Design and Implementation of Forward Isolation Device Based on Deep Packet Inspection and Security Enhancement

被引：0

作者：

Cao X. ^{[1
]}

Zhang Y. ^{[1
]}

Song L. ^{[1
]}

Hu S. ^{[1
]}

Tang Z. ^{[1
]}

Zhang C. ^{[1
]}

机构：

[1] NR Electric Co. Ltd., Nanjing

来源：

Dianli Xitong Zidonghua/Automation of Electric Power Systems | 2019年 / 43卷 / 02期

关键词：

Authentication; Deep packet inspection (DPI); Encryption; Network security; Two factors;

D O I：

10.7500/AEPS20180316005

中图分类号：

学科分类号：

摘要：

In order to improve the security of power system communication network in the emerging network security environment and distribution network accessing environment, a forward isolation device based on deep packet inspection and security enhancement is proposed. Based on the principle and vulnerability analysis of the traditional forward isolation device, the field programmable gate array (FPGA) is adopted as isolation island to improve the transmission speed and reduce the error bit rate, the reverse penetrating threat is solved by the deep packet inspection technology, the security of human machine interface (HMI) management is improved by two factor authentication technology, the security of local management is improved by the encryption and authentication technology based on the state secret algorithm. Compared with the traditional forward isolation device, the performance and the security level of proposed device are both improved. Finally, the feasibility of the theory and the practicability of the technology are verified by project application. © 2019 Automation of Electric Power Systems Press.

引用

页码：162 / 167

页数：5

共 17 条

[1] Tong X., Wang X., Inference and countermeasure presupposition of network attack in incident on Ukrainian power grid, Automation of Electric Power Systems, 40, 7, pp. 144-148, (2016)
[2] Ni M., Yan J., Bai R., Et al., Power system cyber-attack and its defense, Automation of Electric Power Systems, 40, 5, pp. 148-151, (2016)
[3] Zheng Z., Han B., Shan X., Et al., Analysis on key technologies for coordinated operation of advanced application software in transmission and distribution network, Automation of Electric Power Systems, 41, 6, pp. 122-128, (2017)
[4] Wang J., Secure information exchange system based on physical isolation technology, (2015)
[5] Li F., Tan M., Fan K., Et al., Network isolation communication scheme to resist against covert channel, Journal on Communications, 35, 11, pp. 96-106, (2014)
[6] Sun Y., Gu H., Network isolation of based on buffered dual channel switching technology, Industrial Control Computer, 27, 4, pp. 106-107, (2014)
[7] Tian X., Qiu Z., Sun C., Et al., Network isolation and switching based on hardware region division and IP packet reintegration, Computer Science, 35, 2, pp. 81-83, (2008)
[8] Yu H., Wu Y., Hu X., Application of positive-isolation gap in electricity system, Computer & Digital Engineering, 42, 10, pp. 1817-1818, (2014)
[9] Xue Z., A research of network isolation technique based on information security management, Journal of Shijiazhuang University, 16, 6, pp. 54-58, (2014)
[10] Wang Y., Yang J., Guo G., Et al., Analysis and prospect of physical isolation technology for network security, Information Security and Communications Privacy, 2, pp. 117-122, (2016)

← 1 2 →