CN112953890B - Information encryption method and device for client side energy consumption control system - Google Patents
Information encryption method and device for client side energy consumption control system Download PDFInfo
- Publication number
- CN112953890B CN112953890B CN202110037928.7A CN202110037928A CN112953890B CN 112953890 B CN112953890 B CN 112953890B CN 202110037928 A CN202110037928 A CN 202110037928A CN 112953890 B CN112953890 B CN 112953890B
- Authority
- CN
- China
- Prior art keywords
- information
- encryption
- control system
- hyperchaotic
- encrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 92
- 238000005265 energy consumption Methods 0.000 title claims abstract description 29
- 230000000739 chaotic effect Effects 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 13
- 230000015654 memory Effects 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 8
- 230000009466 transformation Effects 0.000 claims description 6
- 238000006467 substitution reaction Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 28
- 230000006870 function Effects 0.000 description 21
- 239000010410 layer Substances 0.000 description 20
- 238000007726 management method Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000011156 evaluation Methods 0.000 description 8
- 238000012550 audit Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000005457 optimization Methods 0.000 description 5
- 230000000295 complement effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000013210 evaluation model Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004134 energy conservation Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 239000000344 soap Substances 0.000 description 2
- 230000009385 viral infection Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001174 ascending effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 230000001351 cycling effect Effects 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000029087 digestion Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000003631 expected effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000000513 principal component analysis Methods 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The application discloses an information encryption method of a client side energy consumption control system, which comprises the steps of obtaining clear text information to be stored or transmitted by the client side energy consumption control system; and encrypting the plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method. Corresponding systems are also disclosed. The application sequentially carries out hyperchaotic block encryption and AES encryption on the information to be stored or transmitted, thereby effectively ensuring the safety of the client side energy consumption control system information and ensuring the safe and stable operation of the system.
Description
Technical Field
The application relates to an information encryption method and device of a client side energy consumption control system, and belongs to the technical field of control system safety protection.
Background
The functions of the client side energy consumption control system comprise energy consumption monitoring, energy consumption report forms, energy consumption analysis, mass energy consumption data processing, energy saving service and the like, and the client side energy consumption control system can encounter the problems of information network paralysis, application system destruction, service data loss, enterprise information disclosure, terminal virus infection, harmful information transmission, malicious penetration attack and the like in the information transmission process, so that an information encryption method is urgently needed at present, and information security is ensured.
Disclosure of Invention
The application provides an information encryption method and device of a client side energy consumption control system, which solve the problems disclosed in the background technology.
In order to solve the technical problems, the application adopts the following technical scheme:
a method for encrypting information of a client-side usage control system includes,
acquiring clear text information to be stored or transmitted by a client side energy consumption control system;
and encrypting the plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method.
The hyper-chaotic block encryption method comprises the following specific processes,
mapping the plaintext information into a hash value;
taking the hash value as input of two hyperchaotic systems to obtain two sets of chaotic sequences;
performing bitwise exclusive OR processing on the two groups of chaotic sequences to obtain a chaotic cipher sequence;
the plaintext information is encrypted in blocks by adopting a chaotic cipher sequence.
The hash value is used as the input of two hyperchaotic systems, the specific process of obtaining two sets of chaotic sequences is as follows,
and taking the hash value as input of two hyperchaotic systems, selecting initial values of the two hyperchaotic systems as key parameters, and iteratively generating two sets of chaotic sequences.
The specific procedure in the AES encryption method is that,
dividing the hyper-chaotic block encrypted information intoNA 128bit block of information;
dividing the encryption round into encryption rounds according to preset rulesNGroup, respectively encryptNA 128bit block of information;
and combining the outputs of the N groups of encryption rounds to form final encryption information.
The preset rule is that,
will beLIn the encryption round, the firstL 1 +N×L 2 The encryption round is divided into the firstL 1 In the group; wherein, the firstL 1 Group encryption round for encrypting the firstL 1 A 128bit block of information;L 2 is greater than or equal to 0 and less than or equal toL/N-a natural number of 1.
In each encryption round, a dynamically transformed S-box is used to perform byte substitution transformation.
The dynamic transformation S-box generates a formula that is,
;
wherein,for the transformed dynamic S-box byteiA bit;b i(+4)mod8 、b i(+5)mod8 、b i(+6)mod8 、b i(+7)mod8 the dynamic S-box byte in the last encryption round is respectivelyi+4) mod 8bits, (-) -i+5) mod 8bits, (-) -i+6) mod 8bits, (-) -i+7) mod8 bits;C i is the firstiCiphertext with bits encrypted by hyper-chaotic blockhashValues.
