摘要
针对能源互联网发展背景下,电力物联网终端开放互动、电网防护边界模糊、传统边界安全防护体系难以保证电力物联网终端安全接入的问题,文章提出基于零信任架构的电力物联网安全接入方法,以物联网终端身份为中心,开展安全认证和动态访问控制。基于设备指纹提取和电力物联网标识公钥生成算法,实现电力物联网终端的轻量级安全认证。通过基于终端运行特征的信任度计算方法,开展终端持续信任评估和动态访问控制。在分布式电源安全接入场景进行方法验证,针对常见的泛洪攻击、报文攻击及恶意代码等攻击行为,基于零信任架构的电力物联网安全接入方法可以有效发现并及时阻断,避免攻击者通过控制电力物联网终端实施对电网的网络攻击。
With the development of the energy Internet,the terminals of the power Internet of Things are open and interactive,the grid protection boundary is ambiguous,and the traditional boundary based security system is difficult to ensure the secure access of the power Internet of things terminals.The program proposed a secure access method for the power system based on the zero-trust architecture.It takes the identity of the terminal as the center to carry out security authentication and dynamic access control.Based on the device fingerprint extraction and the Identification Public Key algorithm,the lightweight security authentication of the power terminal is realized.Through the trust calculation method based on terminal operating characteristics,continuous trust assessment and dynamic access control are carried out.The method is verified in the distributed power security access scenario.For common flood attacks,packet attacks and malicious code attacks,the security access method of the power Internet of Things based on the zero-trust architecture can effectively detect and block them in time,which can avoid attackers from conducting cyber attacks on the grid by controlling power Io T terminals.
作者
姜琳
周亮
缪思薇
张晓娟
朱亚运
曹靖怡
JIANG Lin;ZHOU Liang;MIAO Siwei;ZHANG Xiaojuan;ZHU Yayun;CAO Jingyi(China Electric Power Research Institute Co.,Ltd.,Haidian District,Beijing 100192,China)
出处
《电力信息与通信技术》
2023年第1期40-46,共7页
Electric Power Information and Communication Technology
基金
国家电网有限公司总部科技项目资助“基于业务场景的电力物联网动态访问控制技术研究与应用”(SGHEXT00WLJS2000046)。
关键词
电力物联网
零信任
安全接入
身份认证
访问控制
分布式电源
power internet of things
zero trust
secure access
identity authentication
access control
distributed power
