学术论文DOl:10.12379/j.issn.2096-1057.2024.01.11ResearchPapers电力物联网零信任架构下的分布式认证模型唐大圆曹翔林青胡绍谦汤震宇(南京南瑞继保电气有限公司(tangdy@nrec.com)DistributedAuthenticationModelUnderPowerIoTZeroTrustArchitecture南京211102)TangDayuan,CaoXiang,LinQing,HuShaoqian,andTangZhenyu(NRElectricCo.,Ltd.,Nanjing21l102)AbstractAddressingthenewnetworksecuritychallengesbroughttothepowersystembythechangingtrendofalargenumberofdistributedheterogeneousterminalssuchasunlimitedpublicnetworkaccess,newpowerinteractiveservices,andnewinformationtechnologyapplicationinthepowersystem.Thispaperproposesadistributedauthenticationmodelbasedonthezerotrustsecurityarchitecture,givingfullplaytotheadvantagesofzerotrustsecurityconceptandtechnologyundertheoverallsecurityarchitectureofthepowerInternetofThings(IoT).Themodelintegratesthetrustedrootoftrusttechnologyprovidedbythetrustedcomputingmoduleofthepowerterminalhardware.Italsoexpandsandextendstheactivesecurityprotectioncapabilitiesofpowerintelligentterminalsandaccessesnetworkstomeetnewcybersecuritychallengesfacedbyintelligentgrids.Thedistributedauthenticationmodelproposedinthispapersinksthedynamictrustevaluationandsouthboundterminalauthenticationmoduleinthezerotrustsecurityarchitecturetotheedgeintelligentdevice,andsubdividesandexpandsthetrustandaccesscontrolbasedonthetrustedrootprovidedbytheterminaltrustedmodule,andgivesfullplaytothespecificadvantagesofzerotrustsecurityconceptandtechnologyinterminalsecurityaccess,securitymonitoring,andfine-grainedbusinessprotectiononthebasisofcompatibilitywiththeexistingpowerIoTauthenticationmodel,soastoimprovetheoverallnetworksecurityprotectioncapabilityofthepowerIoTsystem.KeywordspowerIoT;zerotrust;trustcomputing;distributedauthentication;SDP摘要针对智能电网大量分布式异构终端无限公网接入、新型电力交互业务、新信息技术应用在电力系统等行业发展趋势给电力系统带来的新型网络安全挑战,基于零信任安全架构,提出一种分布式认证模型,在电力物联网整体安全架构下,充分发挥零信任安全理念和技术的优势,结合电...
