CN112417494A

CN112417494A - Power block chain system based on trusted computing

Info

Publication number: CN112417494A
Application number: CN202011155484.9A
Authority: CN
Inventors: 颜拥; 郭少勇; 姚影; 孙歆; 韩嘉佳; 苏夭弘; 邱雪松
Original assignee: Beijing University of Posts and Telecommunications; Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Current assignee: Beijing University of Posts and Telecommunications; Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date: 2020-10-26
Filing date: 2020-10-26
Publication date: 2021-02-26

Abstract

The invention relates to the technical field of trusted authentication, and provides a power block chain system based on trusted computing, which comprises an authorization service chain, a log service chain and a remote certification chain; trusted chips are arranged in block chain nodes of the authorization service chain, the log service chain and the remote certification chain; the log service chain measures the credit value of the acquisition layer terminal in real time through a malicious node detection mechanism based on an intelligent contract, finds the terminal in time and removes the terminal out of a network, and prevents a malicious terminal from issuing malicious data; the log service chain and the remote verification chain carry out remote integrity verification on the terminal requesting to access the system through the trusted chip; and the authorization service link carries out policy verification on the terminal requesting to access the system. The system detects the access authority of the visitor through integrity certification and access strategy verification, ensures the credibility of the access terminal, maintains the safe and credible operation of the power block chain system in an all-round way, and protects the private data in the power block chain.

Description

Power block chain system based on trusted computing

Technical Field

The invention relates to the technical field of trusted authentication, in particular to a power block chain system based on trusted computing.

Background

The decentralized technology of the block chain provides a reliable solution for the problems of massive data and high concurrency in the power internet of things, but as most of the block chains operate in a public and transparent environment, the block chains are easily attacked maliciously, and sensitive data are leaked.

The chinese patent No. 2019108105818 discloses a ubiquitous power internet of things data transmission system, which provides a power grid data transmission solution architecture combining a blockchain technology and an edge computing technology, and can provide data transmission security guarantee of a local area network for a ubiquitous power internet of things, namely, the hidden danger that data is tampered in the power grid communication transmission process is effectively avoided through the block chain technology, and considerable computing resources and storage resources are required by the system architecture based on the block chain, in order to better adapt to the computational power and memory resources required in the use process of the decentralized design and intelligent contract technology of the block chain architecture, an edge computing solution is also introduced, can realize distributed computing and storage network, reduce network congestion, accelerate network response, therefore, resources can be utilized more fully, and the disaster tolerance capability of the whole power communication network is improved.

Although the scheme eliminates the centralized hidden danger based on the block chain, the risk of data tampering is reduced, and the edge calculation technology reduces the reaction time delay, the safety problem of the access terminal is not considered, whether the terminal is credible or not can not be judged in real time, and serious potential safety hazards are brought.

The chinese patent with the patent number of 2019100116814 discloses an electric power internet of things terminal identity authentication method based on a block chain, and the characteristics of decentralized block chain are utilized to improve data storage centralization, and the existing state of the centralization of the internet of things structure reduces the excessive dependence of the electric power internet of things on the central structure, and prevents the paralysis of the whole electric power internet of things caused by the damage of the central structure. Although the low-cost terminal access system of the power internet of things is realized, the traditional block chain consensus mechanism consumes a large amount of time and calculation power, is not suitable for a scene with a high real-time requirement, and brings a serious privacy disclosure problem if block chain nodes work in an open network environment and are attacked maliciously.

The invention discloses a method for lightweight identity authentication of a sensing terminal, and aims to overcome the defect that a traditional Public Key Infrastructure (PKI) authentication system is inapplicable due to counterfeit access of an electric power internet of things sensing terminal in the prior art, and a method suitable for safe access of the electric power sensing terminal is designed by combining the actual application condition of sensing terminal access in an electric power internet of things service scene, so that the method for lightweight identity authentication of the electric power internet of things sensing terminal is provided. Although the invention realizes lightweight authentication based on a certain security level, the edge authentication server has a centralized hidden danger, and if the edge server is paralyzed or attacked by a malicious visitor, the authentication system is paralyzed.

Therefore, how to maintain the safety of the blockchain network environment and the private data in the blockchain under the premise of ensuring the service efficiency of the power blockchain is a matter that needs to be solved by those skilled in the art.

