馈线终端单元FTU的101规约安全性测试

doi:10.11959/j.issn.2096-109x.2018080

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (10): 22-30.doi: 10.11959/j.issn.2096-109x.2018080

馈线终端单元FTU的101规约安全性测试

王勇¹,王相¹,贺文婷²,周宇昊³,蔡雨帆¹

¹ 上海电力学院信息安全系，上海 200090
² 华能上海石洞口发电有限责任公司华能上海石洞口第二电厂，上海 200942
³ 华电电力科学研究院有限公司国家能源分布式能源技术研发（实验）中心，浙江杭州 310030

修回日期:2018-09-08 出版日期:2018-10-01 发布日期:2018-12-15
作者简介:王勇（1973-），男，河南确山人，博士，上海电力学院教授，主要研究方向为电力信息安全、电力系统病毒分析、工业控制系统安全。|王相（1994-），男，江苏无锡人，上海电力学院硕士生，主要研究方向为电力系统通信协议安全。|贺文婷（1996-），女，浙江镇海人，主要研究方向为电力系统通信协议安全。|周宇昊（1983- ），男，浙江义乌人，华电电力科学研究院有限公司国家能源分布式能源技术研发（实验）中心高级工程师，主要研究方向为分布式能源政策、产业发展战略、系统集成技术、性能测试评估、检测技术及标准制定。|蔡雨帆（1997-）,男，四川内江人，上海电力学院本科生，主要研究方向为网络协议安全。
基金资助:
国家自然科学基金资助项目(61772327);上海自然科学基金资助项目(16ZR1436300);浙江大学工业控制技术国家重点实验室开放式基金资助项目(ICT1800380);上海电力学院智能电网产学研开发中心基金资助项目(A-0009-17-002-05);上海市科委地方能力建设基金资助项目(15110500700)

Security test of 101 protocol of FTU

Yong WANG¹,Xiang WANG¹,Wenting HE²,Yuhao ZHOU³,Yufan CAI¹

¹ Department of Information Security,Shanghai University of Electric Power,Shanghai 200090,China
² Huaneng Shanghai Shidongkou Second Power Plant,Huaneng Shanghgai Shidongkou Power Genertation CO.,LTD.,Shanghai 200942,China
³ National Energy Distributed Energy Technology Research and Development (experimental) Center,Huadian Electric Power Research Institute Co.,LTD.,Hangzhou 310030,China

Revised:2018-09-08 Online:2018-10-01 Published:2018-12-15
Supported by:
The National Natural Science Foundation of China(61772327);Shanghai Natural Science Foundation(16ZR1436300);Zhejiang University State Key Laboratory of Industrial Control Technology Open Fund(ICT1800380);Smart Grid Industry-University Research and Development Center Project of Shanghai University of Electric Power(A-0009-17-002-05);Project of Shanghai Science and Technology Committee under Grant(15110500700)

摘要/Abstract

摘要：

IEC60870-5-101规约主要用于电力SCADA数据监控采集系统主站和子站之间传输报文，由于该报文主要采用“帧校验和”的方式，其安全性较低，存在中间人攻击的安全隐患。为了验证该101规约的通信存在问题，构建了馈线终端FTU与主站的通信系统，在云服务器上采集FTU移动物联卡的遥测信息，利用中间人攻击方式，采用 ARP 欺骗截获通信数据分组，解析数据分组中的遥测信息，尝试数据篡改并成功使监控端数据得不到及时更新，最后提出了一种基于Hash签名的101规约安全机制。

关键词: 馈线终端FTU, 101规约, 中间人攻击, ARP欺骗

Abstract:

The IEC60870-5-101 protocol is mainly used for transmitting messages between the primary station and the substation of the power SCADA data monitoring and acquisition system.Since the message mainly adopts “frame check and sum” to ensure communication security,there is a common security risk among the intermediate personnel.In order to verify the communication problems of the 101 protocol,the communication system between the FTU and the main station of the feeder terminal was constructed,which collected the telemetry signal of the FTU mobile IoT card on the cloud server,and used the man-in-the-middle attack mode to use the ARP to intercept the communication data packet.To analyze the telemetry information in the data packet,try data tampering and successfully make the monitoring data not updated in time.Finally,an enhancement mechanism against external attacks was proposed.

Key words: FTU, 101 protocol, man-in-the-middle attack, ARP spoofing

中图分类号:

TP393

王勇,王相,贺文婷,周宇昊,蔡雨帆. 馈线终端单元FTU的101规约安全性测试[J]. 网络与信息安全学报, 2018, 4(10): 22-30.

Yong WANG,Xiang WANG,Wenting HE,Yuhao ZHOU,Yufan CAI. Security test of 101 protocol of FTU[J]. Chinese Journal of Network and Information Security, 2018, 4(10): 22-30.

图/表 15

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

图14

图15

参考文献 10

[1]	闫飞飞 . 基于IEC60870-5-101规约和104规约的FTU的设计与实现[D]. 西安:西安科技大学, 2012.
	YAN F F . Design and realization of feeder terminal unit based on IEC60870-5-101 protocol and 104 protocol[D]. Xi'an:Xi'an University of Science and Technology, 2012.
[2]	刘柳 . 面向 SCADA 业务的电力通信传输网安全性评[D]. 北京:华北电力大学, 2013.
	LIU L . SCADA services oriented security evaluation for electric power communication networks[D]. Beijing:North China Electric Power University, 2013.
[3]	王昕, 曹敏, 李仕林 ,等. 远动设备IEC60870-5-101非平衡规约的测试研究[J]. 化工自动化及仪表, 2016 (3): 308-312.
	WANG X , CAO M , LI S L ,et al. Test and research on unbalanced protocol of IEC60870-5-101 remote control equipment[J]. Control and Instruments in Chemical Industry, 2016(3): 308-312.
[4]	杨艳华, 周永录, 苏红军 ,等. Modbus RTU-IEC60870-5-101 数据汇集与规约转换装置设计[J]. 全国冶金自动化信息网2016年会论文集, 2016: 425-429.
	YANG Y H , ZHOU Y L , SU H J ,et al. Modbus RTU- IEC608705-101 data collection and protocol conversion device design[J]. Annual Conference Proceedings of the National Metallurgical Industry AutomationInformation Network. 2016: 425-429.
[5]	李克文, 莫凤芝, 吴丽芳 ,等. IEC60870-5—101 在配电自动化无线公网通信中的应用[J]. 电力系统通信, 2012,33(10): 39-43.
	LI K W , MO F Z , WU L F ,et al. Application of IEC60870-5-101 in distribution automation wireless public network communication[J]. Telecommunications for Electric Power System, 2012,33(10): 39-43.
[6]	唐明, 胡勇, 何霄鹏 ,等. 配电自动化设备通信协议的一致性测试系统设计与实现[J]. 电气技术, 2014,15(08): 24-27.
	TANG M , HU Y , HE X P ,et al. Design and implementation of conformance test system for distribution automation equipment communication protocol[J]. Electrical Engineering, 2014,15(8): 24-27.
[7]	张恺 . 基于高级量测体系的智能电表双向通信研究[D]. 太原:太原理工大学, 2011.
	ZHANG K . Research on two-way communication of smart meter based on advanced measurement system[D]. Taiyuan:Taiyuan University of Technology, 2011.
[8]	沈祥, 张俊伟 . 基于电力系统 IEC101 规约流程的运维解析[J]. 电气工程与自动化, 2017,36: 21-22.
	SHEN X , ZHANG J W . Operation and maintenance analysis based on IEC101 protocol process of power system[J]. Electrical Engineering and Automation, 2017,36: 21-22.
[9]	CHEN B , CHEN M , TIAN H ,et al. Advanced application of IEC60870-5-101 protocol on feeder terminal unit[C]// 11th IEEE International Conference on Anti-counterfeiting,Security,and Identification (ASID). 2017: 142-145.
[10]	邱凯翔, 金宇 . IEC101 规约的结构性认识与案例分析[J]. 电工电气, 2018 (6): 62-64.
	QIU K X , JIN Y . Structural understanding and case analysis of IEC101 Statute[J]. Electrotechnics Electric, 2018 (6): 62-64.

馈线终端单元FTU的101规约安全性测试

Security test of 101 protocol of FTU

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 10

相关文章 1

Metrics

推荐阅读 0