基于一次一密的5G馈线终端通信安全防护方法

doi:10.3969/j.issn.2097-0706.2024.09.010

摘要/Abstract

摘要：

针对5G通信环境中，馈线自动化（FA）终端之间对等通信容易受到非法干扰和窃听的问题，提出一种基于一次一密的馈线终端（FTU）通信安全防护方法，旨在提升FTU在5G环境下通信的安全性。首先，在FTU内集成加解密安全芯片，并通过预充注在加解密安全芯片内的密钥向安全服务移动引擎进行双向身份认证，安全服务平台向身份认证成功的FTU分发一定数量的根密钥；其次，加解密安全芯片采用基于改进Shamir的密钥扩散算法，将根密钥动态扩散生成新的会话密钥；最后，需要进行对等通信的FTU双方获得新的会话密钥，并使用SM4加密算法进行一次加密通信。试验结果表明，FTU每次加密通信都使用了不同的会话密钥和初始向量，使得加密结果不可预测。所提方法不仅提升了5G场景下FTU对等通信的安全性，并且相较于其他方法，所提方法在5G高速、大数据量的通信环境中具有较低的计算开销。

关键词: 配电自动化, 馈线终端, 一次一密, 5G通信, 通信安全, 密钥扩散, 智能电网

Abstract:

A communication security protection method is proposed for feeder terminal units （FTU） in 5G environment to address the vulnerability of peer-to-peer communication between feeder automation（FA） terminals to illegal interferences and eavesdropping. This method utilizes a one-time one-pad encryption and decryption mechanism to enhance the security of FTU communication. Firstly，an encryption and decryption security chip is integrated into FTU，enabling two-way identity authentication with the security service mobile engine using pre-loaded keys. Upon successful authentication，the security service platform distributes a set number of root keys to the authenticated FA. Secondly，an improved Shamir key diffusion algorithm is employed by the encryption and decryption security chip to dynamically diffuse these root keys and generate new session keys. Finally，both feeder terminals engaging in peer-to-peer communication obtain unique session keys to their corresponding encrypted communication instances using SM4 encryption algorithm. Experimental results demonstrate that distinct session keys and initial vectors are used in different pairs of communicating feeder terminals，ensuring unpredictable encryption outcomes. This proposed method not only enhances the security of peer-to-peer communication among feeder terminals in 5G scenarios， but also reduces the computational costs compared to other methods suitable for high-speed and large-volume communications in 5G environments.

Key words: distribution automation, feeder terminal, one-time pad, 5G communication, communication security, key diffusion, smart grid

中图分类号:

TK01：TM73

王录泽, 刘增稷, 周霞, 张腾飞. 基于一次一密的5G馈线终端通信安全防护方法[J]. 综合智慧能源, 2024, 46(9): 86-96.

WANG Luze, LIU Zengji, ZHOU Xia, ZHANG Tengfei. Communication security protection method for 5G feeder terminals based on one-time pad[J]. Integrated Intelligent Energy, 2024, 46(9): 86-96.

