ImageVerifierCode 换一换
格式:PDF , 页数:94 ,大小:4.30MB ,
资源ID:578410      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-578410.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS EN 62351-9-2017 Power systems management and associated information exchange - Data and communications security - Part 9 Cyber security key management for power system equipment.pdf)为本站会员(towelfact221)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS EN 62351-9-2017 Power systems management and associated information exchange - Data and communications security - Part 9 Cyber security key management for power system equipment.pdf

1、Power systems management and associated information exchange Data and communications security Part 9: Cyber security key management for power system equipment (IEC 62351-9:2017)BS EN 62351-9:2017BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06EUROPEAN STANDARD NORME

2、EUROPENNE EUROPISCHE NORM EN 62351-9 July 2017 ICS 33.200 English Version Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9 :2017) Gestion des systmes de puissance et changes

3、 dinformations associs - Scurit des communications et des donnes - Partie 9: Gestion de cl de cyberscurit des quipements de systme de puissance (IEC 62351-9 :2017) Energiemanagementsysteme und zugehriger Datenaustausch - IT-Sicherheit fr Daten und Kommunikation - Teil 9: Cyber security Schlssel-Mana

4、gement fr Stromversorgungsanlagen (IEC 62351-9 :2017) This European Standard was approved by CENELEC on 2017-06-22. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without

5、 any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other

6、 language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus

7、, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey

8、and the United Kingdom. European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CENELEC All rights of exploitation in any form and by

9、 any means reserved worldwide for CENELEC Members. Ref. No. EN 62351-9:2017 E National forewordThis British Standard is the UK implementation of EN 62351-9:2017. It is identical to IEC 62351-9:2017.The UK participation in its preparation was entrusted to Technical Committee PEL/57, Power systems man

10、agement and associated information exchange.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standa

11、rds Institution 2017 Published by BSI Standards Limited 2017ISBN 978 0 580 94718 6ICS 33.200Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2017.Amendmen

12、ts/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 623519:2017EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 62351-9 July 2017 ICS 33.200 English Version Power systems management and associated information exchange - Data and communications security - Part 9: Cyber s

13、ecurity key management for power system equipment (IEC 62351-9 :2017) Gestion des systmes de puissance et changes dinformations associs - Scurit des communications et des donnes - Partie 9: Gestion de cl de cyberscurit des quipements de systme de puissance (IEC 62351-9 :2017) Energiemanagementsystem

14、e und zugehriger Datenaustausch - IT-Sicherheit fr Daten und Kommunikation - Teil 9: Cyber security Schlssel-Management fr Stromversorgungsanlagen (IEC 62351-9 :2017) This European Standard was approved by CENELEC on 2017-06-22. CENELEC members are bound to comply with the CEN/CENELEC Internal Regul

15、ations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC m

16、ember. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official vers

17、ions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, th

18、e Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung CEN-CENELE

19、C Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members. Ref. No. EN 62351-9:2017 E BS EN 623519:2017EN 62351-9:2017 2 European foreword The text of document 57/1838/FDIS, future edition 1 of I

20、EC 62351-9, prepared by IEC/TC 57 “Power systems management and associated information exchange“ was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as EN 62351-9:2017. The following dates are fixed: latest date by which the document has to be implemented at national level by publ

21、ication of an identical national standard or by endorsement (dop) 2018-03-22 latest date by which the national standards conflicting with the document have to be withdrawn (dow) 2020-06-22 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent r

22、ights. CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CENELEC by the European Commission and the European Free Trade Association. Endorsement notice The text of the International Standard IEC 62351-9:2017

23、was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: IEC 62351-3 NOTE Harmonized as EN 62351-3. BS EN 623519:2017EN 62351-9:2017 2 European foreword The text of document 5

24、7/1838/FDIS, future edition 1 of IEC 62351-9, prepared by IEC/TC 57 “Power systems management and associated information exchange“ was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as EN 62351-9:2017. The following dates are fixed: latest date by which the document has to be imp

