一种改进的GOOSE报文HMAC认证方法(英文)

An HMAC Based Authenticated Method for GOOSE Packets

IEC 62351标准建议GOOSE报文采用HMAC方法以保证报文完整性,但由于没有考虑报文心跳机制和具体的报文特点,GOOSE报文直接应用HMAC的经典方法的效率并不高。提出将GOOSE报文的常变内容移到报文末端位置进而生成验证码的效率改善方法。该方法根据相同的GOOSE报文内容在哈希函数压缩过程中有相同输出结果的特性,使得同一系列的重发报文可以直接利用第一个GOOSE报文的相同内容运算得到的结果,节省了HMAC方法中大部分的运算时间。文中进而讨论了影响网络带宽的GOOSE报文认证码长度在电力实际通信环境下的优化。嵌入式平台测试结果表明文中方法的高效性,采用OPNET软件仿真不同的GOOSE报文认证码长度对带宽的影响。

HMAC is suggested to safeguard GOOSE packet integrity by IEC62351 standard. But traditional HMAC authentication method directly applied in GOOSE packets is not efficient, since it doesn＇t consider GOOSE packet features such as the retransmitted mechanism. An improved method of reorganizing the content sequence of GOOSE packets by moving variable contents to the packet＇s end position in order to get message authentication codes efficiently is proposed. The improved method fully utilizes the same chaining values of HASH iterated procedure for the identical contents of retransmitted GOOSE packets as reusable results. Except for the first packet, the same series of retransmitted GOOSE packets can directly apply the reusable result, which saves the majority time-consuming of HMAC application in GOOSE packets. Message authentication code length crucial to power information network bandwidth is discussed later under the practical power information environment. Testing results in the embedded platform prove the efficiency of the proposed method. OPNET is used to verify the communication bandwidth usage with different lengths of GOOSE MACs in power information systems.