CN107864040A - A kind of intelligent grid big data information management system based on safe cloud computing - Google Patents

A kind of intelligent grid big data information management system based on safe cloud computing Download PDF

Info

Publication number
CN107864040A
CN107864040A CN201711148551.2A CN201711148551A CN107864040A CN 107864040 A CN107864040 A CN 107864040A CN 201711148551 A CN201711148551 A CN 201711148551A CN 107864040 A CN107864040 A CN 107864040A
Authority
CN
China
Prior art keywords
cloud
region
cloud computing
information
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711148551.2A
Other languages
Chinese (zh)
Inventor
吴文勤
杨云
吕跃春
王�华
黄亮
汪靖杰
邵刚
赵杰
陈曦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
NangAn Power Supply Co of State Grid Chongqing Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
NangAn Power Supply Co of State Grid Chongqing Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, NangAn Power Supply Co of State Grid Chongqing Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201711148551.2A priority Critical patent/CN107864040A/en
Publication of CN107864040A publication Critical patent/CN107864040A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • H04L63/064Hierarchical key distribution, e.g. by multi-tier trusted parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of intelligent grid big data information management system based on safe cloud computing is claimed in the present invention, is related to two parts of cloud computing management and data safety management of intelligent grid.Cloud computing management relates generally to the region division of intelligent grid, it is responsible for by cloud computing center in each region, data safety management is mainly from top cloud, region cloud, three communication dimension combination Identity based encryptions (IBE) of terminal user, the agency of signature (IBS) based on mark re-encrypts scheme and provides secure communication service for cloud computing Governance framework, the digital certificate of traditional PKI (Public Key Infrastructure) is rather than relied on by using identity, the substantial amounts of resource for being used to calculate and communicate can be saved, and solves the unsafe problem of digital certificate in big data environment.

Description

A kind of intelligent grid big data information management system based on safe cloud computing
Technical field
The invention belongs to information security and the crossing domain of data mining., more particularly to a kind of intelligence of safe cloud computing Power network big data information management framework, mainly from top cloud, region cloud, three communication dimension combination identity cipherings of terminal user and generation Reason re-encrypts scheme and provides secure communication service for intelligent framework,.
Background technology
Intelligent grid is used in the works in many national electronics electric network reconstructions recently, instead of traditional power train System, compared with traditional power network, intelligent grid is all significantly improved in terms of efficiency, reliability, economy and electrical power services.Though Right intelligent grid brings some benefits to power network, but their deployment be typically limited to zonule (such as:In a city or In one small province), intelligent grid large scale deployment (such as:The technological difficulties of many are faced with China), its In it is important that information, information storage and information processing.Due to having substantial amounts of front end smart machine, existing bar Under part, it is a highly difficult thing to manage the bulk information received from these equipment, these data include selection, deployment, Monitoring and the data of analysis intelligent grid.Importantly, usually require to handle these information in real time in intelligent grid.It is any Delay may all cause serious consequence.
Intelligent grid information management is usually directed to three basic tasks:Information, information processing and information storage.For For information, because intelligent grid from the heterogeneous device of diverse location collects information, therefore main research challenge be as What builds the communication system of an isomery, and in order to tackle this challenge, it is some quite effective that many electric power scholars have been proposed Solution.For information processing, challenge is data integration, because information is from different autonomous devices, they Different data structures may be used, there is the solution that scholar proposes a data normalization in the recent period, it is mutual to solve data The problem of operational.However, how effectively to handle the substantial amounts of data received is still a huge challenge, it is existing Big data treatment technology is mainly based on cloud computing, the analysis work of external intelligent grid of some electric power enterprises based on cloud computing Complete.Mainly there are two kinds of thinkings:(1) intelligent grid and the attribute of cloud computing are analyzed, it was demonstrated that cloud computing is in intelligent grid The good selection of information management.(2) use-case of intelligent grid and the detail requirement of information management are discussed, and study cloud computing category Property, it was demonstrated that cloud computing meets the needs of intelligent grid.Both modes are disadvantageous in that:(1) cloud computing is only analyzed to put down The feasibility of platform.(2) specific design and security solution are not provided.
Intelligent grid information system is present in the heterogeneous network and distinct device being connected with internet, network and equipment room base Communicated in the information and data of ICP/IP protocol.ICP/IP protocol is established on three-way handshake protocol basis, the mistake of Handshake Protocol There is certain limitation in journey, certain unsafe factor itself be present, if ICP/IP protocol is using transmission data password, close in plain text Code and information etc., transmit easily detected and capture in plain text, if captured, it is possible to source IP address section occur and be tampered as other IP address, so as to reach the purpose for the data flow for stealing, forging transmission, threaten corresponding session and service;Because TCP can to data By the distribution being ensured of based on the confirmation for receiving data and to transmitted byte sequence number of transmission, once sequence number is ascertained And prediction, rogue attacks person can be connected to destination host and realize the transmission of false error data, trigger TCP sequence number deception.
The content of the invention
Present invention seek to address that above problem of the prior art.Propose one kind and can save and be largely used to calculate and lead to The resource of letter, and solve the big number of the intelligent grid based on safe cloud computing of the unsafe problem of digital certificate in big data environment According to information management system.Technical scheme is as follows:
A kind of intelligent grid big data information management system based on safe cloud computing, it mainly includes the peace of intelligent grid Complete two parts of cloud computing management module and data safety management module, secure cloud management of computing module are divided into three levels: Two levels of top layer, area level and terminal user's layer, wherein top layer and area level are made up of cloud computing center, and top layer includes cloud meter Calculation center, it is responsible for the data of common apparatus and the accumulation of region cloud computing center;Area level includes region cloud computing center, area Domain cloud computing center is responsible for the smart machine of specific region and handles the data of these equipment;Terminal user's layer includes terminal User's smart machine;Data safety management module allows the cloud computing center and end of related to entity, i.e. top and region End subscriber can be employed as encryption key or signature verification key, and the entity of bottom can encrypt number using these marks According to so that the entity with higher level securely communicates.
Further, the top cloud that the cloud of the top layer is made up of power station, delivery service or management service, top cloud it Under, there are some region clouds, be made up of general user's service and information storage, area level can be divided into several regions, Mei Gequ Domain can be configured by a region cloud computing center management by public cloud or private clound.
Further, the cloud computing center and region cloud computing center include following cloud computing service:
(1) infrastructure services:For all application programs and service provision requirements disposed in system.In intelligent grid The main task of information management, including information, information processing and information are stored in interior task quilt in this layer of service Perform;
(2) software service SaaS:Disposed in system head;
(3) platform service PaaS:PaaS provides instrument and the storehouse of exploitation cloud computing application program and service;
(4) data, services DaaS.
Further, the data safety management module includes following management process:
S31:Set a private cipher key maker PKG to provide master key for top cloud and region cloud, and can be new note The terminal user of volume provides safety certificate;
S32:Top cloud, region cloud and terminal user are identified by unique character string, and these character strings are used as adding Key or signature verification key;
S33:Each entity will obtain the private key associated with its identity, for decrypting confidential data;
S34:Confidential data will be sent to a higher entity of rank by each entity, i.e. terminal sends out confidential data Confidential data can only be sent to top cloud by the entity being sent in the cloud of region, the entity in the cloud of region;
S35:Each entity uses from the private key that PKG is obtained and carries out authentication to data;
S36:Identity Based Cryptography principle, PKG will be close using top cloud, region cloud and the identifier of terminal user and master Key generates private cipher key, and each entity can ensure Information Flow Security using Identity based encryption, in addition, either party It can use based on the signature of mark to carry out authentication to data sender;
Further, the step S33 key generation process is as follows:
S41:Set:Give a security parameter, PKG can generate a master key mk and one group of parameter params, PKG to All systems and terminal user distribute params;
S42:When receiving the mark TC of top cloud, using TC as input, by running private key extraction algorithm, PKG generations One private cipher key K associated with TCTC
S43:In the mark IS that information in receiving region cloud stores, using IS as input, extracted by running private key Algorithm, PKG generate a private cipher key K related to ISIS
S44:In the service identifiers A in receiving region cloud, using SerA as input, calculated by running private key extraction Method, PKG will generate a private cipher key K related to SerASerA
S45:When receiving the mark EU of terminal user, using EU as input, by running private key extraction algorithm, PKG A private cipher key K related to EU will be generatedEU
Further, the information storage encryption process in the region cloud is as follows:
S51:Each terminal user uses the parameter params stored in the cloud of region and mark IS, and operation IBE encryptions are calculated Method, information M is encrypted to ciphertext CIS
S52:Each region cloud stores mark IS and related private key K with informationIS, by running IBE decipherment algorithms, by ciphertext C decryption is information M.
Further, the information storage encryption process pushed up in cloud is as follows:
S61:Each information storage in the cloud of region runs IBE by using parameter params and the mark TC of top cloud AES, information M is encrypted to ciphertext CTC
S62:Each top cloud corresponding association identification IS and related private key KTC, by running IBE decipherment algorithms, by ciphertext CTCDecrypt as information M.
Further, it is as follows that what described information stored acts on behalf of re-encrypted process:
S71:Region cloud provides the private cipher key K of its ownIS, its mark IS and service A mark SerA conduct inputs, Information storage in the cloud of region generates the key RK of a re-encryptedIS→SerA
S72:Re-encrypted:Key RK is utilized during storage information in the cloud of regionIS→SerATo ciphertext CISAgain add It is close, obtain ciphertext CSerA
S73:Decryption service:Service A uses its private key KSerATo CSerAIt is decrypted.
Further, it is as follows to generate signature process by terminal user:
S81:Signature:Each terminal user uses the private key K associated with the mark EU of oneselfEUOne message M's of generation Signature sigma;
S82:Checking:Either party can use the mark EU of parameter params and terminal user, verify some message M Signature sigma;
Entity signature generating process in the cloud of region is as follows:
S91:Signature:Each information storage in the cloud of region can use the private cipher key K associated with its identityISCome Generate message M signature sigma;
S92:Checking:Either party can use parameter params and the mark IS of information storage to verify some message M Signature;
The signature generating process of the top cloud is as follows:
S101:Signature:Top cloud can use its mark TC and associated private key KTCTo generate message M signature sigma;
S102:Checking:Either party can verify some message M label using parameter params and top cloud mark TC Name σ is " receiving " or " refusal ".
Advantages of the present invention and have the beneficial effect that:
The present invention proposes a kind of intelligent grid big data information management system based on safe cloud computing, the master of the system It is to establish the cloud computing data management system of a hierarchical structure to want thought, and inhomogeneity is provided for information management and big data analysis The calculating service of type.Technique effect is as follows:(1) cloud computing technology is added in intelligent grid information management system, solves intelligence The problem of energy power network is unable to large scale deployment, and the platform of a low energy consumption and cost is provided, improve the utilization of resource Rate;(2) big data technology has been used in intelligent grid information management system, large-scale information management has been solved the problems, such as, is allowed to The information that magnanimity front end smart machine receives can quickly be handled.(3) a kind of Identity-based encryption, signature and agency are proposed The security solution of re-encryption, to solve the problems, such as the key safety in system proposed by the present invention.The security solution Main thought is:Allow related to entity, i.e., top cloud computing center, region cloud computing center and terminal user can It is used as encryption key or signature verification key.The entity of bottom can using these mark come encryption data, so as to it is higher The entity of rank securely communicates.This encipherment scheme rather than relies on traditional PKI (public keys bases by using identity Facility) digital certificate, the substantial amounts of resource for being used to calculate and communicate can be saved, and there is scalability.
Brief description of the drawings
Fig. 1 is the system construction drawing that the present invention provides preferred embodiment;
Fig. 2 is the feature cloud computing service cluster diagram of the present invention;
Fig. 3 is the Identity based encryption decryption service graph of the present invention;
Fig. 4 is the signature authentication service graph of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, detailed Carefully describe.Described embodiment is only the part of the embodiment of the present invention.
The present invention solve above-mentioned technical problem technical scheme be:
Fig. 1 is the system construction drawing of the present invention.It is related to cloud computing management and the data safety management two of intelligent grid Part.Intelligent grid cloud computing management can be divided into several regions, and each region is by a cloud computing center management, Ke Yitong Cross public cloud or private clound is configured.The effect of region cloud computing center be in region inner tube reason smart machine, and for from The information that these equipment receive provides initial treatment.In addition to the cloud computing center of region, an also special cloud computing Center, it is responsible for and handled the data of whole power network, in these cloud computing centers, can dispose following cloud computing clothes Business:
(1) infrastructure services (IaaS):This service form is the pillar of system.It is system in dispose it is all should With program and service provision requirements.The main task of information management in intelligent grid, such as information, information processing and information Storage, it is performed in this layer of service.
(2) software service (SaaS):Although IaaS is the basis of system, all intelligent grid services, which will be all deployed in, is The top of system.Such as, it is allowed to client is preserved or optimizes the service that their energy uses, and this can not just be realized in basal layer, is needed To be disposed in system head, it is typical such as GooglePower ammeters.
(3) platform service (PaaS):PaaS provides instrument and the storehouse of exploitation cloud computing application program and service.Automation Sale is a typical PaaS example, and it provides some storehouses, for some specific in automation sale or the exploitation of field force domain The application program of type.In intelligent grid field, because many application programs may need to follow special safety requirements, and And legal interception can be carried out, therefore possess one and integrated these demands to realize that the general PaaS of application program is very Useful.
(4) data, services (DaaS):DaaS can provide useful information for statistical fractals.Because intelligent grid data are led to Chang Feichang is big, and the user of statistical fractals is not only power consumer also includes the electricity provider of different stage, therefore is It is highly useful that user, which provides such statistical fractals,.
Fig. 2 is the feature cloud computing service cluster diagram of the present invention.In the cloud computing service of offer, IaaS is system Pillar, other services are divided into cluster by the function that we provide according to them, with streamlining management.In our framework, I Use following four major function cluster:
(1) information stores:This is primary storage, preserves all intelligent grid information received from front end smart machine.This A little information are transmitted by wired and radio channel, and for the purpose of optimization, statistical fractals also are located in this cluster.
(2) general user services:All services that such service is needed to use by user form.Typical example It is to allow user to monitor, control or optimize the service that their electric power facility uses.SaaS major function and for user take The PaaS that business provides platform service belongs to this cluster.
