CN110545289A - error data injection attack defense method based on mixed homomorphic encryption - Google Patents
error data injection attack defense method based on mixed homomorphic encryption Download PDFInfo
- Publication number
- CN110545289A CN110545289A CN201910917532.4A CN201910917532A CN110545289A CN 110545289 A CN110545289 A CN 110545289A CN 201910917532 A CN201910917532 A CN 201910917532A CN 110545289 A CN110545289 A CN 110545289A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- state estimation
- homomorphic
- encryption
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
Abstract
The invention discloses a mixed homomorphic encryption-based error data injection attack defense method, which comprises the steps of firstly constructing an attack vector to obtain the influence of a system state estimation result so as to obtain an object needing encryption protection, and rewriting a static Kalman filtering state estimation algorithm iteration process to obtain an iteration form supporting a mixed homomorphic encryption process; then designing a quantization and mapping method from a real number domain to a plaintext space to adapt to homomorphic encryption operation, and respectively designing communication protocols for executing an addition homomorphic algorithm and a multiplication homomorphic algorithm; and finally, defining different groups participating in the state estimation algorithm, designing calculation tasks required to be executed by the different groups, and further designing an encryption state estimation protocol for ensuring the data security in the calculation and communication processes. The protocol solves the problem that the reliability and the accuracy of the calculation result from the plain text domain to the cipher text domain are difficult to guarantee, considers the requirement of each party on data confidentiality, and can effectively resist the injection attack of error data in an information physical system.
Description
Technical Field
The invention relates to the field of information physical system security, in particular to defense against false data injection attacks for system state estimation.
background
With the development of information technology, the traditional industrial system advances to the step of informatization and intellectualization, and an open, efficient and reliable information physical fusion system is gradually formed. Due to the deep integration of the information technology and the physical technology, various security problems faced by the information system gradually permeate the physical system. Especially, due to the introduction of more and more intelligent instruments, general purpose computers and general communication protocols, an originally closed physical system can be attacked by an information system, for example, iran nuclear facilities are attacked by 'seismogram virus' in 2010, and an ukrainian power grid is attacked by 'dark energy virus' in 2015.
The system state estimation is an indispensable functional module in an information physical system for estimating the real state of the system according to noisy measurement data acquired by a data acquisition and monitoring control System (SCADA). For example, in power systems, state estimation is the basis for optimal power flow, fault analysis and economic scheduling. The process of state estimation is shown in fig. 1, which includes three parts. The sensing part measures industrial field data and transmits the industrial field data to the estimator through a public network, the estimator (usually located in a control center) executes an estimation algorithm by combining a system model, judges whether the measured data has bad data or not according to an estimation result, and finally, the estimator transmits the estimation result to units needing application, such as a controller, a fault analysis department and the like. However, there is a lot of work that indicates that the structure of the state estimation is highly vulnerable, e.g. data of the communication channel can be hijacked or tampered with. An attacker-constructed error data injection attack can freely change the measured value and bypass the bad data detector in the state estimation algorithm.
much research is currently done to consider only the theft and attack of measurement data during transmission, and little is done to analyze the security of the estimator. In practice, the estimator is more threatened. The system knowledge that the attacker can acquire by taking the estimator as an attack target is more. First, estimators are typically provided by third party manufacturers and may have backdoors or holes. And secondly, the estimator collects industrial field data, system state estimation results and system model parameters, and the data directly reflect the operation state and physical characteristics of the system and are extremely important to the system side, so that the intrusion estimator can comprehensively acquire system information and execute more hidden attacks. In addition, as the scale of the system increases, in order to realize real-time control and monitoring, the system side may outsource the state estimation task to a third-party server or a cloud service provider, so that the key data of the system side is easier to steal and utilize. With these data, an attacker can construct an error data injection attack strategy with strong concealment, causing huge physical damage and economic loss to the system. Therefore, it is particularly important to protect the data in the estimator.
The use of encryption technology to secure data has been a hot research in the security field. Most of the research currently focuses mainly on how to secure data in a communication channel, and there is a lack of research on data security in a computing unit. The encryption of communication data has the advantages of realizing light transmission of data and the disadvantages of needing to distribute keys in real time and setting up a credible key management center. And, it cannot guarantee that data participates in operations in the ciphertext state. In a calculation unit, such as an estimator, all data participating in the operation remains in the clear. In recent years, some work adopts the idea of secure multiparty computation to implement the state estimation algorithm of the ciphertext domain, but the computation protocol is complex, and an additional and complicated communication process needs to be added. The invention adopts a mixed homomorphic encryption scheme, combines the homomorphic characteristics of addition and multiplication, realizes the full ciphertext operation in the state estimation process, and simultaneously ensures the data security in a communication channel and an estimator.
disclosure of Invention
In order to realize the protection of system measurement data and system model parameters and solve the problem that the prior method can not realize ciphertext domain operation or has large communication load, the invention provides an encryption estimation algorithm which is executed in a full ciphertext state in a state estimation operation process, has less extra communication traffic and effective operation result, and can simultaneously protect key data in a communication channel and an estimator so as to resist the hidden error data injection attack.
the technical scheme adopted by the invention for solving the technical problems is as follows: a method for defending against error data injection attacks based on hybrid homomorphic encryption comprises the following steps:
(1) combining with a system physical dynamic model, providing parameters which must be obtained by an attacker for executing attack, further constructing an attack vector, obtaining the influence of a system state estimation result, and further obtaining an object needing encryption protection as follows: system model parameters, measurement values and state estimation results;
(2) Rewriting a static Kalman filtering state estimation algorithm iteration process to obtain an iteration form capable of supporting a mixed homomorphic encryption and decryption process; the state estimation algorithm iterative process is rewritten as follows:
h ∈ Rn × l, l ═ n + m, r (t) ∈ Rn × l, represents a state estimation result at time t-1, y (t) represents a measurement value at time t, a represents a system matrix, C represents a measurement matrix, K represents a static kalman gain, represents a calculation result of a system parameter, n represents a state dimension, m represents a measurement dimension, and a matrix H including a system model parameter and system state information r (t) are objects to be protected by encryption, where the system state information includes the measurement value and the state estimation result.
(3) Designing a quantization and mapping method from a real number domain to a plaintext space, quantizing and mapping system model parameters and system state information rewritten in the iterative process of a state estimation algorithm to the plaintext space from the real number domain to adapt to homomorphic encryption operation; the quantization method from the real number domain to the plaintext space comprises the following steps:
For the matrix of system model parameters H: quantization error elimination is used, i.e. for each element in H, it is first converted to fractional form and then the matrix is multiplied by the common denominator of all elements, i.e.:
where α is the common denominator, which is the quantization result of the matrix H.
for system state information r (t): adopting a parameter random quantization method, for an element ri (t) in r (t), if ri (t) is e [ mu k, mu k +1), and mu k +1 are integers, the quantization result is according to the following probability distribution form:
wherein Pr (-) represents a probability value representing the quantization result of ri (t), and p is greater than or equal to 0 and less than or equal to 1.
The mapping of the quantization result to the cryptographic algorithm plaintext space M is:
Wherein, the mapping result is represented, the quantization result of the real number x is represented, fm (·) represents the mapping function, and N is the modulus parameter of the cryptographic algorithm.
(4) encrypting the mapping result in the step (3) by adopting a public key of an addition homomorphic encryption scheme to obtain ciphertext data of system model parameters, measurement values and state estimation results; respectively designing communication protocols for executing the addition homomorphic algorithm and the multiplication homomorphic algorithm according to the confidentiality of system model parameters, measured values and state estimation results, and taking ciphertext data as the input of the communication protocols for the addition homomorphic algorithm and the multiplication homomorphic algorithm;
(5) defining three groups of a data provider, a core algorithm executor and a state estimation result application party participating in a state estimation algorithm, and designing calculation tasks required to be executed by different groups in a ciphertext domain state estimation algorithm by using a communication protocol of an addition homomorphic algorithm and a multiplication homomorphic algorithm;
(6) and integrating the steps to design an encryption state estimation protocol for ensuring the data security in the calculation and communication processes.
further, in the step (1), the attacker may construct an attack vector as follows to realize the hidden attack of the bad data detector:
Y≡{y(τ)|y(τ)=CAKy(t),τ≥t}
Wherein t represents attack start time, τ represents attack duration, C e r m x n, a e r Rn x n and K e r Rn x m represent system parameters, Ya represents an attack vector sequence, Ya (τ) e Rm represents an attack vector, i.e., error data injected into the measurement value, and Ya (t) e Rm represents an initial attack vector; further, the influence on the system state estimation result is:
Wherein, representing the real state estimation result, Xa is the sequence of the state estimation result under attack, and is the state estimation result at the time τ under the attack, T ∈ Rm × m is a diagonal matrix, if the ith measurement value is tampered, Tii is 1, otherwise, Tii is 0.
