Research On Secure Access Technology Of Power Terminal Communication Access Network

The power terminal communication network is an important part of the power communication network,which is the extension of the main network.It carries a large number of National Grid business applications.With the deployment of various business system platforms,the complexity of the power grid system continues to increase.In order to ensure the security of power grid information system,a smart grid security protection system has been established.The sub domain management mode is adopted to protect the external domain,DMZ domain and internal domain with different security levels,especially the trusted access management mechanism for the internal domain.In recent years,with the popularization of the Internet of things,the development of ubiquitous power connection technology has been greatly promoted.However,it also brings challenges in network access security and data interaction security,especially with the increasingly complex communication networking mode,the traditional power terminal communication network based on EPON is gradually transformed into the hybrid networking mode of EPON,Wi-Fi,TD-LTE and other access modes.At the same time,due to the requirements of business interaction,a large number of access requests and transmission data interact with the grid business platform deployed in the trusted network through different types of access methods.Therefore,how to ensure the power terminal communication network access and interaction security has become a problem to be solved.On the one hand,for secure access authentication,we need to optimize the existing TNC architecture to ensure trusted access and prevent the occurrence of platform replacement attacks.On the other hand,after the completion of trusted access,a set of secure data interaction mechanism,which adapts to the existing system of National Grid,is needed to realize the secure exchange of data and the authorized access of business systems.So,it is necessary and urgent to launch research on the above two kinds of problems.This paper first proposed a trusted network certifiable security connection protocol model based on user identity binding.This protocol uses a shared key negotiated by the network access layer to achieve user and platform binding authentication,which can effectively ensure effectiveness and prevent platform replacement attack.At the same time,platform untrusted model(PUM)and platform trusted model(PTM)are given based on CK model.it is verified that the security of the protocol in PTM environment can be proved,so as in PUM environment through binder verification,thus proving the overall security of the designed protocol.Finally,the protocol plaintext and ciphertext are tested through the actual environment,and the throughput and delay meet the expected design parameters.Then,combined with the characteristics of power grid business application,integrating SQL agent,proxy filtering and black-and-white list technology,a secure switching bus scheme based on data isolation and proxy filtering is proposed.On the basis of ensuring the stable operation of the existing network,the scheme completes the security isolation of untrusted network and trusted network through adaptive isolation exchange module.The security exchange of database data is realized by SQL agent technology,and the authorized access of business system is realized by proxy filtering technology.At the same time,based on the white list keyword extraction technology,the flexibility of the scheme is enhanced while ensuring the overall security.Through the actual test,it is verified that the security switching bus scheme based on data isolation and proxy filtering can block all kinds of attacks against TCP / IP and refuse illegal users to operate the core database of intranet.Combined with the problems encountered in my practical work,according to the actual production needs of power grid,based on the above theory,a secure access platform based on trusted access and switching bus is designed and constructed.The platform mainly includes two subsystems: trusted network access and secure switching bus,which guarantee the trusted access of terminal system and secure interaction of data or application access.After the actual test,the platform can effectively resist all kinds of attacks,limit the user access rights,and effectively encrypt the transmission data,which has achieved good practical results.The results of this paper shall be widely used,which can effectively strengthen the security access ability of power terminal communication access network,to solve the problem of platform replacement attack faced by trusted network access,and realize the data interaction and authorized access between trusted network and untrusted network through data security exchange bus.It has strong economic and social significance to improve the security protection level of core network,backbone communication network and terminal access network.