摘要
分布式电源(distributed resources,DR)中智能边缘设备数据传输的安全问题为电力系统带来了安全隐患。Modbus TCP(transmission control protocol)协议作为边缘设备采用的通信手段之一,其协议安全性的不足使得系统易遭到网络空间的攻击。为保障电力设备数据传输安全,对现有安全手段进行整理,分析现有安全手段在DR应用场景下的不足,提出一种非侵入式Modbus TCP协议安全增强方法。该方法采用云边协同的架构,利用电力控制中心云平台管理访问控制原则,将实际访问控制决策模块部署在边缘设备,并通过细粒度的访问控制组合限制恶意行为。依据Modbus协议参考指南,搭建DR应用场景进行渗透测试,验证该方法能有效防御重放攻击和中间人攻击,可将安全开销控制在百微秒以内,显著优于其他安全手段,满足DR对实时性的需求。
The security problem of data transmission from smart edge devices in distributed resources(DR)brings hidden risks for power system.The Modbus TCP(transmission control protocol)is a commonly used communication method for edge devices,but its flawed security design makes the system vulnerable to cyber-attacks.In this paper,based on a review of the existing security methods,we analyzed their shortcomings under DR application scenarios,and proposed a non-intrusive Modbus TCP security enhancement method.The method adopts an architecture of cloud-edge collaboration,and uses the cloud platform of the power control center to manage access control principles,and deploys the actual access control module in the edge devices to restrict malicious behaviours through fine-grained access control combinations.Finally,based on the Modbus protocol reference guide,a DR application scenario was built for penetration testing.It was proved that the proposed method can effectively defend against the replay attacks and man-in-the-middle attacks in this scenario,and the time cost is within a hundred microseconds.
作者
何涂哲秋
徐子东
车欣
张镇勇
HETU Zheqiu;XU Zidong;CHE Xin;ZHANG Zhenyong(State Key Laboratory of Public Big Data(College of Computer Science and Technology,Guizhou University),Guiyang 550025,China;State Key Laboratory of Industrial Control Technology and College of Control Science and Engineering,Zhejiang University,Hangzhou 310027,China)
出处
《中国电力》
CSCD
北大核心
2024年第9期53-60,共8页
Electric Power
基金
国家自然科学基金资助项目(面向信息物理协同攻击的负载频率控制系统安全防御研究,62303126
基于多源密态数据的隐私保护神经网络模型,62362008)
贵州省基础研究计划(自然科学)一般项目(面向智能电网状态估计的信息物理攻防建模及防御成本优化研究,ZK[2022]149)
贵州省教育厅高等学校科学研究项目(青年项目)(面向大数据赋能的电网稳定性评估系统脆弱性研究,黔教技[2022]104号)。