(3) control and management service:This kind of service includes all services needed for system administration, such as administers service, monitoring Service, task scheduling service and security service.
(4) distribution service:Such service is directly related with electric power distribution, such as distributes management service, optimization service Measured with service quality (QoS).
Fig. 3 is the Identity based encryption decryption service graph of the present invention;Private cipher key maker (PKG) firstly generates secret Key mk and common parameter params.Params will be given each part in intelligent framework.Once user have submitted By ID represent identity (identity information), PKG will by run private cipher key extraction algorithm calculate associated with ID it is privately owned Key KID, there is provided its master key mk is as input.Identity can be any character string, such as e-mail address, phone Number etc., any one people for possessing ID, by running AES, a ciphertext C is encrypted as by clear-text message M now. User decrypts it by running decipherment algorithm, and the algorithm provides the private cipher key K obtained from PKGIDAs input.It is specific real Apply as follows:
S1:Key generates
The program is based on a kind of Bilinear Pairing AES, e:G1×G1→G2, G1And G2It is the collection of q (prime number) rank Close, it has with properties:
1) bilinearity:For all set, havee(ga,hb)=e (g, h)ab
2) non-degeneracy:e(g,h)≠1.
3) for practicality, e must be effective and computable.
(1) set:PKG is based on Bilinear Pairing AES generation G1And G2, e:G1 × G1 → G2, a g is generated at random ∈G1, and make a hash function H1:{0,1}*→G1;H2:G2→{0,1}n, the size of plaintext is positive integer n.Then random choosing Select s ∈ ZqAnd calculate u=gs.Push up main key mk=s and one group of public parameter params=(G that cloud sets secrecy1,G2,e, g,u,H1,H2).PKG is by parametric distribution to top layer, region high in the clouds and terminal user.
(2) TC keys are extracted:When receiving the identity TC of top cloud, PKG calculates H1(TC)s∈G1And return to KTC=H1 (TC)sAs private key.
(3) IS keys are extracted:When the identity of information storage is received in the cloud of region, IS is expressed as, PKG calculates H1(IS)S ∈G1, and by KIS=H1(IS)SAs private key.
(4) service key is extracted:After the identity that service A is received in the region cloud that SerA is represented, PKG calculates H1 (SerA)s∈G1, and by KSerA=H1(SerA)sAs private key.
(5) user key is extracted:When receiving user identity EU, PKG calculates H1(EU)s∈G1, and by KEU=H1(EU )sReturned as private key.
S2:It is encrypted into top cloud
(1) encrypt:Any entity in the cloud of region can use parameter and the identity TC of top cloud to add information M It is close, it is as follows:First, r ∈ Z are randomly choosedq, calculate C1=grAnd C2=Me (u, H1(TC))r, finally export CTC=(C1, C2) it is used as ciphertext.
(2) decrypt:Use private key KTC=H1(TC)s, push up the ciphertext C that cloud will can receiveTC=(C1,C2) decryption be M, Wherein M=C2/(e(C1,KTC)。
S3:Information storage encryption
In addition to the change of identity, the AES of essentially all entity is all identical, and specific ciphering process is such as Under:
(1) encrypt:Message M is encrypted the identity IS that any end user can use parameter and information to store, It is as follows.First, r ∈ Z are selected at randomq, calculate C1=grAnd C2=Me (u, H1(IS))r.Finally, C is exportedIS=(C1, C2) it is used as ciphertext.
(2) decrypt:Use private key KIS=H1(IS)s, information storage can be by the ciphertext C of receptionIS=(C1,C2) decryption be M, wherein M=C2/e(C1,KIS)。
S4:Agency stores re-encrypted by information
(1) the private key K of oneself is providedIS, the identity SerA of its identity IS and server A is as input, the letter in the cloud of region Breath storage generation re-encrypted key.
(2) re-encrypted:Information storage in the cloud of region uses re-encrypted key RKIS→SerARe-encrypted ciphertext CIS, And obtain ciphertext CSerA
(3) decryption service:Service A uses its private key KSerADecrypt CSerA
Fig. 4 is the signature authentication service graph of the present invention;When user submits identity ID, PKG is come by using master key mk Calculate the K associated with IDID, by using KID, signature authentication creates corresponding signature by running symbolic algorithm for message M σ.Either party obtains information M, the identity of signer and signature sigma, can verify whether signature sigma is effective, specific implementation It is as follows:
S1:Key generates
Installation procedure is identical with Identity based encryption (IBE), and scheme is except another hash function H2:{ 0,1 }*→G1 Signature generation will be used for.Make mk=s0With params (parameters;Parameter array;Number of parameters)=(G1, G2, e, g0, u, H1, ), H2 whereinKey and a set of disclosed key parameter as PKG.
S2:Push up cloud signature generation
Use its private keyEach region cloud generation message M signature sigma is as follows:
(1) generation signature:First, g is calculated1=H1(TC)∈G1And gM=H1(TC,M)∈G1.Then, r ∈ Z are selectedqAnd And calculate σ1=κ gγM and σ2=g0 γ.Finally, σ=(σ is exported12) as signature.
(2) certification:Either party can verify signature sigma using message M, params and top cloud identity TC.Therefore, test Card person needs to confirm e (g01)=e (u, g1)e(σ2,gM)。
The above embodiment is interpreted as being merely to illustrate the present invention rather than limited the scope of the invention. After the content for having read the record of the present invention, technical staff can make various changes or modifications to the present invention, these equivalent changes Change and modification equally falls into the scope of the claims in the present invention.

