输电线路分布式故障诊断系统的信息安全防护设计及应用

详细信息    查看全文 | 推荐本文 |

英文篇名：Design and Application of Information Security Protection for Distributed Fault Diagnosis System of Transmission Line 作者：周华良 ; 饶丹 ; 宋斌 ; 李友军 ; 张吉 ; 吕晓俊 英文作者：ZHOU Hualiang;RAO Dan;SONG Bin;LI Youjun;ZHANG Ji;LYU Xiaojun;NARI Group Corporation (State Grid Electric Power Research Institute);NARI Technology Co.Ltd.;State Key Laboratory of Smart Grid Protection and Control; 关键词：特高压输电线路 ; 故障诊断系统 ; 监测终端 ; 安全防护 ; 监控运维中心 英文关键词：ultra-high voltage(UHV) transmission line;;faults diagnosis system;;monitoring terminal;;security protection;;monitoring and maintenance center 中文刊名：DLXT 英文刊名：Automation of Electric Power Systems 机构：南瑞集团有限公司(国网电力科学研究院有限公司);国电南瑞科技股份有限公司;智能电网保护和运行控制国家重点实验室; 出版日期：2019-07-02 19:12 出版单位：电力系统自动化 年：2019 期：v.43;No.661 语种：中文; 页：DLXT201915028 页数：7 CN：15 ISSN：32-1180/TP 分类号：300-306

摘要

输电线路分布式故障诊断系统作为特高压输电故障位置定位服务的关键产品应用,对电力系统的安全、可靠与经济运行具有重要意义。文中结合实际系统的研制与应用,提出了一种基于安全防护的分布式故障诊断监测终端系统的安全链路应用方法。该方法通过监测终端嵌入加密芯片接入安全网关,通过安全网关过滤后接入监控运维中心,监控运维中心通过正向单向隔离与App服务器单向通信,App服务器通过身份认证、数字签名与手持移动终端建立安全通道。通过全链路的可信改造,有效地阻止恶意程序攻击、恶意代码植入攻击、网络窃听以及嗅探攻击。通过监控运维中心的身份校验和主备机双机数据备份,保障了监控运维中心的数据安全和运维操作安全。所述系统产品已顺利通过安全测试与认证并在陕西省特高压交流1 000 kV输电线路上挂网运行,取得了安全稳定运行的实际效果。
        As the key product application of fault location service for ultra-high voltage(UHV) transmission system, the distributed fault diagnosis system of transmission line is of great significance to the safety, reliability and economic operation of power system. By combining the development and application of practical system, this paper proposes a secure link application method for distributed fault diagnosis and monitoring terminal system based on security protection. This method uses the monitoring terminal embedded encryption chip to access the security gateway. After filtered by the security gateway, the access to the monitoring and maintenance center can be done. Isolated by the forward device, the monitoring and maintenance center sends message to App server station one way by means of identity authentication and digital signature, and the App server establishes a secure channel for mobile terminal. Through the trusted transformation of the entire link, malicious program attacks, malicious code implantation attacks, network eavesdropping and sniffing attacks are effectively prevented. By the identity checksum of the monitoring and maintenance center and the backup of the dual-machine data of the main/standby machine, the security of data and maintenance operation of the monitoring and maintenance center are guaranteed. The described system products have successfully passed the safety test and certification, and run steadily and reliably on the 1 000 kV UHV AC transmission line in Shaanxi Province of China.

