摘要
在分析电力调度数据网络现有的基于公钥数字证书的公钥基础设施/认证中心(PKI/CA)的安全系统基础上,针对调度数据网络中实时性与安全性需求之间的矛盾,提出了新的身份认证和密钥协商安全方案,通过改进基于有限域上离散对数的数字签名和密钥协商算法,将身份认证和密钥协商融合在一次会话中,并且使安全方案不依赖于第三方的在线证书系统,同时在现有的虚拟专用网(VPN)安全框架内对冗余功能进行了裁剪,取代了传统的PKI/CA体制,在保证电力调度数据网络安全性需求的同时满足了实时性需求。
Based on an analysis of the current security scheme for public key infrastructure and certification authorities (PKI/ CA) in the power dispatching data network and focusing on the contradiction between real time and security, a novel security scheme for identity authentication and key agreement is proposed. By improving the digital signature and key agl:eement algorithm based on discrete logarithm in a finite field, the identity authentication and key agreement are merged into one session, and the security scheme is made independent of the third party on-line certificate system. Meanwhile, the redundant functions of the current virtual private network (VPN) framework are cut down to replace the traditional PKI/CA system. The proposed security scheme for the power dispatching data network guarantees both security and real time.
出处
《电力系统自动化》
EI
CSCD
北大核心
2007年第14期94-97,共4页
Automation of Electric Power Systems
基金
四川省应用基础研究基金资助项目(04JY029-017-2)
国家科技型中小企业技术创新基金资助项目(04C26225110223)~~
关键词
电力调度数据网
安全性
实时性
身份认证
密钥协商
VPN
power dispatching data network
security
real time
identity authentication
key agreement
virtual privatenetwork (VPN)
