CN105245326A - Intelligent power grid safety communication method based on combination cipher - Google Patents
Intelligent power grid safety communication method based on combination cipher Download PDFInfo
- Publication number
- CN105245326A CN105245326A CN201510575551.5A CN201510575551A CN105245326A CN 105245326 A CN105245326 A CN 105245326A CN 201510575551 A CN201510575551 A CN 201510575551A CN 105245326 A CN105245326 A CN 105245326A
- Authority
- CN
- China
- Prior art keywords
- transfer station
- mdms
- signature
- ciphertext
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 38
- 238000004891 communication Methods 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012546 transfer Methods 0.000 claims abstract description 141
- IQLZWWDXNXZGPK-UHFFFAOYSA-N methylsulfonyloxymethyl methanesulfonate Chemical compound CS(=O)(=O)OCOS(C)(=O)=O IQLZWWDXNXZGPK-UHFFFAOYSA-N 0.000 claims abstract description 55
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 6
- 125000004122 cyclic group Chemical group 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims 2
- 238000003860 storage Methods 0.000 abstract description 5
- 238000009826 distribution Methods 0.000 description 7
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses an intelligent power grid safety communication method based on a combination cipher. The combination cipher is adopted, one key is used for completing operation such as session key agreement, encryption and signature, and the method adopts an offline/online mode, and as for an intelligent power meter with limited storage space and limited computing power, the needed storage space can be reduced and the computing speed is enhanced. A transfer station is arranged between the intelligent power meter and a power meter data management center (MDMS), and private keys corresponding to the power meter, the transfer station and the MDMS are generated by a key generation center (PKG). A session key is firstly generated between the power meter and the transfer station, and the session key is used for realizing two-way authentication and carrying out communication. Then, a chain transmission mode is adopted, the transfer station acquires data of power meters in a governing range of the transfer station, certain safety operation is carried out, the data are then transmitted to the adjacent next transfer station, and by such analogy, the data finally reach the MDMS.
Description
Technical Field
The invention belongs to the technical field of confidential communication, and particularly relates to a safe communication method between an intelligent ammeter and an MDMS in an intelligent power grid.
Background
As a product of a new era, the smart power grid can completely replace the current power grid architecture in the future, and provide more reliable, safer and more convenient service for human life. The intelligent power grid has the advantages that bidirectional communication between the user and the power company is achieved, so that the energy demand of the user can be more objectively predicted, and waste caused by excessive power production is avoided. Meanwhile, with the increase and integration of communication, network bugs in the smart grid also come into effect, for example, if the power utilization information of a user is intercepted by an illegal user, an attacker can guess the living habits of the user according to the information, and therefore intelligent stealing and intelligent tracking are achieved. One of the goals of smart grids is to provide their energy consumption information to consumers in near real time, such as the consumers being able to get their energy consumption every hour, so that they can change their consumption habits in order to cut down their power bill, which is only visible to the present consumers a month. However, an attacker can monitor and access the private information, and the life habits of the user can be inferred through the electricity utilization information of the user, so that intelligent stealing and tracking are realized. In addition, the smart grid also needs to have integrity and authentication to avoid the threat to the smart grid caused by malicious users tampering communication messages and disorderly sending messages. Therefore, in order to protect the confidentiality, integrity and authentication of information, the application of cryptography in the smart grid becomes a hot point of research.
Conventional cryptosystems require different cryptographic algorithms to use different key pairs, for example, one key pair is used for encryption and another key pair is used for signature. In practical applications, however, it is desirable to implement the encryption scheme and the signature scheme using the same key pair in different cryptosystems to adapt to the system environment with limited storage resources and computing power, i.e., the emergence of the combined public key cryptosystem. The cryptosystem breaks through the traditional key division principle, one key pair is used for different cryptosystems, such as an encryption system and a signature system, and the independent safety of the two cryptosystems is ensured. The combined public key cryptosystem is not a simple combination of the cryptosystem and the signature system. The combined public key cryptosystem can effectively reduce the time required for storing the key, storing the public key certificate and verifying the public key certificate, so the cryptosystem has wide application in the environment with limited storage resources and computing resources. However, the security problem of the cryptosystem caused by the method is not negligible. For example, the widely used RSA scheme, if only one key pair is used to implement encryption and signature, the otherwise secure encryption and signature schemes are no longer secure. In other words, independently secure cryptosystem architectures compromise their intrinsic security once the same or related key pair is used.