25、lemented at national level by publication of an identical national standard or by endorsement (dop) 2018-03-22 latest date by which the national standards conflicting with the document have to be withdrawn (dow) 2020-06-22 Attention is drawn to the possibility that some of the elements of this docum

26、ent may be the subject of patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CENELEC by the European Commission and the European Free Trade Association. Endorsement notice The text of the Intern

27、ational Standard IEC 62351-9:2017 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: IEC 62351-3 NOTE Harmonized as EN 62351-3. EN 62351-9:2017 3 Annex ZA (normative) No

28、rmative references to international publications with their corresponding European publications The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated refer

29、ences, the latest edition of the referenced document (including any amendments) applies. NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant EN/HD applies. NOTE 2 Up-to-date information on the latest versions of the European Standards

30、listed in this annex is available here: www.cenelec.eu Publication Year Title EN/HD Year IEC/TS 62351-2 - Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms - - ISO/IEC 9594-8/ Rec. ITU-T X.509 2017 2016 Information technology

31、- Open Systems Interconnection - The Directory - Part 8: Public-key and attribute certificate frameworks - - ISO/IEC 9834-1/ Rec. ITU-T X.660 2012 2011 Information technology - Procedures for the operation of object identifier registration authorities: General procedures and top arcs of the internat

32、ional object identifier tree - - RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 - - RFC 5272 - Certificate Management over CMS (CMC) - - RFC 5934 - Trust Anchor Management Protocol (TAMP) - - RFC 6407 - The Group Domain of Interpretation - - IETF RFC 6960 - X.509 - Internet Publi

33、c Key Infrastructure Online Certificate Status Protocol - OCSP - - RFC 7030 - Enrolment over Secure Transport - - SCEP IETF Draft, Simple Certificate Enrolment Protocol, draft-gutmann-scep-04.txt BS EN 623519:2017This page deliberately left blank 2 IEC 62351-9:2017 IEC 2017 CONTENTS FOREWORD . 6 1 S

34、cope 8 2 Normative references 8 3 Terms and definitions 9 4 Abbreviations and acronyms 14 5 Cryptographic applications for power system implementations . 15 5.1 Cryptography, cryptographic keys, and security objectives 15 5.2 Types of cryptography 16 5.3 Uses of cryptography 16 5.3.1 Goals of cyber

35、security 16 5.3.2 Confidentiality 17 5.3.3 Data integrity . 17 5.3.4 Authentication 18 5.3.5 Non-repudiation . 18 5.3.6 Trust 18 6 Key management concepts and methods in power system operations . 19 6.1 Key management system security policy . 19 6.2 Key management design principles for power system

36、operations 19 6.3 Use of Transport Layer Security (TLS) 19 6.4 Cryptographic key usages . 19 6.5 Trust using a public-key infrastructure (PKI) 20 6.5.1 Registration authorities (RA) 20 6.5.2 Certification authority (CA) 20 6.5.3 Public-key certificates 20 6.5.4 Attribute certificates . 21 6.5.5 Publ

37、ic-key certificate and attribute certificate extensions . 21 6.6 Trust via non-PKI self-signed certificates 22 6.7 Authorization and validation lists . 22 6.7.1 General . 22 6.7.2 AVLs in non-constrained environments 23 6.7.3 AVLs in constrained environments . 23 6.7.4 Use of self-signed public-key

38、certificates in AVLs 23 6.8 Trust via pre-shared keys 23 6.9 Session keys 24 6.10 Protocols used in trust establishment 24 6.10.1 Certification request 24 6.10.2 Trust Anchor Management Protocol (TAMP) 24 6.10.3 Simple Certificate Enrolment Protocol (SCEP) . 24 6.10.4 Internet X.509 PKI Certificate

39、Management Protocol (CMP) . 24 6.10.5 Certificate Management over CMS (CMC) . 25 6.10.6 Enrolment over Secure Transport (EST) 25 6.10.7 Summary view on the different protocols . 25 6.11 Group keys . 26 6.11.1 Purpose of group keys . 26 6.11.2 Group Domain of Interpretation (GDOI) . 26 6.12 Key manag

40、ement lifecycle 31 2 IEC 62351-9:2017 IEC 2017 CONTENTS FOREWORD . 6 1 Scope 8 2 Normative references 8 3 Terms and definitions 9 4 Abbreviations and acronyms 14 5 Cryptographic applications for power system implementations . 15 5.1 Cryptography, cryptographic keys, and security objectives 15 5.2 Ty

41、pes of cryptography 16 5.3 Uses of cryptography 16 5.3.1 Goals of cyber security 16 5.3.2 Confidentiality 17 5.3.3 Data integrity . 17 5.3.4 Authentication 18 5.3.5 Non-repudiation . 18 5.3.6 Trust 18 6 Key management concepts and methods in power system operations . 19 6.1 Key management system sec

42、urity policy . 19 6.2 Key management design principles for power system operations 19 6.3 Use of Transport Layer Security (TLS) 19 6.4 Cryptographic key usages . 19 6.5 Trust using a public-key infrastructure (PKI) 20 6.5.1 Registration authorities (RA) 20 6.5.2 Certification authority (CA) 20 6.5.3

43、 Public-key certificates 20 6.5.4 Attribute certificates . 21 6.5.5 Public-key certificate and attribute certificate extensions . 21 6.6 Trust via non-PKI self-signed certificates 22 6.7 Authorization and validation lists . 22 6.7.1 General . 22 6.7.2 AVLs in non-constrained environments 23 6.7.3 AV

44、Ls in constrained environments . 23 6.7.4 Use of self-signed public-key certificates in AVLs 23 6.8 Trust via pre-shared keys 23 6.9 Session keys 24 6.10 Protocols used in trust establishment 24 6.10.1 Certification request 24 6.10.2 Trust Anchor Management Protocol (TAMP) 24 6.10.3 Simple Certifica

45、te Enrolment Protocol (SCEP) . 24 6.10.4 Internet X.509 PKI Certificate Management Protocol (CMP) . 24 6.10.5 Certificate Management over CMS (CMC) . 25 6.10.6 Enrolment over Secure Transport (EST) 25 6.10.7 Summary view on the different protocols . 25 6.11 Group keys . 26 6.11.1 Purpose of group ke

46、ys . 26 6.11.2 Group Domain of Interpretation (GDOI) . 26 6.12 Key management lifecycle 31 BS EN 623519:2017IEC 62351-9:2017 IEC 2017 3 6.12.1 Key management in the life cycle of an entity 31 6.12.2 Cryptographic key lifecycle 32 6.13 Certificate management processes . 34 6.13.1 Certificate manageme

47、nt process 34 6.13.2 Initial certificate creation 34 6.13.3 Enrolment of an entity 34 6.13.4 Certificate signing request (CSR) process . 36 6.13.5 Certificate revocation lists (CRLs) 37 6.13.6 Online certificate status protocol (OCSP) . 38 6.13.7 Server-based certificate validation protocol (SCVP) .

48、 41 6.13.8 Short-lived certificates . 41 6.13.9 Certificate renewal . 42 6.14 Alternative process for asymmetric keys generated outside the entity . 43 6.15 Key distribution for symmetric keys with different time frames . 44 7 General key management requirements . 44 7.1 Asymmetric and symmetric key

49、 management requirements . 44 7.2 Required cryptographic materials 44 7.3 Public-Key certificates requirements . 45 7.4 Cryptographic key protection. 45 7.5 Use of existing security key management infrastructure 45 7.6 Use of object identifiers 45 8 Asymmetric key management 45 8.1 Certificate generation and installation . 45 8.1.1 Private and public key generation and installation 45 8.1.2 Private and public key renewal 46 8.1.3 Random Number Generation . 46 8.1.4 Certificate policy 46 8.1.5 E

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1