CN114065180A

CN114065180A - Perception equipment safety verification system based on trusted computing 3.0

Info

Publication number: CN114065180A
Application number: CN202111422888.4A
Authority: CN
Inventors: 刘思尧; 李斌; 吴双; 王敏; 郭安乐; 贾博; 张波; 康乐; 郭景维; 赵世燕
Original assignee: Information and Telecommunication Branch of State Grid Ningxia Electric Power Co Ltd
Current assignee: Information and Telecommunication Branch of State Grid Ningxia Electric Power Co Ltd
Priority date: 2021-11-26
Filing date: 2021-11-26
Publication date: 2022-02-18

Abstract

The invention relates to a perception equipment safety verification system based on trusted computing 3.0, which comprises an information acquisition subsystem, a signature configuration subsystem, a model analysis subsystem and a permission management subsystem, wherein the information acquisition subsystem is used for acquiring a signature; the signature configuration subsystem is used for carrying out trust configuration on equipment meeting trust conditions, a unique signature verification code is given, the signature verification code is used as a 'fingerprint' of the sensing equipment for signature, meanwhile, a signature configuration unit is configured on each sensing equipment as firmware, a corresponding signature fingerprint is generated, the reliability of a digital signature is further ensured, meanwhile, a training model is used for carrying out security analysis on verification information, so that the model has learning capacity, corresponding information verification strategies are adjusted according to the actual safe risk condition of a characteristic item, dynamic setting is realized, the security verification requirements of different sensing equipment, different files and different data types during transmission can be balanced, and the normal working efficiency of the system is ensured.

Description

Perception equipment safety verification system based on trusted computing 3.0

Technical Field

The invention relates to a power perception equipment verification system, in particular to a perception equipment safety verification system based on trusted computing 3.0.

Background

Trusted computing 3.0 is an auxiliary security mechanism that serves, rather than replacing, the security mechanism. Providing support for security first solves the problem of autonomous control, and therefore, the trusted computing 3.0 is expected to be implemented independently by extracting the trusted computing as a common part of security. The independently realized credible computing subsystem runs in parallel in the original system and manages safety by the identity of a monitor. The monitoring mode is that a hook mechanism is utilized to introduce a monitoring point and a control point into the system, and the behaviors of the monitoring point and the control point are processed by a safety mechanism. The monitoring point and the control point generally exist in a complete information system in a cross-hierarchy and cross-node manner, and the trusted computing mechanism is used for combining the security mechanisms for monitoring the points into a complete security system and providing trusted computing security.

Trusted computing 3.0 is the role of the adhesive and reinforcing beams of the security mechanisms, each of which can be abstracted into a reference monitor that receives security policy enforcement control and returns audit information. The trusted computing 3.0 constructs a trusted computing subsystem, which is in butt joint with a strategy part and an audit part of a security mechanism, processes the scheduling of strategy and audit information, ensures the reliability of the information transmission process, and utilizes a password mechanism to prove whether the security mechanism effectively operates to the outside. These functions are almost operating system independent, meaning that it can be implemented in a relatively general purpose, system independent manner, as a trusted computing software base in trusted computing 3.0, a custom distributed, trusted computing protocol supported message driven mode system. The implementation of this message-driven model system can return to the most traditional concept in information security: independence, minimization.

In the prior art, security policy implementation and monitoring of sensing equipment through trusted computing 3.0 have two problems, the first is that the equipment in the internet of things system is various, various sensing equipment formats have different operation characteristics, difficulty is brought to implementation of security monitoring, and the second is that trusted computing is used for ensuring reliability, so that transmission and operation efficiency of normal processing information are greatly restricted. If the safety standard is lowered, the reliability of the whole verification system cannot be guaranteed, and the two are difficult to balance.

Disclosure of Invention

In view of the above, the present invention aims to provide a security verification system for a sensing device based on trusted computing 3.0.

In order to solve the technical problems, the technical scheme of the invention is as follows:

a perception equipment security verification system based on trusted computing 3.0 comprises an information acquisition subsystem, a signature configuration subsystem, a model analysis subsystem and a permission management subsystem;

the information acquisition subsystem comprises a plurality of acquisition hook units, the acquisition hook units are used as firmware of the sensing equipment and are configured on the sensing equipment, and the acquisition hook units are used for acquiring processing information generated by the sensing equipment to generate verification information;

the signature configuration subsystem comprises a device verification module, a signature management module and a plurality of signature configuration units, the device authentication module is configured with a trusted device database, the trusted device database storing a plurality of device trust information, the device verification module is used for receiving verification information with the type of signature permission, if the verification information has corresponding device trust information in the trust device database, generating signature permission information to a signature management module, receiving the signature permission information, generating a unique signature verification code and sending the unique signature verification code to a signature configuration unit corresponding to the sensing equipment, the signature configuration unit is used as firmware of the sensing equipment and configured on the sensing equipment, the signature configuration unit generates a digital signature according to the received signature verification code, and the signature configuration unit is used for signing the processing information generated by the corresponding sensing equipment;

the model analysis subsystem comprises a model generation module, a feature extraction module, a model verification module and a model training module, wherein the model generation module is used for training a perception information model, the perception information model comprises a plurality of perception features and information verification strategies corresponding to the perception features, the feature extraction module is used for extracting data features in verification information to generate the perception features, the model verification module acquires the corresponding information verification strategies from the perception information model according to the perception features obtained by the feature extraction module, verifies the verification information through the information verification strategies to obtain verification result information, the perception features comprise a plurality of feature items, the model training module is configured with a credible feature value corresponding to each feature item, and the model training module is associated with different information verification strategies corresponding to each perception feature, the model training module adjusts the credible characteristic values of the corresponding characteristic items according to the verification result information so as to change the credible characteristic value sum of the perception characteristic, and the model training module matches different information verification strategies for the perception characteristic to the perception information model according to different ranges in which the credible characteristic value sum falls;

the license management subsystem comprises a start management module and a permission management module, wherein the start management module is configured with a plurality of control right instructions, each control right instruction corresponds to one start control right in the hardware system, the corresponding start control right is obtained when the hardware system receives one control right instruction, the start management module obtains corresponding verification result information according to a start request of the hardware system, and if the verification result information meets preset start conditions, the control right instructions are output to the hardware system; the authority management module is used for configuring a plurality of authority management instructions, each authority management instruction corresponds to a sensing device, when the sensing device receives the authority management instruction, the authority of the sensing device is configured according to the content of the authority management instruction, and the authority management instruction is generated according to the verification result information corresponding to the sensing device.

Further, the feature extraction module includes a signature verification policy, the signature verification policy is configured with a corresponding signature verification algorithm, and verifies the digital signature of the verification information through the signature verification algorithm and generates a signature feature item, where the feature item includes a signature feature item.

Furthermore, the model training module further comprises an association adjustment strategy, when the verification result information is abnormal, the association adjustment strategy extracts intrusion data features from the verification result information, calls corresponding feature items from a preset association information base according to the intrusion data features, and adjusts the credible feature values of the corresponding feature items.

Further, the feature extraction module includes a content verification policy, the content verification policy is configured with a plurality of user habit models, the user habit models correspond to a user setting, the content verification policy extracts associated content data among the verification information according to the verification information of the sensing device corresponding to a user, and generates a user feature item corresponding to the verification information according to an association relationship among the associated content data, and the feature item includes a user feature item.

Further, the feature extraction module includes an external immunization policy, the external immunization policy is connected with an external virus database and obtains virus feature data in real time to generate an immunization feature, if the immunization feature appears in the verification information, a corresponding virus feature item is generated, and the feature item includes a virus feature item.

Further, the feature extraction module is configured with a static trust database, the static trust database stores static trusted features, the static trusted features are obtained by performing feature extraction on all executable programs of the internet of things system, each static trusted feature corresponds to an executable program, the feature extraction module generates corresponding static feature items according to corresponding static trusted features in verification information, and the feature items include the static feature items;

the feature extraction module is configured with a process verification strategy, and when the type of the verification information is a process, the process verification strategy is executed, and the process verification strategy generates a process feature item by verifying a mirror image of the process in a memory;

the feature extraction module is configured with a kernel verification strategy, when the type of the verification information is kernel module information, the kernel verification strategy is executed, the kernel verification strategy is configured with a kernel module linked list, and kernel feature items are generated according to the corresponding relation of the verification information on the kernel module linked list;

the feature items include the static feature item, a process feature item, and a kernel feature item.

The node management subsystem is configured with a trusted management unit corresponding to each node of the internet of things, and includes a trusted computing module, the trusted computing module computes a trusted updating value according to verification result information and a total trusted feature value generated by the node in real time, the trusted management unit is configured with a trusted metric value corresponding to each node, and the trusted computing module updates the trusted metric value of the corresponding node through the trusted updating value.

Furthermore, a trusted management unit of each superior node is configured with a plurality of trusted priority values, each trusted priority value is set corresponding to a subordinate node of the superior node, the trusted priority value reflects the feedback priority of the superior node to the subordinate node, the node management subsystem is configured with a priority management module, and the priority management module generates a corresponding trusted priority value according to the trusted metric value relationship between the superior node and the subordinate node and configures the trusted priority value to the trusted management unit.

Further, the node management subsystem further includes a verification routing module, where the verification routing module is configured to manage a routing path obtained by the verification information, and the verification routing module is configured with a routing calculation policy, where the routing calculation policy calculates a confidence metric, a routing bandwidth, and a residual energy of each node in the routing path to obtain routing decision data, and determines an optimal routing path according to the routing decision data.

Further, the signature configuration subsystem further includes a signature update module, the signature update module sends complete signature configuration unit installation data to the corresponding node and obtains a digital signature of the corresponding node, the digital signature includes an internet of things address of the corresponding node, the signature update module sends an update instruction to a target node, the update instruction includes the digital signature, and the target node obtains the signature configuration unit installation data from the corresponding node according to the digital signature to update the corresponding signature configuration unit.

The technical effects of the invention are mainly reflected in the following aspects:

through the arrangement, the signature configuration subsystem is used for carrying out trust configuration on the equipment meeting the trust condition, a unique signature verification code is given, the signature verification code is used as a 'fingerprint' of the sensing equipment for signature, meanwhile, a signature configuration unit is configured on each sensing equipment as firmware, a corresponding signature fingerprint is generated, the reliability of the digital signature is further ensured, meanwhile, the security analysis is carried out on the verification information through the training model, so that the model has learning capacity, the corresponding information verification strategy is adjusted according to the actual security risk condition of the characteristic item, the dynamic setting can balance the security verification requirements of different sensing equipment, different files and different data types during transmission, and the normal working efficiency of the system is ensured.

Drawings

FIG. 1: the invention discloses a perception device verification system architecture schematic diagram;

FIG. 2: the invention discloses an information acquisition schematic diagram;

FIG. 3: the invention in one embodiment terminal device firmware upgrade flow chart;

FIG. 4: the invention in one embodiment access device firmware upgrade flow chart;

FIG. 5: the invention is based on the mapping model diagram of the intermediate mechanism;

FIG. 6: the present invention, in one embodiment, is a schematic illustration of a dynamic protection strategy.

Reference numerals: 1. a sensing device; 100. an information acquisition subsystem; 101. a collection hook unit; 200. a signature configuration subsystem; 210. a device verification module; 220. a signature management module; 230. a signature update module; 201. a signature configuration unit; 300. a model analysis subsystem; 310. a model generation module; 320. a feature extraction module; 330. a model verification module; 340. a model training module; 400. a license management subsystem; 410. starting a management module; 420. a rights management module; 500. a node management subsystem; 510. a trusted computing module; 520. a route verification module; 501. and a trusted management unit.

Detailed Description

The following detailed description of the embodiments of the present invention is provided in order to make the technical solution of the present invention easier to understand and understand.

The internet of things is the inheritance and development of the internet, and the internet is created without taking 'safety' as a first factor to be considered, so that 'safety immunodeficiency' exists at the beginning of birth. The internet of things inherited and developed in the internet, the advantages and advantages of the internet are fused, the safety immunodeficiency of the internet is inherited, meanwhile, due to the specificity of the internet of things, the safety immunodeficiency is further amplified, and the safety problem of the internet of things is more serious and complex. The Internet of things is a multi-level system architecture, the unique safety characteristics of the Internet of things are formed by massive sensing equipment 1, various application scenes, more relation between terminal collected data and user privacy and the like. In a sensing layer, a large number of sensing terminals, partial equipment and nodes are remote and unattended, and are easy to be physically manipulated and attacked; once the device is attacked, the huge number of devices can cause wider influence, and the later repair is either impossible or high in cost; various loopholes and backdoors exist in the I oT equipment; the perception network is various and faces complex trust access problem and complex access control problem. In a network layer, due to the diversity of transmission media and methods of the internet of things, the communication security is more complex, signals in a wireless communication mode are easy to steal and interfere, and the traditional security protection means in the existing communication network security architecture is not suitable. The security of data transmission between equipment and a platform needs to be fully considered, and an Internet of things security system structure suitable for comprehensive and reliable transmission and intelligent processing links needs to be established. In an application layer, the application scenes of the Internet of things are various, the application functions are diversified, and the safety requirements under different scenes are different; the platform supporting the business of the Internet of things has different security strategies, and the security protection standards are not unified yet. In the aspect of data security, data sharing of the internet of things puts higher requirements on security, application requirements of the internet of things put new challenges on security, and requirements of user terminals of the internet of things on privacy protection are increasingly complex, so that a data security system meeting user requirements needs to be established on the basis of the existing security system.

Therefore, based on the above, referring to fig. 1, the present invention provides a security verification system for sensing device 1 based on trusted computing 3.0, which includes an information collection subsystem 100, a signature configuration subsystem 200, a model analysis subsystem 300, and a license management subsystem 400;

referring to fig. 2, the information collecting subsystem 100 includes a plurality of collecting hook units 101, the collecting hook units 101 are configured to the sensing device 1 as a firmware of the sensing device 1, and the collecting hook units 101 are configured to collect processing information generated by the sensing device 1 to generate verification information; the acquisition hook unit 101 establishes a "hook" for information acquisition corresponding to different modules of the sensing device 1, and acquires, checks, permits and audits processing information generated by the sensing device 1 in a manner of loading a fixed piece in the sensing device 1, so as to achieve the purpose of security monitoring. And the processing information comprises the type of the sensing device 1, the data type, the file format, the data content, the file content, the control instruction, the process, the kernel module information and the like, and relates to the data type of all the sensing devices 1 in the working and data processing process.

The signature configuration subsystem 200 includes an apparatus verification module 210, a signature management module 220, and a plurality of signature configuration units 201, where the apparatus verification module 210 is configured with a trusted apparatus database, the trusted apparatus database stores a plurality of apparatus trust information, the apparatus verification module 210 is configured to receive verification information of which the type is signature permission, if the verification information has corresponding apparatus trust information in the trusted apparatus database, signature permission information is generated to the signature management module 220, and if the corresponding apparatus trust information appears in the verification information, the apparatus is configured with a signature for the sensing apparatus 1 by constructing the apparatus verification module 210 and the trusted apparatus database, by storing the apparatus trust information in advance, and then, if the corresponding apparatus trust information appears in the verification information, it is indicated that the apparatus belongs to a reliable apparatus. The digital signature has a further use, the signature configuration subsystem 200 further includes a signature update module 230, the signature update module 230 sends complete signature configuration unit 201 installation data to the corresponding node, and obtains the digital signature of the corresponding node, the digital signature includes an internet address of the corresponding node, the signature update module 230 sends an update instruction to the target node, the update instruction includes the digital signature, and the target node obtains signature configuration unit 201 installation data from the corresponding node according to the digital signature to update the corresponding signature configuration unit 201. After the access device and the network connection are trusted, the scheme provides a scheme for operating a distributed storage network on the trusted network, so as to realize the upgrading of the trusted firmware. The firmware comprises a collection hook unit and a signature configuration unit 201. And if the firmware needs to be upgraded, the distributed storage network is built on a trusted network, a unique hash value (digital signature) is generated in the file content in the distributed storage network to identify the file, the file is addressed through the unique hash value, and the file is searched and downloaded, rather than being searched through a specific storage position of the file. A certain node in the distributed storage network generates a unique hash value for a file in the node, and the file is issued to the distributed storage network, so that other nodes in the network can download the file according to the hash value. Meanwhile, the central server is introduced into the distributed storage network to perform authority management on the distributed contents and perform unified maintenance on the equipment, so that the file distribution advantage of the distributed storage network is utilized, the firmware upgrading efficiency is improved, and a manageable and controllable trusted firmware updating scheme is realized depending on the unified management of the central server, the credibility of the distributed network nodes and the advantage of trusted network connection. The administrator: and the system is responsible for managing the upgrading center server and controlling the upgrading center server to realize various functions. And each access device receives the firmware upgrading instruction and finishes the firmware upgrading of the access device through the upgrading firmware acquired from the distributed storage network.

Upgrading the central server: the access device is responsible for managing the distributed backup nodes and the distributed storage network, and the functions comprise:

and uploading the upgrade firmware to the distributed backup nodes.

And acquiring the fingerprint information of the upgraded firmware from the distributed backup nodes.

And transmitting the fingerprint information of the upgraded firmware to each access device in the distributed storage network, and issuing an updating instruction.

Maintaining basic information of each access device in the distributed storage network, including: firmware version information, device id, etc.

And maintaining the version information of the upgraded firmware, including the fingerprint of the upgraded firmware and the like.

Distributed backup node: receiving the upgrade firmware from the upgrade center server, uploading the upgrade firmware to the distributed storage network, and returning the upgrade firmware fingerprint information to the upgrade center server; and the nodes in the distributed storage network participate in the distribution of the upgraded firmware.

The access device: and receiving fingerprint information of the upgrade firmware transmitted by the upgrade central server, and acquiring the upgrade firmware from the distributed storage network through the fingerprint information according to an update instruction issued by the central server to finish the upgrade of the firmware per se. Referring to fig. 3, 1. an administrator uploads upgrade firmware to an upgrade center server. And 2, uploading the upgrade firmware to the distributed backup nodes by the upgrade center server. 3. And the distributed backup node uploads the upgrading firmware to a distributed storage network and returns the fingerprint information of the upgrading firmware to the upgrading center server. 4. The distributed backup nodes are used as nodes of the distributed storage network and participate in distribution of the upgraded firmware. And 5, the administrator issues a firmware upgrading instruction to the upgrading center server. 6. And the upgrading center server transmits the fingerprint information of the upgrading firmware to each access device of the distributed storage network. 7. And each access device acquires corresponding upgrading firmware from the distributed storage network according to the upgrading firmware fingerprint information, and the corresponding upgrading firmware is used as a node of the distributed storage network to participate in the distribution of the upgrading firmware. 8. And the upgrading central server sends a firmware upgrading instruction to each access device of the distributed storage network.

A terminal: the system comprises various Internet of things devices, wherein the Internet of things devices are connected to access devices, and the firmware upgrading process of the Internet of things devices is indirectly realized through the access devices. 1. And the administrator uploads the terminal upgrading firmware to the upgrading center server. 2. And the upgrading central server uploads the terminal upgrading firmware to the distributed backup nodes. 3. And the distributed backup nodes upload the terminal upgrading firmware to the distributed storage network and return the fingerprint information of the terminal upgrading firmware to the upgrading center server. 4. The distributed backup nodes are used as nodes of the distributed storage network and participate in distribution of the upgraded firmware. 5. And the administrator sends a firmware upgrading instruction to the upgrading center server. 6. And the upgrading central server transmits the fingerprint information of the terminal upgrading firmware to each terminal device. 7. And the terminal equipment is connected with the access equipment of the distributed network, and acquires the terminal upgrading firmware from the distributed network through the access equipment of the distributed network in an HTTP request mode according to the fingerprint information of the terminal upgrading firmware. 8. And the administrator sends a terminal updating instruction to the upgrading center server. 9. And the upgrading center server sends the terminal updating instruction to each terminal device. And the terminal finishes the firmware upgrade of the terminal.

For the application environment of the letter-thing fusion high-confidence system, the node credibility needs to be dynamically tracked. And according to the dynamic measurement strategy in the previous section, the credibility of the node at any moment can be calculated. When data is transmitted to the outside by the data transmitting node, the data transmitting node needs to prove that the data transmitting node is credible, information related to the credibility of the node needs to be packaged and transmitted to the remote node, the remote node inquires whether the node is an untrustworthy node or not from a superior node of the node according to the received information, and determines whether the data is transmitted to the node or not according to an inquiry result. The specific process is described as follows:

(1) the data sending node formats self credibility, time stamp and other attributes into a remote certification vector;

(2) the data sending node and the superior node complete the group signature of the remote certification vector (the group signature satisfies the revocable and forward security);

(3) the remote node verifies the group signature, simultaneously inquires whether the node is a trusted node or not from a superior node of the node, and cancels data transmission if the node is an untrusted node.

The system has the characteristics of node measurability, monitoring, expandability and the like, can effectively confirm the credibility of the data source, and improves the usability of the system. According to the scheme, firstly, the certification data of the nodes are formatted into remote certification vectors, and then a revocable group signature scheme is selected, so that the scheme can be used for carrying out security certification under a standard model, and can meet security requirements such as traceability, anonymity and correctness while having backward non-relevance characteristics.

The signature management module 220 receives the signature permission information to generate a unique signature verification code and sends the unique signature verification code to the signature configuration unit 201 corresponding to the sensing device 1, the signature configuration unit 201 serves as firmware of the sensing device 1 and is configured in the sensing device 1, the signature configuration unit 201 generates a digital signature according to the received signature verification code, and the signature configuration unit 201 is used for signing processing information generated by the corresponding sensing device 1; firstly, a signature verification code is generated, then the signature verification code is sent to the corresponding sensing device 1, the sensing device 1 is configured with firmware, the signature configuration unit 201 receives the signature verification code and generates a digital signature, and the digital signature is used for signing processing information, so that the corresponding verification information has the digital signature, and therefore, the most appropriate information verification strategy can be selected through whether the signature is acquired subsequently or not. The digital signature is generated by configuring the firmware, and the digital signature is not directly generated by the signature management module 220, so that the data security is improved.

The model analysis subsystem 300 includes a model generation module 310, a feature extraction module 320, a model validation module 330, and a model training module 340, the model generating module 310 is used for training a perceptual information model, which includes a plurality of perceptual features and information verification strategies corresponding to each perceptual feature, and first generating a perceptual model, verifying the perceptual model with the perceptual features and the corresponding information verification strategies, wherein the information verification strategies corresponding to different perceptual features are different, thus, different verification strategies can be adopted according to different sensing equipment 1, data types, file types, network addresses and other factors, the system can be ensured to adapt to different sensing equipment 1, the processing efficiency of the whole system is improved, how to construct and use the mathematical model becomes the key content of the present invention:

the feature extraction module 320 is configured to extract data features in the verification information to generate perceptual features, since all the data features acquired by the acquisition hook unit 101 are the verification information, and the data features in the verification information can be obtained by formatting the verification information, for example, data features reflecting the type of the sensing device 1 can be obtained by formatting parameters of the sensing device 1, and data features of the acquired content can be obtained by formatting the data acquired by the sensing device 1, and the feature extraction module 320 processes and verifies the data features to obtain a verification result, taking the following contents as an example: 1. the feature extraction module 320 includes a signature verification policy configured with a corresponding signature verification algorithm, and verifies the digital signature of the verification information through the signature verification algorithm and generates a signature feature item, where the signature feature item includes a signature feature item. For example, a digital signature in the verification information can be used as a data feature, and if the digital signature is verified through a signature verification algorithm, the signature feature item is identified as passing, and the signature feature item is a credible feature value corresponding to the passing processing information, so that a looser information verification strategy can be more easily generated. If the signature characteristic item is a credible characteristic value corresponding to the processing information, a stricter information verification strategy can be generated, so that the processing efficiency and the system security can be dynamically balanced.

2. The feature extraction module 320 includes a content verification policy configured with a plurality of user habit models, the user habit models are set corresponding to a user, the content verification policy extracts associated content data among the verification information according to the verification information of the sensing device 1 corresponding to the user, and generates a user feature item corresponding to the verification information according to an association relationship among the associated content data, where the feature item includes a user feature item. Since most of the information and data in the existing information space only map the commonalities of the physical entities in the physical space, such as the change process of the attributes and states of the physical entities, and various events or activities that occur. But lack a description of the individual characteristics and irreplaceable features of the physical entity. Therefore, rules of a mapping process need to be studied deeply, a mapping method is summarized, information and data perceived by human beings can be mapped into an information space more accurately, for example, a method for performing space refinement on a time dimension analyzes the mapping process, namely, a four-dimensional space-time model added with the time dimension is constructed.

Define { F (x, t); x ∈ P, and T ∈ T } is the mapping process. Firstly, the time t is taken as a main axis to carry out spatial information mapping, i is set as a natural number, and t_iFor time, then there is an expression,

that is, when n → ∞, there are,

from the above equation, the following equation holds.

When | t_n-t_n-1|＜ε，ε→0

As can be seen from the above expressions, the mapping relation is a function of time. Houton (f.w. horton) has proposed that information is living and that the information life cycle is a natural law of information motion. The future ubiquitous network has the completeness of information and network coverage, and the network can be extended to any space. In the mapping process, the life cycle of each physical entity in the space must be considered, so that the integrity of the information of the corresponding virtual object can be ensured; from the perspective of the spatial region, adding the time dimension enlarges the capacity of the spatial information, and can perform real-time fidelity on the information. Secondly, the physical space is continuously refined in the dimension of time, and j is assumed to be a natural number, P_jRepresenting each refined physical space, U_jThe following equation holds for a set of information representing each refined physical space, U represents a complete set of information for the physical space,

the mapping procedure obtained from the above equation holds with the following equation,

F(P₁；t₀，t₁，t₂…t_n)+F(P₂；t₀，t₁，t₂…t_n)+…F(P_n；t₀，t₁，t₂...t_n)+…

＝F(P₀；t₀，t₁，t₂…t_n)＜F(P；t₀，t₁，t₂…t_n)

a space-time model of the mapping process is constructed by adopting a Cartesian coordinate system, at the moment, x and y axes represent space, and z axis represents time and is called as an optical dimension. The time is not static, so the space is changed from moment to moment, and the mapping process of the information is considered by dialectical and changing thinking, and if the unit of the refinement of the physical space is smaller, the more information is mapped to the information space. Based on the consideration of the information life cycle, the mapping method can ensure the integrity of the information on a time chain; in space, if the space is subdivided into quantum entity units, the space available for human beings can be greatly enlarged, for example, a human being is an entity unit which can not be distinguished in physical space, the human being can be defined as a quantum individual, various quantum individual information is recorded in an information space, and the information of each stage can be orderly packed and arranged according to different categories in the time dimension in the whole life cycle of the quantum individual. The physical space is used as a huge information source, the information space is formed by mapping, and the mapping process is a process of communicating information in the physical space and the information space.

The physical space model is denoted G_p＝(V_p，E_p) In which V is_pRepresenting a collection of physical entities, E_pRepresenting a set of mapping paths. For each physical entity v_p∈V_pCorrespondingly occupying a specific physical space S (v)_p) (ii) a For each mapping path e_p∈E_pThe time to reach the information space along different paths is different and there is a time delay. The information space model is denoted G_i＝(V_i，E_i) In which V is_iSet of virtual objects representing the physical counterpart, i.e. set of information intrinsic to the physical entity, E_iRepresenting sets of information feedback paths, forEach virtual object v_i∈V_iCorresponds to the information space S (v)_i) (ii) a For each information feedback path e_iE, information flows from the information space to the physical space through different feedback paths, i.e. people can obtain the required information from the information space and serve the physical space.

A mapping of physical space to information space needs to be defined:

definition 1:

wherein F (x) is a mapping function from the physical space to the information space, corresponding to the physical mapping path E_p。

Definition 2:

E_pset, V, representing a physical space to information space mapping path_pRepresenting a collection of physical entities, S (V)_p) Representing a collection of physical spaces occupied by individual physical entities, V_iRepresenting a set of information, S (V), corresponding to a physical entity_i) A spatial set representing an information space mirrored from a physical space.

Referring to fig. 5, due to the difference of Mapping paths, there is a time delay in the virtual information arriving in the information space, and in order to ensure that time synchronization is maintained between each virtual object in the information space, a Mapping intermediate Mechanism (MCM) is introduced, which is equivalent to a buffer, and a Mapping model is represented in a graphical form, where the model of the Mapping intermediate Mechanism is represented by C_iThe physical space is used as a huge information source, the information space is formed by mapping, and the mapping process is a process of communicating information in the physical space and the information space.

The physical space model is denoted G_p＝(V_p,E_p) In which V is_pRepresenting a collection of physical entities, E_pRepresenting a set of mapping paths. For each physical entity v_p∈V_pCorrespondingly occupying a specific physical space S (v)_p)；For each mapping path e_p∈E_pThe time to reach the information space along different paths is different and there is a time delay. The information space model is denoted G_i＝(V_i，E_i) In which V is_iSet of virtual objects representing the physical counterpart, i.e. set of information intrinsic to the physical entity, E_iRepresenting a set of information feedback paths, for each virtual object v_i∈V_iCorresponds to the information space S (v)_i) (ii) a For each information feedback path e_iE, information flows from the information space to the physical space through different feedback paths, i.e. people can obtain the required information from the information space and serve the physical space.

A mapping of physical space to information space needs to be defined:

definition 1:

Definition 2:

Because of different Mapping paths, the virtual information arriving in the information space has time delay, and in order to ensure that the time synchronization is kept between each virtual object in the information space, a Mapping intermediate Mechanism (MCM for short) is introduced, which is equivalent to a buffer, and the Mapping model is represented in a graph form below, and the model of the Mapping intermediate Mechanism uses C_iAnd (4) showing.

Therefore, the mapping process from the physical space to the information space is divided into two stages by the scheme:

the mapping process from the physical space to the mapping intermediate mechanism is represented in a corresponding formalization mode as follows:

mapping to C_iThe time of passage is different, there is a time difference, then C_iIs a buffer for temporarily storing information data

Mechanism, synchronization of fidelity information in an information space.

Secondly, mapping the intermediate mechanism to the information space, wherein the corresponding formalization is expressed as

The mapping of the physical space and the information space in the past mainly refers to the existence of a common surface mapped by an entity; the development of the Internet of things is oriented, the physical space and the information space will expand continuously, and by constructing a space-time mapping model and introducing a mapping intermediate mechanism, on one hand, information in the physical space is mapped into the information space as much as possible, and on the other hand, the synchronization of the information mapping process is ensured. The data characteristics can be analyzed and extracted through mapping to obtain mapping related to transmission data content, whether the mapping data is complete and accurate is analyzed to obtain corresponding characteristic items, the characteristic items are carried out according to the completeness and accuracy, on the other hand, a user characteristic item is added, the relevance between the mappings of different sensing devices in the same space and time is considered from the perspective of a user, whether the data of the sensing devices are abnormal is judged through whether the relevance change accords with the characteristics of the sensing devices, and therefore the selection of an information verification strategy is influenced according to whether the data accords with the standard quantity and corresponds to a credible characteristic value.

3. The feature extraction module is configured with a static trust database, the static trust database stores static trusted features, the static trusted features are obtained by feature extraction of all executable programs of the internet of things system, each static trusted feature corresponds to an executable program, the feature extraction module generates corresponding static feature items according to corresponding static trusted features in verification information, and the feature items comprise the static feature items; the feature items include the static feature items. After the system finishes trusted start to ensure the initial credibility of the system, the kernel security mechanism continuously monitors system services, application programs, kernel modules, dynamic libraries and the like through means such as a system call hook and the like, performs trusted measurement on opening, reading and writing of files/equipment, execution of programs and the like, compares the trusted measurement with an access control strategy, judges and identifies 'self' and 'non-self' components, and disposes a metric object in a disposal mode such as execution, blocking, isolation, audit and the like according to a judgment result. Any modification of the access control strategy by the system needs a credibility measurement mechanism to confirm the credibility of the access control strategy, and even if a CPU or an operating system exists at a backdoor, an attacker can hardly utilize the vulnerabilities to tamper the access control strategy. Therefore, a static measurement mechanism is formed, an active immune mechanism of 'safety protection while computing' is realized, the 'self' and the 'non-self' are identified, the 'self' part is protected from interference, and the 'non-self' part is damaged and rejected, so that the behavior of the information system is ensured to be in accordance with expectation, and the credibility of the running environment of the computing task is ensured. The scheme is based on an LSM mechanism in a Linux environment, and the monitoring of the upper-layer behaviors of the system is realized by utilizing a safety hook mechanism. The LSM adopts a hook mechanism to access the internal object processing process of the kernel in the system call: tasks, inodes, files, and the like. And inserting a function call interface at a proper position of the system call, wherein the call interface provides a group of general safety APIs (application programming interfaces), and a user can write safety strategy processing functions according to the APIs and interface a safety strategy processing program of the user to the APIs through an LSM loading mechanism. When the user process executes the system call, the system call is executed to a function call interface inserted by the LSM mechanism according to a normal system call sequence, the call interface accesses a security policy processing function provided by the user through the security API, and a processing result is returned after the security policy processing function is completed. The system call can decide whether the call should be returned according to the processing result, and can also store the information acquired in the processing process for other hook functions. The specific method comprises the following steps: firstly, completing the feature acquisition of the executable program of the whole system, wherein an acquisition object comprises: binary executable files (ELF, script), dynamic library and kernel modules (drivers), etc. And forming a strategy reference library after information acquisition is completed. Through a Linux system hook function, measurement judgment is carried out before a program is executed, the program can be normally executed if the program exists in a reference library, the dynamic library can be normally linked, and a drive module can be normally loaded. If the program does not exist in the reference library, the static characteristic item is correspondingly generated, active immune defense is achieved, unauthorized and unexpected execution program operation is prevented, active defense for known/unknown malicious codes is achieved, and the risk that the integrity and the usability of the operating system are damaged is reduced. The static measurement mechanism realizes the effects of controlling the minimum authority of the user and preventing malicious codes and software from running. In the initial state measurement model, two participants for measurement each time are respectively the measurement of the initial state of the cluster head node to the common node or the measurement of the initial state of the cluster head node by the data sink node, and the measurement process of the initial state of the cluster head node by the data sink node is very similar to the measurement process of the initial state of the common node by the cluster head node, so that the cluster head node and the common node are used as measurement participants, the initial state measurement process is extracted as the measurement process of the initial state of the cluster head node to the common node, and various information of the used node is described in a formalization mode according to the perception node. The main environment and parameters of the model establishment are as follows:

α: cluster head node for initial state measurement

Beta: measured generic node

h (): a collision-free safe Hash function

tpk: public key generated by node trusted platform control module

tsk: private key generated by node trusted platform control module

PK: shared secret key calculated by cluster head node and common node after identity authentication

P: string connection symbol

Exclusive OR operation (XOR)

A pair of public and private keys (tpk, tsk) generated by the node trusted password module is calculated by the trusted platform control module when the sensing node leaves the factory and is stored in the trusted platform control module of the node.

After the identity authentication between the sensing nodes is completed, the superior node measures the initial state of the inferior node, wherein the specific operation of the measurement is as follows:

(1) after the identity authentication of the common node beta is finished, calculation is carried out

F_i＝tsk_β(G_i)，

Ri＝h(h(hwPho)PT_i)；

(2) The common node beta uses the public key tpk of the cluster head node alpha_αTo (F)_i,U_i,R_i) Encrypting and sending the encrypted data to a cluster head node alpha through a safe channel;

(3) tpk received by cluster head node alpha_α(F_i,U_i,R_i) Thereafter, use its own private key tsk_αDecrypting the message to obtain F_i，U_i，R_i；

(4) Cluster head node alpha calculation G_i＝tpk_β(F_i)，

R_i ^*＝h(h(hwPho)PT_i) And comparing R_iAnd R_i ^*Whether they are equal or not, if so, it indicates the common nodeThe hardware information of beta, the abstract values of the operating system and the key process of the node are not tampered, the initial state measurement passes, otherwise, the relevant information of the node does not accord with the expected result, the initial measurement cannot pass, and the access of the node need to be controlled. Thus, the feedback of the credible value can be realized by feeding back the static characteristic item.

4. The feature extraction module is configured with a process verification strategy, and when the type of the verification information is a process, the process verification strategy is executed, and the process verification strategy generates a process feature item by verifying a mirror image of the process in a memory; the feature extraction module is configured with a kernel verification strategy, when the type of the verification information is kernel module information, the kernel verification strategy is executed, the kernel verification strategy is configured with a kernel module linked list, and kernel feature items are generated according to the corresponding relation of the verification information on the kernel module linked list; the feature items comprise a process feature item and a kernel feature item. The dynamic measurement strategy monitors all key processes, modules, execution codes, data structures, important jump tables and the like in the system in real time, measures and controls the resource access behaviors of the processes in real time, and is a core component for ensuring the safe operation of the system and preventing a safety mechanism from being bypassed and tampered. The dynamic measurement strategy adopts a reasonable measurement method aiming at different measurement objects, selects a proper measurement opportunity, and comprehensively measures the operation of the system to ensure the safety and credibility of the system. The dynamic measurement is the core guarantee of the system and is the key for monitoring the running state of the system, measuring the process behavior and analyzing the credibility of the system. The running mechanism of the dynamic measurement realizes monitoring on important nodes of the system and effectively blocks the intrusion of malicious codes on the system. According to different measurement objects, the measurement framework implements information flow dynamic measurement in two cases.

1. And measuring the process, when a measurement request occurs, firstly checking the integrity of the information flow, and if the mandatory access control strategy is violated, refusing the process to execute and not measuring any quantity. If the information flow strategy is met, firstly, the mirror image of the process in the memory is dynamically measured, the measurement result is H (p), and then whether H (p) meets the requirement of the strategy is verified.

2. And the kernel module measures, and information flow measurement is not needed because only the service provided by the kernel module needs to be ensured to be credible dynamically. The operating system maintains a linked list of kernel modules, and dynamically measures the key data of the kernel modules by inquiring the linked list so as to ensure the credibility of the kernel modules.

5. The feature extraction module comprises an external immunity strategy, the external immunity strategy is connected with an external virus database and acquires virus feature data in real time to generate immunity features, if the immunity features appear in the verification information, corresponding virus feature items are generated, and the feature items comprise virus feature items. When a popular invasion mode or a popular system is implanted with viruses and the like on other networks or information platforms, although the system may not find the situation, the characterization of the influence of the viruses on the verification information can be obtained as the immune characteristic by learning the data influence of the virus characteristic data on the actual transmission data in advance, so that the verification information can be identified according to the contents, novel virus risks can be found quickly, and corresponding virus characteristic items can be generated if the virus characteristic items appear.

The model verification module obtains the corresponding information verification strategy from the perception information model according to the perception characteristics obtained by the characteristic extraction module, and verifies the verification information through the information verification strategy to obtain verification result information, wherein the information verification strategy comprises whether information audit is carried out, the position and content of the information audit, the standard of the information audit and the like, the information security audit belongs to the prior art, repeated description is omitted, and the verification result information can be determined through the output of the security risk level according to the obtained verification result information. The information verification strategy relies on the big data analysis capability to realize the discovery of malicious characteristics from mass data such as access data, service data, sample data and the like, classification and marking are carried out, knowledge bases such as domain names, IP (Internet protocol), certificate fingerprints, worm backdoors, sample characteristics, security holes and the like are established, the value transformation of data forming security threat information is realized, and a white list strategy, a black list strategy, a control strategy, a detection strategy and a content filtering strategy are generated according to the security threat information. Meanwhile, based on the service requirements, service changes and safety protection requirements, according to the relevance, timeliness and heat characteristics of the strategies, the safety strategies are dynamically combined and distributed to the safety access equipment, a self-adaptive active immune safety defense strategy is established, the synchronous evolution of the safety strategies and the safety threats is realized, and the safety protection and control capability of the terminal equipment of the internet of things is effectively improved under the condition of limited resources of the safety access equipment. The cloud terminal performs centralized and unified management and configuration on the strategies, realizes large-scale configuration and distribution of the strategies, and ensures the overall consistency of the security strategies. And the detection configuration of the strategy priority, the rule redundancy and the rule effectiveness is realized by managing the strategy rules. The strategy is synchronously managed, and the issuing of the strategy is ensured to be credible and controllable through a distributed strategy distribution mechanism. Specifically, the following embodiments are possible, and referring to fig. 6, the innermost trusted core is composed of CTS, PDS, CRTM, and rm (reference monitor). The RM is used to monitor and control the behavior of the object code and access to protected data items. When certain code levels need to be adjusted or certain protected data items are added due to changes in the operating environment and requirements, the security administrator is responsible for performing security audits on such changes and changing the list of related sets in the trusted core by using secure and reliable physical means. The firmware configuration data is divided into 2 levels: protected Data Item (PDI) and unprotected Data Item (Non-Protected Data Item, NDI), i.e. the firmware system Data set Data, are: PDS ═ Set of PDI, NDS ═ Set of NDI, and DATA ═ PDS @ NDS. The UEFI firmware code trust level is divided into 3 levels: core Trusted Code (CTC), Ordinary Trusted Code (OTC), and untrusted Code (Un-Trusted Code, UTC), i.e. firmware system Code set Code is: CTS ═ Set of CTC, OTS ═ Set of OTC, UTS ═ Set of UTC, and CODE ═ CTS ═ OTS ≦ UTS. The core trusted code corresponds to the UEFI core code, the common trusted code corresponds to the basic code, and the non-trusted code is a code which cannot be proved to have the identity of a legal producer or a user, such as an external malicious code. Define allowed operation set: OPERATION ═ r, m, e }. Operation r allows data to be read, operation m allows data to be modified (including appends), and operation e allows code to be executed. And defining a code integrity authentication function, a code executable authentication function, a code generic authentication function and a data authentication function, namely realizing the behavior and access reference control of the code and the data in different operation processes. When code is loaded or a data item is accessed, the system calls a corresponding function to authenticate the loaded code or the accessed data item to determine the action allowed in the next step.

The perception features comprise a plurality of feature items, the model training module is configured with a credible feature value corresponding to each feature item, the model training module is associated with different information verification strategies corresponding to each perception feature, the model training module adjusts the credible feature value of the corresponding feature item according to verification result information so that the sum of the credible feature values of the perception features changes, and the model training module matches different information verification strategies to the perception information model for the perception features according to different ranges in which the sum of the credible feature values falls; on one hand, the model training module can adjust corresponding credible characteristic values of other characteristics according to partial results to determine corresponding verification strategies and perception characteristics (characteristic item sets), and the model training module further comprises a correlation adjustment strategy, when the verification result information is abnormal in safety, the correlation adjustment strategy extracts intrusion data characteristics from the verification result information, and calls corresponding characteristic items from a preset correlation information base according to the intrusion data characteristics and adjusts the credible characteristic values of the corresponding characteristic items. Therefore, the credible characteristic value corresponding to the characteristic item with the abnormal result can be dynamically adjusted, if the abnormal verification information is more, the information verification strategy corresponding to the corresponding perception characteristic is stricter, and if the safety verification result appears for a plurality of times, the corresponding perception strategy is relatively loose, so that the corresponding credible characteristic value can fulfill the aim of dynamically adjusting the safety standard of the whole system by the dimension of the characteristic item. The model training module further comprises an association adjustment strategy, when the verification result information is abnormal in safety, the association adjustment strategy extracts intrusion data characteristics from the verification result information, calls corresponding characteristic items from a preset association information base according to the intrusion data characteristics, and adjusts the credible characteristic values of the corresponding characteristic items. If the verification result information is security abnormal, the intrusion data feature can be called to analyze, for example, sensing the device type or the file type, or the transmission protocol easily causes data intrusion, and the information verification strategy can be changed by directly adjusting the credible feature value of the feature item of the associated data, so that the verification standard is improved. The idea of edge computing is introduced, cloud threat information and a knowledge base are issued to a security access device layer by a security policy mechanism and fused with security capability, so that the security capability sinks towards an edge position, the interaction delay with a platform is reduced, the network burden is lightened, the service processing is optimized, the security capability of a security capability cloud platform is preposed to a user layer and a terminal layer, the security service is provided nearby, the faster service response is provided, and the requirements of real-time performance and accuracy of the security access device are met. Meanwhile, unknown malicious features and attack behaviors are submitted to the cloud side on the end side, detection of the unknown malicious features and the attack behaviors is achieved by means of large-scale computing capacity and detection capacity of the cloud side, new security features and strategies are generated, so that security strategies are continuously and automatically generated and evolved, the security strategies are synchronized to the end side, a closed-loop mechanism of cloud-side linkage is achieved, and the security protection capacity of the internet of things terminal is effectively improved.

The license management subsystem 400 includes a start management module 410 and a right management module 420, the start management module 410 configures a plurality of control right instructions, each control right instruction corresponds to a start control right in a hardware system, the hardware system obtains the corresponding start control right when receiving one control right instruction, the start management module 410 obtains corresponding verification result information according to a start request of the hardware system, and if the verification result information meets a preset start condition, the start management module outputs the control right instruction to the hardware system; the trusted boot is started by a trusted root and is realized by a layer-by-layer trusted expansion mode: firstly, the credibility of system hardware and firmware is verified through a credible root, the credibility of an operating system bootstrap program is verified through a verification mechanism of the firmware, the credibility of an operating system kernel is verified through the operating system bootstrap program, and a credible operation environment is provided for an application by the operating system kernel so as to construct a complete trust chain in the system and guarantee the credible operation of the application. The method starts from a credible root, a current credible component loads a next credible component, the credibility of the next credible component is measured, and after the credible measurement is completed, the control right of the system is transferred to the next credible component. The next trusted component performs its function and measures the next trusted component. The confidence measure method typically accomplishes verification by calculating the integrity of the data for the next critical portion of the component and comparing it to a pre-calculated reference value for the integrity of the component. The trusted start requires that the trusted system is started before the CPU, the control right of the system is obtained, the trusted measurement is carried out on the system, and the control right is opened to the system only when the measurement passes. Therefore, the method can effectively prevent the trusted mechanism from being bypassed in the system starting process, and ensure the integrity of the trusted chain, thereby ensuring the initial state credibility of the system and improving the safety of the system.

In the scheme, the basic hardware configuration of the safety access equipment is oriented to the embedded field, the running software system is also a cut Linux system, and the trusted starting scheme is different from the traditional trusted starting scheme of the PC mainboard, so that the trusted starting process is simplified as follows: the TPCM is started before the CPU, the control right of a hardware system is obtained, the credibility measurement is carried out on a system bootstrap program, a system kernel and a memory initial disk, and the control right is opened to the system only when the measurement is passed. Therefore, the measurement of all related components in the trusted starting process is completed through the TPCM chip, the TPCM is started before the CPU, and the CPU is authorized to carry out the normal starting process only when the measurement passes, so that the initial state credibility of the system is ensured.

The specific scheme comprises the following steps: the TPCM is connected to the chip where the content is located through hardware, namely a reset signal of the MTK7621 is controlled through GPIO hardware connection, after the mainboard is electrified, the TPCM continuously resets the MTK7621 chip, reads all the content in the chip where the UBOOT, the kernel and the memory initial disk are located, compares the content with an expected value in the chip, ensures that the UBOOT, the kernel and the memory initial disk operated by the MTK7621 are measured, continues to operate if the measurement is consistent, and terminates to start if the measurement is inconsistent.

The authority management module is used for configuring a plurality of authority management instructions, each authority management instruction corresponds to a sensing device, when the sensing device receives the authority management instruction, the authority of the sensing device is configured according to the content of the authority management instruction, and the authority management instruction is generated according to the verification result information corresponding to the sensing device. Because different perception devices have different access authorities, the sensing device has the authorities of reading, writing, deleting, adding, searching, calling, calculating and the like in terms of authority behaviors, and has different device nodes and different storage physical environments in terms of scope. Therefore, the authority management instruction is generated according to the content, the corresponding authority is configured according to the verification result information, and specifically, two ways can be provided, one is that when the equipment needs a certain authority, a request is initiated, the authority is configured according to the authority management instruction after the verification of the corresponding verification information, and the other is that the normal behavior of the sensing equipment is monitored, the behavior of the sensing equipment is analyzed, the verification information is monitored and generated, and whether the corresponding authority is recovered or not is judged according to the serious result.

The node management subsystem 500 is provided with a trusted management unit 501 corresponding to each node of the internet of things, the node management subsystem 500 includes a trusted computing module 510, the trusted computing module 510 computes a trusted updating value according to verification result information and a total trusted feature value generated by the node in real time, the trusted management unit 501 is provided with a trusted metric value corresponding to each node, and the trusted computing module 510 updates the trusted metric value of the corresponding node through the trusted updating value. The whole internet of things system is composed of a plurality of nodes, so that the safety management is carried out on the communication part through a node management subsystem, and meanwhile, the credibility value of the nodes is generated through the calculation of the credibility value of the nodes.

On one hand, the reliability metric value can be used as a priority basis for the superior node to respond to the subordinate node. Each upper node canThe credit management unit 501 is configured with a plurality of trusted priority values, each trusted priority value is set corresponding to its subordinate node, the trusted priority value reflects the feedback priority of the superior node to the subordinate node, the node management subsystem is configured with a priority management module, and the priority management module generates a corresponding trusted priority value according to the relationship between the trusted metric values of the superior node and the subordinate node, and configures the trusted priority value in the trusted management unit. In the dynamic metric model proposed in this section, α is set as an upper node for performing the metric, β is set as a lower node to be measured, and α to β behavior metric values are obtained by comprehensively evaluating i behavior metric functions, so that a set of α to β behavior metric functions is represented as

Each one of which is

All values of (A) are [0,1 ]]In the meantime.

In the comprehensive evaluation of each behavior metric function, each behavior metric function is given different weight, and the weight is set as theta ═ theta₁,θ₂,......,θ_iIn which θ_nE is equal to or larger than theta, n is larger than or equal to 0 and is larger than or equal to i, and the following conditions are satisfied:

the behavior metric value of alpha to beta can be represented by a function Trust (alpha, beta, epsilon), wherein epsilon represents the time interval of the metric, the metric value of the node has timeliness and changes continuously according to time, and the value of Trust (alpha, beta, epsilon) is the value obtained by integrating the values of each behavior metric function after being endowed with corresponding weight, and is represented as:

through the series of calculation, the higher node alpha can obtain the behavior metric value of the lower node beta, the alpha is graded according to the metric value, different levels have different feedback control on the lower node, the higher the metric value is, the higher the credibility level of the lower node beta is, and the higher the feedback response priority degree of the alpha to the beta is.

The confidence level λ of a node is divided into k levels, i.e., λ ═ λ₁,λ₂,......,λ_k},0≤λ_k1, where 0 represents that the node is completely untrusted, 1 represents that the node is completely trusted, and λ is assumed in the set_u,λ_vE.g., λ, and u < v, then there is λ_u＜λ_v。

Setting the feedback response priority degree of the superior node alpha to the inferior node beta

There are k kinds, i.e.

Then it has the following correspondence with the confidence level of α and the behavior metric value of β derived from α:

the feedback response priority degree of the upper node alpha to the lower node beta is obtained after the behavior measurement of the nodes is completed, and the credible values of different nodes can be effectively obtained through the behavior measurement, so that the feedback response priority degree is graded according to the credible values, and the risk possibly encountered during data transmission is further reduced.

On the other hand, the reliability metric of the node may also be used as a basis for routing selection, and the node management subsystem 500 further includes a verification routing module, where the verification routing module is configured to manage a routing path obtained by verification information, and the verification routing module is configured with a routing calculation policy, where the routing calculation policy calculates the reliability metric, routing bandwidth, and residual energy of each node in the routing path to obtain routing decision data, and determines an optimal routing path according to the routing decision data. Firstly, formatting a remote certificate, wherein the contents of the external certificate of the node comprise node credibility, a timestamp, a node computing environment and other attributes; secondly, the signature method cancelled by the verifier has node traceability, can effectively protect the security requirement of the node anonymity, has higher security and practicability, meets the backward relevance, and has better environmental adaptability; finally, tracing can be performed according to the remote certification result, and the trusted state of the certification node can be tracked in real time.

Because the energy of the sensing layer nodes of the internet of things is limited and the communication distance of the sensing layer nodes is limited, data transmission among the sensing layer nodes can be completed through multiple hops. According to the scheme, on the basis of the credibility measurement of the sensing layer node and the remote certification scheme of the sensing layer node, the reasonable data transmission route is selected by the comprehensive internet of things network bandwidth and the credibility measurement value. The credible routing model is suitable for various communication environments of the mobile communication network and has the characteristics of self-adaption and active defense.

The data transmission of the sensing nodes comprises two actions of sending between the nodes and sending the data to the cluster head nodes by the nodes, a predecessor node can publish a data forwarding strategy in the data transmission process, a successor node can also publish a data forwarding strategy supported by the successor node, and the most reasonable data transmission route is calculated by combining the link bandwidth between the nodes and the credibility metric value of the nodes. And if the malicious nodes exist, isolating the malicious nodes and removing the perception network according to the credibility measurement model and the remote certification model. 1. When the node currently holding the data packet selects the next relay node, the node preferably needs to discover the adjacent nodes, and the information required to be returned by the adjacent nodes comprises the link bandwidth l of the adjacent nodes_bAdjacent node and the remaining energy of this node is e_b；

2. The adjacent nodes and the data packet holding nodes execute a remote protocol based on the dynamic trust of the nodes, if the adjacent nodes and the data packet holding nodes are mutually trusted, the nodes are used as alternative items, and if the adjacent nodes are not trusted, r nodes with the highest trust metric values are selected from the adjacent nodes and the data packet holding nodes according to a routing security strategy; then the adjacent node returns the bandwidth value thereof;

3. according to the link bandwidth l_bResidual energy ofQuantity e_bCalculating the next relay node according to the credible metric value of the node;

4. if the destination node has been reached, the calculation is stopped, otherwise the process goes to the second step.

The most reasonable data credible transmission route is calculated by combining the bandwidth, the credible measurement value and the energy, the credible route selection process is divided into a plurality of stages, and each stage is used for searching the most optimal next hop of the current data packet holding node, so that each stage carries out decision making and the multi-stage process of route selection is controlled.

Let a certain common node n_iThe data packet set generated in a certain time is D ═ D₁,D₂........D_nAccording to the formal description of the node, the data set has the characteristic of Df ═ TG_i,t_iAd }, wherein TG_iIs the network number of the credible group where the node is located, t_iThe reliability measure of the node is ad, and the ad is the destination address of data transmission. Wn at first_iCluster head node HN of cluster_iChanging Df to { TG ═_i,t_iAd sends its neighbor management node MN₁,...MN_j......,MN_m}， {MN₁,...MN_j......,MN_mTo MN_iSet of distances to ad is returned { f_d1,.....f_j.......f_dmAnd a set of confidence metrics for each node t₁,.....t_j.......t_m}。MN_iAccording to { f_d1,.....f_j.......f_dmAnd t₁,.....t_j.......t_mCalculate the next most suitable node to choose, let the node selection function be S (f)_di,t_i) The logical calculation process can be described as follows:

S(f_di,t_i) Comprising two parts, respectively a routing distance confidence metric balancing function Bdt (f)_di,t_i) And risk assessment function Rd (f)_di,t_i) Any routing is accompanied by a risk according to S (f)_di,t_i) Calculated value of (1), HN_iAnd finally selecting the most appropriate node. S (f)_di,t_i) Described asThe following:

S(f_di,t_i)＝λ₁Bdt(f_di,t_i)+λ₂Rd(f_di,t_i)，λ₁+λ₂＝1λ₁,λ₂determined according to the practical application environment of the mobile communication network, wherein Bdt (d)_i,t_i) The calculation process of (2) can introduce information entropy for smoothing:

Bdt(f_di,t_i)＝-(1-t_i)log(1-t_i)ψ(f_di)，ψ(f_di) Is a function of the evaluation of the performance of the route,

is according to S (f)_di,t_i) Calculated routing decision function, let b_i＝Bdt(f_di,t_i) It can be described as follows:

wherein (t)₁,t₂) Measure 2 thresholds for trust

In the scheme, the calculation capacity and energy of the sensing node are limited, and the storage capacity and the communication bandwidth are also severely limited, so that the existing safety mechanism is improved, and a new adjacent node selection mechanism is designed on the basis of the node credibility measurement to ensure the credibility of the data transmission routing relay node.

Of course, the above is only a typical example of the present invention, and besides, the present invention may have other embodiments, and all technical solutions formed by using equivalent substitutions or equivalent transformations fall within the scope of the claimed invention.

Claims

1. A perception device security verification system based on trusted computing 3.0 is characterized in that: the system comprises an information acquisition subsystem, a signature configuration subsystem, a model analysis subsystem and a license management subsystem;

the model analysis subsystem comprises a model generation module, a feature extraction module, a model verification module and a model training module, wherein the model generation module is used for training a perception information model, the perception information model comprises a plurality of perception features and information verification strategies corresponding to the perception features, the feature extraction module is used for extracting data features in verification information to generate the perception features, the model verification module acquires the corresponding information verification strategies from the perception information model according to the perception features obtained by the feature extraction module and verifies the verification information through the information verification strategies to obtain verification result information, the perception features comprise a plurality of feature items, the model training module is configured with a credible feature value corresponding to each feature item, and the model training module is associated with different information verification strategies corresponding to each perception feature, the model training module adjusts the credible characteristic value of the corresponding characteristic item according to the verification result information so as to change the credible characteristic value sum of the perception characteristic, and the model training module matches different information verification strategies for the perception characteristic to the perception information model according to different ranges in which the credible characteristic value sum falls;

2. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the feature extraction module comprises a signature verification strategy, the signature verification strategy is provided with a corresponding signature verification algorithm, the digital signature of the verification information is verified through the signature verification algorithm, and a signature feature item is generated, wherein the feature item comprises a signature feature item.

3. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: and the model training module also comprises an association adjustment strategy, when the verification result information is in security anomaly, the association adjustment strategy extracts intrusion data characteristics from the verification result information, calls corresponding characteristic items from a preset association information base according to the intrusion data characteristics, and adjusts the credible characteristic values of the corresponding characteristic items.

4. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the feature extraction module comprises a content verification strategy, the content verification strategy is provided with a plurality of user habit models, the user habit models correspond to a user setting, the content verification strategy extracts associated content data among the verification information according to the verification information of the sensing equipment corresponding to a user, and generates user feature items corresponding to the verification information according to the association relation among the associated content data, wherein the feature items comprise user feature items.

5. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the feature extraction module comprises an external immunity strategy, the external immunity strategy is connected with an external virus database and acquires virus feature data in real time to generate immunity features, if the immunity features appear in the verification information, corresponding virus feature items are generated, and the feature items comprise virus feature items.

6. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the feature extraction module is configured with a static trust database, the static trust database stores static trusted features, the static trusted features are obtained by extracting features of all executable programs of the internet of things system, each static trusted feature corresponds to an executable program, the feature extraction module generates corresponding static feature items according to corresponding static trusted features in verification information, and the feature items comprise the static feature items;

7. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the node management subsystem is provided with a credible management unit corresponding to each node of the Internet of things, the node management subsystem comprises a credible calculation module, the credible calculation module calculates a credible updating value according to verification result information and a credible feature total value generated by the nodes in real time, the credible management unit is provided with a credible measurement value corresponding to each node, and the credible calculation module updates the credible measurement value of the corresponding node through the credible updating value.

8. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 7 wherein: the node management subsystem is provided with a priority management module, and the priority management module generates a corresponding credible priority value according to the credible metric value relationship between the superior node and the subordinate node and configures the corresponding credible priority value in the credible management unit.

9. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 7 wherein: the node management subsystem further comprises a verification routing module, the verification routing module is used for managing a routing path obtained by verification information, the verification routing module is configured with a routing calculation strategy, the routing calculation strategy calculates a credibility metric value, routing bandwidth and residual energy of each node in the routing path to obtain routing decision data, and an optimal routing path is determined according to the routing decision data.

10. A trusted computing 3.0 based security authentication system for aware devices as claimed in claim 1 wherein: the signature configuration subsystem further comprises a signature updating module, the signature updating module sends complete signature configuration unit installation data to the corresponding node and obtains a digital signature of the corresponding node, the digital signature comprises an internet of things address of the corresponding node, the signature updating module sends an updating instruction to a target node, the updating instruction comprises the digital signature, and the target node obtains the signature configuration unit installation data from the corresponding node according to the digital signature to update the corresponding signature configuration unit.