Wei Jin Zhuang,Hai Bing Zhu,Jia Qing Zhao,Yong Gang Zhang,Ming Yang Sun

DOI: https://doi.org/10.4028/www.scientific.net/amr.933.789

2014-01-01

Advanced Materials Research

Abstract:This paper proposes the construction mode of a two-level distributed alarming system, in which alarms are coordinately processed by substations and control center. In substation side, we classify alarms into several grades according to the degree of their importance and send the extracted key alarms to control center, thus reduce the amount of alarm passing and ensure the transmission reliability and speed; meanwhile, we carry out alarm verification and pretreatment through information redundancy to validate alarm correctness. In control center side, we integrate the data of ordinary Supervisory Control and Data Acquisition (SCADA) and the alarms received directly from substations, and carry out comprehensive fault reasoning and correctness verification. In order to illustrate the feasibility of the substation-control center distributed alarming system, the overall structure, substation smart alarm (SSA), control center smart alarm (CCSA) and cooked data transmission of this construction mode will be discussed in detail.

YANG Yang,HUANG Xiaoqing,CAO Yijia,ZHANG Zhidan,HE Jie

2011-01-01

Abstract:As the security specifications for IEC 61850 P2P communication protocol(real-time communication),IEC 62351-6 recommends the adoption of authentication for ensuring the safety of data transmission.To meet the requirement for the data flow and data security objectives in IEC 61850 digital substations,a method of implementing identity authentication with extended safe message through SHA-1 and DES encryption is put forward.Through the security analysis,it can meet the confidentiality,integrity and validity of the message.Further,by taking the bus fault on the unified star and the ring network in the whole D2-1 substation as an example,the OPNET network simulation and calculation are applied to the process of authentication.It is proved that the substation communication program has both good security and real-time character.

Hua Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/wcica.2012.6359132

2012-01-01

Intelligent Control and Automation

Abstract:Substation is an important part of power system and its operation status exerts great effect on the safety of power system. Comprehensive monitoring management platform for substation (CMMP) is a digital monitoring platform which has uniform interfaces; flexible expansibility and hierarchical network control ability, and it is custom-designed for safe operation of substation. CMMP consists of direct current real-time monitoring subsystem, intrusion detection and hierarchical video monitoring subsystem, temperature and humidity and fire monitoring subsystem based on WSNs. CMMP adopt composite structure of C/S and B/S which would be convenient for computer and other mobile end to query monitoring information. Owing to the perfect private network of power system, CMMP can monitor both local and cross-domain substations. In addition, CMMP can classify and manage all kinds of alarm information from substation and realize distribution monitoring centralized management.

张昀

DOI: https://doi.org/10.3969/j.issn.1001-5531.2008.23.011

2008-01-01

Abstract:Aiming at the practical application of IEC 61850 standard at present,starting from such aspects as improving model description,accessing primary equipment,optimizing network structure and ensuring information safety,the substation design based on IEC 61850 and some key technologies during its application were analyzed.Some suggestions were proposed on adopting fault tolerance,encryption,virtual private network technology for several problems encountered in operation.

SUN Chen,LIU Dong,LING Wanshui,LU Yiming

DOI: https://doi.org/10.13335/j.1000-3673.pst.2014.03.029

2014-01-01

Abstract:To ensure the communication security of remote terminal units in distribution automation system, based on the trusted computing theory and security chips technique a hierarchical 3 level authentication mechanism suitable to polytype distribution terminal equipments is proposed, and a secure process for security message transmission of data information from telemetering, telesignaling and remote control is designed, and a mathematical model, which can quantitatively reflect the confidence level of integrity and authenticity of terminal unit status, is put forward. Based on Matlab the interactive process of data information between distribution terminals and the master station is simulated, and utilizing 10 elliptic curves with different key lengths the time expenditure for crypto-operation as well as the securities of elliptic curve cryptography and the timestamp checking mechanism utilized by trusted mechanism are analyzed, and then the confidence level of authenticity of terminal equipments are calculated. Accordingly, those are validated that the proposed trusted mechanism possesses stronger confidentiality and higher accuracy against replay attacks.

Xueru Chu,Congying Wu,Tiecheng Li

DOI: https://doi.org/10.1109/ceect59667.2023.10420623

2023-01-01

Abstract:Currently, intelligent devices and monitoring data from substations have been integrated into the smart grid, forming an interconnected, digital operation and maintenance platform. The smart grid substation operation protection comparison platform, hosted on cloud servers, faces threats to the information security of the smart grid, thereby affecting the data privacy and operation safety of the substations. Therefore, this paper analyzes the current security requirements of the smart grid and common solutions, combined with the operation safety requirements of the smart grid substation. By using basic cryptographic techniques, it addresses network and information security threats in the smart grid, ensuring the operation safety of the substation. This paper restricts the login permissions of the smart grid substation operation protection platform; uses the RSA asymmetric encryption algorithm to encrypt the plaintext of the historical operation information stored on the server side; uses the AES advanced encryption algorithm and RSA algorithm to encrypt the communication process between the client and server side; encrypts the blueprint itself; and verifies the integrity of the blueprint connection relationship comparison file. This achieves the operation safety of the smart grid substation.

Wang Baoyi,Zhang Shaomin,Zhilei Zhang

DOI: https://doi.org/10.1109/ICIT.2008.4608609

2008-01-01

Abstract:Role-based Access Control (RBAC) policy separates user and privilege logically by importing the concept of role, which can simplify the management of privilege in electric power enterprise. As the development and sustaining change of electric power system, unattended substations become the new developing direction. Unattended substation automation system will realize centralized management and remote control, so the use of RBAC access control method will aggravate the burden of the access control server. What is more, it adds the complexity of management. RBAC could not meet the needs of the system. This paper designs Distributed RBAC access control model, according to the substation automation system structure stated in IEC61850. Users obtain their roles in centralized server, and obtain their privilege dispersedly. The efficiency is improved. Management is more convenient. In the end, a practical example is presented to prove that the designed model and algorithm have high security, feasibility and effectiveness in unattended substation automation system. Because the model and algorithm are designed according to the ITU-T X.509 and IEC61850 international standards, the design has high currency, adaptability and expansibility. ©2008 IEEE.

Mu Yang,Shaoqian Hu,Xiaoming You,Song Luo

DOI: https://doi.org/10.1117/12.3026502

2024-01-01

Abstract:In the field of substation automation communication, traditional communication protocols such as IEC101/IEC104 and DNP3 face communication security risks due to the lack of security mechanisms. The IEC/TS 62351 standard provides a specification for implementing communication security based on protocol itself. In order to meet the communication security requirements for DNP3 of substation communication terminals and to study engineering implementation solutions for application layer security, the application layer security for DNP3 of substation communication terminals has been achieved. This article elaborates on the implementation details of DNP3 application layer security, then tests and analyzes the communication traffic and computation time data after implementing application layer security. Based on consistency testing, the feasibility of engineering implementation of DNP3 security authentication is verified.

Junlei Qian,Changchun Hua,Xinping Guan,Tiefeng Xin,Limin Zhang

DOI: https://doi.org/10.1109/access.2019.2909011

IF: 3.9

2019-01-01

IEEE Access

Abstract:Supervisory control and data acquisition (SCADA) is a widely implemented structure to achieve remote measurement and control in many iron and steel plants. In traditional consideration, more attention on physical network separation methods is paid to isolate the SCADA system from management network to keep SCADA in a considered "safe" state. In addition, lots of security solution providers are focusing on the network side security assurance without involving the SCADA communication level protection. This paper investigates a new trusted-ID referenced key scheme for securing SCADA communications efficiently. The advanced encryption standard algorithm is used in the data transmission for its fast calculating speed, and the elliptic curve cryptography digital signature algorithm is used to confirm the data package that is from the right ID which can avoid the measured values and the control instructions to be maliciously modified by attacker. This solution for securing SCADA communication provides an efficient way to protect the data and protocol between the controllers and the remote terminal units (RTUs), and offers an authentication for the communication, which can avoid Man-In-The-Middle attack. Random numbers are used as a session key that can avoid the replay attack. cipher-block chaining mode message authentication code calculation is used to meet the data integrity requirement. Gong Needham Yahalom logic is used to prove the security of this solution, and an example is given to verify its validity.

Fei Xu,Bin Wang,Xinzhou Dong,Runbin Cao,Kun Liu,Yuelin Yang,TingTing Wu

DOI: https://doi.org/10.1109/APAP.2011.6180832

2011-01-01

Abstract:The paper mainly focuses on the communication problem based on IEC61850 communication protocol. As in the process level communication system: MU (Merging Unit)-Switch-DIPC (Digital Integrated Protection and Control system), the stability of SMV packets transmission is very important. The transmission delay of the process level communication is the key problem that may restrict the protection algorithm and capability. In the meantime, GPS synchronization problem of MUs, protection capability of the integrated protection device and stability of SMV message transmission based on the existing DIPC(DIP-01) system will also be discussed in the paper. Through the experiment and analysis, the paper gives out the key factors that lead to the message transmission delay and packets loss. The work at last gives out some primary ideas to improve the protection capability. © 2011 IEEE.

Wang Ning,Wu Yanli,Liu Guangxing,Yao Ruizhe,Zhang Longfei

DOI: https://doi.org/10.1088/1755-1315/464/1/012006

2020-03-01

IOP Conference Series: Earth and Environmental Science

Abstract:Abstract The intelligent distribution network is an important hub for connecting power generation and users, and the security of its information is closely related to the stable operation of the power grid. In order to solve the contradiction between the security and real-time of information in intelligent distribution network according to Supplementary Provisions for Safety Protection of Medium and Low Voltage Distribution Network Automation System, an information security model of intelligent distribution network is proposed, after deeply studying AES encryption algorithm and SHA-256 authentication algorithm, using OPNET as simulation software for smart distribution network information to carryout transmission delay curve. FPGA is used as information security processing platform. We obtain the total delay, analyze the integrity and availability. The experiment proves that the intelligent distribution network information security processing solution satisfies the three elements of CIA information security, and has good confidentiality, integrity and availability.

YANG Wen-zheng,GUO Chuang-xin,CAO Yi-jia,YI Yong-hui

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.09.029

2007-01-01

Abstract:The digital substation will be the essential tendency of substation's development.And the information security and its safeguard will become a hot spot.Based on the analysis of the ethernet of digital substation,the security meaning and threats of digital substation information were discussed.Some security strategies and measures were proposed,such as digital signature、VLAN、multi-agent and firewall.

Chanjuan Tang,Rong Tian,Bingjie Liu,Bingxin Tian,Fan Yu,Jiuchun Ren

DOI: https://doi.org/10.1117/12.3029263

2024-01-01

Abstract:To address the challenges of wiring operation and maintenance in substations and the security issues associated with wireless data acquisition in smart grid environments, we have developed a secure wireless data acquisition system for substation monitoring. This system integrates 5G, short-range wireless communication, Internet of Things (IoT) technology, and video processing to establish a secure and unified access model. The system comprises an intelligent gateway deployed at the wireless network boundary, equipped with hardware encryption cards for terminal authentication, data encryption, and information security. The gateway seamlessly integrates with the IoT system architecture, encompassing perception, edge computing, transport, and service layers. A security access module for the terminal is introduced in the design, taking into account the security constraints in the substation environment. This module ensures encrypted data transmission between the gateway and the terminal, providing a secure access solution for video and sensors.

Xiao-jun HAN,Dong-sheng CAI,Qi HUANG,Zheng-wei CHANG,Wei ZHEN

DOI: https://doi.org/10.3969/j.issn.1001-1390.2014.14.023

2014-01-01

Abstract:The IEC60870-5-104 Protocol is now widely used in the subsystems of the substation.To solve the problem of interconnection and interworking existing in the different equipment of the subsystems produced by different manufacturers, the paper analyzed the 104 Protocol in depth and proposed the simulation testing method of the smart substation subsystems based on the IEC104 telecontrol protocol. Then the paper introduced the implementation of the IEC104 protocol of the substation subsystems and the design of the performance-testing software. The test results with different devices verified the validity and reliability of the testing software and also proved that the software had good application value.

LuYao Yang,WeiMing Tong,ZhongWei Li,Tong Wu

DOI: https://doi.org/10.1145/3501409.3501589

2021-01-01

Abstract:In order to solve the problem of poor security protection ability of terminal equipment in current industrial control system, combining digital signature technology based on public key infrastructure and secret sharing scheme, an authentication scheme for distributed industrial control system terminal is proposed in this paper. In the process of authentication, digital signature technology based on public key infrastructure is used to deliver secret shares. The existence of the trusted center T is no longer required. This solves the problem of key escrow, prevents illegal personnel from using the name of trusted center T to deliver fake secret shares to industrial control terminal equipment, and enhances the security and reliability of the whole control system. The analysis shows that the authentication scheme can realize the authentication function between the engineer station and PLC terminal equipment in the multi-machine cooperation scenario in the industrial control system, prevent the intrusion of external personnel, ensure that the network data will not leak, and ensure the data security to the greatest extent.

Heping Lu,Yonghong Zhang,Yuan Liu

DOI: https://doi.org/10.2478/amns-2024-2187

2024-01-01

Applied Mathematics and Nonlinear Sciences

Abstract:Abstract With the help of automation technology, the efficiency and reliability of substation operations are synchronized. However, the equipment will operate under abnormal problems for a long time. If the problem is not resolved promptly, the consequences will be unimaginable. For timely detection of problems, this paper proposes a method for the construction of remote operation and maintenance systems. The remote operation and maintenance system is mainly composed of two-factor authentication, responsibility area authentication, and permission authentication. The security of remote operations and maintenance operations is guaranteed with the support of these key technologies. This paper enhances the safety and stability of automation equipment by offering remote wake-up, remote reset, historical information retrieval, and forwarding table monitoring services in the operation and maintenance service module. Adopting IoT technology, the core management module of remote management of master stations is constructed to ensure the safety of remote operations and maintenance data interaction between master stations and sub-stations. Simulation experiments are being conducted to evaluate the performance of IoT technology in remote operations and maintenance interactions at the main station. The energy consumption of the data interaction module of substation automation equipment is 0.19 and 0.012 mA for 1 hour and 1 day, respectively, for the equipment to operate for 5-10 days, where the advantages of IoT technology are reflected. The processing time of the operation and maintenance personnel under the traditional operation and maintenance and remote operation and maintenance modes were analyzed through comparative experiments, and the processing time of the device dead time was reduced from 175.46 minutes to 4.356 minutes after using the remote operation and maintenance system, and the efficiency of the operation and maintenance personnel was improved.

Longhua Guo,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li

DOI: https://doi.org/10.1109/GLOCOM.2016.7841519

2016-01-01

Abstract:With the rapid growth of the Internet, the current TCP/IP based network cannot well satisfy the requirements such as scalable content distribution, mobility, security and so on. The new networking architectures which aren't based on TCP/IP have been a trade of next generation networking such as Information-Centric Networking (ICN). In smart grid, parts of communication protocol in IEC 61850 are also not based on TCP/IP architecture such as Sampled Value (SV) and Generic Object-Oriented Substation Event (GOOSE). IEC 61850 based smart substation employing wireless network has significantly improved the interoperability and interconnection of substation devices. However, with the amount and openness growth of Intelligent Electronic Devices (IED) nodes, these changes introduce new efficiency, reliability and security challenges especially in wireless network. The strict time requirement has limited the use of heavyweight security protocols to fight against cyber-attacks. To address these issues, a name-based security mechanism using ICN is proposed for the non TCP/IP based SV and GOOSE communication. Publish/subscribe (pub/sub) based access control and lightweight encryption algorithm are utilized to secure the decentralized large-scale smart grid data sharing. The results show the proposed mechanism is secure and efficient for IEC 61850 communication employing wireless network.

Yue Lu,Xiuzhen Chen,Changsong Chen

DOI: https://doi.org/10.1109/ssic.2016.7571806

2016-01-01

Abstract:With rapid development of information technology, integration of industrialization and information is becoming closer and closer. SCADA (Supervisory Control and Data Acquisition) systems have been widely used in industrial control systems for promoting social productivity efficiently. In recent years, attacks against SCADA systems have caused serious damage and economic loss. Many robust cryptographic mechanisms have been introduced in SCADA systems in order to improve their defense ability of attacks. However, industry control systems have requirements of high availability, real-time and stability. Thus, designing a lightweight cryptographic mechanism is necessary for SCADA systems to have rapid emergency-response and fault-recovery in some critical situations. This paper puts forward an approach of security authentication for SCADA systems which achieves the two-way authentication and ensures the confidentiality of communication between master and slave stations. The proposed approach employs a bivariate symmetric polynomial to obtain the session key by letting master and slave stations' identity values participate in the polynomial calculation. And further the session key is extended to meet the length requirement of AES encryption key. The extended session key is further used to encrypt communication data transmitted in SCADA systems. The proposed lightweight security authentication method is effective in mutual authentication for master and slave stations and in secure communication, and also meet some special requirements of SCADA systems, including fast response in an emergency situation, real-time data communication, and high availability.

Hui Ran Wang,Rui Fang Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.392.601

2013-01-01

Applied Mechanics and Materials

Abstract:We dissected disadvantages of the existing transmission protocols and improved its performance of dada communication security. We have proposed a security communication protocol, called as RTUSec, for remote terminal units. RTUSec adds a security layer to the existing three layer model, so that the data security is improved. After analyzing advantage and disadvantage of the present algorithms of cryptography and authentication for data communication, we have designed a security mechanism with DES and HMAC to deal with security problems like spoofing during the communication between Remote Terminal Units and controlling centers.

Junjie Zhang,Xinzhuo Li,Li Zhang,Xian Luo

DOI: https://doi.org/10.1109/TOCS56154.2022.10016106

2022-12-11

Abstract:Using the combination of artificial intelligence and big data to provide a more efficient, safer and more accurate optimization scheme for substation intelligent security management and control. At present, there are many problems in the manual field operation of substation, such as untimely control, impractical early warning, high intensity of personnel work, uneven level of personnel skills, inefficient maintenance plan and scheme management, and difficult on-site safety supervision. There are hidden dangers in personnel and equipment to varying degrees. In order to solve the above problems, two optimization schemes are proposed for personnel operation safety and equipment maintenance safety. One is an intelligent security system that can realize the authorization management of substation operators, the orderly management of vehicle traffic and the real-time control of on-site operations. The other is an information model system that can realize intelligent management of maintenance work plan and maintenance preview simulation. The organic combination of the two systems can effectively improve the efficiency and safety of personnel and equipment management and control in the process of substation safety production. Both systems have been applied in a 220kV substation and achieved remarkable results.

Engineering,Computer Science