An information encryption apparatus for a client-side use control system, comprising,
a plaintext information acquisition module: acquiring clear text information to be stored or transmitted by a client side energy consumption control system;
an encryption module: and encrypting the plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method.
A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform a method of encrypting information for a client-side usage control system.
A computing device comprising one or more processors, one or more memories, and one or more programs, wherein one or more programs are stored in the one or more memories and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing a client-side encryption method for information with a controllable system.
The application has the beneficial effects that: 1. the application sequentially carries out hyperchaotic block encryption and AES encryption on the information to be stored or transmitted, thereby effectively ensuring the safety of the client side user energy control system information and ensuring the safe and stable operation of the system; 2. the application improves the traditional hyperchaotic block encryption method, carries out bitwise exclusive OR processing on two groups of chaotic sequences, and improves the safety of the hyperchaotic block encryption method; 3. the application improves the traditional AES encryption method, blocks the information to be encrypted with more than 128bits, blocks different information blocks are encrypted by the encryption round, and the security of the AES encryption method is improved by adopting a dynamic transformed S box in each round of encryption.
Drawings
FIG. 1 is a flow chart of the method of the present application;
FIG. 2 is a flow chart of a hyperchaotic packet encryption method;
FIG. 3 is a flow chart of a conventional AES encryption method;
FIG. 4 is a flowchart of AES encryption according to the present application;
FIG. 5 is a diagram of the generation of control keys and encryption keys;
fig. 6 is a dynamic S-box generation schematic.
Description of the embodiments
The application is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and are not intended to limit the scope of the present application.
As shown in fig. 1, a method for encrypting information of a client-side energy consumption control system includes the following steps:
step 1, acquiring clear text information to be stored or transmitted by a client side energy control system;
and 2, encrypting the plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method.
The method is mainly applied to the terminal side of the client side energy utilization control system, the hyperchaotic block encryption method should be paid attention to the problems of key parameter selection, continuous chaos sequence discretization and the like, and in addition, the safety performance and the practicability of the method are important indexes which must be considered. Based on these factors, a certain improvement is made on the traditional hyperchaotic block encryption method, and the specific hyperchaotic block encryption method is shown in fig. 2:
a1 Mapping the plaintext information into a hash value.
A2 The hash value is used as the input of two hyper-chaotic systems, and two sets of chaotic sequences are obtained.
And taking the hash value as input of two hyperchaotic systems, selecting initial values of the two hyperchaotic systems as key parameters, and iteratively generating two sets of chaotic sequences.
In the method, parameters of the hyperchaotic system are kept unchanged, the system is ensured to be in a hyperchaotic state, and on the premise, 8 initial values of the two hyperchaotic systems are selected as key parameters, so that the algorithm is ensured to have a sufficiently large key space.
Performing discretization treatment on the hyperchaotic system by adopting a fourth-order Runge-Kutta method; then, discarding the values of the previous 100 iteration sequences in order to ensure that the chaotic sequence generated by the hyper-chaotic system has better random characteristics; finally, performing arithmetic processing such as decimal point shift, modulo operation and the like on the sequence to obtain a chaotic sequence suitable for encryption according to bytes; the specific processing formula is as follows:
;
wherein,i=1, 2, two sets of chaotic sequence numbers; mod is a modulo remainder operation;is a downward rounding operation;are all the firstiThe value range of the elements in the group chaos sequence is [0,255 ]];/>Respectively representing four variables in a fourth-order Runge-Kutta method;k=1,2,3…256。
a3 Performing bitwise exclusive or processing on the two groups of chaotic sequences to obtain a chaotic cipher sequence.
The method comprises the following steps that a certain correlation exists among all state variables generated by the hyperchaotic systems, so that a certain cross correlation possibly exists among generated chaotic sequences, and the risk of being easily identified or estimated exists in cryptanalysis and attack, therefore, the chaotic sequences of the two hyperchaotic systems are subjected to bit exclusive OR, and the specific operation method comprises the following steps:
;
wherein,is bitwise exclusive or operation; />Elements of a chaotic cryptographic sequence.
The relevance between chaotic sequences after bitwise exclusive or is destroyed, so that the safety of the hyperchaotic block encryption method is improved.
A4 Block encrypting the plaintext information by adopting a chaotic cipher sequence; i.e. 4 chaotic sequences are grouped into groups of 4 bytes each for encryption of packet data.
The client side is realized by adopting a MapReduce distributed parallel programming architecture by a terminal side of the energy control system, the Map function is used for realizing hyperchaotic block encryption and AES encryption operation, and the Reduce function is used for completing the combination of encrypted data.
As shown in fig. 3, the conventional AES encryption process is performed, and each round of encryption is composed of four steps: byte substitution transforms, row shifting, column mixing, and round key addition.
Wherein bytes replace the transform: each byte in the matrix is modified using an 8-bit replacement box (i.e., S-box). Line shifting: a linear map that rotates in the rows of all matrices to the left; the first row is left intact, the second row is rotated from the first row, the third row is rotated from the second row, and the fourth row is rotated from the third row. Column mixing: each column of the input matrix is multiplied by a matrix of mixed columns, which provides a corresponding matrix of output columns. Round key addition: the round-robin key is merged with the state, each round-robin key is obtained from the master key by key scheduling, and each byte is merged with the corresponding byte of the round-robin key using bitwise exclusive OR to add the round-robin key.
The conventional AES encryption method uses 128bits of input data, resulting in a certain possibility of attack of the AES encryption method. In order to enhance the security of the AES encryption method, the conventional method is improved, as shown in fig. 4 in detail:
b1 Dividing the hyper-chaotic block encrypted information intoNA 128bit block of information.
The input here is 256bits of information and is thus divided into two 128bits of information blocks, i.eN=2。
B2 Dividing the encryption round into encryption rounds according to a preset ruleNGroup, respectively encryptNA 128bit block of information.
Presetting a rule: will beLIn the encryption round, the firstL 1 +N×L 2 The encryption round is divided into the firstL 1 In the group; wherein, the firstL 1 Group encryption round for encrypting the firstL 1 A 128bit block of information;L 2 is greater than or equal to 0 and less than or equal toL/N-a natural number of 1.
Assuming that the encryption rounds have 10 rounds in total and are divided into 2 groups, the encryption rounds for the first information block are sequentially 1 st, 3 rd, 5 th, 7 th, 9 th encryption rounds, and the encryption rounds for the second information block are sequentially 2 nd, 4 th, 6 th, 8 th, 10 th encryption rounds.
The key length is 256bits, the key is divided into two parts in the encryption process, each part is 128bits, the control key is used for controlling the line shift as shown in fig. 5, and the number of times of the encryption key is used as the added round key.
In each encryption round, a dynamically transformed S-box is used to perform byte substitution transformation. As shown in fig. 6, the hexadecimal digits of the key are exclusive-ored with each other, the hexadecimal digits are used as the shift value, and the value of the S box is obtained by cycling the shift value, which is specifically as follows:
a) Initializing the S box row by row in ascending order of byte values (corresponding to each value representing a coordinate);
b) Map each byte of the S-box to its position in the finite field GF (2 8 ) Is the inverse of (a);
c) The 8 constituent bits of each byte in the S box are recorded as%b 7 ,b 6 ,b 5 ,b 4 ,b 3 ,b 2 ,b 1 ,b 0 ) Each bit of each byte of the S-box is transformed as follows:
;
wherein,for the transformed dynamic S-box byteiA bit;b i(+4)mod8 、b i(+5)mod8 、b i(+6)mod8 、b i(+7)mod8 the dynamic S-box byte in the last encryption round is respectivelyi+4) mod 8bits, (-) -i+5) mod 8bits, (-) -i+6) mod 8bits, (-) -i+7) mod8 bits;C i is the firstiCiphertext with bits encrypted by hyper-chaotic blockhashValues.
B3 Will) beNAnd (5) outputting and combining the group encryption rounds to form final encryption information.
The method sequentially carries out hyperchaotic block encryption and AES encryption on the information to be stored or transmitted, thereby effectively ensuring the safety of the client side user energy control system information and ensuring the safe and stable operation of the system; the method improves the traditional hyperchaotic block encryption method, carries out bitwise exclusive OR processing on two groups of chaotic sequences, and improves the safety of the hyperchaotic block encryption method; the method improves the traditional AES encryption method, blocks the information to be encrypted with the bit more than 128bits, blocks different information blocks are encrypted by the encryption round, and the security of the AES encryption method is improved by adopting the S box with dynamic transformation in each round of encryption.
