一种DNP3 SAv5的安全架构在配网终端的设计与应用

李 露; 谢映宏; 许永军; 李蔚凡; 华志强

引用本文:	李露,谢映宏,许永军,李蔚凡,华志强.一种DNP3 SAv5的安全架构在配网终端的设计与应用[J].电力系统保护与控制,2022,50(17):154-166.[点击复制]
	LI Lu,XIE Yinghong,XU Yongjun,LI Weifan,HUA Zhiqiang.Design and implementation of a DNP3 SAv5 secure architecture in a distribution network terminal[J].Power System Protection and Control,2022,50(17):154-166[点击复制]

【打印本页】【在线阅读全文】【下载PDF全文】【查看/发表评论】【下载PDF阅读器】【关闭】

←前一篇|后一篇→

过刊浏览高级检索

本文已被：浏览 3610次下载 1334次	码上扫一扫！
一种DNP3 SAv5的安全架构在配网终端的设计与应用
李露,谢映宏,许永军,李蔚凡,华志强
分享到：微信更多字体:加大+\|默认\|缩小-
(长园深瑞继保自动化有限公司，广东深圳 518057)

摘要:

为了解决配网终端日益突出的通信安全问题，针对配网终端通信系统的安全技术需求展开研究，设计出配网馈线远程自动化终端(FRTU)安全架构。该安全架构实现了分布式网络协议(DNP3)三层架构，突出应用层对象、变体、组别、安全数据应用分类。重点对FRTU的安全数据进行分类和建模，给出了FRTU数据到DNP3安全功能的映射。设计出一种符合安全认证一致性的协议模型，有效解决了FRTU协议安全的脆弱性问题。最后通过国际权威机构认证和安全测试，证明其安全认证(SAv5)符合认证和加密等一致性标准，为配网终端的安全接入提供参考依据。

关键词: DNP3 SAv5 FRTU 通信技术信息安全防御技术

DOI：DOI: 10.19783/j.cnki.pspc.211492

投稿时间：2021-11-03修订日期：2022-01-17

基金项目:国家重点研发计划项目资助(2018YFB0904900，2018YFB0904903)

Design and implementation of a DNP3 SAv5 secure architecture in a distribution network terminal

LI Lu,XIE Yinghong,XU Yongjun,LI Weifan,HUA Zhiqiang

(CYG SUNRI Co., Ltd., Shenzhen 518057, China)

Abstract:

There are increasingly prominent communication security problems in distribution network terminals. Thus the security technology requirements of a feeder remote terminal communication system are studied, and the security architecture of a new feeder remote terminal unit (FRTU) is designed. It implements three-layer architecture of a distributed network protocol (DNP3), highlighting application layer objects, variants, groups and security data application classification. This paper focuses on the classification and modeling of FRTU security data, and gives the mapping from FRTU data to the DNP3 security function. A protocol model that conforms to security authentication consistency is designed to effectively solve the security vulnerability of the FRTU. Finally, through the authentication of an international authority and security test, it is proved that security authentication (SAv5) meets the consistency standards such as authentication and encryption. This provides a reference for the secure access of distribution network terminals. This work is supported by the National Key Research and Development Program of China (No. 2018YFB0904900 and No. 2018YFB0904903).

Key words: DNP3 SAv5 FRTU communication technology information security defense technology

X关闭