發(fā)布時間：2018-07-05 07:23

  本文選題：信息安全交互 + 遠程證明��； 參考：《華北電力大學(北京)》2014年博士論文

【摘要】：互動化是智能電網(wǎng)有別于傳統(tǒng)電網(wǎng)的本質特征,而互動化的本質是信息的交互。所以,信息交互是智能電網(wǎng)基礎功能實現(xiàn)的重要前提。一方面,外部智能終端與內部業(yè)務系統(tǒng)之間的縱向信息交互,可以實現(xiàn)信息的實時采集和電網(wǎng)運行狀態(tài)的及時調整；另一方面,不同業(yè)務系統(tǒng)之間的橫向信息交互,更有利于信息的及時共享,為科學決策提供依據(jù)。信息交互使得智能電網(wǎng)的信息網(wǎng)絡和電力網(wǎng)絡融為一體。信息網(wǎng)絡的安全直接關系智能電網(wǎng)的安全保障。此外,由于網(wǎng)絡隔離措施的存在,內部業(yè)務系統(tǒng)如何與外部終端建立通信關系,如何防止非法的外部終端進行非授權的訪問,以及如何與不同安全等級的業(yè)務系統(tǒng)進行信息共享等直接影響業(yè)務系統(tǒng)的可用性。所以,信息的安全交互是業(yè)務系統(tǒng)正常運行的前提,保障信息的安全交互是智能電網(wǎng)建設的重要課題。本文以堅強智能電網(wǎng)為研究背景,在總結智能電網(wǎng)信息交互模式,以及分析智能電網(wǎng)安全需求的基礎上,研究了智能電網(wǎng)信息安全交互模型和實現(xiàn)智能電網(wǎng)信息安全交互的關鍵技術,并以電力用戶用電信息采集系統(tǒng)為實例,描述了信息安全交互體系的構建方法。論文的研究工作及取得的主要成果體現(xiàn)在以下四個方面：(1)從縱向和橫向兩個層面分析智能電網(wǎng)的層次結構,總結出智能電網(wǎng)中存在兩種信息交互模式：即外部終端與內部業(yè)務系統(tǒng)之間的縱向信息交互和不同安全等級的業(yè)務系統(tǒng)之間的橫向信息交互,并分析了兩種模式的安全要求。通過確保終端安全、傳輸通道安全和業(yè)務系統(tǒng)安全實現(xiàn)外部終端與內部業(yè)務系統(tǒng)之間的雙向信息安全交互,通過劃分安全等級和制定單向規(guī)則,實現(xiàn)安全等級不同的業(yè)務系統(tǒng)之間,以及位于不同物理網(wǎng)絡中的安全等級相同的業(yè)務系統(tǒng)之間的單向信息交互。(2)構建了TISEM雙向信息安全交互模型(Two-way Information Secure Exchange Model)解決外部終端與內部業(yè)務系統(tǒng)之間的信息交互安全問題,OISEM單向信息安全交互模型(One-way Information Secure Exchange Model)解決不同業(yè)務系統(tǒng)之間的信息交互安全問題,并給出了模型的形式化描述、安全規(guī)則和安全特性。(3)對TISEM和OISEM兩種信息安全交互模型進行實現(xiàn),并研究相關技術。針對TISEM模型提出的技術要點,以可信理論為基礎,以終端、數(shù)據(jù)傳輸通道、控制指令以及數(shù)據(jù)包等為研究對象,進行安全技術的研究。首先,以國產可信密碼模塊TCM (Trusted Cryptography Module)為可信根,構建了可信終端,保證終端的身份可信和運行環(huán)境可信。其次,研究了終端的遠程證明技術,提出了證明方主導的遠程證明模型RAMSA (Remote Attestation Model Sponsored by Attestor),并設計了遠程證明協(xié)議。通過遠程證明,將終端可信擴展到網(wǎng)絡中,保證數(shù)據(jù)傳輸?shù)目尚�。再�?基于強制硬件確認技術,研究了控制指令的可信問題,并給出了控制指令可信度的數(shù)學表達。最后,研究了d-Left Counter Bloom Filter算法,并基于該算法構建了DCBF_DPIM (Deep Packet Inspection Model based on d-Left Counting Bloom Filter)深度包檢測模型。該模型只允許終端上傳符合既定規(guī)則的數(shù)據(jù),防止惡意數(shù)據(jù)對業(yè)務系統(tǒng)和信息內網(wǎng)造成破壞。針對OISEM模型“上不讀下,下不寫上；上可寫下,下可讀上”的信息流單向傳輸原則,研究了基于網(wǎng)絡二極管的數(shù)據(jù)單向傳輸技術。(4)以電力用戶用電信息采集系統(tǒng)為研究對象,應用TISEM模型和OISEM模型及關鍵技術的研究成果,設計了用電信息采集系統(tǒng)信息安全交互體系,對智能電網(wǎng)中有相似安全需求業(yè)務系統(tǒng)的信息安全體系的構建具有指導性的意義。
[Abstract]:The interaction is the essential feature of the smart grid, which is different from the traditional power grid, and the nature of the interaction is the interaction of information. Therefore, information interaction is an important prerequisite for the realization of the basic function of the smart grid. On the one hand, the vertical information interaction between the external intelligent terminal and the internal business system can realize the real-time collection of information and the operation of the power grid. On the other hand, the cross information interaction between different business systems is more conducive to the timely sharing of information and the basis for scientific decision-making. Information interaction makes the information network of the smart grid and the power network integrated. The security of the information network is directly related to the security of the smart grid. In addition, the network is separated by the network. In the presence of measures, how does the internal business system establish communication relations with the external terminal, how to prevent unauthorized external terminals from unauthorized access, and how to share information with different security level business systems directly affect the availability of the business system. So the security interaction of information is the normal operation of the business system. In this paper, based on the summary of intelligent power grid information interaction mode and the analysis of the security demand of smart grid, the key technology of information security interaction model and the information security interaction of smart grid is studied on the basis of the strong smart grid as the research background. This paper describes the construction method of the information security interaction system. The research work and the main achievements of this paper are embodied in the following four aspects: (1) analyze the hierarchical structure of the smart grid from the vertical and horizontal two levels, and sum up two kinds of information interaction modes in the smart grid. Type: the vertical information interaction between the external terminal and the internal business system and the transversal information interaction between the different security level business systems, and the security requirements of the two modes are analyzed. The two-way information between the external terminal and the internal business system is realized by ensuring terminal security, transmission channel security and business system security. Security interaction, by dividing the security level and formulating the one-way rules, realizing the one-way information interaction between different security level business systems and the same security level business systems in different physical networks. (2) a TISEM bidirectional information security interaction model (Two-way Information Secure Exchange Model) is constructed. The information interaction security problem between the external terminal and the internal business system, the OISEM one-way information security interaction model (One-way Information Secure Exchange Model) solves the information interaction security problem between different business systems, and gives the formal description of the model, the security rules and the security characteristics. (3) two information to TISEM and OISEM. The security interaction model is implemented and the related technology is studied. Aiming at the technical points proposed by the TISEM model, the security technology is studied on the basis of the trusted theory, the terminal, the data transmission channel, the control instruction and the data packet. First, the homemade TCM (Trusted Cryptography Module) is a trusted root. The trusted terminal is built to ensure the identity of the terminal and the reliable running environment. Secondly, the remote authentication technology of the terminal is studied, and the remote proof model RAMSA (Remote Attestation Model Sponsored by Attestor) is proposed by the proving party, and the remote authentication protocol is designed. In addition, based on the mandatory hardware confirmation technology, the reliability of control instructions is studied and the mathematical expression of the reliability of the control instruction is given. Finally, the d-Left Counter Bloom Filter algorithm is studied, and the DCBF_DPIM (Deep Packet Inspection Model based on d-Left) is constructed based on the algorithm. M Filter) depth packet detection model. This model only allows the terminal to upload data that conforms to the established rules to prevent malicious data from causing damage to the business system and the intranet. A data flow based on the network diode is studied for the principle of one-way transmission of information flow in the OISEM model, "no reading, down write down, up write down, lower readable" information flow. (4) (4) taking electric power user information acquisition system as the research object, applying the research results of TISEM model and OISEM model and key technology, the information security interaction system of the power information acquisition system is designed, which is of guiding significance to the construction of information security system with similar security demand service system in the smart grid.
【學位授予單位】：華北電力大學(北京)
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TP309;TM76

【相似文獻】

相關期刊論文 前10條

1 ;業(yè)內人士談信息安全發(fā)展的兩大趨勢[J];機械工業(yè)信息與網(wǎng)絡;2005年04期

2 ;信息安全:戰(zhàn)略為先細節(jié)制勝 創(chuàng)新是關鍵[J];中國勘察設計;2006年06期

3 陸e，

本文編號：2099451