signals, breaking signals and the like) of primary equipment and control and protection information of secondary equipment on the primary equipment, the information can directly influence the next action of the equipment, the equipment is easily attacked by a network to cause immeasurable loss, and then the information is sent to a trusted switch, and the information can be collectively called as equipment action information; the trusted switch sends the device action information to the trusted computer; the trusted computer carries out format processing on the equipment action information to enable the equipment action information to meet the authentication format and then transfers the equipment action information to the authentication server; the authentication server adopts an identity authentication mechanism to perform identity authentication and integrity measurement on the equipment action information; the authentication server is connected with the characteristic database, extracts and collects real-time behavior evidence of the equipment action information, compares the real-time behavior evidence with the structured characteristic information in the characteristic database, and periodically judges whether the behavior evidence is credible or not; and analyzing according to the judgment result, if the credible characteristics in the characteristic database are met, sending 'successful authentication' information to the intelligent terminal user, and if the credible characteristics in the characteristic database are not met, storing the equipment action information into the characteristic database and carrying out structural processing, classifying the equipment action information into illegal information, completing dynamic updating of the characteristic database, and improving the judgment precision of the equipment action information.
The utility model provides a credible autonomous authentication system of intelligent substation terminal, through the operation information (such as divide-shut brake signal, break circuit signal etc.) and the secondary equipment of intelligent terminal collection primary equipment to primary equipment's control, protection information, set up credible switch between intelligent terminal and credible computer, the information that gathers intelligent terminal is transmitted to credible computer through credible switch retransmission to all embed credible computing chip in credible switch, unfortunately computer and authentication server, strengthen the credible autonomous authentication of each link; the trusted computer can perform format processing on the equipment action information to enable the equipment action information to meet the authentication format and then transfer the equipment action information to the authentication server; the authentication server can adopt an identity authentication mechanism to perform identity authentication and integrity measurement on the equipment action information; the authentication server is connected with the characteristic database, the characteristic database extracts and collects real-time behavior evidence of the equipment action information, compares the real-time behavior evidence with the structured characteristic information in the characteristic database, and periodically judges whether the behavior evidence is credible or not; in addition, the trusted computing chip is connected into the system through various pin connection modes, so that the trusted computing can be applied to terminal information authentication.
The principle and the implementation of the present invention are explained herein by using specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for the general technical personnel in the field, according to the idea of the present invention, there are changes in the concrete implementation and the application scope. In summary, the content of the present specification should not be construed as a limitation of the present invention.
Claims (5)
1. The utility model provides an intelligent substation terminal credibility is from control authentication system which characterized in that includes: the intelligent terminal, the primary device, the secondary device, the trusted switch, the trusted computer, the trusted computing chip, the authentication server and the feature database, wherein the primary device and the secondary device are connected with the intelligent terminal, the intelligent terminal is connected with the trusted switch, the trusted switch is connected with the trusted computer, the trusted computer is connected with the feature database and the authentication server, the authentication server is connected with the feature database, and the trusted computing chip is arranged in each of the trusted switch, the trusted computer and the authentication server.
2. The intelligent substation terminal trusted self-control authentication system according to claim 1, wherein the trusted computing chip is in communication connection with the intelligent terminal through an SPI (serial peripheral interface).
3. The intelligent substation terminal credible autonomous authentication system of claim 2, wherein the credible computing chip is a Z32H330 chip, pins VCC, VCC1, VCC2 and VCC3 of the credible computing chip are all connected with a voltage input connector VA, pins VSS, VSS1, VSS2, GND1 and GND2 are all grounded, pin TPMRST is respectively connected with one end of a switch SW1 and one end of a capacitor C1, the other end of a switch SW1 is connected with one end of a resistor R1, the other end of a resistor R1 is connected with the other end of the capacitor C1 and then grounded, and pin MISO, pin MOSI, pin CLK and pin CS are respectively connected with a connecting terminal J1 of the SPI interface.
4. The intelligent substation terminal trusted self-control authentication system according to claim 1, wherein the intelligent terminal is CDS-601, the trusted switch is TA-S5800, and the trusted computer uses a Window Vista system.
5. The intelligent substation terminal trusted self-control authentication system according to claim 1, wherein the intelligent terminal is connected with the primary device through a cable, and is connected with the secondary device through an optical fiber.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022281226.7U CN213244052U (en) | 2020-10-14 | 2020-10-14 | Credible autonomous authentication system for intelligent substation terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022281226.7U CN213244052U (en) | 2020-10-14 | 2020-10-14 | Credible autonomous authentication system for intelligent substation terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN213244052U true CN213244052U (en) | 2021-05-18 |
Family
ID=75880615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202022281226.7U Active CN213244052U (en) | 2020-10-14 | 2020-10-14 | Credible autonomous authentication system for intelligent substation terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN213244052U (en) |
-
2020
- 2020-10-14 CN CN202022281226.7U patent/CN213244052U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905451B (en) | System and method for trapping network attack of embedded device of smart power grid | |
| CN107493265B (en) | A kind of network security monitoring method towards industrial control system | |
| CN116488939A (en) | Computer information security monitoring method, system and storage medium | |
| CN103905450B (en) | Intelligent grid embedded device network check and evaluation system and check and evaluation method | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| CN103903187A (en) | Fast detection method for potential safety hazards of power distribution automation system information | |
| CN112073431B (en) | Security defense method and system for industrial control system network | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| CN213244052U (en) | Credible autonomous authentication system for intelligent substation terminal | |
| CN111898167A (en) | External terminal protection equipment and protection system including identity information verification | |
| Xiang et al. | Network Intrusion Detection Method for Secondary System of Intelligent Substation based on Semantic Enhancement | |
| Li et al. | Overview of Intrusion Detection in Smart Substation | |
| KR101153115B1 (en) | Method, server and device for detecting hacking tools | |
| Wang | Internet of Things Computer Network Security and Remote Control Technology Application | |
| CN113992366A (en) | Network data transmission method, device, equipment and storage medium | |
| Xia et al. | Design and implementation of vulnerability scanning tools for intelligent substation industrial control system based on openVAS | |
| CN111898105A (en) | External terminal protection equipment with user tracing function and protection system | |
| CN112565246A (en) | Network anti-attack system and method based on artificial intelligence | |
| Li et al. | Research on Typical Model of Network Invasion and Attack in Power Industrial Control System | |
| US20240320379A1 (en) | Method, Apparatus and Electronic Device for Controlliing the Communication between USB Device and Protected Device | |
| Ruan et al. | Near-Source Attack for Isolated Networks with Covert Channel Transmission | |
| US20240320380A1 (en) | Method, Apparatus and Electronic Device for Controlling Access of USB Device | |
| Ru et al. | Brief Technical Analysis of Malicious Cyber Attacks in Power System | |
| CN118200044B (en) | Security protection method and device, electronic equipment and storage medium | |
| Sun | A safety-security integrated analysis approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |