面向智能电网的安全两方认证密钥协商协议研究  

作　　者：赵磊 罗维 马玉龙 洪海敏 王逸民 ZHAO Lei;LUOWei;MAYulong;HONG Haimin;WANG Yimin(Marketing Service Center,State Grid Jiangsu Electric Power Co.,Ltd.,Nanjing 210000,China;School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;Shenzhen Guodian Technology Communication Co.,Ltd.,Shenzhen,Guangdong 518109,China)

机构地区：[1]国网江苏省电力有限公司营销服务中心,南京210000 [2]西安邮电大学网络空间安全学院,西安710121 [3]深圳市国电科技通信有限公司,广东深圳518109

出　　处：《计算机工程与应用》2025年第5期279-288,共10页Computer Engineering and Applications

基　　金：陕西省自然科学基础研究计划(2023-JC-QN-0640)。

摘　　要：在智能电网SG(smart grid)中设备间的认证和安全通信是至关重要的。然而现有的认证密钥协商协议中,智能电表和服务提供商的密钥完全由可信第三方生成,若第三方遭受攻击则会导致系统中所有用户的私钥泄露。为解决上述问题,提出了一种安全增强的两方认证密钥协商协议,即使可信第三方遭受攻击也不会泄露其他用户的私钥。在该协议中,可信第三方仅为智能电表和服务提供商生成部分密钥,智能电表和服务提供商自身生成完整的私钥,进一步相互认证建立秘密会话密钥,保证通信安全,防止隐私数据泄露。该协议在CDH(computational Diffie-Hellman)问题假设下是可证安全的,同时协议具有前向安全性和身份匿名性。最后,通过理论分析和实验仿真表明,协议在认证密钥协商阶段的计算开销和通信开销方面具有一定的优势。Authentication and secure communication between devices in a smart grid(SG)are essential.However,in the existing authentication key agreement protocols,the keys of smart meters and service providers are completely generated by a trusted third party.If the third party is attacked,the private keys of all users in the system will be leaked.To solve the above problems,this paper proposes a security enhanced two-party authentication key agreement protocol,which will not reveal other users’private keys even if a trusted third party is attacked.In this protocol,the trusted third party only generates partial keys for smart meters and service providers,while smart meters and service providers themselves generate complete private keys to further authenticate and establish secret session keys to ensure communication security and prevent privacy data leakage.The proposed protocol is provably secure under the assumption of CDH(computational Diffie-Hellman)problem,while the proposed protocol has forward security and identity anonymity.Finally,through theoretical analysis and experimental simulation,it is shown that the proposed protocol has certain advantages in the calculation cost and communication cost of the authentication key agreement stage.

关 键 词：智能电网 认证密钥协商 椭圆曲线 双线性对 部分密钥 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]