The software device corresponding to the method, namely the information encryption device for the client side with the controllable system, comprises:
a plaintext information acquisition module: acquiring clear text information to be stored or transmitted by a client side energy consumption control system;
an encryption module: and encrypting the plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method.
A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform a method of encrypting information for a client-side usage control system.
A computing device comprising one or more processors, one or more memories, and one or more programs, wherein one or more programs are stored in the one or more memories and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing a client-side encryption method for information with a controllable system.
Based on the method, a safety protection system of the client side energy utilization control system can be constructed, and the specific process is as follows:
s1) analyzing the operation characteristics of a client side energy utilization control system; the method comprises the steps of information interaction transmission characteristics, interface standard basis, network security level, system operation environment and the like which are involved in the data acquisition and instruction transmission control process.
1. From functional demand analysis:
(1) Energy use monitoring
The usability of the energy consumption monitoring is improved through the map, the building (factory) and the monitoring configuration interface (equipment), and the energy consumption monitoring system is more visual, easier to use and more layering.
a1 Macroscopic display park in the form of GIS map, and display the energy information of each building, factory, school zone and equipment through navigation link.
a2 Displaying the overall total energy condition and the sub-term energy consumption condition of the building by using a live-action building model.
a3 Display the monitoring configuration interface of the building, factory and energy equipment in a more friendly way.
(2) Energy consumption report
The functions of inquiring, printing and exporting the annual, quaternary, monthly and daily reports of total power consumption, sub-item power consumption and loop power consumption are provided, and the record, report and report work of a user are facilitated.
(3) Energy use analysis
According to the energy efficiency evaluation model and the energy efficiency measure library provided by the expert, the problem of high energy consumption and low efficiency is found for the access user through analysis of energy consumption data, and effective energy saving and synergy measures are provided.
The system provides an energy efficiency evaluation model and an energy efficiency measure library configuration function.
(4) Mass energy consumption data processing
The application of the data mining technology in the aspects of energy supply and demand dynamic prediction technology and energy optimization technology is realized, so that the digestion capacity of renewable energy sources is improved, and the cascade utilization of multiple types of energy sources is realized.
(5) Energy saving service
Energy efficiency comparison is provided, and the comparison is performed from the building (floors, rooms) and equipment levels.
According to the energy efficiency evaluation model and the energy efficiency measure library, an energy efficiency diagnosis evaluation function is provided for an access user, the score is evaluated through a comprehensive benefit evaluation index system and other modules, the problems of the building from the whole energy utilization, the power supply system, the sub-item energy utilization system and the energy utilization equipment are given, and an energy utilization strategy is given.
And providing effect comparison before and after using the energy strategy for the access user, and displaying the energy-saving history condition. And analyzing the benefits generated by energy conservation, and tracking the whole process from the expected effect to the actual situation.
2. From business demand analysis:
by researching the regional multi-energy complementary comprehensive energy optimization energy efficiency evaluation index, a comprehensive energy efficiency evaluation index system comprising an energy consumption quality index, an energy efficiency improvement index, an economic index, an environmental protection index and an energy conservation index is established and quantified, so that a basic support can be provided for energy efficiency evaluation of a regional multi-energy complementary network; the energy efficiency indexes are screened through principal component analysis and correlation analysis, a comprehensive evaluation system of the utilization effect of the mixed energy based on a hierarchical comprehensive evaluation method is established, the layout of the multi-type energy is optimized, and the multi-energy complementation and the comprehensive and efficient utilization of the energy can be realized; by researching and developing regional energy Internet multisource optimization energy efficiency comprehensive evaluation software, an effective energy efficiency evaluation software system is established, and efficient specialized evaluation of energy efficiency can be further realized.
3. Analysis from data demand
The precondition for realizing the regional multi-energy complementary comprehensive energy optimization is to correctly analyze the data object of the system, and the data of the regional multi-energy complementary comprehensive energy operation optimization control subsystem come from various devices and other interactive systems, so that the data sources and structures are diversified.
S2) based on the operation characteristics, acquiring the safety protection requirement, the target and the safety framework of the client side energy utilization control system.
1. Safety protection requirements and targets
1) Safety protection requirements
The security of the information integration system is ensured, namely confidentiality, integrity, availability, controllability and authenticity of network information in the storage and transmission processes are protected.
2) Safety protection target
The overall goals of the safety protection system construction are: the method and the device prevent paralysis of the information network, damage of an application system, loss of service data, disclosure of enterprise information, virus infection of terminals, transmission of harmful information and malicious penetration attack, so that safe and stable operation of the information system and safety of the service data are ensured.
