摘要
针对配网自动化系统点多面广、分布广泛等特点,设计基于“网络层+应用层”的双重防护方案,提出一种基于SM2、SM3、SM4国密算法与消息认证码组合的一次口令认证协议,实现配电主站与配电终端间双向身份鉴别及业务数据加密,确保通讯数据的完整性和机密性,解决配网自动化系统网络安全防护问题,一旦应用多核异构自主安全芯片进行硬件加速,将提高加密算法的运行速度和效率。
According to the characteristics of distribution automation system,such as wide range of points and wide distribution,a dual protection scheme based on"network layer+application layer"is designed.A password authentication protocol based on the combination of SM2,SM3,SM4 national secret algorithm and message authentication code(MAC)one-time password authentication is proposed to realize two-way authentication and encryption of service data between distribution master station and distribution terminal.Therefore,this protocol ensures the integrity and confidentiality of communication data,solves the problem of network security protection of distribution automation system.Once the multi-core heterogeneous independent security chip is applied for hardware acceleration,the speed and efficiency of encryption algorithm will be improved.
作者
倪伟东
武利会
王俊丰
NI Weidong;WU Lihui;WANG Junfeng(Foshan Power Supply Company,Guangdong Power Grid Co.,Ltd.,Foshan 52800,China)
出处
《电力科学与技术学报》
CAS
北大核心
2020年第3期166-172,共7页
Journal of Electric Power Science And Technology
基金
广东电网有限责任公司科技项目(GDKJXM20185496)。
关键词
配网自动化
加密算法
双向身份鉴别
安全芯片
硬件加速
Distribution network automation
encryption algorithm
bidirectional identity authentication
security chip
hardware acceleration