基于SM9的配电网Modbus报文安全性分析及改进  被引量：8

作　　者：邱帆 陈兰兰[2] 林楠 左黎明[2] QIU Fan;CHEN Lanlan;LIN Nan;ZUO Liming(Ji'an Power Supply Branch of State Grid Jiangxi Electric Power Company, Ji'an 343009, China;SEC Institute, East China Jiaotong University, Nanchang 330013, China;State Grid Jiangxi Electric Power Co., Ltd.,Electric Power Research Institute, Nanchang 330096, China)

机构地区：[1]国网江西省电力公司吉安供电分公司,江西吉安343009 [2]华东交通大学系统工程与密码学研究所,江西南昌330013 [3]国网江西电力有限公司电力科学研究院,江西南昌330096

出　　处：《中国电力》2019年第10期18-25,共8页Electric Power

基　　金：国家自然科学基金资助项目(11761033);国网江西省电力有限公司科技项目(52182017001L)~~

摘　　要：为了确保智能配电网系统中信息的安全,越来越多的密码算法被应用在通信工程中。针对基于SM2 的配电网Modbus 报文安全性研究,指出其易受重放攻击和篡改攻击,并有几处描述错误。为改进基于SM2 的方法,提出了一种适用于Modbus TCP(transmission control protocol)报文的基于国密算法SM9 标识算法的协议。首先介绍了SM9 数字签名过程,进而将其应用到Modbus TCP 报文通信中,并加入时戳机制,对改进的协议进行了安全性分析。最后,采用C 语言实现签名方案,并与几种签名方案进行效率比较。结果表明:改进后的协议不仅可以抵抗重放攻击和消息篡改攻击,保证报文通信过程中的数据完整性和来源可靠性,而且在运行效率方面具有较强的优势。In order to ensure the information security in smart distribution network, more and more cryptographic algorithms are applied in the communication process. by SM2-based Modbus message security of distribution network was analyzed to find out such defects as its vulnerability to replay attack and tampering attack, and several other description errors. In order to improve this method, the authors in this paper propose a SM9-based protocol of identification algorithm suitable for Modbus TCP (transmission control protocol) message. At first, the process of SM9 digital signature is introduced, and then it is applied to Modbus TCP message communication added with the timestamp mechanism. And the security of the improved protocol is analyzed. Finally, the C language is used to realize the signature scheme, and its efficiency is compared with several other signature schemes. The results show that the improved protocol can not only resist replay attacks and tamper attacks, and ensure the data integrity and source reliability in the process of message communication, but also have a good advantage in running efficiency.

关 键 词：配电网 国密算法 SM9 时戳机制 安全性分析 

分 类 号：TM76[电气工程—电力系统及自动化]