摘要: 在配电自动化系统的通用分组无线业务(GPRS)通信过程中,存在假冒攻击和数据篡改等安全隐患。为此,提出一种基于双线性对的配电自动化GPRS通信两方认证密钥协商协议,以建立配电主站加密服务器和配电无线终端之间的会话密钥。分析配电自动化GPRS通信网络的结构特点、安全威胁和需求,采用基于密钥的哈希认证码算法,同时考虑配电无线终端的有限计算能力,给出协议的实现过程。分析结果表明,该协议能抵御外部攻击、重放攻击和假冒攻击,且不存在密钥托管问题。与同类协议相比,具有更高的安全性和效率,能够满足实际的应用需求。
关键词:
配电自动化系统,
通用分组无线业务通信,
双线性对,
HMAC算法,
两方认证,
密钥协商
Abstract: It is found that there exists some cyber security risks like impersonation attack and data tampering in the communication process of Distribution Automation System(DAS) based on General Packet Radio Service(GPRS). In order to realize session key establishment for DAS encryption server and any wireless terminal, this paper presents a mutual authenticated key agreement protocol based on bilinear pairings for GPRS communication network in DAS. It analyzes the features of communication network architecture based on GPRS in DAS, the corresponding cyber security risks and security requirements, shows the implementation procedure of the protocol. The protocol includes HMAC algorithm and considers resource-constraint wireless terminals. Security analysis proves that the scheme can resist outsider attack, replay attack and impersonation attack without key trusteeship problem. Compared with the related works, the proposed protocol is more secure and practical, which can satisfy the application requirement.
Key words:
Distribution Automation System(DAS),
General Packet Radio Service(GPRS) communication,
bilinear pairings,
HMAC algorithm,
mutual authenticated,
key agreement
中图分类号: