基于PKI/PMI的变电站自动化系统访问安全管理

随着信息技术的发展,电力工业的信息安全已成为影响电力系统稳定运行的重要问题。IEC 61850标准的推出对变电站通信系统与网络提出了新的要求,其中有关智能电子设备(IED)的访问 安全管理是确保操作主体身份与授权合法的关键问题。IEC 61850要求使用虚拟访问视图实现 IED的访问安全,而公钥基础设施／权限管理基础设施(PKI／PMI)体制正在电力系统企业中广泛 推行,通过设计专用的认证访问处理模块实现二者的有机结合,采用基于角色的访问控制(RBAC) 模型设计了满足多用户、多角色需求的访问控制方法。通过对执行过程的实时性分析,证明该系统 能够满足IED的实时控制要求。系统设计紧扣IED虚拟访问视图设计标准和多类电力自动化应 用系统统一管理的实际需要,相关的密码算法遵循国家密码管理局的商用密码管理条例,设计内容 既符合国际标准的发展方向,为电力系统通信安全标准的制定提供了参考,又能满足国家对信息安 全方面的特殊要求。

Access Security Management of Substation Automation Systems Based on PKI/PMI

Along with the development of information technology, the information security of power industry is becoming an important problem in the stability of power systems. The proposition of IEC 61850 makes new claims on the substation communication system and network. To ensure the access security of an intelligent electronic device (IED), there should be an appropriate authentication and authorization method. The IEC 61850 employs a concept called virtual access view to protect IED data object, and the PKI/PMI architecture is being popularized in power system corporations. To integrate the two parts into an organic whole, a special authentication and access process module that can meet the needs of multi-users and multi-roles based on RBAC has been designed. The method is capable of fulfilling the access security requirement and real-time control of IED. The design of this system is closely associated with the virtual access view and the multi-application management requirements of the electric power automation system. The interrelated cryptography abides by the Commercial Cryptography Management Statute of National Cipher Management Office.