CN107864040A - A kind of intelligent grid big data information management system based on safe cloud computing - Google Patents
A kind of intelligent grid big data information management system based on safe cloud computing Download PDFInfo
- Publication number
- CN107864040A CN107864040A CN201711148551.2A CN201711148551A CN107864040A CN 107864040 A CN107864040 A CN 107864040A CN 201711148551 A CN201711148551 A CN 201711148551A CN 107864040 A CN107864040 A CN 107864040A
- Authority
- CN
- China
- Prior art keywords
- cloud
- region
- cloud computing
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H04L63/064—Hierarchical key distribution, e.g. by multi-tier trusted parties
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
A kind of intelligent grid big data information management system based on safe cloud computing is claimed in the present invention, is related to two parts of cloud computing management and data safety management of intelligent grid.Cloud computing management relates generally to the region division of intelligent grid, it is responsible for by cloud computing center in each region, data safety management is mainly from top cloud, region cloud, three communication dimension combination Identity based encryptions (IBE) of terminal user, the agency of signature (IBS) based on mark re-encrypts scheme and provides secure communication service for cloud computing Governance framework, the digital certificate of traditional PKI (Public Key Infrastructure) is rather than relied on by using identity, the substantial amounts of resource for being used to calculate and communicate can be saved, and solves the unsafe problem of digital certificate in big data environment.
Description
Technical field
The invention belongs to information security and the crossing domain of data mining., more particularly to a kind of intelligence of safe cloud computing
Power network big data information management framework, mainly from top cloud, region cloud, three communication dimension combination identity cipherings of terminal user and generation
Reason re-encrypts scheme and provides secure communication service for intelligent framework,.
Background technology
Intelligent grid is used in the works in many national electronics electric network reconstructions recently, instead of traditional power train
System, compared with traditional power network, intelligent grid is all significantly improved in terms of efficiency, reliability, economy and electrical power services.Though
Right intelligent grid brings some benefits to power network, but their deployment be typically limited to zonule (such as:In a city or
In one small province), intelligent grid large scale deployment (such as:The technological difficulties of many are faced with China), its
In it is important that information, information storage and information processing.Due to having substantial amounts of front end smart machine, existing bar
Under part, it is a highly difficult thing to manage the bulk information received from these equipment, these data include selection, deployment,
Monitoring and the data of analysis intelligent grid.Importantly, usually require to handle these information in real time in intelligent grid.It is any
Delay may all cause serious consequence.
Intelligent grid information management is usually directed to three basic tasks:Information, information processing and information storage.For
For information, because intelligent grid from the heterogeneous device of diverse location collects information, therefore main research challenge be as
What builds the communication system of an isomery, and in order to tackle this challenge, it is some quite effective that many electric power scholars have been proposed
Solution.For information processing, challenge is data integration, because information is from different autonomous devices, they
Different data structures may be used, there is the solution that scholar proposes a data normalization in the recent period, it is mutual to solve data
The problem of operational.However, how effectively to handle the substantial amounts of data received is still a huge challenge, it is existing
Big data treatment technology is mainly based on cloud computing, the analysis work of external intelligent grid of some electric power enterprises based on cloud computing
Complete.Mainly there are two kinds of thinkings:(1) intelligent grid and the attribute of cloud computing are analyzed, it was demonstrated that cloud computing is in intelligent grid
The good selection of information management.(2) use-case of intelligent grid and the detail requirement of information management are discussed, and study cloud computing category
Property, it was demonstrated that cloud computing meets the needs of intelligent grid.Both modes are disadvantageous in that:(1) cloud computing is only analyzed to put down
The feasibility of platform.(2) specific design and security solution are not provided.
