摘要
目前智能变电站系统安全防护主要依据IEC 62351标准实施,IEC 62351是国际标准,其涉及的安全技术主要采用国际算法RSA、AES及数字证书。针对智能变电站系统通信存在的安全缺陷,本文提出以下3方面解决方案,1)提出基于IEC 62351安全机制的智能变电站设备间通信采用国密算法与调度数字证书技术;2)发现调度主站到变电站通信协议IEC 104的安全隐患,提出安全改造方案及实现方法;3)提出站控层与过程层通信协议改造方案并采用国密算法与调度证书技术实现。通过采取以上安全措施,确保站内通信信息以及信息资源的实时性、可靠性、保密性、完整性和可用性,杜绝未授权用户的非法接入,保证通信双方身份的真实性及业务数据的可追溯性。
At present,the safety protection of intelligent substation system is mainly implemented according to IEC 62351 standard.As an international standard,its safety technology mainly adopts international algorithm RSA,AES and digital certificate.In view of the security defects of communication in intelligent substation system,this paper proposes the following three solutions:1)the communication between intelligent substation equipment based on IEC 62351 security mechanism should adopt the national security algorithm and dispatching digital certificate technology;2)finding out the security risks of communication protocol IEC104 from dispatching master station to substation,putting forward the security transformation scheme and implementation method;3)putting forward the communication protocol transformation schemes of station control layer and the process layer,then implementing them by the national security algorithm and scheduling certificate technology.The above security measures can ensure the real-time,reliability,confidentiality,integrity and availability of communication information and information resources in the station,stop illegal access of unauthorized users,and ensure the authenticity of identities of both sides of communication and the traceability of business data.
作者
张喜铭
李金
邱荣福
许艾
ZHANG Ximing;LI Jin;QIU Rongfu;XU Ai(China Southern Power Grid Co.,Ltd.,Guangzhou 510663,China;Digital Grid Research Institute,CSG,Guangzhou 510663,China)
出处
《南方电网技术》
CSCD
北大核心
2020年第1期39-45,共7页
Southern Power System Technology
关键词
国密算法
调度数字证书
变电站安全
认证
加密
national secret algorithm
dispatching digital certificate
substation secure
authentication
encryption