文章摘要
骆钊,谢吉华,顾伟,等.基于SM2密码体系的电网信息安全支撑平台开发[J].电力系统自动化,2014,38(6):68-74. DOI: 10.7500/AEPS20130629002.
LUO Zhao,XIE Jihua,GU Wei, et al.SM2-Cryptosystem Based Information Security Supporting Platform in Power Grid[J].Automation of Electric Power Systems,2014,38(6):68-74. DOI: 10.7500/AEPS20130629002.
基于SM2密码体系的电网信息安全支撑平台开发
SM2-Cryptosystem Based Information Security Supporting Platform in Power Grid
DOI:10.7500/AEPS20130629002
关键词: 电力二次系统  SM2算法  安全支撑平台  组件技术
KeyWords: power secondary system  SM2 algorithm  security supporting platform  component technology
上网日期:2014-03-20
基金项目:
作者单位E-mail
骆钊 东南大学电气工程学院, 江苏省南京市 210096 waiting.198611@gamil.com 
谢吉华 东南大学电气工程学院, 江苏省南京市 210096
无锡市信息安全工程技术研究中心, 江苏省无锡市 214001 
 
顾伟 东南大学电气工程学院, 江苏省南京市 210096  
徐芳 无锡市信息安全工程技术研究中心, 江苏省无锡市 214001  
金钧华 无锡市信息安全工程技术研究中心, 江苏省无锡市 214001  
摘要:
      针对电力二次系统安全防护体系缺乏集中管理和审计,且现有的安全体系公钥算法均采用RSA算法的现状,提出了基于国产SM2密码体系的安全支撑平台的设计和实施方案。分析了安全支撑平台应用SM2算法存在的问题,提出了一个采用组件技术构建自行研制的安全加密通道的方案,使得安全支撑平台能支持实现SM2算法,并对集成整合后的安全支撑平台的应用功能进行了测试分析。结果表明,该平台可以实现电力二次系统应用之间的无缝整合,使它们相互间形成一个有机整体,提供安全的身份认证、有效的访问控制与权限管理、安全审计日志记录,并对用户信息及系统资源进行管理服务,实现对用户身份和访问权限的集中管理和控制。该平台已在某省级电网正式投运,得到了实际工程应用的验证。
Abstract:
      The security protection system of the secondary power system has no central management and auditing, and the public key algorithm of existing security systems is RSA algorithm. So a design and implementation scheme for security supporting platform based on domestic SM2 cryptosystem is proposed. First, the difficulty in making the security supporting platform upgraded to support the SM2 algorithm is pointed out. Then a scheme of building the self-developed security encrypted channel with the component technology is proposed to ensure the SM2 algorithm can be realized in the security supporting platform. Finally, the application function of integrated security supporting platform is tested and analyzed. The results show that this platform can achieve smooth integration among the applications of the secondary power system, while providing safe identity authentication, effective access control and authorization management, safety auditing logging, and user management. What’s more, the security support platform can centralize the identity authentication and the access control. The platform has been applied in a certain provincial power grid, which has proved its availability in actual projects.
查看全文(Free!)   查看附录   查看/发表评论  下载PDF阅读器