Intelligent grid information system is present in the heterogeneous network and distinct device being connected with internet, network and equipment room base
Communicated in the information and data of ICP/IP protocol.ICP/IP protocol is established on three-way handshake protocol basis, the mistake of Handshake Protocol
There is certain limitation in journey, certain unsafe factor itself be present, if ICP/IP protocol is using transmission data password, close in plain text
Code and information etc., transmit easily detected and capture in plain text, if captured, it is possible to source IP address section occur and be tampered as other
IP address, so as to reach the purpose for the data flow for stealing, forging transmission, threaten corresponding session and service;Because TCP can to data
By the distribution being ensured of based on the confirmation for receiving data and to transmitted byte sequence number of transmission, once sequence number is ascertained
And prediction, rogue attacks person can be connected to destination host and realize the transmission of false error data, trigger TCP sequence number deception.
The content of the invention
Present invention seek to address that above problem of the prior art.Propose one kind and can save and be largely used to calculate and lead to
The resource of letter, and solve the big number of the intelligent grid based on safe cloud computing of the unsafe problem of digital certificate in big data environment
According to information management system.Technical scheme is as follows:
A kind of intelligent grid big data information management system based on safe cloud computing, it mainly includes the peace of intelligent grid
Complete two parts of cloud computing management module and data safety management module, secure cloud management of computing module are divided into three levels:
Two levels of top layer, area level and terminal user's layer, wherein top layer and area level are made up of cloud computing center, and top layer includes cloud meter
Calculation center, it is responsible for the data of common apparatus and the accumulation of region cloud computing center;Area level includes region cloud computing center, area
Domain cloud computing center is responsible for the smart machine of specific region and handles the data of these equipment;Terminal user's layer includes terminal
User's smart machine;Data safety management module allows the cloud computing center and end of related to entity, i.e. top and region
End subscriber can be employed as encryption key or signature verification key, and the entity of bottom can encrypt number using these marks
According to so that the entity with higher level securely communicates.
Further, the top cloud that the cloud of the top layer is made up of power station, delivery service or management service, top cloud it
Under, there are some region clouds, be made up of general user's service and information storage, area level can be divided into several regions, Mei Gequ
Domain can be configured by a region cloud computing center management by public cloud or private clound.
Further, the cloud computing center and region cloud computing center include following cloud computing service:
(1) infrastructure services:For all application programs and service provision requirements disposed in system.In intelligent grid
The main task of information management, including information, information processing and information are stored in interior task quilt in this layer of service
Perform;
(2) software service SaaS:Disposed in system head;
(3) platform service PaaS:PaaS provides instrument and the storehouse of exploitation cloud computing application program and service;
(4) data, services DaaS.
Further, the data safety management module includes following management process:
S31:Set a private cipher key maker PKG to provide master key for top cloud and region cloud, and can be new note
The terminal user of volume provides safety certificate;
S32:Top cloud, region cloud and terminal user are identified by unique character string, and these character strings are used as adding
Key or signature verification key;
S33:Each entity will obtain the private key associated with its identity, for decrypting confidential data;
S34:Confidential data will be sent to a higher entity of rank by each entity, i.e. terminal sends out confidential data
Confidential data can only be sent to top cloud by the entity being sent in the cloud of region, the entity in the cloud of region;
S35:Each entity uses from the private key that PKG is obtained and carries out authentication to data;
S36:Identity Based Cryptography principle, PKG will be close using top cloud, region cloud and the identifier of terminal user and master
Key generates private cipher key, and each entity can ensure Information Flow Security using Identity based encryption, in addition, either party
It can use based on the signature of mark to carry out authentication to data sender;
Further, the step S33 key generation process is as follows:
S41:Set:Give a security parameter, PKG can generate a master key mk and one group of parameter params, PKG to
All systems and terminal user distribute params;
S42:When receiving the mark TC of top cloud, using TC as input, by running private key extraction algorithm, PKG generations
One private cipher key K associated with TCTC;
S43:In the mark IS that information in receiving region cloud stores, using IS as input, extracted by running private key
Algorithm, PKG generate a private cipher key K related to ISIS;
S44:In the service identifiers A in receiving region cloud, using SerA as input, calculated by running private key extraction
Method, PKG will generate a private cipher key K related to SerASerA;
S45:When receiving the mark EU of terminal user, using EU as input, by running private key extraction algorithm, PKG
A private cipher key K related to EU will be generatedEU;
Further, the information storage encryption process in the region cloud is as follows:
S51:Each terminal user uses the parameter params stored in the cloud of region and mark IS, and operation IBE encryptions are calculated
Method, information M is encrypted to ciphertext CIS;
S52:Each region cloud stores mark IS and related private key K with informationIS, by running IBE decipherment algorithms, by ciphertext
C decryption is information M.
