【作者】 李杰君；

【导师】 段斌；

【作者基本信息】 湘潭大学 ， 计算机技术， 2007， 硕士

【摘要】 随着Internet的迅速发展,信息安全问题面临新的挑战。电力系统信息安全问题已威胁到电力系统的安全、稳定、经济、优质运行,影响着“数字电力系统”的实现进程。研究电力系统信息安全问题,开发相应的应用系统,制定电力系统信息遭受外部攻击时的防范与系统恢复措施等信息安全战略,是当前电力信息化工作的重要内容。针对这种安全需求,本文介绍了变电站自动化国际标准-----IEC61850标准及其在远程通信的安全需求,以及可信计算的概念及在信息安全方面的应用,在分析变电站通信安全需求的基础上,根据IEC61850变电站通信标准,对变电站自动化的底层设备IED(智能电子设备)及其软件模型和通信模式进行了研究,提出了在IED中种植TPM(可信平台模块)的设计方案----以TPM芯片为硬件基础能实现IED安全启动和安全通信的可信IED结构及其主要功能。在该方案中首先设计了变电站IED中用于与TPM安全通信的Java优化处理器模块;然后在可信IED中采用片上可编程系统(SOPC)技术进行设计,逐级建立可信任链,将可信任关系扩展到远端;最后设计了一种基于广域网络的可信身份认证方法,实现了安全远程通信的实验。整个系统的设计从变电站底层设备IED、与变电站自动化的安全通信流程、广域网应用的安全信息传输机制及安全身份认证机制等几个方面对可信IED、可信计算模块的安全性实现进行了设计并进行了可信性的分析。该方案符合IEC61850标准,和目前电力远动中采用的标准保持一致,并且能较好地实现变电站信息的安全传送,较好地解决了变电站自动化系统中远程通信的安全问题。更多还原

【Abstract】 With the rapid development of network technology, new challenges of information security have also emerged. As the problems of information security have threatened the safety, stability, economy and optimal operation of electric power systems, and have had great impact on the actualization of“Digital Power Systems”. It is particularly important, in the present information work of electric power systems, to do research on information security, to develop relevant applications, to establish information security policies that could protect electric power systems from attack and to devise measures that could recovery systems.Aiming at this security need, this thesis introduces the international standard of substation automation– IEC 61085 and its security demand in remote communication, the concept of trusted computing and its application in information security. Some aspects such as network construction of the system,information model and communication model of IED of substation for telecontrol are analyzed and designed.A new secure distributed telecontrol inform action transmission mode between IED of substation and dispatching center based on network is established. To the requirement of security, Trusted Computing method issued by Trusted Computing Group (TCG) was introduced into substation automation, and TPM must be embedded in IEDs with a trust chain set up, meanwhile System on Programmable Chip (SOPC) was used in order to expand the trust to remote platforms, then the platform of security remote communication was designed. In the end, the method of user’s identification authentication has been design, and some experimentation proved security remote communication. This article has analyzed in detail on trusted computing under the system that wide area security defense-oriented, such as application and security of bottom IED device, electric substation cipher management, transformation protocol and dependable authentication. In addition, we have discussed originally the applied feasibility and advantages of this technique in future electric substation IED secure communication .The design coincides well with the latest international standards --- IEC61850. It provides a foundation for remote security communication in substation automation.更多还原