电力物联网下终端密钥全生命周期安全管理方案  

作　　者：王辉 袁家辉 时振通 房牧 Wang Hui;Yuan Jiahui;Shi Zhentong;Fang Mu(Beijing Smart-Chip Microelectronics Technology Company Limited,Beijing 102200,China;State Grid Shandong Electric Power Research Institute,Jinan 250000,China)

机构地区：[1]北京智芯微电子科技有限公司,北京102200 [2]国网山东省电力公司电力科学研究院,山东济南250000

出　　处：《电子技术应用》2025年第1期103-112,共10页Application of Electronic Technique

基　　金：国家电网有限公司科技项目(5400-202116144A-0-0-00)。

摘　　要：针对电力物联网下的终端规模化接入及终端通信安全问题,提出了一种电力物联网下终端密钥全生命周期安全管理方案。首先,方案基于国密算法采用两级密钥分发架构,实现了电力终端在不同阶段的安全接入认证;其次,方案基于逻辑密钥层次结构采用组密钥管理模式,实现了对单播和广播数据的轻量级加密,保障电力终端的通信安全;另外,方案按照密钥用途不同采取不同的存储和访问管理策略,实现了终端密钥的混合式存储和管理,缩短终端密钥的访问时间。通过性能分析可知,相较于传统的接入认证和基于逻辑密钥层次结构的密钥管理方案,所提方案优化了终端计算量,减少了计算开销,简化了密钥更新过程,相较于常规终端密钥的存储和管理方式,所提方案在不改变现有硬件平台的基础上提升了密钥访问性能。Aiming at the terminal access and terminal communication security problems under Power IoT,a full lifecycle security management scheme for terminal keys under Power IoT is proposed in this paper.Firstly,the two-stage key distribution architec‐ture based on the state secret algorithm is adopted in the scheme to achieve secure access authentication of power terminals at dif‐ferent stages.Secondly,the group key management model based on logical key hierarchy is adopted in the scheme to achieve lightweight encryption of unicast and broadcast data to secure the communication of power terminals.In addition,different stor‐age and access management strategies are adopted in the scheme to shorten the access time of terminal keys by implementing hy‐brid storage and management of terminal keys according to key usage.The performance analysis shows that compared to the tradi‐tional access authentication and key management scheme based on logical key hierarchy,the scheme of this paper optimizes the terminal computation,reduces the computational overhead and simplifies the key update process.Compared to conventional termi‐nal key storage and management methods,the scheme of this paper improves key access performance without changing the exist‐ing hardware platform.

关 键 词：电力物联网 接入认证 数据加密 密钥存储 

分 类 号：TN309[电子电信—物理电子学]