Disclosure of Invention
It is an object of the present disclosure to address at least one of the technical problems noted in the background, by providing a hierarchical security management system and method based on trusted computing.
In order to achieve the above object, according to one aspect of the present disclosure, a hierarchical security management and control system based on trusted computing is provided, where the hierarchical security management and control system is applied to an energy internet system, the energy internet system includes a distribution master station, a distribution network substation, and a terminal, the distribution network substation is associated based on information flow and energy flow, the hierarchical security management and control system includes a master station trusted subsystem and an edge trusted subsystem, the master station trusted subsystem is responsible for security control of the master station, and the edge trusted subsystem is responsible for security control of the substation and the terminal, where the trusted network connection includes a trusted network connection between the distribution master station and the distribution network substation, a trusted network connection between the distribution network substation and a wireless terminal device in the terminal, and a trusted network connection between a distribution transformer monitoring terminal in the terminal and a node device, where the wireless terminal device includes a wireless terminal device that converts serial data into IP data or converts IP data into serial data.
Optionally, a three-layer power distribution network architecture formed by the power distribution master station, the distribution network substation and the terminal corresponds to three logic layer architectures formed by a sensing layer, a network transmission layer and a processing application layer, wherein the sensing layer is a transmitter node and a sensor network gateway node, the network transmission layer is a network for remotely transmitting sensing data to a processing center, and the processing application layer is a platform for storing, intelligently processing and serving the sensing data.
Optionally, the sensing layer is divided into a unit sensing layer and a system sensing layer, the unit sensing layer is included in the system sensing layer, the unit sensing layer includes a distribution transformer monitoring terminal and a node device in the terminal, and the system sensing layer includes the unit sensing layer and a distribution network substation, a distribution switch monitoring terminal and a wireless terminal device.
Optionally, the network transport layer includes a remote communication network between the master station and the slave station, and a local communication network between the slave station and the terminal.
Optionally, the processing application layer comprises an application server of the master station.
Optionally, the hierarchical security management and control includes local trusted verification of a terminal based on edge computing, and remote trusted verification of a terminal or a distribution network substation based on a cloud or a distribution master station.
Optionally, the trusted computing comprises one or more of: collecting credible evidence and integrity measurement information of the terminal node equipment or/and the wireless terminal equipment; and carrying out terminal credible evidence statistical examination or/and integrity measurement verification on the terminal distribution transformer monitoring terminal or/and the distribution network substation and the distribution main station.
Optionally, trusted computing chips in the power distribution master station and the terminal store respective trusted certificates and keys.
Optionally, the power distribution master station and the terminal implement mutual trusted authentication by performing the following operations: the master station takes the current time T1, the master station trusted computing chip takes a random number R1, and the trusted computing chip is used for signing (T1| | | R1) to obtain a signature result S1; the master station transmits (T1, R1, S1) to the terminal; after receiving the signature, the terminal gives the signature to a trusted computing chip to verify the signature, meanwhile, the terminal takes the current time T2 to verify whether | T2-T1| is in the validity period, if so, the trusted computing chip generates a random number R2, the trusted computing chip signs (T1| | R1| | R2) to obtain S2, and the authentication sub-key stored by the trusted computing chip is used for encrypting the R1; the terminal transmits (T2, closed (R1), R2 and S2) to the master station; the master station trusted computing chip decrypts Enc (R1) by using the verification sub-key, verifies whether the Enc is equal to R1 or not, verifies the correctness of the signature S2 by using the trusted computing chip, takes the current time T3, verifies whether the absolute value of T3-T1 and the absolute value of T3-T2 are in the valid period or not, if the decryption result is equal to R1, the signature S2 verifies the correctness, and the T1 and the T2 are in the valid period, the master station completes the authentication of the terminal; the master station encrypts R2 in the trusted computing chip by using the authentication subkey and transmits Enc (R2) to the terminal; the terminal decrypts Enc (R2) in the trusted computing chip by using the authentication sub-key pair, verifies whether the Enc is equal to R2, and if the Enc is equal to R2, the terminal completes authentication of the master station. The encapsulated data may refer to encapsulated data, which is abbreviated as enc.
According to another aspect of the present disclosure, a hierarchical security management and control method based on trusted computing is provided, and the hierarchical security management and control method is applied to any one of the hierarchical security management and control systems.
The embodiment of the present disclosure can achieve the following advantageous effects: according to the method and the device, by constructing the hierarchical credible immune management and control strategy of the main station end and the edge end of the power distribution Internet of things, the three hierarchical functions of node credibility, network connection credibility, application credibility and the like of credible calculation are realized at each level, and the safety and stability of the power distribution Internet of things can be effectively guaranteed. And moreover, the characteristics of computing power, safety protection capability, data importance and the like of each node in the power distribution network and the power distribution internet of things are respectively mapped into a full node or a main node, a light node or a slave node, so that an endogenous safety immune model of the power distribution internet of things is constructed based on a trusted computing technology in combination with the requirements of power distribution business sensing equipment and network safety management, and a manageable, controllable, accurate protection, visual credibility and intelligent defense safety protection model of the power distribution internet of things is established.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.
According to one aspect of the application, a hierarchical security management system based on trusted computing is provided. Before describing the hierarchical security management system, details of relevant contents of trusted computing are described in order to better understand the technical solution of the present invention.
The basic principle of trusted computing is: establishing a trust root which is ensured to be safe and reliable by three aspects of physical security, management security and technical security, and then establishing a reliable trust chain. Which extends throughout the computer system to ensure the trustworthiness of the entire computer system. The measurement authentication is carried out step by step from the trust root, the hardware platform, the whole operating system and the application user, and the trust is carried out step by step, so that the whole computer system runs in a credible state, and a credible computing environment is created for the whole computer system. The trust root, the hardware platform, the operating system and the application user are integrally formed into a trusted computer system. The basic principle of trusted computing is shown in fig. 1.
The credible calculation is to establish an immune system for the computer, and the credible calculation refers to safety protection while calculation is carried out, so that the calculation result is always consistent with expectation, and the whole calculation process can be measured and controlled without interference. Trusted computing operations coexist with safeguards. Has the functions of identity identification, state measurement, secret storage and the like, and can identify 'self' and 'non-self' components in time, thereby destroying and repelling harmful substances entering organisms. The trusted computing environment hierarchy may be described as: the method comprises the steps of constructing trusted computing nodes by taking a password as a basis (comprising a password algorithm, a password protocol, certificate management and the like), taking a chip as a support column, taking a mainboard as a flat plate and taking trusted basic support software as a core, enabling a plurality of trusted computing nodes to form a trusted information system based on a network, and further constructing a trusted application support environment based on an application system.
Specifically, the trusted computing environment hierarchy includes several aspects:
(1) bottom hardware layer: in the bottom layer hardware level, a trusted cryptography module (TCM/TPM) is added to a basic hardware platform, and a Core Root of Trust (CRTM) is implanted into a BOOT ROM of the hardware platform, so that the bottom layer can be safely and controllably started.
(2) Secure operating system level: in the secure operating system level, the provision of trusted services is done by a Trusted Services Module (TSM). The password module in the trusted computing system is used as a software module for supporting the inside of the trusted computing system, so that the adaptation of an operating system and the TCM is realized, and meanwhile, the TCM is reinforced.
(3) The application level is as follows: in the application layer, specific application services are realized in the application layer. To ensure that all application services can run in a secure trusted environment, the trusted computing environment architecture must ensure a trusted environment from the underlying hardware to the upper layer applications. The trusted root must be associated with all application services, and the chain of trust is thus authenticated, so that the whole environment is trusted and the secure and stable operation of all services can be realized in the environment.
The trusted computing module may be embedded in the hierarchical security management system in software, hardware, or a combination of both.
Referring to fig. 2, fig. 2 is a schematic diagram illustrating a power distribution internet of things endogenous safety protection model based on trusted computing according to a preferred embodiment of the present application, where the layered safety management system is implemented based on the protection model.
The devices in the distribution internet of things include, but are not limited to, a power grid device, a network device and related terminal devices, wherein the power grid device includes a transformer, an electric energy meter and the like, the core network device includes a switch, a router, an intelligent gateway, a data acquisition system for acquiring power system data and the like, the related terminal devices include, but are not limited to, a sensor, an intelligent device and an intelligent terminal device, and the related devices can be connected with an object device (edge computing device for short) with certain computing capability at the edge of the energy internet through a short-distance communication means, so that the edge computing device can perform near processing and analysis by receiving the data of the related devices, extract key data in the data of the related devices, and upload the key data to a cloud server or a cloud platform for centralized processing. The edge computing device may include, but is not limited to, an intelligent internet of things gateway and other devices or modules capable of performing edge computing analysis tasks.
The trusted computing based hierarchical security management system of the present application can be applied to systems including but not limited to the energy internet system, the energy Internet system comprises a power distribution main station, a distribution network substation and a terminal which are associated based on information flow and energy flow, the layered safety control system comprises a main station credible subsystem and an edge credible subsystem, wherein the main station credible subsystem is responsible for the safety control of the main station, the edge credible subsystem is responsible for the safety control of the substation and the terminal, wherein the trusted network connection comprises a trusted network connection of a distribution main station and a distribution network substation, a trusted network connection of a distribution network substation and wireless terminal equipment in a terminal, and a trusted network connection of a distribution transformer monitoring terminal in a terminal and node equipment, the wireless terminal equipment comprises wireless terminal equipment which converts serial port data into IP data or converts the IP data into the serial port data.
Such as, but not limited to, an electric vehicle, an energy storage device, an electric meter, a fault indicator, or/and an electric meter.
Optionally, a three-layer power distribution network architecture formed by the power distribution master station, the distribution network substation and the terminal corresponds to three logic layer architectures formed by a sensing layer, a network transmission layer and a processing application layer, wherein the sensing layer is a transmitter node and a sensor network gateway node, the network transmission layer is a network for remotely transmitting sensing data to a processing center, and the processing application layer is a platform for storing, intelligently processing and serving the sensing data.
Optionally, the sensing layer is divided into a unit sensing layer and a system sensing layer, the unit sensing layer is included in the system sensing layer, the unit sensing layer includes a distribution transformer monitoring terminal (TTU) and a node device in a terminal, and the system sensing layer includes the unit sensing layer and a distribution network substation, a distribution switch monitoring terminal (FTU) and a wireless terminal Device (DTU). The characteristics of computing power, safety protection capability, data importance and the like of each node in the power distribution network and the power distribution internet of things are respectively mapped to be a full node or a master node, a light node or a slave node, wherein TTU, DTU and FTU in the terminal can be the master node, and node equipment such as an electric automobile, energy storage equipment, an electric meter, a fault indicator or/and the electric meter is the slave node.
Optionally, the network transport layer includes a remote communication network between the master station and the slave station, and a local communication network between the slave station and the terminal.
Optionally, the processing application layer comprises an application server of the master station.
Optionally, the hierarchical security management and control includes local trusted verification of a terminal based on edge computing, and remote trusted verification of a terminal or a distribution network substation based on a cloud or a distribution master station.
Optionally, the trusted computing comprises one or more of: collecting credible evidence and integrity measurement information of the terminal node equipment or/and the wireless terminal equipment; and carrying out terminal credible evidence statistical examination or/and integrity measurement verification on the terminal distribution transformer monitoring terminal or/and the distribution network substation and the distribution main station.
Optionally, trusted computing chips in the power distribution master station and the terminal store respective trusted certificates and keys.
Referring to fig. 2, fig. 2 shows a power distribution internet of things endogenous security protection model based on trusted computing, which indicates a security protection system including a master station, a substation, and a terminal. The FTU can assign an electric switch monitoring terminal, has the functions of remote control, remote measurement, remote signaling and fault detection, is communicated with a power distribution automation master station, and provides the running condition of a power distribution system and various parameters, namely information required by monitoring control; the DTU may refer to a wireless terminal device that is specially used to convert serial data into IP data or convert IP data into serial data for transmission through a wireless communication network; the TTU can be assigned an electric transformer monitoring terminal for acquiring and controlling the information of the distribution transformer, monitors the operation condition of the distribution transformer in real time and can transmit the acquired information to a master station or other intelligent devices. Where solid arrows represent energy flow, curved dashed arrows represent trusted network connections, dotted lines with dot-space represent control flow, and double-headed arrows represent information flow. Wherein, letter a represents the terminal credible collection evidence, B represents the integrity measurement collector, C represents the terminal credible evidence statistical check, and D represents the integrity measurement verifier.
As shown in fig. 2, hierarchical trusted immune management and control strategies of a main station end and an edge end of a power distribution internet of things are constructed, and three hierarchical functions of node trust, network connection trust, application trust and the like of trusted computing are realized at each level. And the characteristics of computing power, safety protection capability, data importance and the like of each node in the power distribution network and the power distribution internet of things are respectively mapped into a full node or a main node, a light node or a slave node, so that an endogenous safety immune model of the power distribution internet of things is constructed based on a trusted computing technology in combination with the requirements of power distribution service sensing equipment and network safety management, and a manageable, controllable, accurate protection, visual credibility and intelligent defense safety protection model of the power distribution internet of things is established.
