友好型风电并网功率控制子站的通信安全技术研究

发布时间：2018-10-29 20:53

【摘要】：随着风电场规模的扩大,风电并网容量的不断提高,给电网稳定性控制带来了挑战,功率控制子站是实现调度系统对风电场统一管理的有效手段。现有功率控制子站针对有功无功逻辑控制进行研究较多,但对系统的信息安全研究较少,例如操作系统的漏洞、以及现有软件平台对病毒的入侵,报文的明码传输存在运行信息泄密的风险及安全生产被恶意控制等安全问题。本文着眼于功率控制子站系统的信息安全功能,在嵌入式硬件平台方面基于目前公司现有的通用硬件平台增加安全芯片,为系统构建最底层的可信基础；在嵌入式软件平台架构中增加关于TPM安全芯片的驱动程序和可信软件层TCG软件栈,通过TPM驱动和TCG软件栈结合构建实时可信的嵌入式操作系统软硬件架构；基于此软硬件框架,通过研究内核与组件库、配置可信链模型及加载机制构建安全安全可信嵌入式软件平台,以及具备自主知识产权的安全可信特性的可编程逻辑实时运行环境组件：研究具备加密和认证、入侵检测的安全功能组件设计方法；设计telnet和ftp通用服务,文件传输,通用规约接入转出基础框架等各方面的通信机制,并且在通用规约处理基础框架下对典型电力系统应用规约做详细分析和设计；最后在数据应用层,对以太网服务的原始数据流进行通信加解密尝试,减少数据明码传输的风险。上位软件作为功率控制子站的人机界面接口,一方面实现对全站设备的关键信息进行监视,另一方面具有对设备的控制功能,详细分析了涉及安全操作的三个模块：通信模块、逻辑组态及用户权限管理的功能,分别针对这三个模块进行功能分解,并对重点实现的功能进行了分析与软件设计。
[Abstract]:With the expansion of wind farm scale and the continuous improvement of wind power grid capacity, it brings challenges to the stability control of power grid. Power control sub-station is an effective means to realize the unified management of wind farm in dispatching system. The existing power control substations focus on active and reactive power logic control, but there are few researches on the information security of the system, such as the vulnerability of the operating system and the intrusion of the existing software platform to the virus. There are some security problems in message transmission, such as the risk of leakage of running information and the malicious control of safe production. This paper focuses on the information security function of the power control sub-station system and adds the security chip to the embedded hardware platform based on the existing common hardware platform of the company to build the lowest trusted foundation for the system. The driver of TPM security chip and the TCG software stack of trusted software layer are added to the embedded software platform architecture. The real-time trusted embedded operating system hardware and software architecture is constructed by combining TPM driver and TCG software stack. Based on this software and hardware framework, a secure and trusted embedded software platform is constructed by studying the kernel and component library, configuring the trusted chain model and loading mechanism. And the programmable logic real-time running environment component which has the independent intellectual property right's security trustworthiness characteristic: the research has the encryption and the authentication, the intrusion detection security function component design method; Design the communication mechanism of telnet and ftp universal service, file transfer, general protocol access and out of the basic framework, and make a detailed analysis and design of typical power system application protocol under the general protocol processing basic framework; Finally, in the data application layer, we try to encrypt and decrypt the raw data stream of Ethernet service to reduce the risk of data transmission. As the man-machine interface of the power control sub-station, the upper software can monitor the key information of the whole station equipment on the one hand, and control the equipment on the other. The functions of logical configuration and user rights management are divided into three modules, and the key functions are analyzed and the software is designed.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TM614;TP309

【参考文献】