further, in the step (4), the multiplicative homomorphic algorithm is:
wherein, for the decryption algorithm, sk1 is a decryption key, corresponding to ciphertext domain operation of plaintext multiplication, pk1 is an encryption key, M1 belongs to M, and M2 belongs to M and is an original plaintext;
The addition homomorphic algorithm comprises the following steps:
Wherein, the operation is the ciphertext domain operation corresponding to the plaintext addition.
further, in the step (5), the calculation tasks required to be performed by the three groups, i.e., the data provider, the core algorithm executor, and the state estimation result applier, are specifically: the data provider is responsible for encrypting the measured value and the system model parameter by adopting an addition homomorphic scheme and transmitting the encrypted measured value and the system model parameter to a core algorithm executing party, namely an encryption estimator, the encryption estimator executes an addition homomorphic algorithm based on ciphertext domain data and transmits an operation result C1 to an estimation result applying party, and the state estimation result applying party decrypts and recovers C1, encrypts the encrypted result by adopting a multiplication homomorphic scheme and transmits C2 to the encryption estimator; the encryption estimator executes a multiplication homomorphic algorithm and sends an operation result C3 to a state estimation result application party; and the state estimation result application party decrypts and recovers the C3 to obtain a state estimation result, encrypts the state estimation result by adopting a public key of an addition homomorphic encryption scheme and feeds back the state estimation result to the encryption estimator for iterative operation.
Further, in the step (6), the designed encryption state estimation protocol is as follows:
Wherein, note: indicating a safe addition operation (homomorphic addition); an indication of a secure multiply operation (homomorphic multiplication); an h indicates a modulo exponential operation; pk1 and sk1 represent the public and private keys of a multiplicative homomorphic cryptographic algorithm; pk2 and sk2 represent the public and private keys of an additive homomorphic cryptographic algorithm; fq represents a real number quantization algorithm; fm represents an integer mapping algorithm; m is a plaintext space; representing data under multiplicative homomorphic encryption; representing data under additive homomorphic encryption; → denotes data mapping; → data transfer; c represents the ciphertext; v (t) is an intermediate result calculated by a state estimation result application party, and d is a random variable; is an element in the ith row and the jth column in the matrix; d-1 represents the modulo inverse of d. An estimation result representing an initial state, a quantization result representing x, a mapping result representing x, Enc (×) pk1 representing an encryption algorithm of an additive homomorphic scheme, Enc (×) pk2 representing an encryption algorithm of a multiplicative homomorphic scheme, an estimation result representing x, Dec (×) sk1 representing a decryption algorithm of an additive homomorphic scheme, and Dec (×) sk2 representing a decryption algorithm of a multiplicative homomorphic scheme, representing an integer recovery algorithm; fq-1 denotes the restoration of an integer to a real number. And the mapping result of the state estimation result after the recovery and the return at the time t.
Further, the fuzzy operation is based on the multiplicative fuzzy (fuzzy) principle as follows:
b(ax)mod L=bmod L
where ax ≡ 1mod L, i.e., x ≡ a-1mod L
furthermore, in the safety state estimation protocol, the encryption result of the communication channel data and the system model parameters can directly participate in the state estimation algorithm, and the validity of the estimation result can be ensured.
The invention has the beneficial effects that: aiming at the state estimation process of the information physical system, the situation that an estimator or a communication channel is hijacked by an attacker is considered, the key data of the system is tried to be obtained to execute destructive error data injection attack, and the data security is ensured by adopting an encryption technology, namely, the data is not stolen or tampered; after a homomorphic encryption algorithm is introduced, the problem that various operations of a state estimation algorithm input as a ciphertext are difficult to execute is solved, and safe addition and multiplication of a ciphertext domain are realized; the method has the advantages that all parties participating in the state estimation process are defined and assigned with tasks, and by means of a mixed homomorphic encryption scheme, the designed encryption state estimation protocol can ensure that any party and an external attacker cannot acquire measurement data, system model parameters and state estimation results at the same time. The encryption state estimation protocol is simple and convenient in design process, the obtained state estimation algorithm based on the hybrid homomorphic encryption can effectively estimate the system state, and the communication traffic of all parties is small. Compared with the traditional encryption method, the method can resist the attack of error data injection of a direct intrusion estimator, and enhances the safety of the information physical system.
drawings
FIG. 1 is a state estimation framework diagram;
FIG. 2 is a schematic diagram of an encryption state estimation protocol calculation process;
FIG. 3 is a diagram of an IEEE 9-bus system model;
FIG. 4 is a comparison of the dominant node voltage estimation results under an encryption-based state estimation protocol and a state estimation algorithm without encryption;
FIG. 5 is a comparison chart of the fluctuation of the power generation voltage under the encryption state estimation protocol and the state estimation calculation method without encryption;
FIG. 6 is a statistical result chart based on the difference between the state estimation results under the encryption state estimation protocol and the state estimation calculation method without encryption;
FIG. 7 is a diagram of output state estimation error covariance change based on the encryption state estimation protocol;
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples.
as shown in fig. 1, the method for defending against an error data injection attack based on hybrid homomorphic encryption provided by the present invention includes the following steps:
Step 1, modeling a dynamic process of an information physical system to obtain the following equation set:
wherein x (t) ε Rn, y (t) ε Rm, A ∈ Rn × N, C ∈ Rm × N, w (t) ε Rn, and v (t) ε Rm represent independent white Gaussian noise, i.e., w (t) N (0, Q), v (t) N (0, E), Q ∈ Rn × N, and R ∈ Rm represent the covariance of the noise. The initial state x (0) follows a zero-mean gaussian distribution. Controllable, (A, C) considerable. Based on the system dynamic model, a state estimation result can be obtained by adopting a Kalman filtering algorithm:
P=APA+Q-APC(CPC+R)CPA
K=PC(CPC+E)
wherein, K ∈ Rn × m represents a Kalman gain matrix, and P ∞ Rn × n represents a covariance matrix of the state estimation error of the steady-state Kalman filtering.
Further, for the system dynamics model given above, consider an error data injection attack:
y′(t)=Cx(t)+Ty(t)+v(t)
where ya (T) e Rm represents the error data injected by the attacker, T e Rm × m represents the diagonal matrix, the diagonal elements are 0 or 1, and if the ith measurement value is attacked, Tii becomes 1, otherwise Tii becomes 0. Based on a steady-state Kalman filtering algorithm, if an attacker injects an attack sequence, the method comprises the following steps:
Y≡{y(τ)|y(τ)=CAKy(t),τ≥t}
where t denotes an attack start time, τ denotes an attack duration, Ya denotes an attack vector sequence, and Ya (τ) e Rm denotes an attack vector. The impact on the system state estimation result is:
where Xa is an influence sequence of the state estimation result and is an influence of the state estimation result at time τ.
Further, in order to enable the steady-state kalman filtering algorithm to satisfy the homomorphic encryption operation framework, the iterative process in the state estimation algorithm is rewritten as follows:
where H ∈ Rn × l, l ═ n + m, and r (t) ∈ Rn × l. It is emphasized that the matrix H containing system model parameters and r (t) containing system state information are the objects that need to be cryptographically protected.
Further, since the encryption algorithm can only be executed in the non-negative integer plaintext space, all real numbers participating in the operation need to be quantized and mapped:
The method for quantizing real numbers into integers comprises the following steps:
for system model parameters H: quantization error elimination is used, i.e. for each element in H, it is first converted to fractional form and then the matrix is multiplied by the common denominator of all elements, i.e.:
where α is the common denominator, which is the quantization result of the matrix H.
For the system state parameter r (t): with a parametric random quantization method, that is, for one element ri (t) in r (t), if ri (t) e [ μ k, μ k +1), μ k, μ k +1 are integers, and σ ═ μ k +1- μ k is a quantization parameter, the quantization result is according to the following probability distribution form:
wherein Pr (-) represents a probability value representing the quantization result of ri (t), and p is greater than or equal to 0 and less than or equal to 1.
the mapping method from the integer space to the plaintext space of the cryptographic algorithm comprises the following steps:
Wherein, the mapping result is represented, fm (·) represents the mapping function, and N is the modulus parameter of the cryptographic algorithm.
Further, because all variables participating in the state estimation algorithm are quantized, the variables need to be restored in the output result of the algorithm, and the quantization and restoration method of the variables is as follows:
TABLE 1 parameter quantization and restoration
Further, an iterative process of state estimation based on the quantization results is obtained:
in the final output, it is restored to:
And further, performing task division on three parties participating in the state estimation process. The data provider is responsible for encrypting original measurement data (data containing noise) and system model parameters and transmitting the encrypted data to a core algorithm executor, namely an encryption estimator, the encryption estimator operates the data based on the ciphertext and transmits an operation result to an estimation result application party, and the estimation result application party decrypts the data and obtains a final state estimation result.
