Search

CN-120639424-B - Quantum confidentiality technology-based communication encryption method for intelligent power distribution switch

CN120639424BCN 120639424 BCN120639424 BCN 120639424BCN-120639424-B

Abstract

The invention discloses a communication encryption method of an intelligent power distribution switch based on a quantum secret technology, and belongs to the technical field of communication encryption; the method comprises the steps of generating a quantum QKD key and a quantum random number key through a quantum key platform system, filling the quantum CPE and a quantum security gateway with the quantum random number key, performing access authentication on the quantum CPE and the quantum security gateway to complete establishment of a communication link, establishing an IPsec tunnel, requesting to acquire a session key by the quantum CPE, performing transmission through the quantum security gateway, performing quantum key distribution through the quantum key platform system, deblocking the received packaged session key, acquiring the unpacked session key, confirming the unpacked session key, sending communication data to the quantum CPE through a network cable, and dynamically encrypting the communication data by utilizing a session key combined encryption algorithm.

Inventors

  • ZHANG WANSHENG
  • ZHANG CHAORAN

Assignees

  • 无锡鼎全量子科技有限公司

Dates

Publication Date
20260508
Application Date
20250707

Claims (7)

  1. 1. A communication encryption method of an intelligent power distribution switch based on a quantum secret technology is characterized by comprising the following steps: s1, generating a quantum QKD key and a quantum random number key through a quantum key platform system, and filling a quantum CPE and a quantum security gateway by adopting the quantum random number key; S2, performing access authentication on the quantum CPE and the quantum security gateway to complete establishment of a communication link and establish an IPsec tunnel; S3, requesting to acquire a session key by the quantum CPE, carrying out transparent transmission by the quantum security gateway, and distributing the quantum key by the quantum key platform system, wherein the quantum key comprises one-time sealed package of a quantum random number key to the session key and is distributed to the quantum security gateway and the quantum CPE; s4, the quantum security gateway and the quantum CPE unpack the received packaged session key, acquire the unpacked session key, confirm the unpacked session key and communicate based on a quantum confidentiality technology; S5, the intelligent power distribution switch sends communication data to the quantum CPE through a network cable, and after the quantum CPE receives the communication data sent by the intelligent power distribution switch, the communication data is dynamically encrypted by utilizing a session key in combination with an encryption algorithm, and the specific implementation steps comprise: s51, when preprocessing the security quantification of the session key, calculating the information entropy of the key by using an entropy value detection tool of the national bond rule; S52, testing and marking the quantum attack resistance of the session key, if the session key is negotiated or distributed through a post quantum cryptography algorithm, marking the session key as quantum security resistance, and setting the capacity value corresponding to the session key as a; If the session key is negotiated through the traditional algorithm, marking the session key as being vulnerable to quantum attack, and setting the capacity value corresponding to the session key as b, wherein a and b are positive integers, and a is greater than b; s53, through the formula Calculating a security level value beta of a session key, wherein A, B is the information entropy and the capability value of the session key respectively, B is a or B, alpha is a weight coefficient, and the value is 1;C or more and is a first standard security value; carrying out data analysis on the security level value, and associating the session key with a low security level, a medium security level or a high security level according to an analysis result; s54, when preprocessing the sensitivity level and scene classification is carried out on the communication data, associating the corresponding sensitivity level according to the data type of the communication data, wherein the sensitivity level comprises a high sensitivity level, a medium sensitivity level or a low sensitivity level; S55, acquiring a security level associated with a session key and a sensitivity level associated with communication data, and dynamically implementing a first encryption scheme, a second encryption scheme or a third encryption scheme; and S6, the quantum security gateway decrypts the encrypted communication data according to the corresponding session key and the encryption algorithm to obtain the original communication data sent by the intelligent power distribution switch, and sends the original communication data to the master station.
  2. 2. The communication encryption method for the intelligent power distribution switch based on the quantum secret technology is characterized in that the implementation step S2 comprises the following steps of S21, connecting the intelligent power distribution switch with a quantum CPE, and identifying the quantum security gateway according to the IP address of the intelligent power distribution switch and the ID of the quantum CPE; S22, judging whether the connected intelligent power distribution switch belongs to a legal terminal, if so, carrying out the next step, and if not, refusing access; s23, after judging that the connected intelligent distribution switch belongs to a legal terminal, the quantum CPE and the quantum security gateway establish an IPsec tunnel according to an IPsec protocol; S24, after the IPsec tunnel is established, the quantum CPE and the quantum security gateway carry out communication verification, and the availability of the channel is confirmed by adopting a three-way handshake mode; s25, after the confirmation is acceptable, carrying out the quantum secret communication network access verification of the quantum CPE; And S26, after 3 times of confirmation failure, releasing the quantum CPE and the quantum security gateway and reestablishing the IPsec tunnel.
  3. 3. The intelligent power distribution switch communication encryption method based on the quantum secret technology is characterized in that the specific implementation step of S3 comprises the following steps that S31, a quantum security gateway and a quantum CPE send a session key request to a key service platform, wherein the key length is agreed in advance in the key request; S32, the key service platform receives the session key request and then generates an encapsulation instruction, and transmits the encapsulation instruction to the key generation system; s33, after receiving the packaging instruction, the key generation system acquires the preset key length in the key request, and performs one-time sealing on the session key generated by the QKD system by using the protection key generated by the random number generator, and after the sealing is completed, the session key is respectively sent to the quantum security gateway and the key service platform and then is forwarded to the quantum security gateway and the quantum security CPE by the key service platform; and S34, after the quantum security gateway and the quantum security CPE receive the session key of one-time sealing, sending a confirmation of key receipt to the key service platform, and if only one party receives the session key, canceling the original key and repeating the steps S31 to S33.
  4. 4. The method for encrypting power distribution intelligent power distribution switch communication based on quantum secret technology according to claim 3, wherein the specific implementation step of S4 comprises the following steps: S41, the quantum security gateway and the quantum CPE receive the packaged secret key, and decrypt the secret key by using the filled secret key; S42, after the quantum security gateway and the quantum CPE are decrypted, confirming whether session keys are obtained or not, destroying the protection keys using the quantum random numbers, and carrying out notification interaction with a key service platform; s43, after the quantum security gateway and the quantum CPE confirm to acquire a session key, starting communication based on a quantum security technology according to service requirements; s44, updating the session key according to the issuing period and the dispatching requirement of the key service platform.
  5. 5. The method for encrypting power distribution intelligent power distribution switch communication based on quantum secret technology according to claim 1, wherein if the security level value is smaller than 1, the session key is associated with a low security level; If the security level value is greater than or equal to 1 and smaller than the second standard security value, associating the security level in the session key; and if the security level value is greater than the second standard security value, associating the session key with a high security level.
  6. 6. The method for encrypting power distribution intelligent power distribution switch communication based on quantum secret technology according to claim 1, wherein if a high security level and/or a high sensitivity level exists, a first encryption scheme is implemented; if the medium security level and/or the medium sensitivity level exist, a second encryption scheme is implemented; if a low security level and/or a low sensitivity level is present, a third encryption scheme is implemented.
  7. 7. The method for encrypting power distribution intelligent power distribution switch communication based on quantum secret technology according to claim 6, wherein the first encryption scheme adopts an AEAD mode; A second encryption scheme, which adopts a single encryption+HMAC-SM 3 authentication mode; And the third encryption scheme adopts a single encryption mode.

Description

Quantum confidentiality technology-based communication encryption method for intelligent power distribution switch Technical Field The invention relates to the technical field of communication encryption, in particular to a communication encryption method of an intelligent power distribution switch based on a quantum secret technology. Background Currently, distribution automation emphasizes real-time bidirectional interaction, and business only pays attention to security protection at a master station side and authentication of a terminal to the master station; because the number of the distribution automation terminals is numerous, and the old terminal which is not reformed cannot support message encryption, the distribution automation system mainly adopts a compatible mode of unidirectional authentication, and effective safety protection measures are needed on the terminal side and the access network convergence side. The intelligent switch at present mainly adopts an optical fiber private network or a wireless public network for communication, adopts a traditional encryption mode for encryption, improves the safety of communication, and has the defects that the optical fiber private network is adopted for communication, the communication cost is high, the construction difficulty is high in certain scenes, the public network is adopted for communication, the safety of communication cannot be ensured, the intelligent switch for power distribution can only be applied to a two-remote function, and the safety is insufficient by adopting a traditional encryption technology. Disclosure of Invention The invention aims to provide a communication encryption method for an intelligent power distribution switch based on a quantum secret technology, which is used for solving the technical problems of poor reliability and diversity of communication encryption implementation of the intelligent power distribution switch in the existing scheme. The aim of the invention can be achieved by the following technical scheme: a communication encryption method of an intelligent power distribution switch based on a quantum secret technology comprises the following steps: s1, generating a quantum QKD key and a quantum random number key through a quantum key platform system, and filling a quantum CPE and a quantum security gateway by adopting the quantum random number key; S2, performing access authentication on the quantum CPE and the quantum security gateway to complete establishment of a communication link and establish an IPsec tunnel; S3, requesting to acquire a session key by the quantum CPE, carrying out transparent transmission by the quantum security gateway, and distributing the quantum key by the quantum key platform system, wherein the quantum key comprises one-time sealed package of a quantum random number key to the session key and is distributed to the quantum security gateway and the quantum CPE; s4, the quantum security gateway and the quantum CPE unpack the received packaged session key, acquire the unpacked session key, confirm the unpacked session key and communicate based on a quantum confidentiality technology; s5, the intelligent distribution switch sends the communication data to the quantum CPE through a network cable, and the quantum CPE dynamically encrypts the communication data by utilizing a session key in combination with an encryption algorithm after receiving the communication data sent by the intelligent distribution switch; and S6, the quantum security gateway decrypts the encrypted communication data according to the corresponding session key and the encryption algorithm to obtain the original communication data sent by the intelligent power distribution switch, and sends the original communication data to the master station. S21, connecting the intelligent power distribution switch with the quantum CPE, and identifying the quantum security gateway according to the IP address of the intelligent power distribution switch and the ID of the quantum CPE; S22, judging whether the connected intelligent power distribution switch belongs to a legal terminal, if so, carrying out the next step, and if not, refusing access; s23, after judging that the connected intelligent distribution switch belongs to a legal terminal, the quantum CPE and the quantum security gateway establish an IPsec tunnel according to an IPsec protocol; S24, after the IPsec tunnel is established, the quantum CPE and the quantum security gateway carry out communication verification, and the availability of the channel is confirmed by adopting a three-way handshake mode; s25, after the confirmation is acceptable, carrying out the quantum secret communication network access verification of the quantum CPE; And S26, after 3 times of confirmation failure, releasing the quantum CPE and the quantum security gateway and reestablishing the IPsec tunnel. The implementation step of the S3 preferably comprises the following steps that S31, a quan