Claims (9)

1. a kind of intelligent grid big data information management system based on safe cloud computing, it is characterised in that main to include intelligence Two parts of secure cloud management of computing module and data safety management module of power network, secure cloud management of computing module are divided into three Individual level:Two levels of top layer, area level and terminal user's layer, wherein top layer and area level are made up of cloud computing center, top layer Including top layer cloud computing center, the data that common apparatus and region cloud computing center accumulate are responsible for;Area level includes region Cloud computing center, region cloud computing center are responsible for the smart machine of specific region and handle the data of these equipment;Terminal Client layer includes end-user's mind equipment;Data safety management module allows related to entity, i.e. top and region Cloud computing center and terminal user can be employed as encryption key or signature verification key, and the entity of bottom can use these Mark carrys out encryption data, so that the entity with higher level securely communicates.
2. the intelligent grid big data information management system according to claim 1 based on safe cloud computing, its feature exist In the top cloud that the cloud of, the top layer is made up of power station, delivery service or management service, under the cloud of top, there are some regions Cloud, it is made up of general user's service and information storage, area level can be divided into several regions, and each region is by a region cloud Centre management, it can be configured by public cloud or private clound.
3. the intelligent grid big data information management system according to claim 1 or 2 based on safe cloud computing, its feature It is, the top layer cloud computing center and region cloud computing center include following cloud computing service:
(1) infrastructure services:For all application programs and service provision requirements disposed in system.Information in intelligent grid The main task of management, including information, information processing and information are stored in interior task and are performed in this layer of service;
(2) software service SaaS:Disposed in system head;
(3) platform service PaaS:PaaS provides instrument and the storehouse of exploitation cloud computing application program and service;
(4) data, services DaaS.
4. the intelligent grid big data information management system according to claim 1 or 2 based on safe cloud computing, its feature It is, the data safety management module includes following management process:
S31:Set a private cipher key maker PKG to provide master key for top cloud and region cloud, and can be new registration Terminal user provides safety certificate;
S32:Top cloud, region cloud and terminal user are identified by unique character string, and it is close that these character strings are used as into encryption Key or signature verification key;
S33:Each entity will obtain the private key associated with its identity, for decrypting confidential data;
S34:Confidential data will be sent to a higher entity of rank by each entity, i.e. confidential data is sent to by terminal Confidential data can only be sent to top cloud by the entity in the cloud of region, the entity in the cloud of region;
S35:Each entity uses from the private key that PKG is obtained and carries out authentication to data;
S36:Identity Based Cryptography principle, PKG give birth to identifier and master key using top cloud, region cloud and terminal user Into private cipher key, each entity can ensure Information Flow Security using Identity based encryption, in addition, either party may be used With using based on the signature of mark come to data sender carry out authentication.
5. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist In the step S33 key generation process is as follows:
S41:Set:Give a security parameter, PKG can generate a master key mk and one group of parameter params, PKG to all System and terminal user distribute params;
S42:When receiving the mark TC of top cloud, using TC as input, by running private key extraction algorithm, PKG generates one The private cipher key K associated with TCTC
S43:In the mark IS that information in receiving region cloud stores, using IS as inputting, by running private key extraction algorithm, PKG generates a private cipher key K related to ISIS
S44:In the service identifiers A in receiving region cloud, using SerA as input, by running private key extraction algorithm, PKG A private cipher key K related to SerA will be generatedSerA
S45:When receiving the mark EU of terminal user, using EU as input, by running private key extraction algorithm, PKG will give birth to The private cipher key K related to EU into oneEU
6. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist In the information storage encryption process in the region cloud is as follows:
S51:Each terminal user uses the parameter params stored in the cloud of region and mark IS, runs IBE AESs, Information M is encrypted to ciphertext CIS
S52:Each region cloud stores mark IS and related private key K with informationIS, by running IBE decipherment algorithms, ciphertext C is solved Close is information M.
7. the intelligent grid big data information management system according to claim 4 based on safe cloud computing, its feature exist In the information storage encryption process pushed up in cloud is as follows:
S61:Each information storage in the cloud of region is by using parameter params and the mark TC of top cloud, operation IBE encryptions Algorithm, information M is encrypted to ciphertext CTC
S62:Each top cloud corresponding association identification IS and related private key KTC, by running IBE decipherment algorithms, by ciphertext CTCSolution Close is information M.
8. the intelligent grid big data information management system according to claim 5 based on safe cloud computing, its feature exist In it is as follows that what described information stored acts on behalf of re-encrypted process:
S71:Region cloud provides the private cipher key K of its ownIS, its mark IS and service A mark SerA is as input, region Information storage in cloud generates the key RK of a re-encryptedIS→SerA
S72:Re-encrypted:Key RK is utilized during storage information in the cloud of regionIS→SerATo ciphertext CISRe-encrypted is carried out, is obtained To ciphertext CSerA
S73:Decryption service:Service A uses its private key KSerATo CSerAIt is decrypted.
9. the intelligent grid big data information management system according to claim 5 based on safe cloud computing, its feature exist In it is as follows that terminal user generates signature process:
S81:Signature:Each terminal user uses the private key K associated with the mark EU of oneselfEUGenerate message M signature σ;
S82:Checking:Either party can use the mark EU of parameter params and terminal user, verify some message M label Name σ;
Entity signature generating process in the cloud of region is as follows:
S91:Signature:Each information storage in the cloud of region can use the private cipher key K associated with its identityISTo generate Message M signature sigma;
S92:Checking:Either party can use parameter params and the mark IS of information storage to verify some message M label Name;
The signature generating process of the top cloud is as follows:
S101:Signature:Top cloud can use its mark TC and associated private key KTCTo generate message M signature sigma;
S102:Checking:Either party can verify some message M signature sigma using parameter params and top cloud mark TC It is " receiving " or " refusal ".
CN201711148551.2A 2017-11-17 2017-11-17 A kind of intelligent grid big data information management system based on safe cloud computing Pending CN107864040A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711148551.2A CN107864040A (en) 2017-11-17 2017-11-17 A kind of intelligent grid big data information management system based on safe cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711148551.2A CN107864040A (en) 2017-11-17 2017-11-17 A kind of intelligent grid big data information management system based on safe cloud computing

Publications (1)

Publication Number Publication Date
CN107864040A true CN107864040A (en) 2018-03-30

Family

ID=61702180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711148551.2A Pending CN107864040A (en) 2017-11-17 2017-11-17 A kind of intelligent grid big data information management system based on safe cloud computing

Country Status (1)

Country Link
CN (1) CN107864040A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924137A (en) * 2018-07-04 2018-11-30 吴科 Method for secret protection and system under a kind of environment of internet of things
CN110097017A (en) * 2019-05-09 2019-08-06 浙江天普胜电气有限公司 Power transmission network special type ammeter monitoring system and method
CN111130761A (en) * 2019-11-12 2020-05-08 丁爱民 Digital right identity identification method and system
CN112511490A (en) * 2020-10-29 2021-03-16 苏州达塔库自动化科技有限公司 Smart power grid safety communication method based on combined password
CN114567479A (en) * 2022-02-28 2022-05-31 中国科学院软件研究所 Intelligent equipment safety control reinforcement and monitoring early warning method
CN115426344A (en) * 2022-08-29 2022-12-02 高翔水表有限公司 Instrument remote communication control method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120310860A1 (en) * 2011-06-06 2012-12-06 Alcatel-Lucent Cloud-Based Demand Response
US20120310423A1 (en) * 2011-05-31 2012-12-06 Cisco Technology, Inc. Distributed intelligence architecture with dynamic reverse/forward clouding
CN104901948A (en) * 2015-04-15 2015-09-09 南方电网科学研究院有限责任公司 Encryption access control system and method based on hierarchical attributes in smart power grid
CN104993926A (en) * 2015-06-30 2015-10-21 南方电网科学研究院有限责任公司 Hierarchical key management system and method based on cloud computing in smart power grid
US9204208B2 (en) * 2011-12-16 2015-12-01 Basen Corporation Smartgrid energy-usage-data storage and presentation systems, devices, protocol, and processes including an announcement protocol

