Shulou(Shulou.com)06/01 Report--

At present, the existing pilot projects of distribution automation (including national network and southern power network) do not consider secondary security, but in the transformer power network above 110KV, secondary security is a very important construction content, mainly due to the previous distribution automation construction is not standard, and the technical conditions are not mature. 2 ○ February 9, 2011 State Grid dispatching document (2011) 168 "notice on strengthening the Security Protection of Distribution Automation system" clearly stated that the distribution automation system is located in production control zone 1 and must do a good job in security protection. In the special technical specification of the material procurement standard of the State Grid Corporation, it is proposed that the distribution terminal should be equipped with an one-way authentication module of asymmetric key technology that meets the technical function requirements of document (2011). At present, the company's distribution network terminal does not have an encryption module. In order to make the distribution network terminal products more competitive in the market, it is necessary to add the encryption module as soon as possible to meet the demand. Reference material State Grid Corporation material Purchasing Standard (General Technical Specification for data acquisition Terminal 2009 Edition) State Grid Corporation material Purchasing Standard (Station Terminal Unit DTU Special Technical Specification 2010 Edition) overall design Distribution network transformer monitoring terminal security protection, its main purposes: first, to prevent the interruption of power supply to users through the public network. Second, at the same time to prevent a wider range of security risks through the public network and the user terminal * master station. In accordance with the requirements of "General Security Protection Scheme of Electric Power Secondary system" and "Security Protection Scheme of Distribution Secondary system", and with reference to the principles of "security zoning, network dedicated, horizontal isolation, vertical authentication", aiming at the special points of medium and low voltage distribution network automation system below 10kV, such as a large number of substations and long interval of remote control commands, the medium and low voltage distribution network automation system using public communication mode is adopted. Vertical boundary security protection is carried out, such as one-way identity authentication technology of digit certificate based on asymmetric encryption. Tsinghua Tongfang uses the self-developed security chip TF32A09 to develop an application scheme suitable for the security protection of distribution network terminals. at present, the technology is mature and begins to be gradually used in distribution network terminal protection. Aiming at the following security protection modes: security mode downlink message uplink message one-way authentication (compatible mode) the master station adopts the private key signature, the terminal adopts the master station public key verification signature to deal with the one-way authentication + symmetric encryption (incompatible mode) the master station adopts the private key signature, and uses the symmetric key to encrypt the data. After the terminal uses the same symmetric key to decrypt, the master station public key verification terminal uses the symmetric key encryption, the master station uses the same symmetric key decryption (optional) one-way authentication + asymmetric encryption (incompatible mode) the master station uses the private key signature and encryption, the terminal uses the master station public key decryption, the signature verification terminal adopts the master station public key encryption. Tsinghua Tongfang uses private key to decrypt the main station (optional) based on the independent security chip TF32A09, Tsinghua Tongfang uses the State Secret security algorithm to develop a series of corresponding solutions for the southern power grid and the national power grid on the premise of meeting the technical specifications for security protection of the State Grid. Now make a detailed introduction to TF32A09, please refer to as follows: high-speed encrypted stream chip TF32A09 TF32A09 series chip is a high-speed, high-performance information security SoC chip independently designed by Tongfang Co., Ltd. using domestic master 32-bit SoC. This series of chips integrates high-speed security encryption algorithm and communication interface, adopts unique data stream encryption and decryption processing mechanism, realizes the function of synchronous encryption and decryption of high-speed data stream, and surpasses the domestic similar chips in encryption and decryption speed. At the same time, this series of chips also integrate keyboard control module, which can be widely used in the design of high-end keyboard and security keyboard. TF32A09 series chips support symmetric cryptographic algorithms, asymmetric cryptographic algorithms and hash algorithms specified by × ×, as well as other international cryptographic algorithms. This series of chips have high integration, strong security, rich interfaces, fast encryption and decryption speed, low power consumption, and high performance-to-price ratio. This series of chips can be widely used in finance, e-government, e-commerce and other security fields.

Chip features l CPU processor 32-bit CPU core external bus support 8-bit / 16-bit / 32-bit access l-on-chip memory cell 20KB SRAM 64KB ROM 512KB FLASH l DES/3DES encryption algorithm supports DES, 3DES algorithm supports ECB mode and CBC mode DES encryption and decryption speed 27MByte/s @ 80MHz 3DES encryption and decryption speed 11.5MByte/s @ 80MHz l RSA/SM2 coprocessor implements 192-bit 2048-bit modular addition, modular subtraction, modular multiplication, modular inversion, Modular idempotent basic arithmetic operations l RSA asymmetric algorithm supports 1024 RSA operations 1024 bit RSA signatures 32 times per second @ 80MHz The number of validations is 32 / s @ 80MHz l SM1 algorithm packet length is 128 bits, key length is 128 to 256 bits encryption speed 43.7MByte/s@80MHz l SM2 algorithm encryption algorithm packet length 128Byte Key length 256bit signature algorithm packet length 256bit, key length 256bit l SM3 algorithm summary value length 256bit l SM4 algorithm encryption and decryption speed 29.5MByte/s@80MHz l random number generator hardware random number generator, pass the international standard FIPS140-2 test generation speed 9.2MByte/s@80MHz l keyboard control interface (KPP) 20x10 array scan, support 200keys Including 73 custom keys to support arbitrary 4 keys simultaneously press l 2 USB2.0 OTG interfaces to support high-speed 480Mbps and full-speed 12Mbps transmission mode USB1 support 6 EndPoint,USB2 support 3 EndPoint l 2 SPI master / slave interfaces can transmit 8-bit, 16-bit or 32-bit data per interruption Transmission speed 400KByte/s l 6 external interrupt I NFC O can be used as 6 independent programmable Imax O multiplex l NFC (Nandflash) interfaces with ECC check module Can be corrected to 8-bit or 16-bit support 4 NandFlash l other interfaces 2-way ISO-7816 (T0) master / slave interface 2-way UART master-slave mode 1-I2C-1 16-bit PWM 32 highlights of the product: high-speed data stream encryption: integrated with a variety of high-speed hardware encryption algorithm modules, encryption steps are implemented by proprietary modules, so that the speed of data stream encryption can be as high as 25MB/s, there is a qualitative leap. The first domestic company with USB master interface: two USB-OTG interfaces, which can be set to Host, Device or OTG; to support up to 6 endpoints according to application requirements, and can be set as multiple composite devices to meet the design needs of users as much as possible. Comprehensive algorithm: integrate a variety of communication interfaces and a variety of information security algorithms (SM1, SM2, SM3, SM4, 3DES, RSA, etc.) to achieve a highly integrated single chip solution. L support online debugging: IDE debugging environment adopts CodeWarrior, which is powerful and easy to use. Product serialization: a variety of product models are available for customers to choose from. Resource comparison table Resource / Model TF32A9FAL0 (LQFP-176) TF32A9FBL1 (LQFP-100) TF32A9FCL1 (LQFP-80) TF32A9FDL1 (LQFP-64) encryption algorithm / hardware Random number SM1 ●●●● SM2 ●●●● SM3 ●●●● SM4 DES ●●●● RSA ●●●● ●●●● Storage ROM (64K) ●●●● RAM (20K) ●●●● FLASH (512K) ●●●● Communication Interface USB2 .0 (OTG) ● * 2 ● * 2 ● * 1 ● * 2SPI ● * 2 ● * 1 ● * 1 ● * 17816 ● * 2 ● * 1 ● * 1--UATR ● * 2 ● * 1 ● * 2 ● * 1IIC ●●●● NANDFLASH ●-●-KPP ●●-PMW GPIO (without reuse) * 32 * 1 en22# * en23# * 2 other resources DMA INT (external interruption) * en26# * en27 * 6 ● * 6PIT ●●●● Wrapper ●●●● emulation JTAG ●-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.