一种基于生物特征的电力系统安全认证协议

Biometric Based Security Authentication Protocol for Power System

相量测量单元(pressure measuring unit,PMU)设备和工作人员之间的数据传输经由互联网,容易受到非法节点的攻击,此外PMU设备的部署环境复杂多变,容易被敌手捕获进而获取内部秘密信息。为此提出一种基于生物特征抗捕获攻击的电力系统安全认证协议用于节点间安全的数据传输。采用模糊提取器技术实现员工的生物特征提取;利用二元对称多项式实现对称密钥的分配管理、额外设备的添加以及长期密钥的动态更新,并提供PMU设备的抗捕获能力;同时结合员工密码、生物特征和智能卡三因素进一步增强协议的整体安全性。此外利用BAN逻辑和Proverif工具对协议进行安全分析、仿真,并从安全特性和效率等角度与其他相关方案进行比较。对比分析结果表明,所提出的协议能够确保节点间的安全通信,并且在保证安全性的前提下,可减少约40%的计算和通信成本,适用于存储资源有限的PMU设备。

The data transmission between phase measurement unit(PMU)devices and staffs via the internet is vulnerable to attacks by illegal nodes.In addition,considering that the deployment environment of PMU devices is complex and changeable,it is easy to be captured by adversaries and then obtain internal secret information.Therefore,this paper proposes a biometric anti-capture attack based power system security authentication protocol for secure data transmission between nodes.It adopts fuzzy extractor technology to achieve employee biometric extraction,uses binary symmetric polynomials to achieve symmetric key assignment management,additional device addition and dynamic update of long-term keys,and provides capture resistance of PMU devices.It also combines employee password,biometric and smart card factors to further enhance the overall security of the protocol.The paper uses BAN logic and Proverif tools to analyze and simulate the security of the protocol,and gives comparisons with other related schemes in terms of security features and efficiency.The results show that the proposed protocol can reduce the computational and communication costs by about 40%in a comparative analysis while maintaining security.Therefore,it can ensure safe communication between nodes and is suitable for PMU devices with limited storage resources.