Further, the secure multiplication is:
wherein, sk1 is a decryption key, corresponding to ciphertext domain operation, and pk1 is an encryption key, M1 belongs to M, and M2 belongs to M, which is the original plaintext. The safe addition is as follows:
further, in order to secure the security of the data exchanged between the encryption estimator (core algorithm executing side) and the estimation result applying side, a multiplicative fuzzy (multiply bind) method, that is,
wherein d is a random variable indicating a multiplication homomorphic operation for an intermediate result of the calculation of the encryption estimator (core algorithm executing side).
Further, when performing an additive homomorphism operation in the encryption estimator, the random variable d is removed, i.e.
wherein, the element in the ith row in the matrix, h represents modulo exponential operation, and d-1 represents modulo inversion of d.
as shown in fig. 2, based on the idea of multi-party secure computation, the designed encryption state estimation protocol is as follows:
wherein, note: indicating a safe addition operation (homomorphic addition); an indication of a secure multiply operation (homomorphic multiplication); an h indicates a modulo exponential operation; pk1 and sk1 represent the public and private keys of a multiplicative homomorphic cryptographic algorithm; pk2 and sk2 represent the public and private keys of an additive homomorphic cryptographic algorithm; fq represents a real number quantization algorithm; fm represents an integer mapping algorithm; m is a plaintext space; representing data under multiplicative homomorphic encryption; representing data under additive homomorphic encryption; → denotes data mapping; → data transfer; c represents the ciphertext; v (t) is an intermediate result calculated by a state estimation result application party, and d is a random variable; is an element in the ith row and the jth column in the matrix; d-1 represents the modulo inverse of d. An estimation result representing an initial state, a quantization result representing x, a mapping result representing x, Enc (×) pk1 representing an encryption algorithm of an additive homomorphic scheme, Enc (×) pk2 representing an encryption algorithm of a multiplicative homomorphic scheme, an estimation result representing x, Dec (×) sk1 representing a decryption algorithm of an additive homomorphic scheme, and Dec (×) sk2 representing a decryption algorithm of a multiplicative homomorphic scheme, representing an integer recovery algorithm; indicating that the integer is restored to a real number. And the mapping result of the state estimation result after the recovery and the return at the time t.
The fuzzy operation is based on the multiplicative fuzzy (fuzzy) principle as follows:
b(ax)mod L=bmod L
Where ax ≡ 1mod L, i.e., x ≡ a-1mod L.
examples
the embodiment uses IEEE 9-bus system in PowerWorld for algorithm verification, and the IEEE 9-bus system is shown in figure 3. Considering the voltage control problem, its dynamic model is approximated as:
Wherein, the system state x (t) represents the voltage value of the leading node, and the control variable u (t) represents the voltage value of the power generation node. In general, where ρ ∈ (0, 1), x (0) is a reference voltage. The iterative process of the system state estimation algorithm is as follows:
further, the air conditioner is provided with a fan,
in the simulation process, the multiplication homomorphic algorithm adopts RSA, the key length is 512 bits, the parameter e of the public key is 65537, and the public key and the private key are generated according to the RSA algorithm rule. The additive homomorphism algorithm adopts Paillier, and the key length is 512 bits. The quantization parameters of the measured value y (t) and the system state estimation result are: σ x ═ σ y ═ 0.01.
in order to verify the validity of the output result of the encryption state estimation protocol, fig. 4 shows the variation of the voltage of the dominant node and the voltage difference of the reference. Compared with the state estimation algorithm without encryption, the estimation algorithm based on the encryption state estimation protocol has better performance. Both algorithms start to converge after approximately 20 iterations, and at 20 iterations the estimated results of both algorithms differ the most from the reference by 0.0225 (dominant node 5, encrypted) and 0.0202 (dominant node 5, not encrypted), 0.0157 (dominant node 6, encrypted) and 0.0168 (dominant node 6, not encrypted), 0.0138 (dominant node 8, encrypted) and 0.0123 (dominant node 8, not encrypted). FIG. 5 shows the voltage variation of the power generation node, and compares the state estimation algorithm with encryption and the state estimation algorithm without encryption, and after 20 iterations, the control parameters output by the two algorithms have the maximum difference of 0.0024 (power generation node 1), 0.0153 (power generation node 2) and 0.0101 (power generation node 3).
The output results of the two state estimation algorithms (encrypted and unencrypted) are compared, and the statistical result of the voltage difference of the output nodes (the leading node and the generating node) is shown in figure 6. The result shows that the difference of the output results is almost 0, which indicates that the state estimation algorithm based on the encryption state estimation protocol is effective.
further, fig. 7 shows the fluctuation of the covariance of the state estimation error based on the encryption state estimation protocol. The upper bound of the state estimation error covariance two-norm is 0.001 during 500 iterations. The stability of the state estimation algorithm based on the encryption state estimation protocol is guaranteed.
Claims (5)
1. A method for defending against error data injection attacks based on hybrid homomorphic encryption is characterized by comprising the following steps:
(1) Combining with a system physical dynamic model, providing parameters which must be obtained by an attacker for executing attack, further constructing an attack vector, obtaining the influence of a system state estimation result, and further obtaining an object needing encryption protection as follows: system model parameters, measurements, and state estimates.
(2) Rewriting a static Kalman filtering state estimation algorithm iteration process to obtain an iteration form capable of supporting a mixed homomorphic encryption process; the state estimation algorithm iteration process is rewritten as follows.
H ∈ Rn × l, l ═ n + m, r (t) ∈ Rn × l, represents a state estimation result at time t-1, y (t) represents a measurement value at time t, a represents a system matrix, C represents a measurement matrix, K represents a static kalman gain, represents a calculation result of a system parameter, n represents a state dimension, m represents a measurement dimension, and a matrix H including a system model parameter and system state information r (t) are objects to be protected by encryption, where the system state information includes the measurement value and the state estimation result.
(3) designing a quantization and mapping method from a real number domain to a plaintext space, quantizing and mapping system model parameters and system state information rewritten in the iterative process of a state estimation algorithm to the plaintext space from the real number domain to adapt to homomorphic encryption operation; the quantization method from the real number domain to the plaintext space is as follows.
For the matrix of system model parameters H: quantization error elimination is used, i.e. for each element in H, it is first converted to fractional form and then the matrix is multiplied by the common denominator of all elements, i.e.:
Where α is the common denominator, which is the quantization result of the matrix H.
For system state information r (t): adopting a parameter random quantization method, for an element ri (t) in r (t), if ri (t) is e [ mu k, mu k +1), and mu k +1 are integers, the quantization result is according to the following probability distribution form:
Wherein Pr (-) represents a probability value representing the quantization result of ri (t), and p is greater than or equal to 0 and less than or equal to 1.
The mapping of the quantization result to the cryptographic algorithm plaintext space M is:
Wherein, the mapping result is represented, the quantization result of the real number x is represented, fm (·) represents the mapping function, and N is the modulus parameter of the cryptographic algorithm.
(4) encrypting the mapping result in the step (3) by adopting a public key of an addition homomorphic encryption scheme to obtain ciphertext data of system model parameters, measurement values and state estimation results; and respectively designing and executing communication protocols of the addition homomorphic algorithm and the multiplication homomorphic algorithm according to the confidentiality of system model parameters, measured values and state estimation results, and taking ciphertext data as the input of the communication protocols of the addition homomorphic algorithm and the multiplication homomorphic algorithm.
(5) three groups of a data provider, a core algorithm executor and a state estimation result application party participating in the state estimation algorithm are defined, and the calculation tasks required to be executed in the ciphertext domain state estimation algorithm by different groups are designed by applying a communication protocol of an addition homomorphic algorithm and a multiplication homomorphic algorithm.
(6) And integrating the steps to design an encryption state estimation protocol for ensuring the data security in the calculation and communication processes.
2. The method for defending against false data injection attack based on hybrid homomorphic encryption as claimed in claim 1, wherein in step (1), an attacker can construct the following attack vector to realize the hidden attack of the bad data detector:
Y≡{y(τ)|y(τ)=CAKy(t),τ≥t}
Wherein t represents attack start time, τ represents attack duration, C e r m x n, a e r Rn x n and K e r Rn x m represent system parameters, Ya represents an attack vector sequence, Ya (τ) e Rm represents an attack vector, i.e., error data injected into the measurement value, and Ya (t) e Rm represents an initial attack vector; further, the influence on the system state estimation result is:
wherein, representing the real state estimation result, Xa is the sequence of the state estimation result under attack, and is the state estimation result at the time τ under the attack, T ∈ Rm × m is a diagonal matrix, if the ith measurement value is tampered, Tii is 1, otherwise, Tii is 0.