The integrity and confidentiality of information and the mutual authentication of users are key problems of the smart grid. Integrity and authentication can be guaranteed by digital signatures, and confidentiality is mainly achieved by encryption mechanisms. The smart grid can be roughly divided into three layers: control center, power distribution station, intelligent electrical apparatus. The power distribution station and the intelligent electric appliance communicate through a network by taking the intelligent electric meter as a medium, then the power distribution station forwards the power consumption demand information of the intelligent electric appliance to the control center, and finally the control center carries out intelligent power distribution according to the power consumption demand of a user. The supervisory control and data acquisition system can protect secure communications between the control center and the distribution substation, but communications between the distribution substation and the smart appliances are susceptible to security attacks, such as message forgery, tampering, and eavesdropping. Therefore, the main goal of the current law is to address the safety issues between the distribution substation and the intelligent appliances. This security problem is circumvented, for example, by using tamper-resistant devices, but only the substation can authenticate the smart appliance and no key agreement can be achieved. And a lightweight message authentication protocol based on the computational Diffie-Hellman problem, thereby realizing bidirectional authentication and realizing key agreement through Diffie-Hellman. In order to further enhance the security, based on a mutual authentication and key establishment mechanism, the data collection center and the smart device can perform mutual authentication through a public key certificate of the data collection center and a long-term key shared in advance, but the technical problem of how to distribute the shared long-term key makes the scheme not widely popularized. In addition, a protocol which uses a public key certificate, zero knowledge authentication and access control technology to realize a multi-factor authentication system, an authentication protocol based on an elliptic curve and the like, and a symmetric cryptosystem to realize bidirectional authentication and confidentiality simultaneously appears, but the protocol needs a large number of key negotiation processes, and multiple times of authentication are needed before communication.
Disclosure of Invention
The invention aims to: aiming at the safety problem of communication in the smart grid, a method for protecting power consumption information of the smart grid based on a combined password is provided, so that safe and reliable communication between the smart meter and the MDMS can be realized.
A smart grid secure communication method based on a combined password comprises the following steps:
step 1: setting n (n is more than 1) transfer stations, wherein each transfer station corresponds to more than one intelligent electric meter; only one transfer station in the n transfer stations is directly communicated with an electric meter data management center MDMS, and the n transfer stations are in chain communication;
step 2: each entity (including an intelligent electric meter, a transfer station and an MDMS) generates a corresponding public key according to the identity ID of the entity and sends the public key to a key generation center PKG, and the PKG generates a private key based on the public key sent by each entity and sends the private key to the corresponding entity through a secure channel;
and step 3: and (3) carrying out safe communication between the intelligent electric meter and the MDMS through hop-by-hop link transmission:
step 3-1: generating a session key of the intelligent ammeter and the corresponding transfer station: the method comprises the steps that an intelligent electric meter encrypts a first preset key negotiation message (generally, information such as an identity identifier, a key negotiation parameter w and a timestamp TM1 of the intelligent electric meter and a corresponding transfer station can be set) based on a public key of the corresponding transfer station and sends a ciphertext to the corresponding transfer station, the transfer station encrypts a second preset key negotiation message based on the public key of the intelligent electric meter after decryption and sends the second preset key negotiation message to the intelligent electric meter, wherein the second preset key negotiation message comprises the first preset key negotiation message and generally can be set as the identity identifier, the key negotiation parameter w and v, the timestamp TM1, TM2 and the like of the intelligent electric meter and the corresponding transfer station; obtaining a session key of the smart meter and the corresponding transfer station based on the second preset key negotiation message, for example, performing secure key negotiation based on a combined public key password of an identity identifier of an entity (the smart meter and the transfer station) and a Diffie-Hellman protocol to generate a corresponding session key;
step 3-2: the intelligent electric meter encrypts electric meter data based on the session key and sends the electric meter data to a corresponding transfer station, the transfer station verifies based on the session key, and if the verification is successful, the step 3-3 is executed;
step 3-3: encrypting the received electric meter data based on a public key of the MDMS to obtain a local ciphertext;
judging whether the current transfer station is the transfer station with the largest communication hop count with the MDMS (judging through identifiers of the transfer stations, for example, sequentially numbering all the transfer stations, directly communicating the transfer station with the largest number with the MDMS, and judging the transfer station with the smallest number with the largest communication hop count with the MDMS, or judging based on whether signatures and/or transfer station ciphertexts sent by other transfer stations exist on the current transfer station), if not, the transfer station cipher text of the current transfer station is a local cipher text; if the verification is passed, the transfer station cryptograph of the current transfer station is a local cryptograph and a received transfer station cryptograph; signing the transfer station ciphertext based on a private key of the current transfer station, and sending the signature and the transfer station ciphertext to a next-hop transfer station;
step 3-4: repeating the step 3-3 until the corresponding signature and the transfer station ciphertext are sent to the MDMS; the MDMS verifies the received signature and the transit station ciphertext based on the public key of the transit station in direct communication with the MDMS, and if the signature and the transit station ciphertext pass the verification, the MDMS decrypts the local ciphertext of each transit station based on the private key of the MDMS to recover the electric meter data of each intelligent electric meter.
Based on the steps, the invention adopts a combined public key cryptosystem, and can effectively reduce the number of the secret keys saved by the user. Compared with the combined password based on PKI, the user does not need to verify the validity of the public key certificate, and meanwhile, the expenses caused by storing and maintaining the certificate are reduced. Compared with symmetric cryptography, identity-based cryptography is adopted, which can avoid a large number of key negotiations.
Further, the invention can also set up the safe communication between the MDMS and the smart meter to realize the two-way safe communication between the smart meter and the MDMS, that is, the invention also includes step 4: and (3) carrying out safe communication between the MDMS and the intelligent electric meter by hop-by-hop link transmission: the MDMS encrypts the control messages respectively based on the public keys of the transfer stations to obtain corresponding control ciphertexts, signs the control ciphertexts respectively based on the private keys of the MDMS and sends the control ciphertexts together with the control ciphertexts to the transfer stations in direct communication with the MDMS; the current relay station stores the signature and the control ciphertext corresponding to the home terminal, and sends the signature and the control ciphertext which do not correspond to the home terminal to a previous-hop (the transmission direction from the MDMS to the intelligent ammeter) relay station until the maximum communication hop count with the MDMS is reached in the n relay stations; and verifying the signature corresponding to the terminal based on the public key of the MDMS by each transfer station, decrypting the control ciphertext based on the private key of the terminal to recover the control message if the signature passes the verification, and finally sending the control to each corresponding intelligent electric meter based on the session key of the intelligent electric meter.
In order to further adapt to the working environment with limited computing capacity of each entity in the smart grid and improve the system processing speed so as to ensure the real-time performance of the smart grid, in the step 3 of the invention, when encryption and signature are processed, a set server can perform the corresponding encryption and signature computing process offline, and the computing result is sent to the corresponding entity (such as a smart meter and a transfer station) so as to compute the corresponding encryption and signature results online.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
(1) the combined public key cryptosystem is used in the smart grid, so that the authentication and confidentiality of the smart grid communication are ensured, and the number of the storage keys in the smart grid is effectively reduced.
(2) The offline/online cryptosystem is used for combination, so that the processing speed of the communication process is increased, and the real-time performance of the intelligent power grid is ensured.
Drawings
FIG. 1 is a network topology diagram of an embodiment;
fig. 2 is a schematic diagram of a secure communication process of an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings.
Example 1
Referring to fig. 1, n transfer stations are provided, each transfer station is identified by j, and each transfer station is respectively used for a plurality of intelligent electric meters (Meter 1, Meter and the like in fig. 1); only one of the n transfer stations is in direct communication with the MDMS (transfer station n shown in the figure), and the n transfer stations are in chain communication.
Setting system parameters by the PKG so as to generate a key pair and a key negotiation process based on the identity environment of each entity in the smart grid:
(1) and setting system parameters to generate a required key pair.
Given a cyclic addition group G1The order being prime q, G2Are circular multiplications of the same order. P is a group G1One generator of, e: g1×G1→G2Is a bilinear map. Defining four secure hash functions H3:{0,1}*→{0,1}M,Where M represents the length of the plaintext,a multiplicative cyclic group (elements in the group do not include 0) representing modulo q. PKG random selectionAs master key, calculate PpubPKG discloses system parameters (G), sP, e (P, P)1,G2,P,Ppub,g,e,H1,H2,H3,H4) And saves the master key s.
Each entity (smart meter, transfer station and MDMS) in the smart grid sends own identity information ID ∈ {0,1}*Sending the system parameters to a PKG (public Key pair) (Q) which generates a public and private key pair (Q) for each entity in the smart grid according to the generated system parameters and a master key sID,SID) Wherein the private key SID=(QID+s)-1P, public key QID=H1(ID), and finally, the PKG sends the private key to the corresponding entity through the secure channel.
(2) Key agreement procedure
Referring to fig. 2, before the smart meter and the MDMS communicate with each other, key agreement is performed between the smart meter and the relay station to generate a shared session key. Intelligent ammeter i random selection key negotiation parameterAnd calculates wP, and then uses the public key Q of the transfer station jjFor the key agreement message (i | | j | | wP | | | TM)1) Encrypt and send the ciphertext to the staging wars j. Wherein i and j represent the identity information of the intelligent electric meter i and the transfer station j respectively, TM1A time stamp is represented. The transfer war j uses its own private key Si(i.e., S)i=SID=(QID+s)-1P) carries out decryption to recover wP, and then randomly selects key negotiation parametersAnd calculates vP, and then uses the public key Q of the smart meter ii(i.e., Q)i=QID=H1(ID)) to a key agreement message (i j w vP TM)1||TM2) Encrypt and send the ciphertext to the smart meteri,TM2A time stamp is represented. Smart meter i uses its own private key SiDecrypting the recovered message ensures that the transfer station j performs key agreement with the wP. Finally, the intelligent electric meter i can generate a session key K according to the values of w and vPi,jW (vp), and a simultaneous transfer j may generate a session key K based on the values of v and wPi,jV (wp). In order for the transfer station j to ensure that it is the smart meter i that communicates with, the smart meter i may use the shared session key Ki,jEncrypted and sent to the transfer station j. This ensures mutual authentication.
(3) Intelligent electric meter reading transmission process
The intelligent electric meter i uses the electric meter data m (user electricity consumption information) and the session key K generated in the processi,jGenerating a message authentication codeE represents a symmetric encryption algorithm, subscripts are used for identifying the intelligent electric meter i, the transfer station j and the corresponding session key Ki,jThen (m | | c) is sent to the relay warfare j, which is calculated using the shared session keyIf c', the verification is successful, otherwise, the meter data sent by the intelligent meter is discarded. The method comprises the following steps that in the transfer war j, all electric meter data which are successfully verified are encrypted firstly and then signed, and the method specifically comprises the following steps: firstly, the security server calculates the off-line cryptograph and randomly selectsCalculate Uj=uP,Rj=gx,βj=H3(R),T1j=a-1xP,T2jX (b + s) P, and then the offline ciphertext phi is (U, x, a, b, U)j,Rj,T1j,T2j,βj) Sending the information to a transfer station j, wherein the transfer station j utilizes a public key Q of MDMSMDComputing an online ciphertext t1j=a(QMD-b)modq,t2j=H2(m,Rj,Uj,T1j,T2j,t1j)x+umodq,cj=βj⊕ m. local ciphertext of transfer station j is σj=(Uj,T1j,T2j,t1j,t2j,cj). If the transfer station identifier j is equal to 1, directly taking the local ciphertext as the cipher text of the transfer station; otherwise, the transfer station j uses the public key of the transfer station j-1 to send the message (h)j-1,θj-1,S'j-1) And (σ)1||σ2||…||σj-1) And verifying, executing signature processing if the verification is successful, and discarding the signature processing if the verification is not successful. The method comprises the following specific steps: the transfer station j calculates Sj-1=θS'j-1,If h isj-1=H4(σ1||σ2||…||σj-1,rj-1,S'j-1) Then accept the signature (h)j-1,θj-1,S'j-1) And uniformly signing the local ciphertext of the previous j transfer battles, namely taking the local ciphertext of the 1 st to the j th transfer stations as the ciphertext of the transfer station j, and then signing the ciphertext of the current transfer station: firstly, the security server calculates an off-line signature, randomly selects a parameter l,calculating rj=gl,S'j=αSKjThen off-line signature (l, α)-1,rj,S'j) Sending the signature to a transfer station j, and calculating an online signature h by the transfer station jj=H4(σ1||σ2||…||σj,rj,S'j),θj=(x+h)α-1mod q, then sign (h)j,θj,S'j) And ciphertext (sigma)1||σ2||…||σj) To the transfer station j + 1. Subsequent transfer stations then perform similar operations until the last transfer station n in the link transfers the data to the MDMS.
MDMS, verifying and decrypting the received data, and specifically comprising the following steps: MDMS firstly utilizes the public key Q of the nth transfer stationnPair signature (h)n,θn,S'n) Performing verification and calculating Sn=θnS'n,If h isn=H4(σ1||σ2||…||σn,rn,S'n) Then, the ciphertext (σ) is accepted1||σ2||…||σn) And use its own private key SKMDAnd respectively decrypting each ciphertext. At σj=(Uj,T1j,T2j,t1j,t2j,cj) For example, MDMS calculates R ═ e (T)2j+t1jT1j,SKMD),mj=cj⊕H3(R),H=H2(mj,R,Uj,T1j,T2j,t1j) If R is satisfiedH=e(t2P-U, P), then the message m is acceptedjWherein m isjAnd the electric meter data which are sent by each intelligent electric meter corresponding to the transfer station j are shown.
(4) Control information transmission process
The MDMS transmits a control message to the smart meter is a reverse process of the above process. The MDMS firstly encrypts control messages by using public keys of the transfer stations respectively, signs ciphertexts by using own private keys respectively and then transmits the ciphertexts to the transfer station n, the transfer station n firstly transmits the ciphertexts and the signatures of the previous n-1 transfer stations to the previous transfer station n-1 in a hop-by-hop link transmission mode, the transfer station n-1 similarly transmits the ciphertexts and the signatures of the previous n-2 transfer stations to the previous transfer station, and the like until the first transfer station in the link. After receiving the ciphertext and the signature, each transfer station firstly verifies the signature by using the public key of the MDMS and decrypts the signature by using the private key of the transfer station, and finally forwards the control message to each electric meter by using the session key shared with the intelligent electric meter.
While the invention has been described with reference to specific embodiments, any feature disclosed in this specification may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise; all of the disclosed features, or all of the method or process steps, may be combined in any combination, except mutually exclusive features and/or steps.
Claims (7)
1. A smart grid secure communication method based on a combined password is characterized by comprising the following steps:
step 1: setting n transfer stations, wherein each transfer station corresponds to more than one intelligent electric meter; only one transfer station in the n transfer stations is directly communicated with an electric meter data management center MDMS, chain communication is adopted among the n transfer stations, and n is larger than 1;
step 2: each entity generates a corresponding public key according to the identity ID of the entity and sends the public key to a key generation center PKG, the PKG generates a private key based on the public key sent by each entity and sends the private key to the corresponding entity through a secure channel, and the entities comprise an intelligent electric meter, a transfer station and an MDMS;
and step 3: and (3) carrying out safe communication between the intelligent electric meter and the MDMS through hop-by-hop link transmission:
step 3-1: generating a session key of the intelligent ammeter and the corresponding transfer station: the intelligent electric meter encrypts a first preset key negotiation message based on a public key of a corresponding transfer station and sends a ciphertext to the corresponding transfer station, the transfer station encrypts a second preset key negotiation message based on the public key of the intelligent electric meter after decryption and sends the second preset key negotiation message to the intelligent electric meter, and the second preset key negotiation message comprises the first preset key negotiation message; obtaining the intelligent ammeter and a session key corresponding to the transfer station based on the second preset key negotiation message;
step 3-2: the intelligent electric meter encrypts electric meter data based on the session key and sends the electric meter data to a corresponding transfer station, the transfer station verifies based on the session key, and if the verification is successful, the step 3-3 is executed;
step 3-3: encrypting the received electric meter data based on a public key of the MDMS to obtain a local ciphertext;
judging whether the current transfer station is the transfer station with the largest communication hop number with the MDMS, if not, the cipher text of the current transfer station is the local cipher text; if yes, verifying the signature and the transfer station ciphertext sent by the previous transfer station based on the public key of the previous transfer station, and if the verification is passed, determining the transfer station ciphertext of the current transfer station to be a local ciphertext and a received transfer station ciphertext;
signing the transfer station ciphertext based on a private key of the current transfer station, and sending the signature and the transfer station ciphertext to a next-hop transfer station;
step 3-4: repeating the step 3-3 until the corresponding signature and the transfer station ciphertext are sent to the MDMS; the MDMS verifies the received signature and the transit station ciphertext based on the public key of the transit station in direct communication with the MDMS, and if the signature and the transit station ciphertext pass the verification, the MDMS decrypts the local ciphertext of each transit station based on the private key of the MDMS to recover the electric meter data of each intelligent electric meter.
2. The method of claim 1, further comprising step 4: and (3) carrying out safe communication between the MDMS and the intelligent electric meter by hop-by-hop link transmission:
the MDMS encrypts the control messages respectively based on the public keys of the transfer stations to obtain corresponding control ciphertexts, signs the control ciphertexts respectively based on the private keys of the MDMS and sends the control ciphertexts together with the control ciphertexts to the transfer stations in direct communication with the MDMS;
the current transfer station stores the signature and the control ciphertext corresponding to the local terminal, and sends the signature and the control ciphertext which do not correspond to the local terminal to the transfer station with the last hop until the transfer station with the largest communication hop count with the MDMS in the n transfer stations;
and verifying the signature corresponding to the terminal based on the public key of the MDMS by each transfer station, decrypting the control ciphertext based on the private key of the terminal to recover the control message if the signature passes the verification, and finally sending the control to each corresponding intelligent electric meter based on the session key of the intelligent electric meter.
3. The method according to claim 1 or 2, wherein in step 3-1, the first pre-defined key agreement message comprises the identity identifiers of the smart meters and the corresponding transit stations, the key agreement parameter w and the timestamp TM1The second preset key negotiation message includes the identity identifier of the smart meter and the corresponding transfer station, the key negotiation parameters w and v, and the timestamp TM1、TM2。
4. The method according to claim 1 or 2, wherein in step 3, when processing encryption and signature, the server is configured to perform the calculation process of corresponding encryption and signature offline, and send the calculation result to the corresponding entity to calculate the corresponding encryption and signature result online.
