摘要
当前主流研究采用HASH信息验证码(HMAC)认证方法保障面向通用对象的变电站事件(GOOSE)报文的完整性,但分析发现HMAC对经典的GOOSE这类短报文来说效率并不高。设计一种直接采用密钥和顺序调整后的报文作为HASH函数输入的GOOSE报文认证方法,利用GOOSE报文显性长度域、统一报文格式和时序性等属性,降低碰撞攻击和避免长度扩展攻击、重放攻击等风险;将GOOSE心跳报文的时变内容置于待认证报文末端,可重复利用同系列心跳报文中相同内容的HASH压缩运算的中间结果。嵌入式平台验证结果表明算法的高效性。
Today's popular study suggests HASH message authentication code(HMAC)method for generic object oriented substation event(GOOSE)to insure message integrity.However,elaborate study finds that HMAC method is not efficient to classic message whose length is short.An authentication method of getting the encrypted key and sequence adjusted information as direct inputs of the HASH function is proposed.GOOSE attributes of explicit length,unified message format and time factor are used in the method to resist length-expanded attacks and replay attacks.The time-varying content of heartbeat GOOSE is reorganized at the end of the message so that the intermediate result of HASH compressive computation to the unvaried content of the same series of heartbeats GOOSE can be efficiently used.Testing results in the embedded platform have proved the high efficiency of the proposed method.
出处
《电力系统自动化》
EI
CSCD
北大核心
2017年第2期173-177,共5页
Automation of Electric Power Systems
基金
国家自然科学基金资助项目(51477057)~~
关键词
实时报文
完整性
认证
算法效率
real-time packet
integrity
authentication
algorithm efficiency