CN106211136A - A Naming-Based Secure Communication Mechanism in Smart Grid - Google Patents

Abstract

The invention provides a naming-based safe communication mechanism in a smart grid, which applies a wireless network, has safe service, is suitable for communication of a non-TCP/IP protocol, transmits data from a data link layer to a presentation layer through the naming, routing and caching processes of an ICN, and specifically comprises the following steps: step 1: after communication is established, a data object (NDO source) is appointed to issue the NDO to a network; step 2: the receiver subscribes according to the NDO requirement; and step 3: the docking system constructs a matching publishing platform; and 4, step 4: the docking system constructs a matching subscription platform; and 5: generating a forwarding identifier FI by using the scope identifier SI used for naming the NDO and the convergence identifier RI, and sending the FI to the NS; step 6: according to FI, NDO is transported to NS via PSIRP. The invention enhances the safety performance and improves the communication efficiency, and is suitable for data sharing in a dispersed large-scale smart power grid.

Description

A Naming-Based Secure Communication Mechanism in Smart Grid

technical field

The invention relates to a naming-based secure communication mechanism in a smart grid.

Background technique

With the rapid development of the Internet, the current network based on the TCP/IP protocol can no longer meet the needs of development, and issues such as scalability, mobility, and security need to be resolved. A network architecture that is no longer based on the TCP/IP protocol, such as an Information Centric Network (ICN), has become a trend of the next generation network. As a concept in the future grid infrastructure, smart grid has high efficiency, reliability and security under the support of modern communication technologies such as automatic control and wireless network. The IEC 61850 standard is widely used in substation communication networks. In addition, some protocols in the IEC 61850 standard, such as sampled value (SV) and general object-oriented substation event (GOOSE), are not based on the TCP/IP architecture. The IEC61850 standard is based on smart substations, which use wireless network communication, which greatly improves the interoperability and interconnectivity of substation equipment. However, with the increasing number and openness of intelligent electronic device (IED) nodes, new efficiency, reliability, and security challenges arise, especially in wireless networks.

IEC 61850 was proposed by IEC in 1995 and promulgated by IEC TC57 in 2004. IEC 61850 defines the communication layers, methods and protocols between IEDs. In addition, data objects, formats and configuration languages are also designed in the substation. The transfer of information obtained from feeders and equipment is based on SAV, GOOSE and MMS communication protocols. Through the specific communication service mapping (SCSM, Special Communication Service Mapping), the message is sent to the message queue and received by the abstract communication service interface (ACSI, Abstract Communication Service Interface) service. ACSI does not depend on the underlying system. Communication applications are based on ACSI services. Some research work on wireless networks in substations has demonstrated its performance against the latency requirements specified in IEC 61850 Part 5. The wireless network occupies a very low installation cost and can provide sufficient data rate to be easily dispatched in the smart grid with large-scale content distribution.

The current network architecture has been proposed and worked for decades, and there are still problems in the development of various communication needs. In order to solve these problems, the emergence of ICN is the hope of future network architecture. ICN names information at the network layer, and delivers information to users efficiently and timely through cache and multicast mechanisms within the network. ICN uses a protocol stack architecture based on information naming to replace the traditional TCP/IP-based architecture. IP addresses only work when signed for local transport. A user sends a request to the network and will most likely get a response from the cache. In an IP-based network, information security is closely related to the security of hosts. However, ICN provides information-oriented security protection and can achieve higher fine-grained security. As a funded project of EU FP7, the Publish-Subscribe Internet Routing Pattern (PSIRP) is a very popular approach in ICN. The PSIRP project is aimed at the development, implementation and verification of an information-centric network architecture based on the publish-subscribe model, which may be one of the most promising approaches to solve many challenges and problems in current networks. Among them, the most important concept is designated data object (NDO).

As shown in Table 1, GOOSE and SV in the IEC 61850 standard have developed a publish/subscribe communication model. PSIRP is a method of publish/subscribe mode established in ICN. When the client registers and subscribes, it will be notified when the resource is available. In communication, this is highly scalable. GOOSE and SV only refer to the physical layer and the data link layer conforming to the naming-based ICN design. The introduction of ICN may enhance the security performance of IEC 61850-based communication in smart grids.

Table 1 Comparison between IEC 61850 and ICN

The IEC 61850 standard is one of the important standards for substation automation and live operating system, which defines the semantic entities of equipment and devices. A large number of intelligent electronic devices (IEDs) have substation automation systems (SAS) to collect, monitor and process power data. In IEC 61850, SAS is divided into three levels, including process level, middle level and substation level. Some communication protocols in the IEC61850 standard are not based on the TCP/IP protocol, such as SV and GOOSE in process-level network communication. For SAS, the reliability and security of the process layer network is very important, because it is the only network connecting the process layer and the middle layer. Through the standard model, the IEC 61850 standard supports the independence of applications and realizes a high degree of distribution of communication in SAS.

With the continuous evolution and development of network attacks, SAS suffers from security threats brought by interoperability, system function openness and wireless network environment. Accidents due to safety issues of IEC 61850 have been reported to have caused huge losses. Substation security based on the IEC 61850 standard relies on a specific location. The private information of grid users may be leaked. Illegal nodes or malicious nodes may publish some illegal and wrong information. In addition, the traditional IEC61850 network is very inefficient when data expands. The application of wireless networks and the growth of IED nodes make IEC 61850 smart grids likely to suffer from Dos and other attacks. At the same time, SV and GOOSE are needed in real-time communication. Strict timing requirements limit the use of heavyweight security protocols in combating cyberattacks. However, the traditional security protection in the IEC 61850 standard is based on the TCP/IP protocol, which cannot deal with the new problems of efficiency, reliability and security. The current processing for a unified SAS platform is mainly proposed based on network coverage. The inherent inefficiency of the TCP/IP protocol limits the performance of the system when dealing with existing problems, especially scalability and security issues.

Contents of the invention

Aiming at the deficiencies in the prior art, the purpose of the present invention is to provide a security communication mechanism based on naming in a smart grid, which applies to wireless networks and has security services, and can be applied to SV and GOOSE communications that are not based on the TCP/IP protocol . This mechanism enhances security performance and improves communication efficiency, and is suitable for data sharing in decentralized large-scale smart grids. In order to create a wireless network with higher security between the bay level and the process level of the substation, based on the named communication architecture, the high security of ICN is utilized.

In order to achieve the above object, the technical scheme adopted in the present invention is as follows:

A secure communication mechanism based on naming in the smart grid, which applies wireless networks and has security services, and is suitable for communication of non-TCP/IP protocols. The data transmission from the data link layer to the presentation layer passes through the naming, routing and caching process of ICN , including:

Step 1: After creating the communication, specify the data object that is the NDO source to publish NDO to the network;

Step 2: The receiver subscribes according to NDO requirements;

Step 3: Docking system to build a matching publishing platform;

Step 4: Docking system to build a matching subscription platform;

Step 5: Generate a forwarding identifier FI from the scope identifier SI and the rendezvous identifier RI used to name the NDO, and send the FI to NS;

Step 6: According to FI, NDO is transported to NS via PSIRP.

The naming of the ICN has three schemes, divided by hierarchy, self-certification and attribute value.

Among the self-certified naming schemes, one is its format P:L, and the other is metadata, P and L represent the cryptographic hash value of the public key and the owner's respective content label, and the digital signature is signed by the owner And the metadata contains the complete public key.

The routing is in the content transmission of the ICN. Asynchronous publish and subscribe establishes the foundation for the network, adding additional overhead to ensure the consistency of the distributed data state. The integrity and correctness of the content routing depends on the infrastructure of the ICN.

The cache is to cache the content obtained in the network in the ICN, and all content providers can publish the content, and can be obtained by all network nodes.

The desired NDO is jointly named by the scope identifier SI and the rendezvous identifier RI, which are specified by the subscription requirements, and then forwarded to a matching program to generate a forwarding identifier FI.

The security service includes a publish/subscribe-based access control algorithm, specifically including the following:

Role, which represents a group of access rights, has a one-to-many relationship with the distribution of network nodes. A node can only be granted one execution role, but a role can be assigned to multiple nodes; if a node is a publisher, then Execution roles will be granted based on the topic, and if it is a subscriber, will be granted based on the broker, publishers of different topics will need different permissions to process data and resources;

Operations are different instructions executed on the data source;

Permissions, which represent the permission to perform the above operations in a protected system and data source;

The assignment relationship between permissions and execution roles is many-to-many, and the system can assign multiple access permissions to one role. Publisher roles are granted publishing-related permissions, and subscribers are granted subscription-related permissions.

The communication of the non-TCP/IP protocol includes SV and GOOSE communication.

Compared with the prior art, the present invention has the following beneficial effects:

Description of drawings

Other characteristics, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments made with reference to the following drawings:

Fig. 1 is the security communication architecture based on naming that the present invention proposes;

Figure 2 is the secure communication model proposed by SV/GOOSE;

Figure 3 is a naming-based communication architecture;

Figure 4 shows the proposed publish/subscribe-based access control;

Figure 5 is the relationship between delay and the increase in the number of nodes;

Figure 6 is the relationship between delay and simulation time;

Figure 7 is a comparison of delay performance;

Figure 8 is a comparison of security performance.

detailed description

The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to the protection scope of the present invention.

The security communication architecture based on naming in the smart grid proposed by the present invention is shown in Figure 1. The communication model with interoperability and interconnection between IEDs in the smart substation is based on the IEC 61850 protocol and uses a wireless network. The sensor equipment of the substation system measures and records real-time data of voltage and current, and transmits the data to the PMU in time. The PMU is the unit that integrates all the data from the different sensors. Then, the PMU sends the compressed data to the IED through the process-level network using a naming-based communication technique. After receiving the data, the IED starts to process the data. By processing the results, the IED can get protection control and test functions of the whole substation system. In addition, IED can also communicate with remote equipment, such as remote control center, engineer station, man-machine interface and other equipment.

The following describes in detail the naming-based secure communication architecture proposed by the present invention:

In a substation, sensors acquire data at the process level and transmit sensing data to IEDs at the bay level. In addition, the communication between different IEDs also adopts a name-based communication architecture.

The name-based communication architecture design of the present invention is shown in FIG. 4 . The format of the physical layer conforms to the standard design. Data transfer from the data link layer to the presentation layer goes through naming, routing, and caching. After the communication is established, the NDO source issues NDO to the network, as shown in step 1 in Figure 3. In step 2, receivers can subscribe based on NDO requirements. In the 3rd and 4th steps, the docking system builds a matching publishing and subscribing platform. The desired NDO is jointly named by a scope identifier (SI) and a rendezvous identifier (RI), which are specified by the subscription requirement. The identifier is then forwarded to a matching program generating a Forwarding Identifier (FI). In step 5, FI is sent to NS. According to FI, NDO is transported to NS via PSIRP.

NS (NDOs source) in Figure 3 is the NDO data source, which is the data publisher in the ICN network; Scope is the matching domain of the docking system; RN (Rendezvous Node) is the sink node; PR (PSIRP Router) is the publish-subscribe Internet route mode router.

As for IP-based networks, information security is closely related to the security of hosts. Instead, ICN provides information-oriented security protection and achieves higher fine-grained security. The name-based communication architecture takes full advantage of the high security of ICN.

name. ICN's three naming schemes are divided by hierarchy, self-certification, and attribute value. In the self-certified naming scheme, one part is its format P:L, and the other part is metadata. P and L represent the cryptographic hash of the public key and the owner's respective content label. The digital signature is signed by the owner and the full public key is included in the metadata. Designing unique self-authentication names is useful for advanced security and easy integrity checks.

cache. The content obtained from the network is cached in the ICN. This applies to content delivery under all protocols, all content providers can publish content, and can be obtained by all network nodes.

routing. In ICN's content delivery, asynchronous publish and subscribe is the foundation for the network. Additional overhead is added to ensure the consistency of the distributed data state. In addition, the integrity and correctness of content routing depends on the ICN infrastructure.

Figure 2 shows the secure communication model proposed by SV/GOOSE.

The publish/subscribe based access control algorithm proposed by the present invention is described in detail below:

In the smart grid, the IEDs in the substation control and protect the main equipment at the process level. According to different functions, IEDs require different relevant data. In the name-based communication architecture, there are multiple node types that can respectively implement different functions. Malicious nodes may cause information leakage or network attacks, such as DDoS attacks. Therefore, access control is very necessary for both IEDs and nodes in the name-based communication network architecture. RBAC is a secure and effective access control mechanism, and the concept of "role" has been widely used, which makes it much easier to assign and manage permissions. The access control algorithm proposed by the invention is designed on the basis of RBAC in the name-based secure communication framework.

As a typical case, the publish-subscribe algorithm based on access control in NS is shown in Figure 4. A role represents a set of access rights. The allocation of nodes and roles is a many-to-one relationship. A node can only be granted one execution role, however a role can be assigned to multiple nodes. A node is granted execution roles based on topics if it is a publisher, and based on brokers if it is a subscriber. Publishers of different topics will need different permissions to handle data and resources. Operations mean different instructions performed on a data source, such as read, write, add, delete, and so on. Permissions represent permissions to perform operations, such as publish and subscribe, within a protected system and data source. The assignment relationship between permissions and execution roles is many-to-many. Therefore, the system can assign multiple access rights to a role. Publisher roles are granted publishing-related permissions, and subscribers are granted subscription-related permissions.

In order to solve the problem that the current TCP/IP-based protocol can no longer adapt to the development needs and the use of heavyweight security protocols in wireless networks against network attacks is limited, the invention is aimed at communications that are not based on TCP/IP protocols such as SV and GOOSE , a naming-based ICN security mechanism is proposed, which can meet the security requirements and enable efficient communication. The security mechanism proposed by the invention can meet security requirements and has good communication performance.

1. The design of the safety mechanism proposed by the present invention can meet the safety requirements.

ICN satisfies integrity, confidentiality and non-repudiation. The use of lightweight encryption algorithms enables RBAC to achieve efficient access control while meeting the security requirements of authentication, integrity, confidentiality, and authorization.

In a TCP/IP-based network, information security is closely related to the host. However, ICN provides information-oriented security protection to achieve higher fine-grained security. The naming-based communication architecture makes full use of the high security of ICN. In addition to the original security measures designed in PSIRP, RBAC and lightweight encryption algorithms are added to ensure the security of name-based communication. In the proposed security mechanism, the security method is designed in the form of service, and it is compounded with security bus and regular functional services.

Packet Level Authentication (PLA) technology is supported in PSIRP, which helps to encrypt and sign individual data packets, guaranteeing data integrity, confidentiality and accountability of malicious publishers. Both packets in the FN and their destination addresses can be checked using the PLA. For immutable data objects, self-certifying names can be allowed in flat names using the object's hash value as a rendezvous point. Also, the Dynamic Link Identifier can be used for path encoding to Bloom Filters, which counters Bloom Filters crafted by attackers or logging DDoS attacks. In addition, there are other security designs in PSIRP, and RBAC makes it easier to assign and manage access control permissions. The lightweight encryption algorithm ensures the security of the data exchange process, and at the same time it occupies a very low communication cost, making the communication in the smart grid efficient and safe.

2. The safety mechanism proposed by the present invention has good communication performance.

GOOSE and SV are used for real-time communication, so delay is an important parameter in communication performance. To evaluate the performance of the proposed communication mechanism, we simulated the lightweight encryption algorithm with NS2. In the simulation experiment, there are two NSs, one is the client and the other is the server. The server sends 1000 data packets encrypted with a lightweight encryption algorithm per second. The user's ID is included in the packet. When the client receives the packet, they use its ID and key to decrypt the packet. If the decoded ID matches its own ID, the data packet is received, otherwise the data packet is discarded. The simulation results without using the encryption algorithm are also carried out under the same conditions. The client will indiscriminately receive all packets.

As shown in Fig. 5, it respectively represents the transformation curve of the average delay using the lightweight encryption algorithm with the increase of the number of nodes, and the average delay change curve without using the lightweight encryption algorithm. The results in Fig. 5 and Fig. 6 show that with the increase of the number of nodes and the simulation time, the extra delay decreases, and even in the end, the extra delay becomes very low. With the development of IEC61850, the number of IEDs in the smart grid will increase, however, under this communication mechanism, it will not increase a lot of network delay. Fig. 7 shows the fluctuation of the delay time. Adding a lightweight encryption algorithm will only add a small delay, and the average value is almost the same. The security encryption mechanism adopted by the present invention has little influence on network delay. Therefore, the proposed naming-based secure communication mechanism can improve security performance with little increase in network delay. Fig. 8 shows the comparison of the received data packets, and the result shows that the algorithm has obvious effect in terms of security. Both falsified and invalid information will be reduced.

Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the specific embodiments described above, and those skilled in the art may make various changes or modifications within the scope of the claims, which do not affect the essence of the present invention. In the case of no conflict, the embodiments of the present application and the features in the embodiments can be combined with each other arbitrarily.

Claims (8)

1. A security communication mechanism based on naming in a smart grid, characterized in that the communication mechanism is applied to a wireless network and has security services, and is applicable to non-TCP/IP protocol communication, data transmission from the data link layer to the presentation layer Through the naming, routing and caching process of ICN, it specifically includes: Step 1: After creating the communication, specify the data object that is the NDO source to publish NDO to the network; Step 2: The receiver subscribes according to NDO requirements; Step 3: Docking system to build a matching publishing platform; Step 4: Docking system to build a matching subscription platform; Step 5: Generate a forwarding identifier FI from the scope identifier SI and the rendezvous identifier RI used to name the NDO, and send the FI to NS; Step 6: According to FI, NDO is transported to NS via PSIRP. 2. The naming-based secure communication mechanism in the smart grid according to claim 1, characterized in that, the naming of the ICN has three schemes, divided by hierarchy, self-certification and attribute value. 3. The secure communication mechanism based on naming in the smart grid according to claim 2 is characterized in that, in the naming scheme of the self-certification, one is that its format is P:L, and the other is metadata, P and L represents the cryptographic hash of the public key and the owner's respective content label, the digital signature is signed by the owner and the metadata contains the full public key. 4. The secure communication mechanism based on naming in the smart grid according to claim 1, characterized in that, the routing is in the content transmission of ICN, asynchronous publishing and subscription is the foundation for the network, and additional overhead is added to ensure The consistency of distributed data state, the integrity and correctness of content routing depend on the infrastructure of ICN. 5. The secure communication mechanism based on naming in the smart grid according to claim 1, wherein the cache caches the content obtained in the network in the ICN, and all content providers can publish the content, and Can be obtained by all network nodes. 6. The secure communication mechanism based on naming in smart grid according to claim 1, characterized in that, the expected NDO is jointly named by the scope identifier SI and the rendezvous identifier RI, the two identifiers are specified by the subscription requirement, the Both identifiers are then forwarded to a matching program generating a forwarding identifier FI. 7. The naming-based security communication mechanism in the smart grid according to claim 1, wherein the security service includes a publish/subscribe-based access control algorithm, specifically including the following: Role, which represents a group of access rights, has a one-to-many relationship with the distribution of network nodes. A node can only be granted one execution role, but a role can be assigned to multiple nodes; if a node is a publisher, then Execution roles will be granted based on the topic, and if it is a subscriber, will be granted based on the broker, publishers of different topics will need different permissions to process data and resources; Operations are different instructions executed on the data source; Permissions, which represent the permission to perform the above operations in a protected system and data source; The assignment relationship between permissions and execution roles is many-to-many, and the system can assign multiple access permissions to one role. Publisher roles are granted publishing-related permissions, and subscribers are granted subscription-related permissions. 8. The naming-based secure communication mechanism in the smart grid according to claim 1, wherein the non-TCP/IP protocol communication includes SV and GOOSE communication.