5. The method of claim 4, wherein the specific processes of offline encryption, online encryption, decryption, offline signature, online signature and authentication involved in each entity are:
off-line encryption, server randomly selects parametersNumber ofAnd calculating U ═ uP, R ═ gx,β=H3(R),T1=a-1xP,T2X (b + s) P, and the offline ciphertext Φ (U, x, a, b, U, R, T)1,T2β) to the sender of the corresponding ciphertext;
on-line encryption, given (m, ID, phi), the sender calculates t1=a(H1(ID)-b)modq,t2=H2(m,R,U,T1,T2,t1)x+umodq,And then the generated ciphertext sigma is equal to (U, T)1,T2,t1,t2C) sending to a decryption end;
and (3) decryption: given (σ, ID, SID) Receiving end receiving corresponding cipher text calculates R ═ e (T)2+t1T1,SID),H=H2(m,R,U,T1,T2,t1) If R isH=e(t2P-U, P), outputting m, otherwise rejecting;
off-line signature: the server randomly selects the parameter/and,and calculating r ═ gl,S’=αSIDThen off-line ciphertext (l, α)-1R, S') to the sender of the corresponding signature;
and (3) online signing: given (ID, H is calculated by the sending end4(m,r,S’),θ=(l+h)α-1modq, generating a signature σ ═ h, θ, S', and sending to a corresponding receiving end;
and (3) authentication: given (m, ID, σ), the receiving end calculates S ═ θ S ', r ═ e (S, H), and the receiving end calculates S ═ θ S', r ═ e (S, H)1(ID)P+Ppub)g-hIf H is H4(m, r, S') receiver acceptanceSigning, otherwise, rejecting;
wherein,denotes a multiplication cyclic group modulo q, P denotes an addition cyclic group G of order q1G ═ e (P, P), where the bilinear map e is: g1×G1→G2,G2Representing q-factorial cyclic groups, hash functionsHash functionHash function H3:{0,1}*→{0,1}MHash functionWherein M is a preset plaintext length, S represents a system master key, M represents electric meter data of the intelligent electric meter, ID represents an identity identifier of a corresponding entity, and SIDRepresenting the private key of the corresponding entity.
6. The method according to claim 5, wherein in step 3-3, the specific process of obtaining the local ciphertext is as follows:
computing an offline ciphertext phi by a secure serverj=(u,x,a,b,Uj,Rj,T1j,T2j,βj) And sent to a transfer station j, where j represents the current transfer station identifier, Uj=uP,Rj=gx,βj=H3(R),T1j=a-1xP,T2j=x(b+s)P;
Public key Q of transfer station j based on MDMSMDComputing an online ciphertext t1j=a(QMD-b)modq,t2j=H2(m,Rj,Uj,T1j,T2j,t1j)x+umodq,Thereby obtaining a local ciphertext: sigmaj=(Uj,T1j,T2j,t1j,t2j,cj);
The transfer station j uses the public key of the transfer station j-1 to sign (h) sent by the transfer station jj-1,θj-1,S'j-1) And the cryptogram (sigma) of the transfer station1||σ2||…||σj-1) And (4) carrying out verification: calculating Sj-1=θS'j-1,If hj-1=H4(σ1||σ2||…||σj-1,rj-1,S'j-1) If yes, the verification is passed;
the cipher text of the transfer station j is (sigma)1||σ2||…||σj) And signature processing is carried out on the data: the off-line signature is computed by the security server, the parameter/is randomly selected,calculating rj=gl,S'j=αSKjThen off-line signature (l, α)-1,rj,S'j) Sending the signature to a transfer station j, and calculating an online signature h by the transfer station jj=H4(σ1||σ2||…||σj,rj,S'j),θj=(l+h)α-1mod q, then sign (h)j,θj,S'j) And the cryptogram (sigma) of the transfer station1||σ2||…||σj) Sending the information to a transfer station j + 1;
in step 3-4, the MDMS verifies and decrypts the received signature and the transfer station ciphertext, and the specific steps are as follows: MDMS is based on public key Q of transfer station n in direct communication with MDMSnPair signature (h)n,θn,S'n) Performing verification and calculating Sn=θnS'n,If hn=H4(σ1||σ2||…||σn,rn,S'n) Based on private key SK of MDMSMDAnd respectively decrypting each local ciphertext.
