基于国密算法的配电网安全交互网关的研究与实现
发布时间:2018-11-27 11:20
【摘要】:随着配电网工程中信息化技术的逐步深入,信息安全问题逐渐凸显。目前,配电终端与配电网数据交互中主要采用基于SM2算法的单向身份认证技术,且大部分数据交互以明文方式进行。因此,如何保证终端设备与配电网数据交互的安全性,已经成为配电网建设过程中迫切需要解决的问题。实现配电终端与配电网安全数据交互需要解决两方面问题:一是配电终端自身安全;二是数据通信通道安全。终端自身安全保证了接入源的安全,数据通信通道安全保证了通信数据的保密性和完整性。本文以配电业务为准则,融合国密密码算法技术、高并发通信架构技术、PF_RING的零拷贝和高速数据包截获技术,设计了安全通信协议、基于异步完全事件触发的多进程通信架构以及基于PF_RING和Libnet技术的数据包解析和组装模型,实现了一款高并发快速数据包解析组装的网关系统,并且分别从配电终端、通信通道和网关自身等方面给出了对应的安全加固方法,为配电网的设备接入提供双向身份认证、通信数据加密、高效数据交互等防护措施,保证了配电网数据交互的安全性。最终分别对网关进行了性能测试、配电业务数据流测试以及配电业务的并发测试,验证了系统整体设计的合理性和可靠性,并且在并发量与负载均衡方面也取得了很好的效果。
[Abstract]:With the development of information technology in distribution network engineering, the problem of information security is becoming more and more important. At present, unidirectional authentication technology based on SM2 algorithm is mainly used in the data interaction between distribution terminal and distribution network, and most of the data interaction takes place in clear text. Therefore, how to ensure the security of data interaction between terminal equipment and distribution network has become an urgent problem in the construction of distribution network. Two problems need to be solved to realize the security data interaction between the distribution terminal and the distribution network: one is the security of the distribution terminal itself; the other is the security of the data communication channel. The security of the terminal itself ensures the security of the access source, and the security of the data communication channel ensures the confidentiality and integrity of the communication data. In this paper, a secure communication protocol is designed based on distribution service, fusion of cryptographic algorithm technology, high concurrent communication architecture, zero copy of PF_RING and high speed packet capture. The architecture of multi-process communication based on asynchronous complete event trigger and the packet parsing and assembling model based on PF_RING and Libnet technology are used to realize a gateway system with high concurrency and fast packet parsing and assembling, and it is separated from distribution terminal. The corresponding security reinforcement methods are given in communication channels and gateways themselves, which can provide bidirectional identity authentication, communication data encryption and high efficiency data exchange for equipment access in distribution network, so as to ensure the security of distribution network data interaction. Finally, the gateway performance test, distribution service data flow test and distribution service concurrency test are carried out, which verify the rationality and reliability of the overall design of the system, and achieve good results in concurrent quantity and load balancing.
【学位授予单位】:华北电力大学(北京)
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TM727;TP309
本文编号:2360559
[Abstract]:With the development of information technology in distribution network engineering, the problem of information security is becoming more and more important. At present, unidirectional authentication technology based on SM2 algorithm is mainly used in the data interaction between distribution terminal and distribution network, and most of the data interaction takes place in clear text. Therefore, how to ensure the security of data interaction between terminal equipment and distribution network has become an urgent problem in the construction of distribution network. Two problems need to be solved to realize the security data interaction between the distribution terminal and the distribution network: one is the security of the distribution terminal itself; the other is the security of the data communication channel. The security of the terminal itself ensures the security of the access source, and the security of the data communication channel ensures the confidentiality and integrity of the communication data. In this paper, a secure communication protocol is designed based on distribution service, fusion of cryptographic algorithm technology, high concurrent communication architecture, zero copy of PF_RING and high speed packet capture. The architecture of multi-process communication based on asynchronous complete event trigger and the packet parsing and assembling model based on PF_RING and Libnet technology are used to realize a gateway system with high concurrency and fast packet parsing and assembling, and it is separated from distribution terminal. The corresponding security reinforcement methods are given in communication channels and gateways themselves, which can provide bidirectional identity authentication, communication data encryption and high efficiency data exchange for equipment access in distribution network, so as to ensure the security of distribution network data interaction. Finally, the gateway performance test, distribution service data flow test and distribution service concurrency test are carried out, which verify the rationality and reliability of the overall design of the system, and achieve good results in concurrent quantity and load balancing.
【学位授予单位】:华北电力大学(北京)
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TM727;TP309
【参考文献】
相关期刊论文 前6条
1 吴克河;崔文超;何健平;;电力企业移动安全接入平台[J];计算机系统应用;2014年07期
2 梁明刚;陈西曲;;Linux下基于epoll+线程池高并发服务器实现研究[J];武汉工业学院学报;2012年03期
3 ;2009特高压输电技术国际会议纪要[J];国家电网;2009年06期
4 张宇雷;黄皓;;基于网络处理器的零拷贝技术[J];计算机应用研究;2007年01期
5 王佰玲,方滨兴,云晓春;零拷贝报文捕获平台的研究与实现[J];计算机学报;2005年01期
6 徐林,张德运,孙钦东,张晓彤;基于NAPI的数据包捕获技术研究[J];计算机工程与应用;2004年26期
相关硕士学位论文 前3条
1 陈晓;电力企业信息系统中统一身份认证与访问控制应用研究[D];华北电力大学;2013年
2 祝剑锋;可信密码模块授权协议的研究和实现[D];北京工业大学;2011年
3 王小峰;面向TOE的快速报文传输研究与实现[D];国防科学技术大学;2006年
,本文编号:2360559
本文链接:https://www.wllwen.com/kejilunwen/dianlidianqilunwen/2360559.html
