面向电力物联网的分布式认证与安全传输架构  

作　　者：张春玲 董新微 吴冰 胡志亮 孙俊杰 刘冬晖 傅颖勋 ZHANG Chunling;DONG Xinwei;WU Bing;HU Zhiliang;SUN Junjie;LIU Donghui;FU Yingxun(National Network Information and Communication Industry Group Co.,Ltd.,BeiJing,100052,China;Anhui Jiyuan Software Co.,Ltd,Hefei,230088,China;Economic Technology Research Institute,State Grid Zhejiang Electric Power Co.,HangZhou,311500,China;State Grid Economic Technology Research Institute Co.,Ltd.,Beijing,100052,China;North China University of Technology,BeiJing,100144,China)

机构地区：[1]国网信息通信产业集团有限公司,北京100052 [2]安徽继远软件有限公司,安徽合肥230088 [3]国网浙江省电力有限公司经济技术研究院,浙江杭州311500 [4]国网经济技术研究院有限公司,北京100052 [5]北方工业大学,北京100144

出　　处：《应用科技》2024年第5期80-90,共11页Applied Science and Technology

基　　金：国家电网公司总部科技项目(5700-202356317A-1-1-ZN)。

摘　　要：现有物联网设备接入电力网络研究通常将身份认证与数据传输分别考虑,主要关注数据机密性,忽略了数据完整性及两者的关联性。针对这些问题,提出了一种基于Merkle树的节点分布式认证和数据安全传输架构。首先,基于Merkle树的密钥管理技术动态产生并管理数据加解密密钥,使系统密钥随设备接入和离开而变化;随后用系统密钥加密数据的哈希值。作为对称密钥对数据进行加解密;最后提出了一种分布式节点认证机制,利用第三方服务器记录物联网设备的ID和接入时间,辅助电力网络后台管理系统恶意节点与设备。实验结果与安全性分析表明,该架构拥有良好的性能,并提供良好的安全性。With the development of smart grids,numerous IoT devices are being integrated into the power network,bringing new security challenges.Existing methods usually consider the identity authentication and data transmission separately,focusing on data confidentiality mainly,while ignoring data integrity and the relevance between them.Focusing on the above problem,a Merkle tree based node distributed authentication and secure data transmission architecture(MTDATA)is proposed in this paper.Firstly,the key management technology based on Merkle tree dynamically generates and manages data encryption and decryption keys,so that the system key changes with the access and departure of devices.And then,using the system key to encrypt the hash value of the data,which is used as the symmetric key to encrypt and decode the data.At last,a distributed node authentication mechanism is proposed,which uses the third party server to record the ID number and connecting time of IoT devices,so as to assist the power grid background system to manage systematic malicious nodes and devices.The experimental result and security analysis show that the proposed architecture has good performance and security.

关 键 词：电力物联网 MERKLE树 身份认证 密钥管理 数据机密性 数据完整性 数据安全传输 分布式认证 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]