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120310423A1 (en) * 2011-05-31 2012-12-06 Cisco Technology, Inc. Distributed intelligence architecture with dynamic reverse/forward clouding
US20120310860A1 (en) * 2011-06-06 2012-12-06 Alcatel-Lucent Cloud-Based Demand Response
US9204208B2 (en) * 2011-12-16 2015-12-01 Basen Corporation Smartgrid energy-usage-data storage and presentation systems, devices, protocol, and processes including an announcement protocol
CN104901948A (en) * 2015-04-15 2015-09-09 南方电网科学研究院有限责任公司 Encryption access control system and method based on hierarchical attributes in smart power grid
CN104993926A (en) * 2015-06-30 2015-10-21 南方电网科学研究院有限责任公司 Hierarchical key management system and method based on cloud computing in smart power grid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JOONSANG BAEK: "A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid", 《IEEE TRANSACTIONS ON CLOUD COMPUTING》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924137A (en) * 2018-07-04 2018-11-30 吴科 Method for secret protection and system under a kind of environment of internet of things
CN110097017A (en) * 2019-05-09 2019-08-06 浙江天普胜电气有限公司 Power transmission network special type ammeter monitoring system and method
CN111130761A (en) * 2019-11-12 2020-05-08 丁爱民 Digital right identity identification method and system
CN111130761B (en) * 2019-11-12 2022-07-29 丁爱民 Digital right identity identification method and system
CN112511490A (en) * 2020-10-29 2021-03-16 苏州达塔库自动化科技有限公司 Smart power grid safety communication method based on combined password
CN114567479A (en) * 2022-02-28 2022-05-31 中国科学院软件研究所 Intelligent equipment safety control reinforcement and monitoring early warning method
CN115426344A (en) * 2022-08-29 2022-12-02 高翔水表有限公司 Instrument remote communication control method

Similar Documents

Publication Publication Date Title
CN103618728B (en) A kind of encryption attribute method at more mechanism centers
CN107864040A (en) A kind of intelligent grid big data information management system based on safe cloud computing
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
Chandu et al. Design and implementation of hybrid encryption for security of IOT data
CN101789865B (en) Dedicated server used for encryption and encryption method
CN106254324B (en) A kind of encryption method and device of storage file
CN102970299B (en) File safe protection system and method thereof
CN103795533B (en) Encryption based on identifier, the method and its performs device of decryption
CN101674304B (en) Network identity authentication system and method
CN111385306B (en) Anonymous authentication method and system based on anti-tampering device in smart power grid
CN106059768B (en) Encryption system and method can be revoked in the attribute for resisting re-encrypted private key leakage
CN104158827B (en) Ciphertext data sharing method, device, inquiry server and upload data client
CN104901942A (en) Distributed access control method for attribute-based encryption
US20160294553A1 (en) Information delivery system
CN107733654B (en) Intelligent equipment firmware updating and official user certificate distribution method based on combined key
CN104219228A (en) User registration and user identification method and user registration and user identification system
CN106789042A (en) User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN110535626A (en) The quantum communications service station secret communication method and system of identity-based
CN108011885A (en) A kind of E-mail encryption method and system based on group cipher system
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
Hasan et al. Encryption as a service for smart grid advanced metering infrastructure
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN110299993B (en) Remote safe meter reading method based on improved IBOOE algorithm
Kumar et al. Research issues related to cryptography algorithms and key generation for smart grid: A survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180330