Further, the information storage encryption process pushed up in cloud is as follows:
S61:Each information storage in the cloud of region runs IBE by using parameter params and the mark TC of top cloud
AES, information M is encrypted to ciphertext CTC。
S62:Each top cloud corresponding association identification IS and related private key KTC, by running IBE decipherment algorithms, by ciphertext
CTCDecrypt as information M.
Further, it is as follows that what described information stored acts on behalf of re-encrypted process:
S71:Region cloud provides the private cipher key K of its ownIS, its mark IS and service A mark SerA conduct inputs,
Information storage in the cloud of region generates the key RK of a re-encryptedIS→SerA;
S72:Re-encrypted:Key RK is utilized during storage information in the cloud of regionIS→SerATo ciphertext CISAgain add
It is close, obtain ciphertext CSerA;
S73:Decryption service:Service A uses its private key KSerATo CSerAIt is decrypted.
Further, it is as follows to generate signature process by terminal user:
S81:Signature:Each terminal user uses the private key K associated with the mark EU of oneselfEUOne message M's of generation
Signature sigma;
S82:Checking:Either party can use the mark EU of parameter params and terminal user, verify some message M
Signature sigma;
Entity signature generating process in the cloud of region is as follows:
S91:Signature:Each information storage in the cloud of region can use the private cipher key K associated with its identityISCome
Generate message M signature sigma;
S92:Checking:Either party can use parameter params and the mark IS of information storage to verify some message M
Signature;
The signature generating process of the top cloud is as follows:
S101:Signature:Top cloud can use its mark TC and associated private key KTCTo generate message M signature sigma;
S102:Checking:Either party can verify some message M label using parameter params and top cloud mark TC
Name σ is " receiving " or " refusal ".
Advantages of the present invention and have the beneficial effect that:
The present invention proposes a kind of intelligent grid big data information management system based on safe cloud computing, the master of the system
It is to establish the cloud computing data management system of a hierarchical structure to want thought, and inhomogeneity is provided for information management and big data analysis
The calculating service of type.Technique effect is as follows:(1) cloud computing technology is added in intelligent grid information management system, solves intelligence
The problem of energy power network is unable to large scale deployment, and the platform of a low energy consumption and cost is provided, improve the utilization of resource
Rate;(2) big data technology has been used in intelligent grid information management system, large-scale information management has been solved the problems, such as, is allowed to
The information that magnanimity front end smart machine receives can quickly be handled.(3) a kind of Identity-based encryption, signature and agency are proposed
The security solution of re-encryption, to solve the problems, such as the key safety in system proposed by the present invention.The security solution
Main thought is:Allow related to entity, i.e., top cloud computing center, region cloud computing center and terminal user can
It is used as encryption key or signature verification key.The entity of bottom can using these mark come encryption data, so as to it is higher
The entity of rank securely communicates.This encipherment scheme rather than relies on traditional PKI (public keys bases by using identity
Facility) digital certificate, the substantial amounts of resource for being used to calculate and communicate can be saved, and there is scalability.
Brief description of the drawings
Fig. 1 is the system construction drawing that the present invention provides preferred embodiment;
Fig. 2 is the feature cloud computing service cluster diagram of the present invention;
Fig. 3 is the Identity based encryption decryption service graph of the present invention;
Fig. 4 is the signature authentication service graph of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, detailed
Carefully describe.Described embodiment is only the part of the embodiment of the present invention.
The present invention solve above-mentioned technical problem technical scheme be:
Fig. 1 is the system construction drawing of the present invention.It is related to cloud computing management and the data safety management two of intelligent grid
Part.Intelligent grid cloud computing management can be divided into several regions, and each region is by a cloud computing center management, Ke Yitong
Cross public cloud or private clound is configured.The effect of region cloud computing center be in region inner tube reason smart machine, and for from
The information that these equipment receive provides initial treatment.In addition to the cloud computing center of region, an also special cloud computing
Center, it is responsible for and handled the data of whole power network, in these cloud computing centers, can dispose following cloud computing clothes
Business:
(1) infrastructure services (IaaS):This service form is the pillar of system.It is system in dispose it is all should
With program and service provision requirements.The main task of information management in intelligent grid, such as information, information processing and information
Storage, it is performed in this layer of service.
(2) software service (SaaS):Although IaaS is the basis of system, all intelligent grid services, which will be all deployed in, is
The top of system.Such as, it is allowed to client is preserved or optimizes the service that their energy uses, and this can not just be realized in basal layer, is needed
To be disposed in system head, it is typical such as GooglePower ammeters.
(3) platform service (PaaS):PaaS provides instrument and the storehouse of exploitation cloud computing application program and service.Automation
Sale is a typical PaaS example, and it provides some storehouses, for some specific in automation sale or the exploitation of field force domain
The application program of type.In intelligent grid field, because many application programs may need to follow special safety requirements, and
And legal interception can be carried out, therefore possess one and integrated these demands to realize that the general PaaS of application program is very
Useful.
(4) data, services (DaaS):DaaS can provide useful information for statistical fractals.Because intelligent grid data are led to
Chang Feichang is big, and the user of statistical fractals is not only power consumer also includes the electricity provider of different stage, therefore is
It is highly useful that user, which provides such statistical fractals,.
Fig. 2 is the feature cloud computing service cluster diagram of the present invention.In the cloud computing service of offer, IaaS is system
Pillar, other services are divided into cluster by the function that we provide according to them, with streamlining management.In our framework, I
Use following four major function cluster:
(1) information stores:This is primary storage, preserves all intelligent grid information received from front end smart machine.This
A little information are transmitted by wired and radio channel, and for the purpose of optimization, statistical fractals also are located in this cluster.
(2) general user services:All services that such service is needed to use by user form.Typical example
It is to allow user to monitor, control or optimize the service that their electric power facility uses.SaaS major function and for user take
The PaaS that business provides platform service belongs to this cluster.
(3) control and management service:This kind of service includes all services needed for system administration, such as administers service, monitoring
Service, task scheduling service and security service.
(4) distribution service:Such service is directly related with electric power distribution, such as distributes management service, optimization service
Measured with service quality (QoS).
Fig. 3 is the Identity based encryption decryption service graph of the present invention;Private cipher key maker (PKG) firstly generates secret
Key mk and common parameter params.Params will be given each part in intelligent framework.Once user have submitted
By ID represent identity (identity information), PKG will by run private cipher key extraction algorithm calculate associated with ID it is privately owned
Key KID, there is provided its master key mk is as input.Identity can be any character string, such as e-mail address, phone
Number etc., any one people for possessing ID, by running AES, a ciphertext C is encrypted as by clear-text message M now.
User decrypts it by running decipherment algorithm, and the algorithm provides the private cipher key K obtained from PKGIDAs input.It is specific real
Apply as follows:
S1:Key generates
The program is based on a kind of Bilinear Pairing AES, e:G1×G1→G2, G1And G2It is the collection of q (prime number) rank
Close, it has with properties:
1) bilinearity:For all set, havee(ga,hb)=e (g, h)ab。
2) non-degeneracy:e(g,h)≠1.
3) for practicality, e must be effective and computable.
