文章摘要
曹翔,张阳,宋林川,等.基于深度报文检测和安全增强的正向隔离装置设计及实现[J].电力系统自动化,2019,43(2):162-167. DOI: 10.7500/AEPS20180316005.
CAO Xiang,ZHANG Yang,SONG Linchuan, et al.Design and Implementation of Forward Isolation Device Based on Deep Packet Inspection and Security Enhancement[J].Automation of Electric Power Systems,2019,43(2):162-167. DOI: 10.7500/AEPS20180316005.
基于深度报文检测和安全增强的正向隔离装置设计及实现
Design and Implementation of Forward Isolation Device Based on Deep Packet Inspection and Security Enhancement
DOI:10.7500/AEPS20180316005
关键词: 深度报文检测  双因子  加密  认证  网络安全
KeyWords: deep packet inspection(DPI)  two factors  encryption  authentication  network security
上网日期:2018-08-13
基金项目:
作者单位E-mail
曹翔 南京南瑞继保电气有限公司, 江苏省南京市 211102 caoxiang@nrec.com 
张阳 南京南瑞继保电气有限公司, 江苏省南京市 211102  
宋林川 南京南瑞继保电气有限公司, 江苏省南京市 211102  
胡绍谦 南京南瑞继保电气有限公司, 江苏省南京市 211102  
汤震宇 南京南瑞继保电气有限公司, 江苏省南京市 211102  
张春合 南京南瑞继保电气有限公司, 江苏省南京市 211102  
摘要:
      为了提高新的网络安全环境及配电网接入环境中电力系统内部通信网络的安全性,提出了基于深度报文检测和安全增强的正向隔离装置。在对传统正向隔离装置原理和脆弱性分析的基础上,通过采用现场可编程门阵列(FPGA)作为隔离岛部件提高了隔离岛的传输速率并降低了误码率,通过采用深度报文检测技术解决了反向穿透性威胁,通过采用双因子身份鉴别技术提高了人机用户管理的安全性,通过采用基于国密算法的加密认证技术提高了本地管理的安全性。与传统的正向隔离装置相比,装置的性能和安全性都得到了提高。最后通过工程应用验证了理论的可行性和技术的实用性。
Abstract:
      In order to improve the security of power system communication network in the emerging network security environment and distribution network accessing environment, a forward isolation device based on deep packet inspection and security enhancement is proposed. Based on the principle and vulnerability analysis of the traditional forward isolation device, the field programmable gate array(FPGA)is adopted as isolation island to improve the transmission speed and reduce the error bit rate, the reverse penetrating threat is solved by the deep packet inspection technology, the security of human machine interface(HMI)management is improved by two factor authentication technology, the security of local management is improved by the encryption and authentication technology based on the state secret algorithm. Compared with the traditional forward isolation device, the performance and the security level of proposed device are both improved. Finally, the feasibility of the theory and the practicability of the technology are verified by project application.
查看全文(Free!)   查看附录   查看/发表评论  下载PDF阅读器