Security Design And Realization Of Substation Automation Based On Password

In the circumstance that substation automation develops an ethernet to communication , substation operation will be excuted through network . the anti_maloperation measure will mainly be expressed for norm of access behavior include judging the access privilege of control object .Because password is simple and convenient ,so it is use widely in substation automation ,however password is susceptible to be leaked out,and can not satified with the security need in which it can realize the message authentication,encryption and so on. Based on the orientation of SAS which is proposed by international standard IEC61850(Substation atomation communication)and IEC 62351(data and communication security in power system) ,and on the consideration of the anti-maloperation technology need in SAS through network. security measures based on password such as SRP and SRP_TLS are proposed to use in SAS,through which security need can be realized such as authentication,access authorization, message authentication, message encyption and so on. Research contents as follows:(1)Research substation automation systmem communication based on IEC 61850. In which information exchange of IEDs(intelligence electronics equipments) adopt Client/Server(C/S) and Pubish/Subscriber(P/S) two kinds of communication modes through Abstract Communication Services Interface. In IEC 61850 ACSI different message mapping to the correspondance communication protocol stack through SCSM .Whatever any communication stack, the data link level all adopt IEEE802.3(erthernet) with CSMA/CD。(2)The analyse the security need of substation communication and securitytechnique.Through analysing the special communication environment an authentication is necessary. Compared two kinds of top internation password techniques while introducing related security password techniques.It is concluded Security Remote Password(SRP) is a strong authentication mechanism. Because it is a password authentication ,it is simpler more than PKI. each side need not to save keys and not to transmit keys through network. The user can select a simple password but need not to worry about dictionary attack.(3) First research authentication is only necessary security measure of the realtime communication which include three messages (GOOSE, SMV,GSE)in IEC 61850 .then designed the authentication process base on SRP.(4)On the foundation of analyzing the security needs of Client/Server communication mode,the SRP_TLS is proposed to realize the security communication and designed the process.