电力物联网零信任架构下的分布式认证模型  被引量：3

作　　者：唐大圆 曹翔 林青[1] 胡绍谦[1] 汤震宇[1] Tang Dayuan;CaoXiang;Lin Qing;HuShaoqian;Tang Zhenyu(NR Electric Co.,Ltd.,Nanjing 211102)

机构地区：[1]南京南瑞继保电气有限公司,南京211102

出　　处：《信息安全研究》2024年第1期67-74,共8页Journal of Information Security Research

基　　金：国家重点研发计划项目(2021YFB2401002)。

摘　　要：针对智能电网大量分布式异构终端无限公网接入、新型电力交互业务、新信息技术应用在电力系统等行业发展趋势给电力系统带来的新型网络安全挑战,基于零信任安全架构,提出一种分布式认证模型,在电力物联网整体安全架构下,充分发挥零信任安全理念和技术的优势,结合电力终端硬件可信计算模块提供的可信信任根技术,拓展和延伸电力智能终端和接入网络的主动安全防护能力,以应对智能电网所面临的新型网络安全挑战.该模型将零信任安全架构中的动态信任评估和南向终端认证模块下沉到边缘智能设备,以终端可信模块提供的信任根为基础,进行信任和访问控制的细分及扩展,在兼容现有电力物联网认证模型基础上,充分发挥零信任安全理念和技术在终端安全接入、安全监控、业务细粒度防护方面的具体优势,提升电力物联网系统整体网络安全防护能力.Addressing the new network security challenges brought to the power system by the changing trend of a large number of distributed heterogeneous terminals such as unlimited public network access,new power interactive services,and new information technology application in the power system.This paper proposes a distributed authentication model based on the zero trust security architecture,giving full play to the advantages of zero trust security concept and technology under the overall security architecture of the power Internet of Things(IoT).The model integrates the trusted root of trust technology provided by the trusted computing module of the power terminal hardware.It also expands and extends the active security protection capabilities of power intelligent terminals and accesses networks to meet new cybersecurity challenges faced by intelligent grids.The distributed authentication model proposed in this paper sinks the dynamic trust evaluation and southbound terminal authentication module in the zero trust security architecture to the edge intelligent device,and subdivides and expands the trust and access control based on the trusted root provided by the terminal trusted module,and gives full play to the specific advantages of zero trust security concept and technology in terminal security access,security monitoring,and fine-grained business protection on the basis of compatibility with the existing power IoT authentication model,so as to improve the overall network security protection capability of the power IoT system.

关 键 词：电力物联网 零信任 可信计算 分布式认证 软件定义边界 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]