(1) set:PKG is based on Bilinear Pairing AES generation G1And G2, e:G1 × G1 → G2, a g is generated at random
∈G1, and make a hash function H1:{0,1}*→G1;H2:G2→{0,1}n, the size of plaintext is positive integer n.Then random choosing
Select s ∈ ZqAnd calculate u=gs.Push up main key mk=s and one group of public parameter params=(G that cloud sets secrecy1,G2,e,
g,u,H1,H2).PKG is by parametric distribution to top layer, region high in the clouds and terminal user.
(2) TC keys are extracted:When receiving the identity TC of top cloud, PKG calculates H1(TC)s∈G1And return to KTC=H1
(TC)sAs private key.
(3) IS keys are extracted:When the identity of information storage is received in the cloud of region, IS is expressed as, PKG calculates H1(IS)S
∈G1, and by KIS=H1(IS)SAs private key.
(4) service key is extracted:After the identity that service A is received in the region cloud that SerA is represented, PKG calculates H1
(SerA)s∈G1, and by KSerA=H1(SerA)sAs private key.
(5) user key is extracted:When receiving user identity EU, PKG calculates H1(EU)s∈G1, and by KEU=H1(EU
)sReturned as private key.
S2:It is encrypted into top cloud
(1) encrypt:Any entity in the cloud of region can use parameter and the identity TC of top cloud to add information M
It is close, it is as follows:First, r ∈ Z are randomly choosedq, calculate C1=grAnd C2=Me (u, H1(TC))r, finally export CTC=(C1,
C2) it is used as ciphertext.
(2) decrypt:Use private key KTC=H1(TC)s, push up the ciphertext C that cloud will can receiveTC=(C1,C2) decryption be M,
Wherein M=C2/(e(C1,KTC)。
S3:Information storage encryption
In addition to the change of identity, the AES of essentially all entity is all identical, and specific ciphering process is such as
Under:
(1) encrypt:Message M is encrypted the identity IS that any end user can use parameter and information to store,
It is as follows.First, r ∈ Z are selected at randomq, calculate C1=grAnd C2=Me (u, H1(IS))r.Finally, C is exportedIS=(C1,
C2) it is used as ciphertext.
(2) decrypt:Use private key KIS=H1(IS)s, information storage can be by the ciphertext C of receptionIS=(C1,C2) decryption be
M, wherein M=C2/e(C1,KIS)。
S4:Agency stores re-encrypted by information
(1) the private key K of oneself is providedIS, the identity SerA of its identity IS and server A is as input, the letter in the cloud of region
Breath storage generation re-encrypted key.
(2) re-encrypted:Information storage in the cloud of region uses re-encrypted key RKIS→SerARe-encrypted ciphertext CIS,
And obtain ciphertext CSerA。
(3) decryption service:Service A uses its private key KSerADecrypt CSerA。
Fig. 4 is the signature authentication service graph of the present invention;When user submits identity ID, PKG is come by using master key mk
Calculate the K associated with IDID, by using KID, signature authentication creates corresponding signature by running symbolic algorithm for message M
σ.Either party obtains information M, the identity of signer and signature sigma, can verify whether signature sigma is effective, specific implementation
It is as follows:
S1:Key generates
Installation procedure is identical with Identity based encryption (IBE), and scheme is except another hash function H2:{ 0,1 }*→G1
Signature generation will be used for.Make mk=s0With params (parameters;Parameter array;Number of parameters)=(G1, G2, e, g0, u, H1,
), H2 whereinKey and a set of disclosed key parameter as PKG.
S2:Push up cloud signature generation
Use its private keyEach region cloud generation message M signature sigma is as follows:
(1) generation signature:First, g is calculated1=H1(TC)∈G1And gM=H1(TC,M)∈G1.Then, r ∈ Z are selectedqAnd
And calculate σ1=κ gγM and σ2=g0 γ.Finally, σ=(σ is exported1,σ2) as signature.
(2) certification:Either party can verify signature sigma using message M, params and top cloud identity TC.Therefore, test
Card person needs to confirm e (g0,σ1)=e (u, g1)e(σ2,gM)。
The above embodiment is interpreted as being merely to illustrate the present invention rather than limited the scope of the invention.
After the content for having read the record of the present invention, technical staff can make various changes or modifications to the present invention, these equivalent changes
Change and modification equally falls into the scope of the claims in the present invention.
Claims (9)
1. a kind of intelligent grid big data information management system based on safe cloud computing, it is characterised in that main to include intelligence
Two parts of secure cloud management of computing module and data safety management module of power network, secure cloud management of computing module are divided into three
Individual level:Two levels of top layer, area level and terminal user's layer, wherein top layer and area level are made up of cloud computing center, top layer
Including top layer cloud computing center, the data that common apparatus and region cloud computing center accumulate are responsible for;Area level includes region
Cloud computing center, region cloud computing center are responsible for the smart machine of specific region and handle the data of these equipment;Terminal
Client layer includes end-user's mind equipment;Data safety management module allows related to entity, i.e. top and region
Cloud computing center and terminal user can be employed as encryption key or signature verification key, and the entity of bottom can use these
Mark carrys out encryption data, so that the entity with higher level securely communicates.
2. the intelligent grid big data information management system according to claim 1 based on safe cloud computing, its feature exist
In the top cloud that the cloud of, the top layer is made up of power station, delivery service or management service, under the cloud of top, there are some regions
Cloud, it is made up of general user's service and information storage, area level can be divided into several regions, and each region is by a region cloud
Centre management, it can be configured by public cloud or private clound.
3. the intelligent grid big data information management system according to claim 1 or 2 based on safe cloud computing, its feature
It is, the top layer cloud computing center and region cloud computing center include following cloud computing service:
(1) infrastructure services:For all application programs and service provision requirements disposed in system.Information in intelligent grid
The main task of management, including information, information processing and information are stored in interior task and are performed in this layer of service;
(2) software service SaaS:Disposed in system head;
(3) platform service PaaS:PaaS provides instrument and the storehouse of exploitation cloud computing application program and service;
(4) data, services DaaS.
4. the intelligent grid big data information management system according to claim 1 or 2 based on safe cloud computing, its feature
It is, the data safety management module includes following management process:
S31:Set a private cipher key maker PKG to provide master key for top cloud and region cloud, and can be new registration
Terminal user provides safety certificate;
S32:Top cloud, region cloud and terminal user are identified by unique character string, and it is close that these character strings are used as into encryption
Key or signature verification key;
S33:Each entity will obtain the private key associated with its identity, for decrypting confidential data;
S34:Confidential data will be sent to a higher entity of rank by each entity, i.e. confidential data is sent to by terminal
Confidential data can only be sent to top cloud by the entity in the cloud of region, the entity in the cloud of region;
S35:Each entity uses from the private key that PKG is obtained and carries out authentication to data;
S36:Identity Based Cryptography principle, PKG give birth to identifier and master key using top cloud, region cloud and terminal user
Into private cipher key, each entity can ensure Information Flow Security using Identity based encryption, in addition, either party may be used
With using based on the signature of mark come to data sender carry out authentication.
5. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist
In the step S33 key generation process is as follows:
S41:Set:Give a security parameter, PKG can generate a master key mk and one group of parameter params, PKG to all
System and terminal user distribute params;
S42:When receiving the mark TC of top cloud, using TC as input, by running private key extraction algorithm, PKG generates one
The private cipher key K associated with TCTC;
S43:In the mark IS that information in receiving region cloud stores, using IS as inputting, by running private key extraction algorithm,
PKG generates a private cipher key K related to ISIS;
S44:In the service identifiers A in receiving region cloud, using SerA as input, by running private key extraction algorithm, PKG
A private cipher key K related to SerA will be generatedSerA;
S45:When receiving the mark EU of terminal user, using EU as input, by running private key extraction algorithm, PKG will give birth to
The private cipher key K related to EU into oneEU。
6. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist
In the information storage encryption process in the region cloud is as follows:
S51:Each terminal user uses the parameter params stored in the cloud of region and mark IS, runs IBE AESs,
Information M is encrypted to ciphertext CIS;
S52:Each region cloud stores mark IS and related private key K with informationIS, by running IBE decipherment algorithms, ciphertext C is solved
Close is information M.
7. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist
In the information storage encryption process pushed up in cloud is as follows:
S61:Each information storage in the cloud of region is by using parameter params and the mark TC of top cloud, operation IBE encryptions
Algorithm, information M is encrypted to ciphertext CTC。
S62:Each top cloud corresponding association identification IS and related private key KTC, by running IBE decipherment algorithms, by ciphertext CTCSolution
Close is information M.
8. the intelligent grid big data information management system according to claim 5 based on safe cloud computing, its feature exist
In it is as follows that what described information stored acts on behalf of re-encrypted process:
S71:Region cloud provides the private cipher key K of its ownIS, its mark IS and service A mark SerA is as input, region
Information storage in cloud generates the key RK of a re-encryptedIS→SerA;
S72:Re-encrypted:Key RK is utilized during storage information in the cloud of regionIS→SerATo ciphertext CISRe-encrypted is carried out, is obtained
To ciphertext CSerA;
S73:Decryption service:Service A uses its private key KSerATo CSerAIt is decrypted.
9. the intelligent grid big data information management system according to claim 5 based on safe cloud computing, its feature exist
In it is as follows that terminal user generates signature process:
S81:Signature:Each terminal user uses the private key K associated with the mark EU of oneselfEUGenerate message M signature
σ;
S82:Checking:Either party can use the mark EU of parameter params and terminal user, verify some message M label
Name σ;
Entity signature generating process in the cloud of region is as follows:
S91:Signature:Each information storage in the cloud of region can use the private cipher key K associated with its identityISTo generate
Message M signature sigma;
S92:Checking:Either party can use parameter params and the mark IS of information storage to verify some message M label
Name;
The signature generating process of the top cloud is as follows:
S101:Signature:Top cloud can use its mark TC and associated private key KTCTo generate message M signature sigma;
S102:Checking:Either party can verify some message M signature sigma using parameter params and top cloud mark TC
It is " receiving " or " refusal ".
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711148551.2A CN107864040A (en) | 2017-11-17 | 2017-11-17 | A kind of intelligent grid big data information management system based on safe cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711148551.2A CN107864040A (en) | 2017-11-17 | 2017-11-17 | A kind of intelligent grid big data information management system based on safe cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107864040A true CN107864040A (en) | 2018-03-30 |
Family
ID=61702180
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711148551.2A Pending CN107864040A (en) | 2017-11-17 | 2017-11-17 | A kind of intelligent grid big data information management system based on safe cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107864040A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924137A (en) * | 2018-07-04 | 2018-11-30 | 吴科 | Method for secret protection and system under a kind of environment of internet of things |
CN110097017A (en) * | 2019-05-09 | 2019-08-06 | 浙江天普胜电气有限公司 | Power transmission network special type ammeter monitoring system and method |
CN111130761A (en) * | 2019-11-12 | 2020-05-08 | 丁爱民 | Digital right identity identification method and system |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN114567479A (en) * | 2022-02-28 | 2022-05-31 | 中国科学院软件研究所 | Intelligent equipment safety control reinforcement and monitoring early warning method |
CN115426344A (en) * | 2022-08-29 | 2022-12-02 | 高翔水表有限公司 | Instrument remote communication control method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120310860A1 (en) * | 2011-06-06 | 2012-12-06 | Alcatel-Lucent | Cloud-Based Demand Response |
US20120310423A1 (en) * | 2011-05-31 | 2012-12-06 | Cisco Technology, Inc. | Distributed intelligence architecture with dynamic reverse/forward clouding |
CN104901948A (en) * | 2015-04-15 | 2015-09-09 | 南方电网科学研究院有限责任公司 | Encryption access control system and method based on hierarchical attributes in smart power grid |
