面向配电网分布式终端的安全接入认证方案设计  被引量：3

作　　者：朵春红 杨甜 张铭泉[2,3] 李保罡 李永倩[1] 王桂兰[2,3] DUO Chunhong;YANG Tian;ZHANG Mingquan;LI Baogang;LI Yongqian;WANG Guilan(School of Electrical and Electronic Engineering,North China Electric Power University,Baoding 071003,Hebei Province,China;School of Control and Computer Engineering,North China Electric Power University,Baoding 071003,Hebei Province,China;Hebei Key Laboratory of Knowledge Computing for Energy&Power,Baoding 071003,Hebei Province,China;China Three Gorges Publishing and Media Corporation,Tongzhou District,Beijing 101100,China)

机构地区：[1]华北电力大学电气与电子工程学院,河北省保定市071003 [2]华北电力大学控制与计算机工程学院,河北省保定市071003 [3]河北省能源电力知识计算重点实验室,河北省保定市071003 [4]中国三峡出版传媒有限公司,北京市通州区101100

出　　处：《电网技术》2023年第11期4778-4789,共12页Power System Technology

基　　金：河北省省级科技计划项目(No.22310302D);中央高校基本科研业务费专项资金(No.2021MS086)。

摘　　要：针对配电网现有认证技术中配电主站和公钥基础设施(publickeyinfrastructure,PKI)系统证书管理负担过重的问题,结合区块链和国密SM9算法,设计一种面向配电网终端的分布式认证方案。首先使用SM9解决密码体制中的公钥管理问题,由密钥生成中心(keygeneratorcenter,KGC)为终端生成身份标识符和密钥,加密并验证终端的注册和接入请求信息;然后,针对中心化认证方式存在的第三方信任、单点故障等问题,以实用拜占庭容错算法为基础提出分布式终端共识算法(distributedterminal-practicalByzantinefault tolerance,DT-PBFT),对新入终端进行去中心化认证;为了解决上链数据的隐私泄漏,使用基于SM9的多KGC群签名算法保证节点匿名并生成区块永久存储;最后,对所提方案进行实验分析,所提方案从共识效率、通信时延和抗攻击性等性能方面得到明显提升,实现终端身份认证的同时保护了节点的隐私,满足配电网对安全性和高效性等多种需求。In view of the problem that current authentication schemes for distribution network bring too much burden to distribution master station and PKI certificate management,based on block-chain and SM9,a distributed authentication scheme for distribution network terminals is designed.First,SM9 is used to solve the public key management problem in the cipher system.The Key Generator Center(KGC)generates the identity identifier and key for the terminal,which encrypts and verifies the registration and access request information;Then,aiming at the common problems such as third-party trust and single point failure in centralized authentication,a distributed terminal consensus algorithm DT-PBFT(distributed terminal-practical Byzantine fault tolerance)is proposed based on the practical Byzantine fault tolerance algorithm to decentralize authentication for new terminals;In order to solve the privacy leakage of uplink data,a multi KGC group signature algorithm based on SM9 is utilized to ensure the anonymity of nodes and generate block for permanent storage;Finally,the proposed scheme is tested and analyzed.This scheme has been significantly improved in terms of consensus efficiency,communication delay and anti-attack performances,implement identity authentication while protecting node privacy,and meet the security and efficiency requirements of distribution network.

关 键 词：配电网 区块链 SM9 实用拜占庭容错算法 

分 类 号：TM721[电气工程—电力系统及自动化]