3. the method for defending against false data injection attack based on hybrid homomorphic encryption according to claim 1, wherein in the step (4), the multiplicative homomorphic algorithm is:
Wherein, for the decryption algorithm, sk1 is a decryption key, corresponding to ciphertext domain operation of plaintext multiplication, pk1 is an encryption key, M1 belongs to M, and M2 belongs to M and is an original plaintext;
the addition homomorphic algorithm comprises the following steps:
Wherein ≧ is ciphertext domain operation corresponding to plaintext addition.
4. The method for defending against false data injection attack based on hybrid homomorphic encryption as claimed in claim 1, wherein in the step (5), the computing tasks required to be performed by the three groups of the data provider, the core algorithm executor and the state estimation result applier are specifically: the data provider is responsible for encrypting the measured value and the system model parameter by adopting an addition homomorphic scheme and transmitting the encrypted measured value and the system model parameter to a core algorithm executing party, namely an encryption estimator, the encryption estimator executes an addition homomorphic algorithm based on ciphertext domain data and transmits an operation result C1 to an estimation result applying party, and the state estimation result applying party decrypts and recovers C1, encrypts the encrypted result by adopting a multiplication homomorphic scheme and transmits C2 to the encryption estimator; the encryption estimator executes a multiplication homomorphic algorithm and sends an operation result C3 to a state estimation result application party; and the state estimation result application party decrypts and recovers the C3 to obtain a state estimation result, encrypts the state estimation result by adopting a public key of an addition homomorphic encryption scheme and feeds back the state estimation result to the encryption estimator for iterative operation.
5. The method for defending against false data injection attack based on hybrid homomorphic encryption according to claim 1, wherein in the step (6), the designed encryption state estimation protocol is:
Wherein, note: indicating a safe addition operation (homomorphic addition); an indication of a secure multiply operation (homomorphic multiplication); an h indicates a modulo exponential operation; pk1 and sk1 represent the public and private keys of a multiplicative homomorphic cryptographic algorithm; pk2 and sk2 represent the public and private keys of an additive homomorphic cryptographic algorithm; fq represents a real number quantization algorithm; fm represents an integer mapping algorithm; m is a plaintext space; representing data under multiplicative homomorphic encryption; representing data under additive homomorphic encryption; → denotes data mapping; → data transfer; c represents the ciphertext; v (t) is an intermediate result calculated by a state estimation result application party, and d is a random variable; is an element in the ith row and the jth column in the matrix; d-1 represents the modulo inverse of d. An estimation result representing an initial state, a quantization result representing x, a mapping result representing x, Enc (×) pk1 representing an encryption algorithm of an additive homomorphic scheme, Enc (×) pk2 representing an encryption algorithm of a multiplicative homomorphic scheme, an estimation result representing x, Dec (×) sk1 representing a decryption algorithm of an additive homomorphic scheme, and Dec (×) sk2 representing a decryption algorithm of a multiplicative homomorphic scheme, representing an integer recovery algorithm; indicating that the integer is restored to a real number. And the mapping result of the state estimation result after the recovery and the return at the time t.
Wherein the fuzzy operation is based on a multiplicative fuzzy (multiplication fuzzy) principle as follows:
b(ax)mod L=b mod L
Where ax ≡ 1mod L, i.e., x ≡ a-1mod L.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910917532.4A CN110545289B (en) | 2019-09-26 | 2019-09-26 | Error data injection attack defense method based on mixed homomorphic encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910917532.4A CN110545289B (en) | 2019-09-26 | 2019-09-26 | Error data injection attack defense method based on mixed homomorphic encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110545289A true CN110545289A (en) | 2019-12-06 |
| CN110545289B CN110545289B (en) | 2021-01-01 |
Family
ID=68714646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910917532.4A Active CN110545289B (en) | 2019-09-26 | 2019-09-26 | Error data injection attack defense method based on mixed homomorphic encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110545289B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995409A (en) * | 2020-02-27 | 2020-04-10 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| CN113268707A (en) * | 2021-06-11 | 2021-08-17 | 中国电子科技集团公司第三十研究所 | Ciphertext covariance matrix calculation method based on row coding |