7. The method of claim 6, wherein the specific step of the MDMS transmitting the control message to the smart meter in step 4 is the reverse of the process of claim 6 with respect to steps 3-3 and 3-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510575551.5A CN105245326B (en) | 2015-09-10 | 2015-09-10 | A kind of smart grid security communication means based on combination pin |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510575551.5A CN105245326B (en) | 2015-09-10 | 2015-09-10 | A kind of smart grid security communication means based on combination pin |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105245326A true CN105245326A (en) | 2016-01-13 |
CN105245326B CN105245326B (en) | 2018-11-13 |
Family
ID=55042839
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510575551.5A Expired - Fee Related CN105245326B (en) | 2015-09-10 | 2015-09-10 | A kind of smart grid security communication means based on combination pin |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105245326B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105871837A (en) * | 2016-03-30 | 2016-08-17 | 安徽工程大学 | Data transmission system applied to smart power grid |
CN105897416A (en) * | 2016-06-29 | 2016-08-24 | 邓月霞 | Forward end-to-end safe instant communication method based on identity-based password system |
CN108494555A (en) * | 2018-02-27 | 2018-09-04 | 深圳市海司恩科技有限公司 | Information encryption and decryption method and information encryption, decryption device |
CN109272384A (en) * | 2018-09-11 | 2019-01-25 | 重庆邮电大学 | A kind of distributed intelligence ammeter sale of electricity method and system |
CN110034928A (en) * | 2019-03-29 | 2019-07-19 | 国网山东省电力公司梁山县供电公司 | Energy measurement information transmitting device and method |
CN110110537A (en) * | 2019-05-08 | 2019-08-09 | 西安电子科技大学 | The polymerization of multidimensional data encryption and decryption in smart grid |
CN110460570A (en) * | 2019-07-03 | 2019-11-15 | 湖南匡安网络技术有限公司 | A kind of smart grid data ciphering method and decryption method with forward security |
CN112231770A (en) * | 2020-11-03 | 2021-01-15 | 上海第二工业大学 | Smart power grid data transmission method |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN112671927A (en) * | 2020-12-31 | 2021-04-16 | 广州技象科技有限公司 | Service data transmission method and device based on electric power Internet of things system change |
CN112804118A (en) * | 2020-12-31 | 2021-05-14 | 广州技象科技有限公司 | Data transmission method and device based on data jump transmission link of intelligent electric meter |
CN113094731A (en) * | 2021-04-15 | 2021-07-09 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
CN113556355A (en) * | 2021-07-30 | 2021-10-26 | 广东电网有限责任公司 | Key processing system and method for intelligent equipment of power distribution network |
CN117118744A (en) * | 2023-10-19 | 2023-11-24 | 三未信安科技股份有限公司 | Message encryption packaging and joint authentication method and system based on identification password |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120233461A1 (en) * | 2011-03-07 | 2012-09-13 | Kabushiki Kaisha Toshiba | Data transmitting apparatus and data authenticating method |
CN102859945A (en) * | 2010-04-30 | 2013-01-02 | 株式会社东芝 | Key management device, system and method having a rekey mechanism |
CN104363219A (en) * | 2014-11-06 | 2015-02-18 | 江苏林洋电子股份有限公司 | Three-party secret key management method based on IEC62056 data transmission safety standard |
-
2015
- 2015-09-10 CN CN201510575551.5A patent/CN105245326B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102859945A (en) * | 2010-04-30 | 2013-01-02 | 株式会社东芝 | Key management device, system and method having a rekey mechanism |
US20120233461A1 (en) * | 2011-03-07 | 2012-09-13 | Kabushiki Kaisha Toshiba | Data transmitting apparatus and data authenticating method |
CN104363219A (en) * | 2014-11-06 | 2015-02-18 | 江苏林洋电子股份有限公司 | Three-party secret key management method based on IEC62056 data transmission safety standard |
Non-Patent Citations (2)
Title |
---|
YE YAN,ET AL.: "An Efficient Security Protocol for Advanced Metering Infrastructure in Smart Grid", 《IEEE NETWORK》 * |
王先博: "基于身份的组合公钥认证体制的研究与设计", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105871837A (en) * | 2016-03-30 | 2016-08-17 | 安徽工程大学 | Data transmission system applied to smart power grid |
CN105897416A (en) * | 2016-06-29 | 2016-08-24 | 邓月霞 | Forward end-to-end safe instant communication method based on identity-based password system |
CN105897416B (en) * | 2016-06-29 | 2019-03-05 | 邓月霞 | A kind of end-to-end security instant communication method of forward direction based on id password system |
CN108494555B (en) * | 2018-02-27 | 2024-05-24 | 洪贵顺 | Information encryption and decryption method and information encryption and decryption equipment |
CN108494555A (en) * | 2018-02-27 | 2018-09-04 | 深圳市海司恩科技有限公司 | Information encryption and decryption method and information encryption, decryption device |
CN109272384A (en) * | 2018-09-11 | 2019-01-25 | 重庆邮电大学 | A kind of distributed intelligence ammeter sale of electricity method and system |
CN109272384B (en) * | 2018-09-11 | 2022-01-28 | 重庆邮电大学 | Distributed intelligent electric meter electricity selling method and system |
CN110034928A (en) * | 2019-03-29 | 2019-07-19 | 国网山东省电力公司梁山县供电公司 | Energy measurement information transmitting device and method |
CN110034928B (en) * | 2019-03-29 | 2021-11-02 | 国网山东省电力公司梁山县供电公司 | Electric energy metering information transmission device and method |
CN110110537A (en) * | 2019-05-08 | 2019-08-09 | 西安电子科技大学 | The polymerization of multidimensional data encryption and decryption in smart grid |
CN110110537B (en) * | 2019-05-08 | 2022-12-27 | 西安电子科技大学 | Aggregation method for encrypting and decrypting multidimensional data in smart power grid |
CN110460570B (en) * | 2019-07-03 | 2021-07-23 | 湖南匡安网络技术有限公司 | Smart power grid data encryption method and decryption method with forward security |
CN110460570A (en) * | 2019-07-03 | 2019-11-15 | 湖南匡安网络技术有限公司 | A kind of smart grid data ciphering method and decryption method with forward security |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN112231770A (en) * | 2020-11-03 | 2021-01-15 | 上海第二工业大学 | Smart power grid data transmission method |
CN112804118B (en) * | 2020-12-31 | 2023-01-31 | 广州技象科技有限公司 | Data transmission method and device based on intelligent ammeter data jump transmission link |
CN112804118A (en) * | 2020-12-31 | 2021-05-14 | 广州技象科技有限公司 | Data transmission method and device based on data jump transmission link of intelligent electric meter |
CN112671927A (en) * | 2020-12-31 | 2021-04-16 | 广州技象科技有限公司 | Service data transmission method and device based on electric power Internet of things system change |
CN113094731A (en) * | 2021-04-15 | 2021-07-09 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
CN113094731B (en) * | 2021-04-15 | 2023-04-07 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
CN113556355A (en) * | 2021-07-30 | 2021-10-26 | 广东电网有限责任公司 | Key processing system and method for intelligent equipment of power distribution network |
CN113556355B (en) * | 2021-07-30 | 2023-04-28 | 广东电网有限责任公司 | Key processing system and method for intelligent equipment of power distribution network |
CN117118744A (en) * | 2023-10-19 | 2023-11-24 | 三未信安科技股份有限公司 | Message encryption packaging and joint authentication method and system based on identification password |
CN117118744B (en) * | 2023-10-19 | 2024-01-26 | 三未信安科技股份有限公司 | Message encryption packaging and joint authentication method and system based on identification password |
Also Published As
Publication number | Publication date |
---|---|
CN105245326B (en) | 2018-11-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105245326B (en) | A kind of smart grid security communication means based on combination pin | |
CN109584978B (en) | Information processing method and system based on signature aggregation medical health monitoring network model | |
CN107947913B (en) | Anonymous authentication method and system based on identity | |
CN102685114B (en) | Metering data transmission system based on identity encryption and data transmission method | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
CN107483209B (en) | Secure signcryption method based on heterogeneous system | |
CN103618610A (en) | Information safety algorithm based on energy information gateway in smart power grid | |
CN105163309B (en) | A method of the wireless sensor network security communication based on combination pin | |
CN104393996B (en) | A kind of label decryption method and system based on no certificate | |
CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
CN102387152A (en) | Preset-key-based symmetric encryption communication method | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
KR101516114B1 (en) | Certificate-based proxy re-encryption method and its system | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
US20220038267A1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
CN113676448B (en) | Offline equipment bidirectional authentication method and system based on symmetric key | |
CN115473623A (en) | Method for safely aggregating multidimensional user data in smart power grid | |
CN108055134B (en) | Collaborative computing method and system for elliptic curve point multiplication and pairing operation | |
CN114070549B (en) | Key generation method, device, equipment and storage medium | |
CN114285580B (en) | Online and offline signcryption method from certificate-free to public key infrastructure | |
CN111092720A (en) | Certificate-based encryption method capable of resisting leakage of master key and decryption key | |
CN114070570B (en) | Safe communication method of electric power Internet of things | |
CN114422114B (en) | Time-controlled encryption method and system based on multi-time server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181113 |
|
CF01 | Termination of patent right due to non-payment of annual fee |