图/表 12

图1

图2

图3

图4

图5

图6

图7

表1

表2

表3

图8

图9

参考文献 24

[1]	吴雪琼, 夏栋. 新型主动配电网智能规划与决策技术研究综述[J]. 综合智慧能源, 2023, 45(11): 20-26. doi: 10.3969/j.issn.2097-0706.2023.11.003
	WU Xueqiong, XIA Dong. Review on intelligent planning and decision-making technology for the new active distribution network[J]. Integrated Intelligent Energy, 2023, 45(11): 20-26. doi: 10.3969/j.issn.2097-0706.2023.11.003
[2]	夏雪, 张瑞曦, 王磊, 等. 面向配电网数智化转型的高级配电管理系统研究与展望[J]. 综合智慧能源, 2022, 44(12): 33-39. doi: 10.3969/j.issn.2097-0706.2022.12.005
	XIA Xue, ZHANG Ruixi, WANG Lei, et al. Research and prospect of advanced distribution management system for the digital and intelligent transformation of distribution network[J]. Integrated Intelligent Energy, 2022, 44(12): 33-39. doi: 10.3969/j.issn.2097-0706.2022.12.005
[3]	孙跃, 杨晟, 龚钢军, 等. 基于可信计算和区块链的配电物联网内生安全研究[J]. 华电技术, 2020, 42(8):61-67.
	SUN Yue, YANG Sheng, GONG Gangjun, et al. Research on endogenous security of distribution Internet of Things based on trusted computing and blockchain technology[J]. Huadian Technology, 2020, 42(8):61-67.
[4]	邹剑锋, 张建雨, 金盛, 等. 基于5G通信的新型配电网馈线自动化方法研究[J]. 浙江电力, 2020, 39(11):28-33.
	ZOU Jianfeng, ZHANG Jianyu, JIN Sheng, et al. Research on new type distribution network feeder automation method based on 5G communication[J]. Zhejiang Electric Power, 2020, 39(11):28-33.
[5]	秦凯, 高志勇. 一种配电终端残压模块方案的设计与实现[J]. 华电技术, 2019, 41(2): 26-27,31.
	QIN Kai, GAO Zhiyong. Design and implementation of a residual voltage module scheme for electricity distribution terminals[J]. Huadian Technology, 2019, 41(2): 26-27,31.
[6]	KHOND S V, DHOMANE G A. Optimum coordination of directional overcurrent relays for combined overhead/cable distribution system with linear programming technique[J]. Protection and Control of Modern Power Systems, 2019, 4(1):9.
[7]	李文君, 段登伟, 朱雨, 等. 基于5G通信模式下的配电网自愈保护应用[J]. 电力系统保护与控制, 2022, 50(24):152-159.
	LI Wenjun, DUAN Dengwei, ZHU Yu, et al. Application of distribution network protection based on a 5G end-to-end communication mode[J]. Power System Protection and Control, 2022, 50(24):152-159.
[8]	孙阳盛, 涂崎, 赵中华, 等. 基于5G及IEC61850的韧性配网故障信息智能传输技术研究[J]. 电力系统保护与控制, 2022, 50(21):108-117.
	SUN Yangsheng, TU Qi, ZHAO Zhonghua, et al. Intelligent transmission technology of fault information in a resilient distribution network based on 5G and IEC61850[J]. Power System Protection and Control, 2022, 50(21):108-117.
[9]	赵艾萱, 黄杨, 宋戈, 等. 5G独立组网模式下的配网保护配置策略及应用[J]. 电力系统保护与控制, 2021, 49(8): 24-31.
	ZHAO Aixuan, HUANG Yang, SONG Ge, et al. Configuration strategy and application of distribution network protection based on standalone 5G[J]. Power System Protection and Control, 2021, 49(8):24-31.
[10]	单英. 基于零信任的5G安全切片架构设计[J]. 通信管理与技术, 2022(1):47-49,59.
	SHAN Ying. Design of 5G security slice architecture based on zero trust[J]. Communications Management and Technology, 2022(1):47-49,59.
[11]	刘涛, 马越, 姜和芳, 等. 基于零信任的电网安全防护架构研究[J]. 电力信息与通信技术, 2021, 19(7):25-32.
	LIU Tao, MA Yue, JIANG Hefang, et al. Research on power grid security protection architecture based on zero trust[J]. Electric Power Information and Communication Technology, 2021, 19(7):25-32.
[12]	王胜飞, 王兴念, 张全忠, 等. 基于UDP配电自动化双向认证设计与实践[J]. 电工技术, 2020(11):56-59.
	WANG Shengfei, WANG Xingnian, ZHANG Quanzhong, et al. Design and practice of bidirectional authentication for DAS based on UDP[J]. Electric Engineering, 2020(11):56-59.
[13]	孙辰, 刘东, 凌万水, 等. 配电自动化远程终端的可信研究[J]. 电网技术, 2014, 38(3):736-743.
	SUN Chen, LIU Dong, LING Wanshui, et al. Research on trustiness of remote terminal units in distribution automation[J]. Power System Technology, 2014, 38(3):736-743.
[14]	常方圆, 李二霞, 王金丽, 等. 基于可信计算的配电自动化终端安全防护方法研究[J]. 电力信息与通信技术, 2020, 18(2):37-42.
	CHANG Fangyuan, LI Erxia, WANG Jinli, et al. Research on security protection method of distribution automation terminal based on trusted computing[J]. Electric Power Information and Communication Technology, 2020, 18(2):37-42.
[15]	杨庆胜, 王成亮, 徐研, 等. 基于神经网络对称加密算法的配电终端安全加密装置设计[J]. 电力信息与通信技术, 2021, 19(6):70-76.
	YANG Qingsheng, WANG Chengliang, XU Yan, et al. Design of distribution terminal security encryption device based on neural network symmetric encryption algorithm[J]. Electric Power Information and Communication Technology, 2021, 19(6):70-76.
[16]	蔡田田, 索思亮, 简淦杨, 等. 基于集成双向加密认证FTU的配网自动化安全防护方案研究与应用[J]. 电力信息与通信技术, 2020, 18(7):64-70.
	CAI Tiantian, SUO Siliang, JIAN Ganyang, et al. Research and application of security protection scheme for distribution automation based on integrated bi-directional encryption authentication FTU[J]. Electric Power Information and Communication Technology, 2020, 18(7):64-70.
[17]	倪伟东, 武利会, 王俊丰. 基于自主安全芯片的配网自动化系统网络安全防护及硬件加速[J]. 电力科学与技术学报, 2020, 35(3):166-172.
	NI Weidong, WU Lihui, WANG Junfeng, et al. Cyber security protection and hardware acceleration of distribution automation system based on autonomous security chip[J]. Journal of Electric Power Science and Technology, 2020, 35(3):166-172.
[18]	郎为民, 王雪丽, 张汉, 等. 一种基于秘密共享算法的安全数据去重方案[J]. 信息网络安全, 2020, 20(11):43-50.
	LANG Weimin, WANG Xueli, ZHANG Han, et al. A secure data deduplication scheme based on secret sharing algorithm[J]. Netinfo Security, 2020, 20(11):43-50.
[19]	牛佳宁, 赵子岩, 李国春, 等. 新型电力系统配网运行场景下的量子密码技术应用体系架构[J]. 电力信息与通信技术, 2022, 20(11):65-73.
	NIU Jianing, ZHAO Ziyan, LI Guochun, et al. Application architecture of quantum cryptography technology under the distribution network operation scenario of a new type of power system[J]. Electric Power Information and Communication Technology, 2020, 20(11):65-73.
[20]	洪洲, 樊立波, 刘伟浩, 等. 量子加密技术的配电自动化应用和实现[J]. 电网技术, 2021, 45(S2): 198-202.
	HONG Zhou, FAN Libo, LIU Weihao, et al. Application and implement of quantum encryption on distribution automation[J]. Power System Technology, 2021, 45(S2):198-202.
[21]	单立新, 刘伟浩, 樊立波, 等. 面向配电自动化应用的量子加密终端技术研究和设计[J]. 电网技术, 2021, 45(S2): 203-207.
	SHAN Lixin, LIU Weihao, FAN Libo, et al. Research and design of integration of quantum encrypted terminal technology for distribution automation applications[J]. Power System Technology, 2021, 45(S2):203-207.
[22]	荣辉桂, 莫进侠, 常炳国, 等. 基于Shamir秘密共享的密钥分发与恢复算法[J]. 通信学报, 2015, 36(3): 64-73.
	RONG Huigui, MO Jinxia, CHANG Bingguo, et al. Key distribution and recovery algorithm based on Shamir's secret sharing[J]. Journal on Communications, 2015, 36(3):64-73.
[23]	谭亦夫, 李子臣. 基于Shamir门限秘密分享的图像可视加密算法[J]. 网络与信息安全学报, 2018, 4(7): 69-76.
	TAN Yifu, LI Zichen. Image visualization encryption algorithm based on Shamir threshold secret key sharing[J]. Chinese Journal of Network and Information Security, 2018, 4(7):69-76.
[24]	薛庆水, 卢子譞, 杨谨瑜. 基于Shamir的动态强前向安全签名方案[J]. 计算机应用研究, 2023, 40(5): 1522-1527,1534.
	XUE Qingshui, LU Zixuan, YANG Jinyu, et al. Dynamic strong forward secure signature scheme based on Shamir[J]. Application Research of Computers, 2023, 40(5):1522-1527,1534.

项目	数据
明文	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10
会话密钥	4D 04 E5 5A 2D 14 53 A1 C8 B0 D9 26 A6 7F 4B 53
初始向量	1A E6 B7 38 51 79 60 9C C3 2D 47 8E F9 02 11 4D
密文	F7 79 3E 6D 24 57 12 51 18 0E 22 36 9D 5A B0 62
解密结果	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10

项目	数据
明文	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10
会话密钥	4D 7E E9 30 7E 0A 4F 24 9A 60 B6 AF 72 63 BF AA
初始向量	52 A8 F3 61 B7 20 46 1D 7C 86 9A 5E 3C 91 74 D9
密文	0A 3D 12 60 14 7F 39 60 67 80 12 5C 5F 61 62 56
解密结果	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10

项目	数据
明文	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10
会话密钥	14 13 A7 F5 32 8A 06 3E 7A 42 0C 2D 5E 5E 89 E7
初始向量	9B D7 3F 56 28 76 C1 0E A9 F4 2B 15 8C E0 53 9D
密文	37 42 19 7E 7B 94 8F 57 07 35 4F 7A AD 57 5F 70
解密结果	01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10