智能电网信息安全交互模型及关键技术研究

发布时间：2018-07-05 07:23

本文选题：信息安全交互 + 远程证明　；参考：《华北电力大学(北京)》2014年博士论文

【摘要】：互动化是智能电网有别于传统电网的本质特征,而互动化的本质是信息的交互。所以,信息交互是智能电网基础功能实现的重要前提。一方面,外部智能终端与内部业务系统之间的纵向信息交互,可以实现信息的实时采集和电网运行状态的及时调整；另一方面,不同业务系统之间的横向信息交互,更有利于信息的及时共享,为科学决策提供依据。信息交互使得智能电网的信息网络和电力网络融为一体。信息网络的安全直接关系智能电网的安全保障。此外,由于网络隔离措施的存在,内部业务系统如何与外部终端建立通信关系,如何防止非法的外部终端进行非授权的访问,以及如何与不同安全等级的业务系统进行信息共享等直接影响业务系统的可用性。所以,信息的安全交互是业务系统正常运行的前提,保障信息的安全交互是智能电网建设的重要课题。本文以坚强智能电网为研究背景,在总结智能电网信息交互模式,以及分析智能电网安全需求的基础上,研究了智能电网信息安全交互模型和实现智能电网信息安全交互的关键技术,并以电力用户用电信息采集系统为实例,描述了信息安全交互体系的构建方法。论文的研究工作及取得的主要成果体现在以下四个方面：(1)从纵向和横向两个层面分析智能电网的层次结构,总结出智能电网中存在两种信息交互模式：即外部终端与内部业务系统之间的纵向信息交互和不同安全等级的业务系统之间的横向信息交互,并分析了两种模式的安全要求。通过确保终端安全、传输通道安全和业务系统安全实现外部终端与内部业务系统之间的双向信息安全交互,通过划分安全等级和制定单向规则,实现安全等级不同的业务系统之间,以及位于不同物理网络中的安全等级相同的业务系统之间的单向信息交互。(2)构建了TISEM双向信息安全交互模型(Two-way Information Secure Exchange Model)解决外部终端与内部业务系统之间的信息交互安全问题,OISEM单向信息安全交互模型(One-way Information Secure Exchange Model)解决不同业务系统之间的信息交互安全问题,并给出了模型的形式化描述、安全规则和安全特性。(3)对TISEM和OISEM两种信息安全交互模型进行实现,并研究相关技术。针对TISEM模型提出的技术要点,以可信理论为基础,以终端、数据传输通道、控制指令以及数据包等为研究对象,进行安全技术的研究。首先,以国产可信密码模块TCM (Trusted Cryptography Module)为可信根,构建了可信终端,保证终端的身份可信和运行环境可信。其次,研究了终端的远程证明技术,提出了证明方主导的远程证明模型RAMSA (Remote Attestation Model Sponsored by Attestor),并设计了远程证明协议。通过远程证明,将终端可信扩展到网络中,保证数据传输的可信。再者,基于强制硬件确认技术,研究了控制指令的可信问题,并给出了控制指令可信度的数学表达。最后,研究了d-Left Counter Bloom Filter算法,并基于该算法构建了DCBF_DPIM (Deep Packet Inspection Model based on d-Left Counting Bloom Filter)深度包检测模型。该模型只允许终端上传符合既定规则的数据,防止恶意数据对业务系统和信息内网造成破坏。针对OISEM模型“上不读下,下不写上；上可写下,下可读上”的信息流单向传输原则,研究了基于网络二极管的数据单向传输技术。(4)以电力用户用电信息采集系统为研究对象,应用TISEM模型和OISEM模型及关键技术的研究成果,设计了用电信息采集系统信息安全交互体系,对智能电网中有相似安全需求业务系统的信息安全体系的构建具有指导性的意义。
[Abstract]:The interaction is the essential feature of the smart grid, which is different from the traditional power grid, and the nature of the interaction is the interaction of information. Therefore, information interaction is an important prerequisite for the realization of the basic function of the smart grid. On the one hand, the vertical information interaction between the external intelligent terminal and the internal business system can realize the real-time collection of information and the operation of the power grid. On the other hand, the cross information interaction between different business systems is more conducive to the timely sharing of information and the basis for scientific decision-making. Information interaction makes the information network of the smart grid and the power network integrated. The security of the information network is directly related to the security of the smart grid. In addition, the network is separated by the network. In the presence of measures, how does the internal business system establish communication relations with the external terminal, how to prevent unauthorized external terminals from unauthorized access, and how to share information with different security level business systems directly affect the availability of the business system. So the security interaction of information is the normal operation of the business system. In this paper, based on the summary of intelligent power grid information interaction mode and the analysis of the security demand of smart grid, the key technology of information security interaction model and the information security interaction of smart grid is studied on the basis of the strong smart grid as the research background. This paper describes the construction method of the information security interaction system. The research work and the main achievements of this paper are embodied in the following four aspects: (1) analyze the hierarchical structure of the smart grid from the vertical and horizontal two levels, and sum up two kinds of information interaction modes in the smart grid. Type: the vertical information interaction between the external terminal and the internal business system and the transversal information interaction between the different security level business systems, and the security requirements of the two modes are analyzed. The two-way information between the external terminal and the internal business system is realized by ensuring terminal security, transmission channel security and business system security. Security interaction, by dividing the security level and formulating the one-way rules, realizing the one-way information interaction between different security level business systems and the same security level business systems in different physical networks. (2) a TISEM bidirectional information security interaction model (Two-way Information Secure Exchange Model) is constructed. The information interaction security problem between the external terminal and the internal business system, the OISEM one-way information security interaction model (One-way Information Secure Exchange Model) solves the information interaction security problem between different business systems, and gives the formal description of the model, the security rules and the security characteristics. (3) two information to TISEM and OISEM. The security interaction model is implemented and the related technology is studied. Aiming at the technical points proposed by the TISEM model, the security technology is studied on the basis of the trusted theory, the terminal, the data transmission channel, the control instruction and the data packet. First, the homemade TCM (Trusted Cryptography Module) is a trusted root. The trusted terminal is built to ensure the identity of the terminal and the reliable running environment. Secondly, the remote authentication technology of the terminal is studied, and the remote proof model RAMSA (Remote Attestation Model Sponsored by Attestor) is proposed by the proving party, and the remote authentication protocol is designed. In addition, based on the mandatory hardware confirmation technology, the reliability of control instructions is studied and the mathematical expression of the reliability of the control instruction is given. Finally, the d-Left Counter Bloom Filter algorithm is studied, and the DCBF_DPIM (Deep Packet Inspection Model based on d-Left) is constructed based on the algorithm. M Filter) depth packet detection model. This model only allows the terminal to upload data that conforms to the established rules to prevent malicious data from causing damage to the business system and the intranet. A data flow based on the network diode is studied for the principle of one-way transmission of information flow in the OISEM model, "no reading, down write down, up write down, lower readable" information flow. (4) (4) taking electric power user information acquisition system as the research object, applying the research results of TISEM model and OISEM model and key technology, the information security interaction system of the power information acquisition system is designed, which is of guiding significance to the construction of information security system with similar security demand service system in the smart grid.
【学位授予单位】：华北电力大学(北京)
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP309;TM76

【相似文献】