CN104993926A (en) * | 2015-06-30 | 2015-10-21 | 南方电网科学研究院有限责任公司 | Hierarchical key management system and method based on cloud computing in smart power grid |
US9204208B2 (en) * | 2011-12-16 | 2015-12-01 | Basen Corporation | Smartgrid energy-usage-data storage and presentation systems, devices, protocol, and processes including an announcement protocol |
-
2017
- 2017-11-17 CN CN201711148551.2A patent/CN107864040A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120310423A1 (en) * | 2011-05-31 | 2012-12-06 | Cisco Technology, Inc. | Distributed intelligence architecture with dynamic reverse/forward clouding |
US20120310860A1 (en) * | 2011-06-06 | 2012-12-06 | Alcatel-Lucent | Cloud-Based Demand Response |
US9204208B2 (en) * | 2011-12-16 | 2015-12-01 | Basen Corporation | Smartgrid energy-usage-data storage and presentation systems, devices, protocol, and processes including an announcement protocol |
CN104901948A (en) * | 2015-04-15 | 2015-09-09 | 南方电网科学研究院有限责任公司 | Encryption access control system and method based on hierarchical attributes in smart power grid |
CN104993926A (en) * | 2015-06-30 | 2015-10-21 | 南方电网科学研究院有限责任公司 | Hierarchical key management system and method based on cloud computing in smart power grid |
Non-Patent Citations (1)
Title |
---|
JOONSANG BAEK: "A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid", 《IEEE TRANSACTIONS ON CLOUD COMPUTING》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924137A (en) * | 2018-07-04 | 2018-11-30 | 吴科 | Method for secret protection and system under a kind of environment of internet of things |
CN110097017A (en) * | 2019-05-09 | 2019-08-06 | 浙江天普胜电气有限公司 | Power transmission network special type ammeter monitoring system and method |
CN111130761A (en) * | 2019-11-12 | 2020-05-08 | 丁爱民 | Digital right identity identification method and system |
CN111130761B (en) * | 2019-11-12 | 2022-07-29 | 丁爱民 | Digital right identity identification method and system |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN114567479A (en) * | 2022-02-28 | 2022-05-31 | 中国科学院软件研究所 | Intelligent equipment safety control reinforcement and monitoring early warning method |
CN115426344A (en) * | 2022-08-29 | 2022-12-02 | 高翔水表有限公司 | Instrument remote communication control method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103618728B (en) | A kind of encryption attribute method at more mechanism centers | |
CN107864040A (en) | A kind of intelligent grid big data information management system based on safe cloud computing | |
CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
Chandu et al. | Design and implementation of hybrid encryption for security of IOT data | |
CN101789865B (en) | Dedicated server used for encryption and encryption method | |
CN106254324B (en) | A kind of encryption method and device of storage file | |
CN102970299B (en) | File safe protection system and method thereof | |
CN103795533B (en) | Encryption based on identifier, the method and its performs device of decryption | |
CN101674304B (en) | Network identity authentication system and method | |
CN111385306B (en) | Anonymous authentication method and system based on anti-tampering device in smart power grid | |
CN106059768B (en) | Encryption system and method can be revoked in the attribute for resisting re-encrypted private key leakage | |
CN104158827B (en) | Ciphertext data sharing method, device, inquiry server and upload data client | |
CN104901942A (en) | Distributed access control method for attribute-based encryption | |
US20160294553A1 (en) | Information delivery system | |
CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
CN104219228A (en) | User registration and user identification method and user registration and user identification system | |
CN106789042A (en) | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains | |
CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
CN108011885A (en) | A kind of E-mail encryption method and system based on group cipher system | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
Hasan et al. | Encryption as a service for smart grid advanced metering infrastructure | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
CN110299993B (en) | Remote safe meter reading method based on improved IBOOE algorithm | |
Kumar et al. | Research issues related to cryptography algorithms and key generation for smart grid: A survey |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180330 |