The construction of the safety protection system follows the following strategies: safety precaution design is performed with reference to national grade protection basic requirements. The information integration system is divided into four layers of boundary, network, host computer and application for safety protection design, so as to realize layer-by-layer progressive and deep defense, and ensure the safety of the information integration system, namely, the confidentiality, the integrity, the availability, the controllability and the authenticity of network information in the storage and transmission processes are to be protected.
2. Client side energy consumption control system integrated security architecture
The security of multi-source information mainly includes the following 3 aspects:
1) Transport layer security
The safe data transmission channel is adopted to encrypt the transmission channel, so that the data information is prevented from being tampered and eavesdropped in the transmission process, and the safety of the data information transmission is realized.
2) Management control layer security
In the data information exchange management control, only authorized users are allowed to access resources or exchange data using a transmission channel. And recording an exchange log for the data information exchange process, recording an audit log for the key operation, and realizing the safety of a data information management control layer.
3) Access security
And accessing the business application into the data information exchange, and providing application access safety by integrating the business application with the directory service to ensure the access safety of the data information exchange.
And the data transmission is safe:
the data exchange provides an exchange mode based on Web Service, and in order to ensure the safety of data exchange transmission, safety consideration is carried out on various channels, so that the transmission safety is realized.
(1) Message transmission channel security
The data exchange realizes a transmission channel based on the message, and a sender transmits data to a message queue of a receiver through the message queue. The security of the message transmission channel is ensured by the following means:
1) Secure connection (SSL): the security of the transmission channel is realized by configuring and using a secure socket layer to ensure the privacy of communication.
2) Transmission retry: when the communication fails, the data transmission is suspended, the message is stored, and after the communication is resumed, the retransmission is performed.
3) Message retry: the problem of handling messages that cannot reach the destination.
4) Transmission identity authentication: the security check method is used for security check, and when a transmission channel is started between the integrated system and the data exchange of the master station platform, security identity authentication of both parties is performed, so that illegal access is prevented.
(2) Web Service transport security
The data transmission based on the SOAP protocol adopts WS-Security (Web Services Security) standard specification to ensure message integrity, message confidentiality and single message authentication of SOAP messages. By integrating with the authentication system, the security of transmission is ensured.
(3) HTTP/HTTPS transport security
Since the HTTP protocol itself does not have a perfect secure transport mechanism, the transport is performed through the HTTPs protocol.
(4) Transmission security
When data is sent to the server, connection with the server is established through a user name and a password, an identity authentication message is provided for the server, and meanwhile, the sent data is encrypted, so that information transmission safety is guaranteed.
Management control layer security:
the exchange management control layer is a core layer for realizing data exchange security and is responsible for management control of the security of the whole exchange process, and the following security aspects are provided:
(1) Security audit log
Key operations of legal users and access to sensitive information are systematically recorded. The audit information is recorded in an audit log in a log mode, and an administrator can inquire and check the audit log.
(2) Exchange logs
Recording the whole process of data exchange, comprising: exchange time, sender/receiver information, data size, exchange results (success/failure), ensuring that each exchange event can be tracked. Setting a log strategy, and setting a reasonable log file size and a reasonable coverage strategy.
(3) Data encryption/decryption
And encrypting and decrypting the accessed data according to the need, so as to ensure the safety of the data between the business application and the data exchange.
Access security:
in terms of security design, the system needs to design strict user identity authentication and rights management policies to ensure that only correctly authorized users can log into the system and access information and materials within the relevant authorization scope. When the user logs in the data exchange, an authentication function is required to be provided.
(1) Role management
Description of the functions: the role management module has the functions of adding, deleting and modifying roles required in the system. So that different roles can be assigned corresponding rights. Mainly has the functions of new creation, modification, deletion, permission modification and the like.
Newly-built: adding the role of a certain department of a certain electric company.
Modification: the names, importance and description of the roles are modified.
Deletion: deleting the selected character.
Rights modification: the rights possessed by the character are modified, and the character can possess different rights for different items.
(2) User management
Description of the functions: the user management module has the function of browsing user information and managing users in units of departments. The main functions of the module include: adding users, modifying user information, and assigning user rights.
Adding users: department users and detailed information thereof are added.
Modifying user information: the detailed information of the user is modified.
User rights allocation: the corresponding rights are allocated to the user, and the user can only operate according to the existing rights.
(3) Modifying user passwords
Description of the functions: the function of the modified user password management module is to modify the password of the current user.
(4) User login log query
Description of the functions: the user login log inquiry module has the function of designating information from the user login system to the exit system in a date, and the login log records a user name, a real name, login time and departure time.
Starting from the information security protection technology:
the multi-source system information protection system aims to enhance the safe and stable operation of the system and ensure the safety of service data.
From the category of information protection measures, the information protection measures can be mainly classified into a security protection measure of a terminal layer, a security protection measure of a communication network layer, a security protection measure of a master station system layer and a security protection measure of a boundary layer. The lower diagram gives a hierarchical security protection schematic of the multisource system information service.
(1) Security protection for terminal layer
The terminal layer faces the desktop office computer terminal of the information intranet and the information extranet, and various business terminals of the information intranet and extranet are accessed, including the office computer terminal of the intranet and the extranet, the mobile office terminal and the operation terminal accessed through the special safe and reliable private line and the safe access platform, and various information acquisition terminals.
And different safety protection measures are adopted according to specific terminal types, application modes, communication modes and different requirements. The specific measures include:
1) The physical protection of the intelligent terminal and the equipment comprises the steps of implementing necessary anti-theft and anti-damage protection on site, adding obvious warning marks and seal labels, and simultaneously requiring the terminal equipment to meet the safety protection level of outdoor electricity;
2) The intelligent terminal and the equipment system are protected, and the system security of the terminal equipment is protected by adopting modes of operation authorization, limiting network addresses of login terminals and the like;
3) The intelligent terminal and the equipment are safely stored and operated, the terminal is required to store key business data by adopting a safety module, and the equipment with lower safety level is required to store the data in the form of ciphertext;
4) The protection of mobile operation and mobile office terminal adopts measures of strictly forbidden internal and external network machine mixed use, authentication security encryption card, security platform registration authorization and the like to realize security protection.
(2) Security protection for communication network layer
The method aims at preventing malicious personnel from attacking the service system through the network, and organizing the malicious personnel to launch attacks and the like on the network equipment. The security protection measures adopted by the communication network layer comprise short-distance wireless communication network security, wireless public network/private network security, system master station and communication network layer boundary security and master station local area network security, and specifically comprise:
1) The short-distance wireless communication network is safe, a standard WPA or WAPI safety mechanism is adopted, the SSID of an access point is hidden, and the equipment is required to bind an IP/MAC address;
2) The wireless public network/private network security, APN service, 3A access authentication service and access control service provided by operators are started, and the integrity of transmission information is protected by adopting standard check codes;
3) The boundary between the system master station and the communication network layer is safe, and independent safety equipment is deployed at the boundary to realize equipment access authentication, boundary access control, information content filtration and network connection limitation;
4) And the network security of the master station local area network protects the network security of the master station local area network according to the security protection policies of the country and the power industry.
(3) Safety protection measure of master station layer
The security protection measures adopted by the master station system layer comprise:
1) The safety of the main station machine room meets the safety protection strategies of the state and the power industry;
2) The host operating system of the master station is safe, and all operating systems of the master station use the same level of safe operating systems as the scheduling;
3) The master station database system is safe, and measures such as identity authentication, access control, security audit, resource control and the like are adopted to prevent abnormal operation on the master station database system;
4) The data interface in the system is safe, the information source authentication is realized by adopting a password mechanism, and the data integrity is ensured by adopting a standard check code mechanism;
5) The data interfaces among the systems are safe, and the safety of the data interfaces of the physical network system and other systems is protected by adopting modes of sharing passwords, user names/passwords and the like;
6) The service application software is safe, the operation of service personnel is limited by adopting identity authentication, user permission and access control, and the integrity and the reliability of service data are ensured by adopting measures such as security audit, residual information protection, data storage confidentiality and the like.
(4) Boundary safety precautions
Boundary safety precautions are concerned with the efficient detection and control of data flows into and out of the boundary. The measures taken include: the method adopts a network-based Intrusion Detection (IDS) system to carry out content examination and filtration on information flowing through a boundary, adopts a safety isolation device to control network access at two sides of the boundary, and adopts a forward and reverse isolation device to realize cross-region data interaction limitation.