引文

[1]王栋,陈传鹏,颜佳,等.新一代电力信息网络安全架构的思考[J].电力系统自动化,2016,40(2):6-11.WANG Dong,CHEN Chuanpeng,YAN Jia,et al.Pondering a new-generation security architecture model for power information network[J].Automation of Electric Power Systems,2016,40(2):6-11.
    [2]高昆仑,辛耀中,李钊,等.智能电网调度控制系统安全防护技术及发展[J].电力系统自动化,2015,39(1):48-52.GAO Kunlun,XIN Yaozhong,LI Zhao,et al.Development and process of cybersecurity protection architecture for smart grid dispatching and control systems[J].Automation of Electric Power Systems,2015,39(1):48-52.
    [3]丁明,李晓静,张晶晶.面向SCADA的网络攻击对电力系统可靠性的影响[J].电力系统保护与控制,2018,46(11):37-45.DING Ming,LI Xiaojing,ZHANG Jingjing.Effect of SCADA-oriented cyber attack on power system reliability[J].Power System Protection and Control,2018,46(11):37-45.
    [4]李培恺,刘云,辛焕海,等.分布式协同控制模式下配电网信息物理系统脆弱性评估[J].电力系统自动化,2018,42(10):22-29.DOI:10.7500/AEPS20170705002.LI Peikai,LIU Yun,XIN Huanhai,et al.Vulnerability assessment for cyber-physical system of distribution network in distributed cooperative control mode[J].Automation of Electric Power Systems,2018,42(10):22-29.DOI:10.7500/AEPS20170705002.
    [5]石立宝,简洲.基于动态攻防博弈的电力信息物理融合系统脆弱性评估[J].电力系统自动化,2016,40(17):99-105.SHI Libao,JIAN Zhou.Vulnerability assessment of cyber physical power system based on dynamic attack-defense game model[J].Automation of Electric Power Systems,2016,40(17):99-105.
    [6]肖峻,祖国强,贺琪博,等.配电网安全域的实证分析[J].电力系统自动化,2017,41(3):153-160.DOI:10.7500/AEPS20160617008.XIAO Jun,ZU Guoqiang,HE Qibo,et al.Empirical analysis on distribution system security region[J].Automation of Electric Power Systems,2017,41(3):153-160.DOI:10.7500/AEPS20160617008.
    [7]倪明,颜诘,柏瑞,等.电力系统防恶意信息攻击的思考[J].电力系统自动化,2016,40(5):148-151.NI Ming,YAN Jie,BO Rui,et al.Power system cyber attack and its defense[J].Automation of Electric Power Systems,2016,40(5):148-151.
    [8]汤奕,陈倩,李梦雅,等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化,2016,40(17):59-69.TANG Yi,CHEN Qian,LI Mengya,et al.Overview on cyberattacks against cyber physical power system[J].Automation of Electric Power Systems,2016,40(17):59-69.
    [9]王智东,王钢,童晋方,等.智能变电站的密钥管理方法[J].电力系统自动化,2016,40(13):121-127.WANG Zhidong,WANG Gang,TONG Jinfang,et al.Key management method for intelligent substations[J].Automation of Electric Power Systems,2016,40(13):121-127.
    [10]高丽丽,李顺东.基于身份认证的密钥交换改进协议[J].计算机工程,2014,11(11):113-117.GAO Lili,LI Shundong.Improved identity-based authenticated key exchange protocols[J].Computer Engineering,2014,11(11):113-117.
    [11]陈明.强安全的匿名隐式漫游认证与密钥协商方案[J].计算机研究与发展,2017,54(12):2772-2784.CHEN Ming.Strongly secure anonymous implicit authentication and key agreement for roaming service[J].Journal of Computer Research and Development,2017,54(12):2772-2784.
    [12]秦艳琳,吴晓平,胡卫.抗密钥泄露的无证书签密方案[J].通信学报,2017,38(增刊2):43-50.QIN Yanlin,WU Xiaoping,HU Wei.Leakage-resilient certificateless signcryption scheme[J].Journal on Communications,2017,38(Supplement 2):43-50.
    [13]苗新,张亮,马平,等.量子密钥分发的变电站间测控信号一次一密光纤传输方案[J].电力系统自动化,2017,41(12):212-217.DOI:10.7500/AEPS20161223002.MIAO Xin,ZHANG Liang,MA Ping,et al.Optical fiber transmission solution of measurement and control signal between substations based on quantum key distribution and one-time pad[J].Automation of Electric Power Systems,2017,41(12):212-217.DOI:10.7500/AEPS20161223002.
    [14]张明德,郑雪峰,吕述望,等.身份认证可信度研究[J].计算机科学,2011,38(11):43-47.ZHANG Mingde,ZHENG Xuefeng,LShuwang,et al.Research on trust degree of authentication[J].Computer Science,2011,38(11):43-47.
    [15]杨同豪,郁滨.基于身份的ZigBee节点认证方案[J].计算机工程与设计,2012,33(11):4127-4130.YANG Tonghao,YU Bin.Identity-based authentication scheme for ZigBee nodes[J].Computer Engineering and Design,2012,33(11):4127-4130.
    [16]国家电力监管委员会.电力二次系统安全防护规定[EB/OL].[2018-10-26].https://wenku.baidu.com/view/18334274a9114431b90d6c85ec3a87c240288aff.html.National Electricity Regulatory Commission.Safety protection regulations of power secondary system[EB/OL].[2018-10-26].https://wenku.baidu.com/view/18334274a9114431b90d6c85ec3a87c240288aff.html.
    [17]张明清,谢杰,张敏,等.基于OPNET的拒绝服务攻击建模与仿真[J].系统仿真学报,2008,20(10):2736-2739.ZHANG Mingqing,XIE Jie,ZHANG Min,et al.Modeling and simulation of DDos attacks using OPNET modeler[J].Journal of System Simulation,2008,20(10):2736-2739.
    [18]朱玛,李勇,章坚民,等.基于OPNET的数字化变电站DoS攻击建模与仿真研究[J].机电工程,2017,34(3):304-309.ZHU Ma,LI Yong,ZHANG Jianmin,et al.OPNET based modeling and simulation of DoS attack of digital substation[J].Mechanical&Electrical Engineering Magazine,2017,34(3):304-309.
    [19]郑显义,史岗,孟丹.系统安全隔离技术研究综述[J].计算机学报,2017,40(5):1057-1079.ZHENG Xianyi,SHI Gang,MENG Dan.A survey on system security isolation technology[J].Chinese Journal of Computers,2017,40(5):1057-1079.
    [20]马兰,杨义先.系统化的信息安全评估方法[J].计算机科学,2011,38(9):45-49.MA Lan,YANG Yixian.Systemic approach of evaluating information security[J].Computer Science,2011,38(9):45-49.
    [21]阙华坤,杨劲锋,肖勇,等.基于一体化平台的信息安全等级评估[J].计算机工程,2013,39(10):133-137.QUE Huakun,YANG Jinfeng,XIAO Yong,et al.Information security level assessment based on integrated platform[J].Computer Engineering,2013,39(10):133-137.