基于可信计算的变电站监控系统网络安全数据采集方法研究
Trusted Computing-based Network Security Data Collection for Substation Monitoring Systems
李洪池 1汤成俊 1高飞1
作者信息
- 1. 南京国电南自电网自动化有限公司,江苏 南京 211100
- 折叠
摘要
变电站监控系统网络安全数据通过探针模块采集后发送到网络安全监测装置,但监控系统探针的自身安全、运行可信度、与网络安全监测装置通信的合法性等都存在一定风险,为此提出一种基于可信计算的变电站监控系统网络安全数据采集方法.首先,在监控系统部署可信计算运行环境,形成计算平台可信、应用行为可信、网络通信可信的运行环境,确保监控系统应用及探针自身安全和运行的可信度.其次,基于数字证书及国密算法,对通信双方身份进行有效性认证,确保监控系统探针与网络安全监测装置之间通信的合法性.最后,通过对采集数据完整性的校验,提高数据采集的可靠性和准确性.
Abstract
The network security data of the substation monitoring system is sent to the network security monitoring device through the probe module,but there are certain risks to the security and operation credibility of the probe,and the legality of communication with the network security monitoring device.A network security data collection method for substation monitoring system based on trusted computing is proposed.First a trusted computing operating environment is deployed in the monitoring system to ensure the security and trustworthiness of the monitoring system and the probe,forming an op-erating environment with trusted computing platform,trusted application behavior,and trusted network communication.Second effective authentication of the identities of both communication parties is carried out to ensure the legality of com-munication between the probe and the network security monitoring devices based on digital certificates and national securi-ty algorithms.Finally the integrity of the collected data is verified to improve data collection reliability and accuracy.
关键词
可信计算/监控系统/网络安全/国密算法/身份认证Key words
trusted computing/monitoring system/network security/national secret algorithm/identity authentication引用本文复制引用
出版年
2024
NETL
NSTL
万方数据