S3) constructing a safety protection system adopting the information encryption method of the client side energy consumption control system according to the safety protection requirement.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is illustrative of the present application and is not to be construed as limiting thereof, but rather as providing for the use of additional embodiments and advantages of all such modifications, equivalents, improvements and similar to the present application are intended to be included within the scope of the present application as defined by the appended claims.
Claims (8)
1. An information encryption method for a client side use control system is characterized in that: comprising the steps of (a) a step of,
acquiring clear text information to be stored or transmitted by a client side energy consumption control system;
encrypting plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method; the AES encryption method comprises the following specific processes:
dividing the information encrypted by the hyperchaotic packet into N128-bit information blocks;
dividing the encryption round into N groups according to a preset rule, and respectively encrypting N128-bit information blocks; the preset rule is that the L encryption rounds are L 1 +N×L 2 The encryption round is divided into L 1 In the group; wherein the L < th > is 1 Group encryption round for encrypting the L < th > 1 A 128bit block of information; l (L) 2 A natural number of 0 or more and L/N-1 or less;
and combining the outputs of the N groups of encryption rounds to form final encryption information.
2. The method for encrypting information of a client-side usage control system according to claim 1, wherein: the hyper-chaotic block encryption method comprises the following specific processes,
mapping the plaintext information into a hash value;
taking the hash value as input of two hyperchaotic systems to obtain two sets of chaotic sequences;
performing bitwise exclusive OR processing on the two groups of chaotic sequences to obtain a chaotic cipher sequence;
the plaintext information is encrypted in blocks by adopting a chaotic cipher sequence.
3. The method for encrypting information of a client-side usage control system according to claim 2, wherein: the hash value is used as the input of two hyperchaotic systems, the specific process of obtaining two sets of chaotic sequences is as follows,
and taking the hash value as input of two hyperchaotic systems, selecting initial values of the two hyperchaotic systems as key parameters, and iteratively generating two sets of chaotic sequences.
4. The method for encrypting information of a client-side usage control system according to claim 1, wherein: in each encryption round, a dynamically transformed S-box is used to perform byte substitution transformation.
5. The method for encrypting information of a client-side usage control system according to claim 4, wherein: the dynamic transformation S-box generates a formula that is,
wherein b' i The ith bit of the transformed dynamic S box byte; b (i+4)mod8 、b (i+5)mod8 、b (i+6)mod8 、b (i+7)mod8 (i+4) mod 8bits, (i+5) mod 8bits, (i+6) mod 8bits, (i+7) mod 8bits, respectively, of the dynamic S-box byte in the previous encryption round; c (C) i The hash value of the ciphertext of the ith bit after hyperchaotic block encryption.
6. An information encryption device for a client-side use control system, characterized in that: comprising the steps of (a) a step of,
a plaintext information acquisition module: acquiring clear text information to be stored or transmitted by a client side energy consumption control system;
an encryption module: encrypting plaintext information by sequentially adopting a hyperchaotic block encryption method and an AES encryption method; the AES encryption method comprises the following specific processes:
dividing the information encrypted by the hyperchaotic packet into N128-bit information blocks;
dividing the encryption round into N groups according to a preset rule, and respectively encrypting N128-bit information blocks; the preset rule is that the L encryption rounds are L 1 +N×L 2 The encryption round is divided into L 1 In the group; wherein the L < th > is 1 Group encryption round for encrypting the L < th > 1 A 128bit block of information; l (L) 2 A natural number of 0 or more and L/N-1 or less;
and combining the outputs of the N groups of encryption rounds to form final encryption information.
7. A computer readable storage medium storing one or more programs, characterized by: the one or more programs include instructions, which when executed by a computing device, cause the computing device to perform any of the methods of claims 1-5.