| CN115225305A (en) * | 2022-04-12 | 2022-10-21 | 上海大学 | Attack detection and recovery method for distributed economic dispatch of microgrid under network attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110283099A1 (en) * | 2010-05-13 | 2011-11-17 | Microsoft Corporation | Private Aggregation of Distributed Time-Series Data |
| CN103259643A (en) * | 2012-08-14 | 2013-08-21 | 苏州大学 | Matrix fully homomorphic encryption method |
| CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
| CN107592195A (en) * | 2017-09-12 | 2018-01-16 | 北京电子科技学院 | A kind of accurate full homomorphism ciphertext data manipulation method and system |
| CN108965258A (en) * | 2018-06-21 | 2018-12-07 | 河南科技大学 | A kind of cloud environment data integrity verification method based on full homomorphic cryptography |
| CN108989330A (en) * | 2018-08-08 | 2018-12-11 | 广东工业大学 | The double-deck defence method of false data injection attacks in a kind of electric system |
-
2019
- 2019-09-26 CN CN201910917532.4A patent/CN110545289B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110283099A1 (en) * | 2010-05-13 | 2011-11-17 | Microsoft Corporation | Private Aggregation of Distributed Time-Series Data |
| CN103259643A (en) * | 2012-08-14 | 2013-08-21 | 苏州大学 | Matrix fully homomorphic encryption method |
| CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
| CN107592195A (en) * | 2017-09-12 | 2018-01-16 | 北京电子科技学院 | A kind of accurate full homomorphism ciphertext data manipulation method and system |
| CN108965258A (en) * | 2018-06-21 | 2018-12-07 | 河南科技大学 | A kind of cloud environment data integrity verification method based on full homomorphic cryptography |
| CN108989330A (en) * | 2018-08-08 | 2018-12-11 | 广东工业大学 | The double-deck defence method of false data injection attacks in a kind of electric system |
Non-Patent Citations (2)
| Title |
|---|
| ZHENYONG ZHANG: "Secure Kalman Filter State Estimation by Partially Homomorphic Encryption", 《2018 9TH ACM/IEEE INTERNATIONAL CONFERENCE ON CYBER-PHYSICAL SYSTEMS》 * |
| 欧阳柳: "电力企业计算机网络防病毒措施的研究", 《浙江电力》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995409A (en) * | 2020-02-27 | 2020-04-10 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| CN113268707A (en) * | 2021-06-11 | 2021-08-17 | 中国电子科技集团公司第三十研究所 | Ciphertext covariance matrix calculation method based on row coding |
| CN113268707B (en) * | 2021-06-11 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Ciphertext covariance matrix calculation method based on row coding |
| CN115225305A (en) * | 2022-04-12 | 2022-10-21 | 上海大学 | Attack detection and recovery method for distributed economic dispatch of microgrid under network attack |
| CN115225305B (en) * | 2022-04-12 | 2024-04-19 | 上海大学 | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110545289B (en) | 2021-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Secure and practical outsourcing of linear programming in cloud computing | |
| Prouff et al. | Masking against side-channel attacks: A formal security proof | |
| Lei et al. | Outsourcing large matrix inversion computation to a public cloud | |
| CN110363030A (en) | For executing the method and processing equipment of the Password Operations based on lattice | |
| CN110545289B (en) | Error data injection attack defense method based on mixed homomorphic encryption | |
| EP3179668B1 (en) | Methods and devices for estimating secret values | |
| Zhang et al. | Secure state estimation using hybrid homomorphic encryption scheme | |
| US20180083780A1 (en) | Method for verifying information | |
| US20120163584A1 (en) | Method and system for protecting a cryptography device | |
| WO2014100788A2 (en) | Managed secure computations on encrypted data | |
| Nassar et al. | Paillier's encryption: Implementation and cloud applications | |
| Jayapandian et al. | Secure and efficient online data storage and sharing over cloud environment using probabilistic with homomorphic encryption | |
| EP3226460A1 (en) | Secret key estimation methods and devices | |
| Xu et al. | Secure and practical output feedback control for cloud-enabled cyber-physical systems | |
| Kaaniche et al. | A novel zero-knowledge scheme for proof of data possession in cloud storage applications | |
| Zhang et al. | Private outsourcing of polynomial evaluation and matrix multiplication using multilinear maps | |
| Patil et al. | Big data privacy using fully homomorphic non-deterministic encryption | |
| CN114640436A (en) | Packet statistical parameter calculation method and device based on privacy protection | |
| CN105119929A (en) | Safe mode index outsourcing method and system under single malicious cloud server | |
| Zamani et al. | Private state estimation for cyber-physical systems using semi-homomorphic encryption | |
| Siim | A comprehensive protocol suite for secure two-party computation | |
| Yang et al. | RLWE-Based ID-DIA protocols for cloud storage | |
| Xu et al. | Information security protocol based system identification with binary-valued observations | |
| Zhang et al. | Quadratic Optimization Using Additive Homomorphic Encryption in CPS | |
| Sani et al. | R-chain: a universally composable relay resilience framework for smart grids |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |