面向配电网分布式控制的轻量级身份认证技术

doi:10.3785/j.issn.1008-973X.2018.06.017

浙江大学学报(工学版)

2018, Vol. 52

Issue (6): 1177-1184 DOI: 10.3785/j.issn.1008-973X.2018.06.017

电气工程

面向配电网分布式控制的轻量级身份认证技术

卢昕, 程雨诗, 张天晨, 徐文渊

浙江大学电气工程学院, 浙江杭州 310027

Light weight authentication technique for distributed control of power distribution network

LU Xin, CHENG Yu-shi, ZHANG Tian-chen, XU Wen-yuan

College of Electrical Engineering, Zhejiang University, Hangzhou 310027, China

全文: PDF(1924 KB) HTML

摘要：

提出基于一次性签名（OTS）的轻量级身份认证算法.考虑到常规一次性签名算法存储开销巨大，结合配电网分布式控制的特点对一次性签名的参数进行优化，设计可扩展为认证多个终端的密钥管理方案.在计算机和嵌入式平台上实现该算法并进行相关的实验.嵌入式平台实验结果表明：该算法实用高效，可以满足配电网分布式控制对于关键报文传输性能的要求，解决了配电网分布式控制的身份认证存在数据传输实时性要求高、终端计算能力有限、传统数字签名算法计算开销大等问题.

Abstract:

A lightweight authentication algorithm utilizing one-time signature (OTS) was proposed. The parameters of OTS were optimized combined with the mechanism of the distributed control of distribution networks to significantly reduce the storage cost and design a key management scheme that can be applied to multi-terminal authentication. The proposed algorithm was verified both on the PC and embedded platform. Results show that the algorithm is efficient and satisfies the time-critical requirements of data transmission. The algorithm has achieved balance between security and overhead of the distributed control in power distribution networks.

收稿日期: 2017-03-23 出版日期: 2018-06-20

CLC:

TM769

基金资助:

国家“863”高技术研究发展计划资助项目（2015AA050202）.

通讯作者: 徐文渊,女,教授.orcid.org/0000-0002-2428-973X. E-mail: wyxu@zju.edu.cn

作者简介: 卢昕(1993-),男,硕士生,从事智能电网信息安全的研究.orcid.org/0000-0003-1287-4701.E-mail:luxin1993@zju.edu.cn

	服务
	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	作者相关文章

引用本文:

卢昕, 程雨诗, 张天晨, 徐文渊. 面向配电网分布式控制的轻量级身份认证技术[J]. 浙江大学学报(工学版), 2018, 52(6): 1177-1184.

LU Xin, CHENG Yu-shi, ZHANG Tian-chen, XU Wen-yuan. Light weight authentication technique for distributed control of power distribution network. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2018, 52(6): 1177-1184.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2018.06.017 或 http://www.zjujournals.com/eng/CN/Y2018/V52/I6/1177

[1] 徐丙垠,薛永端,李天友,等.智能配电网广域测控系统及其保护控制应用技术[J].电力系统自动化,2012,36(18):2-9. XU Bing-yin, XUE Yong-duan, LI Tian-you, et al. A wide area measurement and control system for smart distribution grids and its protection and control applications[J]. Automation of Electric Power Systems, 2012,36(18):2-9.
[2] 范开俊,徐丙垠,陈羽,等.配电网分布式控制实时数据的GOOSE over UDP传输方式[J].电力系统自动化,2016(4):115-120. FAN Kai-jun, XU Bing-yin, CHEN Yu, et al. GOOSE over UDP transmission mode for real-time data of distributed control applications in distribution networks[J]. Automation of Electric Power Systems, 2016(4):115-120.
[3] 陈晓杰,徐丙垠,陈羽,等.配电网分布式控制实时数据快速传输技术[J].电力系统保护与控制,2016,44(17):151-158. CHEN Xiao-jie, XU Bing-yin, CHEN Yu, et al. Real-time data fast transmission technology for distributed control of distribution network[J]. Power System Protection and Control, 2016, 44(17):151-158.
[4] LIANG G, WELLER S R, ZHAO J, et al. The 2015 Ukraine blackout:implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2017, 32(4):3317-3318. 国家电网调[2011] 168号.中低压配电网自动化系统安全防护补充规定(试行)[S].2011. 国家发展改革委员会.发改委14号令:电力监控系统安全防护规定[S].2014.
[7] IEC 62351, Power systems management and associated information exchange:data and communication security[S]. Geneva:IEEE, 2007:51-56.
[8] IEC/TR 61850, Communication networks and systems for power utility automation part 90-5:use of IEC 61850 to transmit synchrophasor information according to IEEE C37.118[S]. Geneva:IEEE, 2010:321-328.
[9] 王智东, 王钢, 黎永昌, 等. 基于微型加密算法的IEC 61850-9-2LE报文加密方法[J]. 电力系统自动化, 2016(4):121-127. WANG Zhi-dong, WANG Gang, LI Yong-chang, et al. An encryption method for IEC 61850-9-2LE packet based on tiny encryption algorithm[J]. Automation of Electric Power Systems, 2016(4):121-127.
[10] 王智东,王钢,童晋方,等.一种高效的GOOSE报文完整性认证方法[J].电力系统自动化,2017(2):173-177. WANG Zhi-dong, WANG Gang, TONG Jin-fang, et al. Efficient integrity authenticati-on method for GOOSE packet[J]. Automation of Electric Power Systems, 2017(2):173-177.
[11] LAMPORT L. Constructing digital signatures from a one-way function[R]. Palo Alto:SRI International,1979.
[12] REYZIN L, REYZIN N. Better than BiBa:short one-time signatures with fast signing and verifying[C]//Australasian Conference on Information Security and Privacy. Australia:Springer, 2002:144-153.
[13] HU Y C, JAKOBSSON M, PERRIG A. Efficient constructions for one-way hash chains[C]//International Conference on Applied Cryptography and Network Security. New York:Springer, 2005:423-441.
[14] WANG Q, KHURANA H, HUANG Y, et al. Time valid one-time signature for time-critical multicast data authentication[C]//Proceedings of IEEE INFOCOM. Rio de Janeiro, Brazil:IEEE, 2009:1233-1241.
[15] LI Q, CAO G. Multicast authentication in the smart grid with one-time signature[J]. IEEE Transactions on Smart Grid, 2011, 2(4):686-696.
[16] CAIRNS K, GAMAGE T, HAUSER C. Efficient targeted key subset retrieval in fractal hash sequences[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. Berlin:ACM, 2013:1273-1284.
[17] STEVENS M, BURSZTEIN E, KARPMAN P, et al.Announcing the first SHA1 collision[EB/OL].[2017-02-23]. https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html.
[18] ANALOG DEVICES. Crypto++ library benchmark re-sults for Blackfin 537[EB/OL].[2009-03-17]. https://docs.blackfin.uclinux.org/doku.php?id=uclinux-dist:libs:crypto&s[]=sha&s[]=1.

No related articles found!

Viewed

Full text

Abstract

Cited

Shared

Discussed