Disclosure of Invention

The technical problem to be solved by the invention is to overcome the defect that the existing blockchain network environment and the security of the private data in the blockchain are insufficient, and provide a power blockchain system based on trusted computing to maintain the security of the blockchain network environment and the private data in the blockchain on the premise of ensuring the service efficiency of the power blockchain.

In order to achieve the purpose, the invention is realized by the following technical scheme: the power block chain system based on the trusted computing comprises an authorization service chain, a log service chain and a remote certification chain; trusted chips are arranged in block chain nodes of the authorization service chain, the log service chain and the remote certification chain; the log service chain detects the acquisition terminal in real time through a malicious node detection scheme based on an intelligent contract, and eliminates suspicious terminals with lower credit values; the authorization service chain can carry out policy verification on a terminal accessing the system; the remote verification chain can perform remote integrity verification on the access terminal.

The further preferable scheme of the invention is as follows: the terminal of the request access system is configured with a trusted chip, and signature verification keys in the trusted chip of the terminal of the request access system are bound with the trusted chips one by one and stored in the remote certification chain; and the remote certification chain issues a certificate for the terminal requesting to access the system when verifying the authenticity of the secret key.

The further preferable scheme of the invention is as follows: when the system is initialized, the trusted chip performs static integrity measurement on the system before all application programs run, and generates an integrity value; when the system runs, the trusted chip measures the running condition integrity of each application program and each module, the generated integrity measurement value is stored in a trusted register in the TPM, and all steps in the integrity measurement process are recorded through log tracking.

The further preferable scheme of the invention is as follows: the trusted chip contains a private key pair for signature verification and signature verification of integrity information for remote integrity certification; the process of the remote integrity certification is as follows:

1) the supplicant extracts log information of the integrity measurement and signs using the signing key, provides the signed message to the verifier,

ISM＝Sign_Isk(M_Log,Pval)

wherein ISM signed message, Isk is signature key, M_LogFor partial integrity information in the TPM log, Pval is an integrity measurement value of a requester; in order to ensure the real-time performance of the message, a requester needs to attach timestamp information, and the finally sent message is { ISM, Ts };

2) after the verifier receives the message, the real-time property of the message is verified according to the clock information of the verifier, and the system sets an overtime threshold T_resIf T-Ts is satisfied<T_resIf yes, the verifier starts to verify;

M_Log,Pval＝Ver_Ivk(ISM)

wherein Ivk is an authentication key; the verifier uses the log message M to the log requester again using the integrity verification module-IVM_LogThe integrity verification is carried out and the integrity verification is carried out,

val′＝IVM(M_Log)

and comparing whether the Pval' is consistent with the received Pval, if so, successfully verifying, and otherwise, failing to verify.

The further preferable scheme of the invention is as follows: the authorization service chain comprises a trusted CA server, the log service chain comprises a trusted server, and the remote attestation chain comprises a trusted verification server; and each trusted server in the authorization service chain, the log service chain and the remote certification chain generates a self public and private key pair by adopting a symmetric encryption algorithm through a trusted chip and stores the public key information into the block chain.

The further preferable scheme of the invention is as follows: the authorized service chain randomly selects a node to generate a block chain master key pair (ASC)_MPUK,ASC_MPrK) And synchronizing to the blockchain network;

the log service chain randomly selects a node to generate a blockchain master key pair (LSC)_MPUK,LSC_MPrK) And synchronizing to the blockchain network; the remote chain of credentials randomly selects a node to generate a blockchain master key pair (ROC)_MPUK,ROC_MPrK) And synchronizing to the blockchain network; the authorized service chain needs to set a parameter L ═ (p, a, b, G, n) for the system, to determine an elliptic curve E in the finite field gf (p), in order to systematically encrypt communications;

the authorization service chain negotiates a session key with the remote attestation chain and the log service chain.

The further preferable scheme of the invention is as follows: the log service chain evaluates the credibility of the terminal of the acquisition layer in real time through a malicious node detection method based on an intelligent contract, and inspects the terminal with a low credibility value in time so as to maintain the credibility of the system operation environment.

The further preferable scheme of the invention is as follows: the intelligent contract structure adopted in the intelligent contract-based malicious node detection method is as follows:

SC-ASC＝(LS，ES，Sen，θ，P，σ，Loc，Tim)

the LS is a leader trusted server and is responsible for issuing the intelligent contract; ES is contract execution server, Sen is to-be-detected acquisition terminal, sigma is evaluation index (PLR, MDR, CDR, HBR)_T) P is the credit score, sigma is the threshold value, and Loc is the position of the node to be detected.

The further preferable scheme of the invention is as follows: the malicious node detection method based on the intelligent contract comprises the following steps:

the method comprises the following steps: the ES firstly checks whether the timestamp information verification message of the forwarded message of the terminal to be detected is out of date or not, and discards the data packet if the message is out of date;

the system records the overtime record of each node and sets a threshold value sigma_TWhen the rate of overtime messages of a node exceeds an initial threshold value sigma within a certain time_TIf yes, directly judging the node as a malicious node;

step two: and then LS detects the position information in the message, if the position information is seriously distorted, the current communication is directly judged to be malicious communication, the malicious data packet is recorded and discarded, and the system also sets a threshold value sigma_LocWhen the ratio of the position distortion messages of the node exceeds an initial threshold value sigma within a certain time_LocIf yes, directly judging the node as a malicious node;

step three: after the timestamp information and the position information are verified, the system preliminarily judges that the current communication is normal communication, receives a data packet and judges a credible score value of the current communication by calculating packet loss rate, message delay rate, communication delay rate and historical behavior;

step four: and eliminating the terminals with the credible score values lower than the threshold value.

The further preferable scheme of the invention is as follows: the calculation standard of the Packet Loss Rate is as follows:

wherein n is_recvFor the number of successfully received data packets, n_sendAll the sent data packets in the current time interval;

the calculation standard of the Message Delay Rate is as follows:

the time delay is increased when the malicious node processes the data, in order to ensure the real-time performance of the data, the system records the time from the data acquisition to the data forwarding of the current acquisition terminal, and simultaneously sets a time interval T_dCalculating message delay rate

The calculation standard of the Communication Delay Rate is as follows:

the response time of the malicious node is longer than that of the common node, the system records the complete time from the request reception of the node to be detected to the response reception of the requester in a certain time interval, and the time delay mainly aims at the message on the communication link

CDR＝(T_hd+T_td)/T_e

T_td＝Ms/Nb+pd/ts

Wherein T is_hdFor processing time, T_tdFor message propagation time, Ms is the current message size, Nb is the network bandwidth, and pd is the propagation distanceTs is the propagation velocity and Te is the preset time interval;

the calculation criteria for the historical behavior are as follows:

the malicious nodes usually communicate continuously in a certain interval, the system calculates the ratio of the malicious information to the normal information of the nodes to be detected in a certain time interval,

HBR_T＝Num_MB/Num_NB+Num_MB

wherein Num_MBNumber of times of malicious communication, Num_NBT is a set time interval for the number of normal communication;

the Score Communication Score of the current Communication of the nodes to be detected is as follows:

CS＝λ₁*PLR+λ₂*MDR+λ₃*CDR+λ₄HBR_T

satisfy lambda₁+λ₂+λ₃+λ₄＝1；

The system sets a threshold value K, if CS is less than or equal to K, the current communication is normal communication, and otherwise, the communication is malicious communication;

node communication total credibility P to be detected is node malicious communication times N_MBAnd the number of normal communications N_NBDetermining;

the system sets a threshold value sigma, and when P is less than or equal to sigma, the acquisition terminal is recorded as a malicious terminal;

and the LS publishes malicious node information to the whole network through a consensus mechanism and kicks the malicious node information out of the trusted network.

In conclusion, the invention has the following beneficial effects: the invention provides a power block chain guarantee mechanism based on trusted computing by combining the characteristics of a block chain and a power internet of things. A trusted platform module (trusted chip) is introduced into the block chain node server, so that the credibility of the operating environment of the server is ensured. An algorithm for monitoring the malicious acquisition terminal in real time based on the credibility is designed in the acquisition layer, so that the malicious terminal is prevented from issuing malicious data. Meanwhile, the system detects the access authority of the visitor through integrity certification and access policy verification, so that the credibility of the access terminal is guaranteed, the safe and credible operation of the power block chain system is maintained in an all-round mode, and private data in the power block chain is protected.

Drawings

FIG. 1 is a block diagram of a trusted computing based power blockchain system.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings.

The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications without inventive contribution to the present embodiment as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.

As shown in fig. 1, the present invention provides a power blockchain system based on trusted computing, and the overall architecture includes an authorization service chain, a log service chain, and a remote attestation chain, three blockchains. Trusted chips are arranged in block chain nodes of the authorization service chain, the log service chain and the remote certification chain, so that each node has strong identity authentication, and a trusted working environment of the internet of things is created through the trusted chips and malicious node detection. Meanwhile, the system requires that a user terminal accessing the network contains a credible chip, and an accessor needs to be subjected to double tests of access strategy and integrity certification when accessing the network, so that illegal access of malicious terminals to system resources is avoided, and credibility of the network access terminal is ensured.

Specifically, the log service chain measures the reputation value of the acquisition layer terminal in real time through a malicious node detection mechanism based on an intelligent contract, finds the terminal in time and removes the terminal from the network. The log service chain and the remote verification chain carry out remote integrity verification on a terminal requesting to access the system through a trusted chip; and the authorization service chain carries out policy verification on the terminal accessed to the system.

The trusted chip (TPM) integrates various cryptographic algorithms, encapsulates keys, and can provide various trusted computing functions, such as measuring platform integrity, verifying integrity information, encrypting sensitive messages, and signing. The functions can be implemented in the TPM chip, and are separated from other parts of the system, so that malicious codes tampering with the system cannot influence the execution environment in the TPM.

TPM remote authentication: the system sets that all terminals requesting to access the system need to contain TPM chips, signature verification keys in each TPM chip are bound with the TPM chips and stored in a trusted third party (remote certification chain), the remote certification chain can verify the authenticity of the keys, and only when the signature verification keys are authentic and exist in the TPM, the remote certification chain issues certificates for the keys.

The TPM integrity measurement flow is as follows:

when the system is initialized, the TPM measures the static integrity of the system before all application programs run and generates an integrity value. Then, when the application program starts to run, the integrity measurement program measures the running conditions of each application program and each module at the top, and stores the generated integrity measurement value into a trusted register (PCR) in the TPM, and since the PCR cannot be obtained from the outside, the use of the integrity measurement value in the PCR can be regarded as safe.

To verify the integrity metric value, the TPM records a PCR log that keeps track of all steps in the integrity metric process. The verifier can quickly calculate the PCR value through the log and compare it with the original value, thereby verifying the validity of the integrity certification process.

The TPM can also provide remote integrity certification, the TPM comprises a private integrity message signature and signature verification key pair, and the keys can be certified by a TPM authority mechanism that the keys are stored in hardware, so that the security of the key generation process is ensured, and meanwhile, an external malicious user cannot steal private key information, thereby preventing the signature from being forged.

The process of remote integrity certification is as follows:

1) the supplicant extracts log information of the integrity measurement and provides the signed message to the verifier using the signing key signature.

ISM＝Sign_Isk(M_Log,Pval)

Wherein ISM signed message, Isk is signature key, M_LogFor partial integrity messages in the TPM log, Pval is the integrity metric value of the requester. In order to ensure the real-time performance of the message, the requester needs to attach the timestamp information, and the finally sent message is { ISM, Ts }.

2) After the verifier receives the message, the real-time property of the message is verified according to the clock information of the verifier, and the system sets an overtime threshold T_resIf T-Ts is satisfied<T_resThe verifier starts verification.

M_Log,Pval＝Ver_Ivk(ISM)

Where Ivk is the authentication key. Verifier uses log message M to log requester again using Integrity Verification Module (IVM)_LogIntegrity verification is performed.

Pval′＝IVM(M_Log)

Before the trusted computing based power blockchain system provided by the invention is used, the system is initialized. The default symmetric encryption algorithm of the system is an ECC algorithm, the default asymmetric encryption algorithm is a 128-bit AES algorithm, and the default signature algorithm is a 256-bit ECDSA algorithm.

The system performs initialization steps as follows:

1) and each trusted server in the authorization service chain, the log service chain and the remote certification chain generates a public and private key pair of the trusted server through a trusted chip and stores the public key information into the block chain.

2) Authorizing service chain randomly selecting node to generate block chain master key pair (ASC)_MPUK,ASC_MPrK) And synchronized to the blockchain network. And the log service chain and the remote certification chain respectively generate a key pair according to the same method. (LSC)_MPUK,LSC_MPrK，ROC_MPUK,ROC_MPrK)。

3) The ASC needs to set a parameter L ═ (p, a, b, G, n) for the system, which is used to determine the elliptic curve E in the finite field gf (p). For systematically encrypting communications.

4) The ASC negotiates a session key with the ROC, LSC.

Since the efficiency of symmetric encryption is much higher than that of asymmetric encryption, the symmetric encryption method is adopted for communication between block chains, and keys need to be exchanged before communication.

The key agreement procedure between the ASC and the LSC is as follows:

1) selecting a leader node by an authorization service chain, generating a random number A and a Basic Key (Basic Key) by a TPM of the leader node, and packaging timestamp information by using a private Key ASC_MPrKEncrypted and sent to the LSC together.

2) The LSC verifies the validity of the message using the ASC public key after receiving the message. After verification is successful, the Basic Key and the random number A are stored, a random number B is generated according to the same method, and the random number B uses a private Key LSC_MPrKEncrypted and sent to the ASC.

3) After ASC receives LSC message, LSC public key LSC is used_MPUKDecrypting the message to obtain a random number B, and generating a session key SK by using TPM in combination with the random numbers A, B and Basickey_AL. While a negotiation-complete message is encrypted using the session key and sent to the LSC.

4) LSC combines random numbers A, B and BasicKey to generate session key SK by using the same algorithm_AL′Using SK after reception of ASC message_AL′And (5) decrypting the message, and if the message is decrypted, finishing key agreement. And the LSC feeds back a message that the session key negotiation is successful to the ASC.

5) The ASC completes the negotiation after receiving the message.

The ASC and ROC negotiation process is consistent with the above process.

The (user) terminal needs to perform user registration before requesting access to the system. The terminal for setting the user to access the Internet of things comprises the TPM which can be verified in the remote certification chain, and the TPM can provide functions of safe storage, integrity measurement, trusted password service and the like.

1) User authentication and TPM public key information (UTpm)_puk) The ASC is used for encrypting and then sending the encrypted information to the ASC, the ASC processes the user request by a Leader Node at random, the ASC examines the user information, and sends a remote public key verification request to a trusted TPM verification third party after the examination is successful.

2) After receiving the verification request, the ROC verifiesWhether the public key is authentic or not and Res of the result_uFed back to the ASC. Using a master private key (R)_mprik) The signature is sent to the ASC. To verify message instantaneity, timestamp information may be added after the message. The final message sent is Msg ═ Sign_roc,Ts_rocIn which Ts is_rocIs time stamp information.

Res_u＝Ver_TPM(UTpm_puk)

3) After receiving the feedback result, the ASC passes the self time stamp information Ts_ASCAnd verifying the real-time performance of the received message, and discarding the message if the message is overtime.

And the ASC verifies the ROC signature by using the ROC public key, and if the verification is successful, the trusted TPM of the user terminal can be verified.

4) At the moment, the system determines that the registered terminal is trusted, the TPM chip in the leader node generates a random number A by combining the user identity information, and generates a trusted key based on the random number A.

U_pub,U_pri＝Gen(A)

After generating the user key, the leader node generates a Random Integrity Evidence (RIE) for the user, the RIE is used for detecting the Integrity of the user during communication, and the leader node uses a private key (LN) of the leader node_pri) And the signature key and the integrity evidence are issued to the blockchain network.

5) And after other nodes of the block chain receive the leader node signature message, verifying the authenticity of the signature, and after a certain number of nodes successfully verify, determining that the user key is valid.

6) The ASC sends the key information to the user over a secure channel.

The legal equipment owner can authorize other legal users, and the ASC writes an authorization rule into the block chain to provide legal access policy authentication for the LSC.

In order to ensure the credibility of the running environment of the electric power internet of things acquisition equipment, the system maintains the equipment in a mode of combining hardware and software, and the LSC acquires the terminal in real time to evaluate the credit through a malicious node detection technology based on an intelligent contract, inspects the terminal with a low credit value in time and maintains the credibility of the running environment of the system.

The structure of the intelligent contract is as follows:

SC-ASC＝(LS，ES，Sen，θ，P，σ，Loc，Tim)

wherein LS is a leader credible server and is responsible for issuing intelligent contracts, ES is a contract execution server, Sen is an acquisition terminal to be detected, and sigma is evaluation index (PLR, MDR, CDR, HBR)_T) P is the credit score, sigma is the threshold value, and Loc is the position of the node to be detected.

The detailed process of malicious node detection is as follows:

the ES firstly checks whether the timestamp information of the forwarded message of the terminal to be detected verifies that the message is out of date, if so, the ES discards the data packet, the ES records the overtime records of each node, and simultaneously, the ES sets a threshold value sigma_TWhen the rate of overtime messages of a node exceeds an initial threshold value sigma within a certain time_TAnd directly judging the node as a malicious node. And then LS detects the position information in the message, if the position information is seriously distorted, the current communication is directly judged to be malicious communication, the malicious data packet is recorded and discarded, and the system also sets a threshold value sigma_LocWhen the ratio of the position distortion messages of the node exceeds an initial threshold value sigma within a certain time_LocAnd directly judging the node as a malicious node.

After the timestamp information and the position information are verified, the system preliminarily judges that the current communication is normal communication, receives the data packet and calculates a credible score value of the current communication.

The calculation criteria are as follows:

packet Loss Rate (Packet Loss Rate), which is one of the criteria for measuring malicious nodes, since the Packet Loss Rate of a node is increased due to the malicious nodes and unreliable links.

Wherein n is_recvFor the number of successfully received data packets, n_sendAll the transmitted data packets in the current time interval.

Message Delay Rate (Message Delay Rate): because the time delay is increased when the malicious node processes the data, in order to ensure the real-time performance of the data, the system records the time from the data acquisition to the data forwarding of the current acquisition terminal, and sets a time interval T_dAnd calculating the message delay rate.

Communication Delay Rate (Communication Delay Rate): the response time of the malicious node is longer than that of the common node, the system records the complete time from the request reception of the node to be detected to the response reception of the requester in a certain time interval, and the time delay mainly aims at the message on the communication link.

CDR＝(T_hd+T_td)/T_e

T_td＝Ms/Nb+pd/ts

Wherein T is_hdFor processing time, T_tdFor message propagation time, Ms is the current message size, Nb is the network bandwidth, pd is the propagation distance, ts is the propagation velocity, T_eAt preset time intervals.

Historical behavior: the malicious nodes usually communicate continuously in a certain interval, and the system calculates the ratio of the malicious information to the normal information of the nodes to be detected in the certain interval as one of the reputation value reference standards.

HBR_T＝Num_MB/Num_NB+Num_MB

Wherein Num_MBNumber of times of malicious communication, Num_NBT is a set time interval for the number of normal communications.

The current Communication Score (CS) of the node to be detected is:

CS＝λ₁*PLR+λ₂*MDR+λ₃*CDR+λ₄HBR_T

the ratio of each factor can be adjusted according to different scenes, and lambda needs to be satisfied₁+λ₂+λ₃+λ₄＝1。

And setting a threshold value K by the system, wherein if CS is less than or equal to K, the current communication is normal communication, and otherwise, the communication is malicious communication.

The total credibility P of the node communication to be detected is the number of malicious communication times (N) of the node_MB) And the number of normal communications (N)_NB) Determining

And the system sets a threshold value sigma, and when P is less than or equal to sigma, the acquisition terminal is recorded as a malicious terminal. And the LS publishes malicious node information to the whole network through a consensus mechanism and kicks the malicious node information out of the trusted network.

The internet of things has high requirements on the real-time performance of messages, a workload certification mechanism (PoW) is adopted in a traditional block chain, and because the block chain works in a completely open environment, the only way for an attacker to control the block chain is to occupy over 51% of the total network, and the attack cost is too high. However, the PoW mechanism needs to consume a large amount of computing power, and cannot meet the requirements in the power internet of things scene. Since the server containing the TPM chip has strong identity proof that cannot be forged, the system sets up a Trusted Verification Chain (TVC) in the ASC that is specifically responsible for verification. Because each node in the TVC is highly credible, the system can randomly assign the accounting node without using the traditional consensus mechanism of workload certification, and the operating efficiency of the system is improved. The invention designs a credible verification mechanism based on a credible server in the log record chain, which is used for efficiently verifying the access authority of the user and improving the operation efficiency of the system.

The system setting parameter N is the number of trusted servers that need to participate in the verification, and can be adjusted according to different scenarios, and is set as 12 in this document. In order to ensure the verification efficiency, the TVC stores the cache of the verification strategy in the ASC.

The process of the TVC credibility verification is as follows:

1) an authentication node is randomly selected among the N nodes to establish communication with the visitor, here it is assumed that node 1 is selected.

2) And setting the TVC accounting node at the moment as a node No. 2. And the node 2 anonymously processes the integrity information of the visitor and verifies the authenticity of the integrity information by the ROC, and if the ROC verification is unsuccessful, the visitor is refused to access the request. If successful, continue to step 3.

3) And the node 2 verifies whether the access policy and the integrity evidence of the visitor exist in the ASC cache, and if the information of the visitor does not exist in the cache, the step 4 is executed. If yes, executing step 5

4) And the node 2 requests the ASC to update the cache data, inquires whether the information of the visitor exists in the block chain again after the update is finished, if so, executes the step 5, and if not, rejects the access request of the visitor.

5) And the node 2 verifies whether the integrity evidence in the blockchain is the same as the evidence provided by the visitor, if so, the information is proved not to be modified, otherwise, the verification is not passed.

6) The node 2 determines whether the access request of the visitor meets the requirement according to the access policy in the ASC, and writes the determination result into the blockchain system.

7) Node 2 returns the verification result to the visitor and writes the verification process to the blockchain system for other verification nodes to examine.

The electric power internet of things is an application of the internet of things in a smart grid, and the intelligent service system has the characteristics of comprehensive state sensing, efficient information processing and convenient and flexible application by performing network interconnection on data acquisition, authority control and state monitoring of key links such as power generation, power transmission, power transformation, power distribution and power consumption in a grid system to realize the internet of everything and man-machine interaction in all links of the electric power system.

The method comprises the following steps that data collected by various intelligent electric meters in the ASC are stored in an ASC block chain, a trusted server can verify the credit value of each terminal in real time, malicious terminals are prevented from uploading malicious data, and the specific operation flow of the trusted electric power Internet of things system based on the block chain is as follows:

1) if the visitor A wants to access data in the power internet of things, the trusted terminal of the visitor collects integrity state information of the visitor through the TPM integrity collection module, encrypts the integrity state information, resource information (Requ) requesting access and integrity evidence (RIE) obtained during registration by using a private key, and sends the integrity state information, the resource information (Requ) requesting access and the integrity evidence (RIE) to the TVC.

2) The TVC queries the public key information of the visitor through the ASC cache, and decrypts the visitor request packet.

3) And the TVC randomly selects the node to carry out access strategy verification and integrity verification on the visitor through a trusted remote verification strategy, and judges whether the access terminal is trusted and whether the access terminal has legal access authority for requesting data.

4) And if the verification is passed, the LSC randomly selects a leader node to record the access behavior of the visitor, acquires the power data information requested by the visitor in the block chain, uses a private key signature of the block chain, and then uses a public key of the visitor to encrypt the message and feed the signature back to the visitor.

5) And after receiving the message, the visitor decrypts the message by using the private key of the visitor and verifies the authenticity of the message source by using the block chain public key, and the verification is successful.

The combination of the block chains and the power Internet of things greatly reduces the risk of paralysis of the central server under the high concurrency condition, and meanwhile, the system separates each authority into different block chains, so that the problem of excessive centralization of strategy decision in the traditional Internet of things system is solved, and the system is more in line with the actual network operation environment.

Claims

1. The power block chain system based on the trusted computing comprises an authorization service chain, a log service chain and a remote certification chain; the method is characterized in that trusted chips are arranged in block chain nodes of the authorization service chain, the log service chain and the remote certification chain;

the log service chain detects the acquisition terminal in real time through a malicious node detection scheme based on an intelligent contract, and eliminates suspicious terminals with lower credit values;

the authorization service chain can carry out policy verification on a terminal accessing the system;

the remote verification chain can perform remote integrity verification on the access terminal.

2. The power blockchain system based on trusted computing according to claim 1, wherein the terminal requesting access to the system is configured with a trusted chip, and signature verification keys in the trusted chip of the terminal requesting access to the system are all bound with the trusted chip thereof one by one and stored in the remote attestation chain;

and the remote certification chain issues a certificate for the terminal requesting to access the system when verifying the authenticity of the secret key.

3. The power blockchain system based on trusted computing as claimed in claim 1, wherein at system initialization, the trusted chip performs static integrity measurement on the system before all applications are run and generates an integrity value; when the system runs, the trusted chip measures the running condition integrity of each application program and each module, the generated integrity measurement value is stored in a trusted register in the TPM, and all steps in the integrity measurement process are recorded through log tracking.

4. The trusted computing based power blockchain system of claim 3, wherein the trusted chip contains a dedicated integrity message signature and signature verification key pair for remote integrity attestation; the process of the remote integrity certification is as follows:

ISM＝Sign_Isk(M_Log,Pval)

wherein ISM signed message, Isk is signature key, M_LogFor partial integrity information in the TPM log, Pval is an integrity measurement value of a requester; to ensure the real-time nature of the message, the requester needs an attach timeStamping information, wherein the finally sent message is { ISM, Ts };

M_Log,Pval＝Ver_Ivk(ISM)

val′＝IVM(M_Log)

5. The trusted computing-based power blockchain system of claim 1, wherein the authorization service chain includes a trusted CA server, the log service chain includes a trusted server, the remote attestation chain includes a trusted verification server;

and each trusted server in the authorization service chain, the log service chain and the remote certification chain generates a self public and private key pair through a trusted chip and stores the public key information into the block chain.

6. The trusted computing-based power blockchain system of claim 5,

the authorized service chain randomly selects a node to generate a block chain master key pair (ASC)_MPUK,ASC_MPrK) And synchronizing to the blockchain network;

the log service chain randomly selects a node to generate a blockchain master key pair (LSC)_MPUK,LSC_MPrK) And synchronizing to the blockchain network;

the remote chain of credentials randomly selects a node to generate a blockchain master key pair (ROC)_MPUK,ROC_MprK) And synchronizing to the blockchain network;

the authorized service chain needs to set a parameter L ═ (p, a, b, G, n) for the system, to determine an elliptic curve E in the finite field gf (p), in order to systematically encrypt communications;

7. The trusted computing-based power blockchain system of claim 1,

the log service chain evaluates the credibility of the terminal of the acquisition layer in real time through a malicious node detection method based on an intelligent contract, and inspects the terminal with a low credibility value in time so as to maintain the credibility of the system operation environment.

8. A trusted computing based power blockchain system according to claim 7, wherein the intelligent contract structure employed in the intelligent contract based malicious node detection method is as follows:

SC-ASC＝(LS，ES，Sen，θ，P，σ，Loc，Tim)

9. The trusted computing-based power blockchain system of claim 8, wherein the intelligent contract-based malicious node detection method comprises:

step two: and then LS detects the position information in the message, if the position information is seriously distorted, the current communication is directly judged to be malicious communication, and the malicious communication is recorded and discardedThe malicious data packet and the system also set a threshold value sigma_LocWhen the ratio of the position distortion messages of the node exceeds an initial threshold value sigma within a certain time_LocIf yes, directly judging the node as a malicious node;

10. The trusted computing-based power blockchain system of claim 1,

the calculation standard of the Packet Loss Rate is as follows:

the calculation standard of the Message Delay Rate is as follows:

The calculation standard of the Communication Delay Rate is as follows:

CDR＝(T_hd+T_td)/T_e

T_td＝Ms/Nb+pd/ts

Wherein T is_hdFor processing time, T_tdFor message propagation time, Ms is the current message size, Nb is the network bandwidth, pd is the propagation distance, ts is the propagation velocity, T_eIs a preset time interval;

the calculation criteria for the historical behavior are as follows:

HBR_T＝Num_MB/Num_NB+Num_MB

CS＝λ₁*PLR+λ₂*MDR+λ₃*CDR+λ₄HBR_T

satisfy lambda₁+λ₂+λ₃+λ₄＝1；