8. A computing device, characterized by: comprising the steps of (a) a step of,
one or more processors, one or more memories, and one or more programs, wherein the one or more programs are stored in the one or more memories and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110037928.7A CN112953890B (en) | 2021-01-12 | 2021-01-12 | Information encryption method and device for client side energy consumption control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110037928.7A CN112953890B (en) | 2021-01-12 | 2021-01-12 | Information encryption method and device for client side energy consumption control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112953890A CN112953890A (en) | 2021-06-11 |
| CN112953890B true CN112953890B (en) | 2023-11-21 |
Family
ID=76235193
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110037928.7A Active CN112953890B (en) | 2021-01-12 | 2021-01-12 | Information encryption method and device for client side energy consumption control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112953890B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778304A (en) * | 2016-12-09 | 2017-05-31 | 交通运输部水运科学研究所 | A kind of quick New chaotic image encryption method with related scramble mechanism in plain text |
| CN108183785A (en) * | 2018-01-10 | 2018-06-19 | 广东工业大学 | A kind of method, system, device and readable storage medium storing program for executing for preventing from hitting library or dragging library |
| CN108718232A (en) * | 2018-08-17 | 2018-10-30 | 中国矿业大学 | Image encryption method based on AES and chaos |
| CN108933653A (en) * | 2018-06-28 | 2018-12-04 | 郑州云海信息技术有限公司 | A kind of AES encrypting and deciphering system and method based on large-scale data |
| CN110535624A (en) * | 2019-08-16 | 2019-12-03 | 湖北工业大学 | A kind of medical image method for secret protection applied to DICOM format |
| CN112202545A (en) * | 2020-10-26 | 2021-01-08 | 郑州轻工业大学 | Image encryption method based on Y-type filling curve and variable-step Joseph traversal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9455833B2 (en) * | 2014-04-28 | 2016-09-27 | Nxp B.V. | Behavioral fingerprint in a white-box implementation |
-
2021
- 2021-01-12 CN CN202110037928.7A patent/CN112953890B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778304A (en) * | 2016-12-09 | 2017-05-31 | 交通运输部水运科学研究所 | A kind of quick New chaotic image encryption method with related scramble mechanism in plain text |
| CN108183785A (en) * | 2018-01-10 | 2018-06-19 | 广东工业大学 | A kind of method, system, device and readable storage medium storing program for executing for preventing from hitting library or dragging library |
| CN108933653A (en) * | 2018-06-28 | 2018-12-04 | 郑州云海信息技术有限公司 | A kind of AES encrypting and deciphering system and method based on large-scale data |
| CN108718232A (en) * | 2018-08-17 | 2018-10-30 | 中国矿业大学 | Image encryption method based on AES and chaos |
| CN110535624A (en) * | 2019-08-16 | 2019-12-03 | 湖北工业大学 | A kind of medical image method for secret protection applied to DICOM format |
| CN112202545A (en) * | 2020-10-26 | 2021-01-08 | 郑州轻工业大学 | Image encryption method based on Y-type filling curve and variable-step Joseph traversal |
Non-Patent Citations (2)
| Title |
|---|
| "A Hybrid Chaos-AES Encryption Algorithm and Its Impelmention Based on FPGA";Ahmed M. Atteya;《IEEE》;1-4页 * |
| 曹宏."融合混沌序列和AES的电话语音安全算法研究".《中国优秀硕士学位论文全文数据库》.2016,第40-50页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112953890A (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yu et al. | A view about cloud data security from data life cycle | |
| CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| Grechaninov et al. | Decentralized Access Demarcation System Construction in Situational Center Network | |
| WO2024088082A1 (en) | Method and device for auditing data integrity, and storage medium | |
| Murala et al. | Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud | |
| Kumar et al. | TPA auditing to enhance the privacy and security in cloud systems | |
| Daniel et al. | A computer security system for cloud computing based on encryption technique | |
| Junghanns et al. | Engineering of secure multi-cloud storage | |
| Thiyagarajan et al. | Data integrity and security in cloud environment using AES algorithm | |
| Suthar et al. | EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques | |
| WO2020257183A1 (en) | Security via data concealment | |
| CN112953890B (en) | Information encryption method and device for client side energy consumption control system | |
| Sanyal et al. | Cloud Computing--An Approach with Modern Cryptography | |
| Basha et al. | Data security in cloud using advanced encryption standard | |
| CN114547649A (en) | Database encryption method and system | |
| Oli et al. | Enhanced Obfuscation Technique for Data Confidentiality in Public Cloud Storage | |
| CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
| Muthavhine et al. | An Application of the Khumbelo Function on the Camellia Algorithm to Prevent Attacks in IoT Devices | |
| Sriram et al. | Location based encryption-decryption system for android | |
| Bhise et al. | Secure cloud storage system by integrating trust with role based access control and cryptographic algorithm | |
| Miyaho et al. | Study of a secure backup network mechanism for disaster recovery and practical network applications | |
| Kartheek et al. | Secure Data Storage and Log Records Using JAR, AES | |
| JP7433620B1 (en) | Communication method, communication device and computer program | |
| Pritha et al. | Deduplication based storage and retrieval of data from cloud environment | |
| Baban et al. | Securing a Web-Based Hospital Management System Using a Combination of AES and HMAC. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |