At present, China is vigorously promoting the construction of urbanization, so it has put forward higher requirements for urban lighting. Since the power consumption of urban street lamps accounts for a large proportion of the total electricity consumption of urban public utilities, the energy-saving work of street lamps is an inevitable direction for the development of urban management. Article 5 of the Notice of the General Office of the State Council on the implementation of the National Energy Conservation Initiative, which was implemented on August 1, 2008, states: “Controlling street lighting and landscape lighting, and properly opening and closing street lights under the premise of ensuring the safety of vehicles and pedestrians. ". The traditional street lamp control system has the disadvantages of being unable to remotely control, not automatically recognizing the faulty street lamp, and the large amount of manual work. The intelligent street light control system can remotely control any street light within the range, and can remotely identify the faulty street light, which greatly improves the faulty street light maintenance reaction time. In addition, the intelligent street light control system can provide flexible and diverse control schemes for different lighting needs according to various electrical parameters and operating conditions of the lighting system, thereby making urban street lighting more energy efficient. Informatization is a double-edged sword. It promotes the intelligent control of street lamps and brings potential safety hazards to street lamps. Street lamp safety belongs to the scope of municipal and industrial control safety. When the street lamp control system is attacked, the social impact is also difficult to estimate. 2. At the same time, considering that smart street lamps are also an application in the field of electricity, the intelligent construction of street lamps is The extension of smart grid construction, therefore, this paper applies the security protection experience in smart grid construction to the field of intelligent street lamps, and escorts the intelligent construction of street lamps. 1 Intelligent Street Light System 1.1 System Introduction System Topology Diagram The intelligent street light system can be divided into three parts: the main station layer, the communication layer and the terminal layer. The main station layer of the system composed of the intelligent street lamp system is composed of the main station management system, which includes the main station server, the geographic information system and the monitoring center. The server is the information for storing and managing the street lights; the monitoring center sends instructions to the centralized controller through the server, controls each street lamp in real time, and periodically polls and detects whether each street lamp works normally; the geographic information system is embedded in the city map. In-line monitoring, rapid positioning of all local devices, lighting conditions, and alarm conditions on the system, which can accurately locate and quickly process various abnormal conditions at the first time. A communication channel such as an opportunistic mesh (OPM) is constructed to construct a communication channel between the collector and the primary station. The terminal layer collects all the control information of the street lamp according to the municipal plan. The communication mode between it and each street lamp control sub-module adopts Zigbee or GPRS or OPM. Each control module is responsible for collecting street light control information and sending it to the concentrator. System function The main function of the intelligent street lamp system is to provide the streetlights for the first: Xie Daping (1984-), master, engineer. Research direction: network security, chip security, cloud security, grid security, etc. E-mail: Xiedapinggmail.com communication layer terminal layer intelligent street light system topology map "three remote" control of street light equipment. The so-called "three remotes" are "remote control", "remote communication" and "telemetry". The function is divided into two parts: automatic control and manual control. Uphill / Shibai. The controller automatically reports its online status and local street lights to the monitoring computer through the inspection method. The street light management personnel can use the electronic map function provided by the system to monitor the current state of the device intuitively by monitoring the computer, quickly locate the faulty device on the map, and troubleshoot the fault in the shortest possible time. 1.2 The workflow between the workflow master station and the concentrator is transmitted through GPRS, power line carrier, etc. Moreover, the transmission of all current messages is transmitted in plain text using the public network. Considering the linear characteristics of the streetlight network, in order to reduce the cost, the workflow between the concentrator and the streetlight control module is usually transmitted by means of wireless communication, that is, Zigbee, OPM, etc., and all messages are transmitted using plaintext. 2 Security risks 2.1 Communication between the primary station and the concentrator concentrator and the primary station system using the public network When transmitting data and control messages between the concentrator and the primary station, security risks are encountered, and the transmitted data is tampered with and The risk of stealing. For the downlink, when the primary station sends a control message to the concentrator, if it is tampered with, it may cause an abnormal illumination of the entire area instantaneously and continuously. This poses a great threat to urban security, while reducing residents' satisfaction with the municipality and causing social panic. For the uplink, when the concentrator needs to report the information of the current street lamp to the primary station, if it is tampered with, it may cause the background control center to misroute, resulting in waste of government resources. 2.2 Concentrator and street lamp control module The safety between the concentrator and the street lamp control module is similar to that between the concentrator and the main station, in addition to facing a greater security threat. The security of wireless communication methods such as Zigbee/OPM is facing a huge threat, making the communication information between the streetlight control module and the concentrator more easily stolen and falsified. With the acceleration of the construction of intelligent cities, video surveillance provides security for every citizen, and also improves the efficiency of public security organs, providing more evidence. The effectiveness of ordinary video surveillance depends on street lighting. quality. If the criminals destroy the streetlights at the pre-selection scene before committing the crime, the video surveillance system will be invalid. 3 security technology 3.1 encryption and decryption technology encryption and decryption technology is usually divided into symmetric encryption algorithm and asymmetric encryption algorithm. Symmetric encryption is a single-key cryptosystem, in which the encryption key is equal to the decryption key, or can be derived from each other; according to the length of each encryption: serial password (streaming password), block cipher. The symmetric encryption algorithm used in this scheme is a block cipher algorithm. A double-key cryptosystem used in an asymmetric key cryptosystem, a cryptographic algorithm that uses a public key for encryption and a private key for decryption. It is known that a public key for a private key is computationally infeasible. Commonly used RSA and ECC two symmetric encryption algorithms. Compared with RSA (see Table 1), ECC has the following advantages: strong anti-aggression. The same key length, its anti-attack is many times stronger. The calculation amount is small and the processing speed is fast. Low bandwidth requirements. When encrypting and decrypting long messages, the above two types of cryptosystems have the same bandwidth requirements, but the ECC bandwidth requirements are much lower when applied to short messages. Table 1 RSA and ECC security model length comparison break time ECC (the number of instructions executed by the key computer / s. MIPS year means that it runs for 1 year in millions of times / s. The algorithm has the same security as the 1023bitRSA algorithm, using the international public security generators SecurityBuilder and BSAFE3. For testing, see Table 2, the performance of the ECC algorithm is excellent with the RSA algorithm. The functional safety generator key pair generates the same security for signature authentication key exchange, using the international public security generators SercurityBuilder 1.2 and BSAFE3. carry out testing. See Table 2, the performance of the ECC algorithm is excellent with the RSA algorithm. Because the wireless transmission mode between the streetlight terminals is used, the asymmetric algorithm used in this scheme selects SM2 (the ECC algorithm developed by the China Commercial Cryptographic Bureau) or the ECC algorithm, and the symmetric algorithm selects SM1 (National Commercial Cryptographic Algorithm) or AES. algorithm. 3.2 Digital signature technology or endpoint repudiation technology, defined in the IS07498-2 standard: some data attached to a data unit, or a cryptographic transformation of a data unit, which allows the recipient of the data unit Used to confirm the integrity of the data unit source and data unit, and to protect the data from being forged by a person (such as a recipient), or only a string of digits that cannot be forged by a sender of the information. This string of digits is also A valid proof of the authenticity of the information sent to the sender of the message. Digital signatures can only use asymmetric encryption algorithms. In this scheme, ECDSA is used as the digital signature mechanism. 3.3 Hash Function The hash function H is an explicit function that maps an arbitrarily long message to a shorter, fixed-length value H(M). H(M) is called a hash value, a message, and is a function of all bits in a message, providing the ability to detect errors. 4 Security Solution 4.1 Security Solution In order to achieve remote intelligent security control of street lights, it is necessary to prevent information from being tampered with and eavesdropped. Municipal safety considerations require industrial-grade safety standards, so advance the use of domestic security algorithms when using security algorithms. The data is encrypted using the SM1 algorithm and the data is signed using the SM2 algorithm. There are two implementation schemes for the security protection scheme of the terminal control module: 1 software implementation, that is, integrating the corresponding security algorithm into the MCU; 2 hardware implementation, that is, using the security chip to implement the function of the encryption and decryption algorithm. The high-speed cryptographic algorithm engine in the security chip can greatly improve the efficiency, and at the same time ensure that the key does not clear out the firmware, which is the advantage of hardware implementation relative to software implementation. The solution using the security chip has performance in addition to the security factor, because the street lamp control module considers the cost factor, the master MCU used is an 8-bit low-end MCU, if it is running on it. The security algorithm, only the choice of a better and more expensive MCU, the price of ESAM is lower, so on the basis of performance and cost, choose ESAM as the implementation of the coprocessor. In this solution, we use hardware implementation to build an overall security protection network. 4.2 Security Architecture As shown, a key management system and a secure chip issuance system are added at the primary station level. The key management system includes a cipher machine and a cryptographic server to implement key generation and key security detection functions, and the security chip issuing system fills the initial key of the security chip. The data received by the primary station side is decrypted or checked using the key management server, and the data sent out is encrypted or accompanied by signature information. In addition, a key management system and a secure chip issuance system have been added at the primary station level. The key management system includes a cipher machine and a cryptographic server to implement key generation and key security detection. In the key management system of the State Grid, a three-level key management mechanism is adopted, that is, the national power grid level, the network provincial level, and the prefecture-level city level, wherein the national power grid level and the network provincial level have the authority to generate a root key, according to The business application needs to download the corresponding partial keys to the operator card and the cipher machine respectively. In the intelligent street lamp management system, since the actual application is based on the city or the zone, a level key management mechanism is adopted, that is, only one root key is generated to implement the generation and distribution of the password. At the same time, the Shamir threshold is used in the generation of the root password. The realization of the five-point three-in-one mechanism is to randomly select the parameters of one quadratic curve as the root key, and select five points on the curve, which are respectively assigned to five managers, and five managers The at least three managers in the same time can provide the points they manage to recover the parameters of the curve, and then obtain the root key. The random number leads the seed national network level root key level decentralized code I business root key I operator card cipher machine I three level key management system security chip issuing system fills the initial key of the security chip and other functions. The data received by the master station layer is decrypted or checked by the key management server, and the data sent out is encrypted or accompanied by signature information. In the terminal layer embedded security chip to the security control module, the logic see. The metering chip is responsible for the measurement of current and voltage; the clock chip R D is responsible for clock synchronization; the wireless acquisition module can select Zigbee or OPM to realize the transmission of wireless information; the relay realizes the control of the street light switch; in addition, combined with the actual application , increase the corresponding sensor. The security chip implements data security protection, decrypts and verifies the received data, encrypts the transmitted data, and adds signature information. 4.3 Workflow The master station system is equipped with a data encryption cipher machine, and a security encryption module is embedded in each concentrator terminal and control node to provide security protection for the uplink and downlink of the communication respectively. For the uplink, the streetlight control node uses ESAM encryption for the collected data, and then sends the encrypted data to the concentrator through the power line or wirelessly, and transmits it to the primary station system through the public network, and the primary station system needs to transmit the data to the data. Encrypt the cipher machine to decrypt the data, and the decrypted data can be processed later. For the downlink, when the primary station system needs to deliver control data, it needs to be sent to the data encryption cipher machine for data encryption. After the data is transmitted to the concentrator terminal, the concentrator terminal sends it to the controller, and the controller uses the security. After the chip is decrypted, the data can enter the subsequent data processing. The secure encryption and signature of secure chip data ensures the security and integrity of data transmission. 4.4 Classification of security levels Different security protection levels are selected for different applications, and different security protections are provided. See Table 3. Table 3 Security Level Classification Security Level Encryption Signature High Medium Low Note: Y indicates selection; N indicates no selection. For example, the overall streetlight control information issued by the management center selects a high-security encryption mode. For single-light control and single-lamp active reporting of abnormal information, select the medium security level. 4. Security Analysis In terms of security algorithm selection, the symmetric algorithm selects the 128-bit SM1 algorithm, the asymmetric algorithm selects the 256-bit SM2 algorithm, and the hash algorithm selects SHA256. See Table 4. Table 4 Security Scheme Protection Level Algorithm Selection Algorithm Security Level The symmetric asymmetric hash algorithm is based on the analysis in Table 4. The security level of the system is 128bit to the financial and industrial security level. Through the pilot of 168 street lights in a park, adding security has no effect on overall system performance. In the key management scheme, when 3 of the 5 managers lose their managed subkeys, the root key cannot be recovered, thereby causing the risk of the entire key management system crashing. For this special case, the solution is to randomly select the quadratic curve, generate the root key, and then remotely update the key of each control module security chip through the super administrator authority, thereby solving the security risk. 4.6 Performance Analysis The communication rate can average up to 4Mb/s or even higher. Through experimental simulation test, the 128-bit SM1 algorithm has an encryption speed of 53.56 kb/s and a decryption speed of 55.65 kb/s. The 256-bit SM2 algorithm has a signature speed of 184.5 ms/time. The verification speed is the current collection of street lamps. The information is still relatively small. Considering the future expansion, the security chip has no effect on the performance of the original streetlight control module. 5 Conclusion In summary, the intelligent street lamp control security technology based on security chip can solve the security problems faced by the current intelligent street lamp control system. Under the condition of not affecting the performance of the existing system, by providing a 128bt security level protection mechanism, the decision-making and management transmission of intelligent street lamp control for energy conservation and environmental protection is escorted. In addition, the safety street light wireless communication network can supplement the common communication system when special events such as earthquakes and fires occur, enrich the communication method and improve the communication quality. Winnowing Machine,Winnowing Rice,Seed Winnowing Machine,Grain Winnowing Machine Hunan Furui Mechanical and Electrical Equipment Manufacturing Co., Ltd. , https://www.thresher.nl