Research on Safety Protection Control of Equipment Terminal Access based on Power Private Network

In this paper, based on the application requirements of the power industry for the wireless private network, the networking and security protection technology of the power wireless private network are studied. Firstly, it analyzes the necessity of establishing the electric power wireless private network, and then gives the system architecture and technical system of the electric power wireless private network; studies the security risks and Countermeasures Faced by the TD-LTE wireless private network, and analyzes the technical applicability of the TD-LTE wireless private network in combination with the electric power wireless technology policy, so as to provide a reference for the construction of the electric power wireless communication network.

Basic networking structure of TD-LTE power private network In order to provide a good coverage area, TD-LTE power wireless special network base station usually installs the RF remote end unit to a high and open place, and installs the baseband processing unit to the interior of the machine room, and uses DC power supply to interconnect with MSTP equipment through Ethernet port for data return. The base station is responsible for controlling the data transmission of the communication terminal in the airport and allocating the communication channel resources to the terminal. The core network is responsible for user authentication, the management of the session between the terminal and the core network, and the management of terminal mobility. The terminal communicates with the base station through the Uu Interface, and the base station establishes the transmission link through the X 2 interface. The base station is connected with the core network through the S 1 interface of the transmission network. The core network is composed of multiple devices, among which relevant control signaling or data are transmitted through S 11 , S 6a , S 5 and other standard interfaces.
Base stations in different frequency bands need to consider the bandwidth requirements corresponding to different services at the same time in order to take into account all types of services. For example, in the distribution network automation service, the service flow is that each "three remote", "two remote" and "one remote" terminal is centralized to the distribution network automation center master station. Each 110kV substation has about 100-200 10kV node equipment, and the communication bandwidth demand of each node equipment is about 1-5kbit/s, so in this service, about 1Mbit/s communication bandwidth is provided for each substation within the coverage; in the measurement automation service, because this service is mainly responsible for the monitoring and management of load and distribution transformer, each 110kV substation is about 600-1000 There are metering automation nodes with a transmission period of 15min, so each node is allocated a bandwidth of about 3Mbit/s in this service. In the mobile broadband office business, employees can use intelligent terminals to access the network through the power wireless broadband special network to realize remote mobile office, which is especially suitable for outdoor inspection and maintenance, so each terminal is allocated with a bandwidth of about 1Mbit/s. Due to the large demand of service bandwidth, the terminal should be located near the base station as far as possible to meet the bandwidth demand with high-order modulation. In the substation video monitoring service, due to the real-time requirements of video transmission, at least 2Mbit/s bandwidth shall be allocated to each video monitoring terminal. Because the throughput of the base station with low-order modulation far from the base station is difficult to meet the demand of video bandwidth, the video terminal should also be located as close to the base station as possible.

Analysis of technical characteristics of electric power wireless private network
SC-FDMA is used in TD-LTE special network and OFDM is used in downlink. Its frequency band is mainly applied for lower carrier frequency band, such as 230MHz. Therefore, TD-LTE multi carrier technology pays more attention to spectrum utilization and system coverage, which can meet the bandwidth requirements of power wireless communication special network.
In terms of transmission bandwidth, the transmission bandwidth allocated by domestic TD-LTE public network shall be at least 20MHz. The bandwidth resource of wireless private network is relatively tight compared with public network. Generally, the provincial radio management department divides 5MHz or 10MHz frequency resource for an industry or department in a certain region by means of temporary authorization.
In TD-LTE system, MIMO multi antenna technology is used to realize parallel transmission of space channel and increase space transmission resources. In the pursuit of higher communication quality and reliability, MIMO multi antenna technology can effectively improve the communication quality and data transmission rate without increasing the transmission power and bandwidth, and ensure the high reliability of the power wireless private network.
Wireless private network is generally a single-mode network of LTE technology, which has certain particularity in coverage, data flow, terminals and other aspects. The base station of the electric power wireless special network is mainly covered by key areas, without large-scale seamless coverage; the electric power service terminal is mainly data service, with low mobility requirements, low single point service flow, and the data volume of the uplink service is larger than that of the downlink service [5]. Power TD-LTE wireless private network is generally connected with power service terminal by CPE terminal or embedded module.

Key technology of TD-LTE power wireless private network security risk prevention
Communication security is an important factor to restrict the power wireless private network. According to the requirements of regulations on safety protection of secondary power system and general scheme for safety protection of power system issued by the State Electricity Regulatory Commission, the information communication network of power system follows the policy of "safety zoning, network exclusive, horizontal isolation and vertical authentication". The security risk prevention technology involved in the TD-LTE power wireless private network with security as the first priority has become the focus of the business departments [6].
The security risks of TD-LTE power wireless private network mainly come from four aspects: communication terminal, air interface, base station and core network. Communication terminal risks mainly include illegal USIM card access and illegal terminal access; air interface risks refer to the interception and tampering of air radio signals; base station risks mainly include the deception of user access through pseudo base station to control user behavior; And the core network risks mainly include the theft of user information through access to network management.
In view of the above security risks, TD-LTE system adopts security protection mechanisms such as user identity security, two-way authentication, encryption and integrity protection to improve the security capability and reliability of the network: 1) User identity security: TD-LTE system adopts two mechanisms: temporary identity and encrypted permanent identity to protect user identity. Temporary identity refers to the use of a frequently updated and temporarily assigned identity in the air interface to replace the permanent identity, so as to significantly reduce the probability of permanent identity intercepted by the air interface. Encrypting permanent identity refers to encrypting the transmitted identity as much as possible in the air interface.
2) Two way authentication: in order to deal with security risks such as "illegal USIM card access" , pseudo base station, etc., TD-LTE wireless network adopts two-way authentication mode. The implementation principle is to save a key related to user ID on both the terminal side and the core network side, and check the other Party's key when the communication terminal accesses the network to determine whether it is legal. Through the authentication of the network to the end user, the illegal AESEE 2020 IOP Conf. Series: Earth and Environmental Science 512 (2020) 012123 IOP Publishing doi:10.1088/1755-1315/512/1/012123 5 end user can be prevented from accessing the network. Here, using cryptography to solve various problems becomes the core of solving problems.
3) Encryption and integrity protection: in response to security risks such as "air interface data is intercepted and tampered", TD-LTE system introduces two layers of security mechanisms, i.e. wireless access (as) layer security and non-wireless access (NAS) layer security, to encrypt and protect the signaling or data transmitted between terminal and base station, terminal and core network respectively.

Conclusion
The safety protection control of equipment terminal access based on power private network is studied. First of all, the necessity of establishing the electric power wireless private network is analyzed, and the system architecture and technical system of the electric power wireless private network is gived; Also this paper the security risks and countermeasures faced by the TD-LTE wireless private network is studied. At present, there are still some problems in the wireless private network technology in the power industry, such as imperfect standards, inconsistent spectrum resources, and insufficient operation and maintenance power, which largely restrict the large-scale application of TD-LTE wireless private network technology. Therefore, the application of TD-LTE technology in the electric power industry should be steadily promoted by the strategy of "lease based, small-scale pilot".