Further, for the hierarchical design of the security module based on trusted computing in the terminal or the cloud service or the edge server, reference may be made to fig. 3, where fig. 3 provides a schematic diagram of a hierarchical structure of an embedded trusted module according to a preferred embodiment of the present application.
As shown in fig. 3, the hierarchical structure of the embedded trusted module may be divided into three layers, specifically including:
(1) and a hardware layer. A TCM security chip is integrated in an embedded internet of things terminal hardware system, namely, a security chip with a lightweight TCM trusted computing function is integrated, the embedded internet of things terminal hardware system has the functions of a trusted root, independent closed secure computing environment construction, password operation and the like, and hardware support is provided for the embedded internet of things terminal to provide the trusted computing security function.
(2) An operating system layer. And the Linux kernel is customized to realize the reinforcement of the safety protection function of Linux.
(3) And (5) an application layer. The method comprises the following steps: lightweight TCM security protocol stack design, white list system, custom security application.
The embedded internet of things trusted terminal system adopts a lightweight TCM function design, and considers the factor that the memory operation space of most embedded internet of things terminal devices is smaller, so that the embedded internet of things trusted terminal system can not provide a complete TCM standard function like a host system, and by properly cutting a TCM function system and a white list system, the embedded internet of things trusted terminal system can meet the trusted platform function construction requirements of the device system and the requirements of the device system on tighter operation resources and high real-time performance.
Optionally, referring to fig. 4, fig. 4 provides an interaction flow diagram of a power distribution master station and a terminal performing storage of a trusted certificate and a key according to an embodiment of the present application.
According to fig. 4, the power distribution master station and the terminal implement mutual trusted authentication by performing the following operations: the master station takes the current time T1, the master station trusted computing chip takes a random number R1, and the trusted computing chip is used for signing (T1| | | R1) to obtain a signature result S1; the master station transmits (T1, R1, S1) to the terminal; after receiving the signature, the terminal gives the signature to a trusted computing chip to verify the signature, meanwhile, the terminal takes the current time T2 to verify whether | T2-T1| is in the validity period, if so, the trusted computing chip generates a random number R2, the trusted computing chip signs (T1| | R1| | R2) to obtain S2, and the authentication sub-key stored by the trusted computing chip is used for encrypting the R1; the terminal transmits (T2, closed (R1), R2 and S2) to the master station; the master station trusted computing chip decrypts Enc (R1) by using the verification sub-key, verifies whether the Enc is equal to R1 or not, verifies the correctness of the signature S2 by using the trusted computing chip, takes the current time T3, verifies whether the absolute value of T3-T1 and the absolute value of T3-T2 are in the valid period or not, if the decryption result is equal to R1, the signature S2 verifies the correctness, and the T1 and the T2 are in the valid period, the master station completes the authentication of the terminal; the master station encrypts R2 in the trusted computing chip by using the authentication subkey and transmits Enc (R2) to the terminal; the terminal decrypts Enc (R2) in the trusted computing chip by using the authentication sub-key pair, verifies whether the Enc is equal to R2, and if the Enc is equal to R2, the terminal completes authentication of the master station.
Compared with the prior art, the trusted computing is generally divided into three levels, namely node trust, network connection trust and application trust. The node credibility layer provides a credibility starting point for the whole active immune system and is the source of the active immune system; the network connection credible layer bears the interactive immunity among the nodes and is a credible key part of the network; and the application credibility layer provides immune support and service for the nodes and the network, updates the security strategy and enhances the immune capability of the nodes. Therefore, according to the hierarchical credible immune management and control strategy of the power distribution Internet of things main station end and the edge end, each level respectively realizes three levels of functions of credible node, credibility of network connection, credibility of application and the like of credible calculation. Therefore, the secure access area and the credible management and control are transferred to the edge side, the localization and localization of calculation, analysis and security control are realized based on the edge calculation technology, the processing efficiency is improved, faster response is provided, the processing load of the main station end is reduced, and remote and localized processing cooperation and optimized management are supported.
Based on the same inventive concept of the invention, the invention also provides a layered safety control method based on trusted computing, and the layered safety control method is applied to any one of the layered safety control systems.
The layered security management and control method based on the trusted computing in the embodiment of the invention corresponds to the layered security management and control system based on the trusted computing in the embodiment of the invention, and the technical characteristics and the beneficial effects described in the embodiment of the layered security management and control system based on the trusted computing are all applicable to the embodiment of the layered security management and control method based on the trusted computing.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.