CN113079159A - Edge computing network architecture based on block chain - Google Patents

Edge computing network architecture based on block chain Download PDF

Info

Publication number
CN113079159A
CN113079159A CN202110356016.6A CN202110356016A CN113079159A CN 113079159 A CN113079159 A CN 113079159A CN 202110356016 A CN202110356016 A CN 202110356016A CN 113079159 A CN113079159 A CN 113079159A
Authority
CN
China
Prior art keywords
edge
terminal
data
proxy
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110356016.6A
Other languages
Chinese (zh)
Other versions
CN113079159B (en
Inventor
张锦南
鲁昌其
张永久
郭腾
康健
程刚
袁学光
颜鑫
张霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202110356016.6A priority Critical patent/CN113079159B/en
Publication of CN113079159A publication Critical patent/CN113079159A/en
Application granted granted Critical
Publication of CN113079159B publication Critical patent/CN113079159B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1464Management of the backup or restore process for networked environments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Abstract

The invention provides an edge computing network architecture based on a block chain, which comprises the following steps: the system comprises a terminal, an edge agent layer, an edge service layer and a cloud computing center; the edge proxy layer is used for judging whether the accessed terminal is an authenticated terminal or not according to the identity information of the authenticated terminal in the private block chain; if the judgment result is yes, the data transmission and reception of the terminal are executed; and the edge service layer is used for authenticating the edge proxy layer through the identity authentication function in the public block chain, and executing the request of the terminal if the authentication is passed. The scheme provides an edge computing network architecture based on a double-layer block chain. The terminal performs its function under the management of the edge proxy layer according to the private block chain and cannot directly communicate with the cloud computing center over the network. The terminal completes data transmission and receiving service through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public block chain, and the edge server initiates and executes the request of the terminal equipment after the verification is passed.

Description

Edge computing network architecture based on block chain
Technical Field
The present invention relates to the field of edge computing and blockchain technologies, and in particular, to an edge computing network architecture based on blockchains.
Background
In recent years, the internet of things plays an important role in the real world due to the strong interconnection characteristic thereof, and promotes the wide use of numerous emerging services in daily life. However, as the number of access devices of the internet of things increases, the amount of real-time data generated and processed at the same time also grows exponentially. The data are required to be transmitted to a cloud server center for computing and storage service, so that the performance of a cloud platform and the network bandwidth are challenged, the data are concentrated on the cloud platform for processing, so that a lot of risks are brought, and a mass data stream which needs to be transmitted to the cloud platform exerts huge pressure on the whole network. Meanwhile, because single-point failure is an inevitable hidden trouble, the central server is difficult to ensure network security; to solve the above problem, edge calculation is introduced.
Edge computing is a new computing paradigm, and pre-processing, private data storage, and real-time data processing and analysis of an application program can be transferred from a cloud server center to an edge server of a network, so that the core advantages of cloud computing are retained, and real-time control and sensitive data are stored in the edge server.
Thus, there is a need for a method to solve the security problem of edge computation.
Disclosure of Invention
In view of this, the present invention provides an edge computing network architecture based on a block chain, which improves the security of edge computing.
Specifically, the present invention proposes the following specific examples:
the embodiment of the invention provides an edge computing network architecture based on a block chain, which comprises the following steps: the system comprises a terminal, an edge proxy layer provided with a private block chain, an edge service layer provided with a public block chain and a cloud computing center; wherein the terminal connects the edge service layer through the edge proxy layer; the edge service layer is connected with the cloud computing center; the edge proxy layer is used for judging whether the accessed terminal is an authenticated terminal or not according to the identity information of the authenticated terminal in the private block chain; if the judgment result is yes, the data transmission and reception of the terminal are executed; and the edge service layer is used for authenticating the edge proxy layer through an identity authentication function in the public block chain, and executing the request of the terminal if the authentication is passed.
In a particular embodiment, the terminal comprises sensors for sensing the external environment and/or actuators for converting commands into physical actions.
In a specific embodiment, the edge proxy layer is composed of a plurality of proxy nodes; the proxy node is connected with the terminal in a wireless or wired mode; the agent node provides a front-end interactive interface of an application program so that a user can conveniently set an authentication credential, access a back-end program, transmit a service request, receive a service result and manage the terminal; the proxy node is used for controlling the resource request according to the traffic volume and the bearing capacity; the proxy node is also used for filtering the received service data and converting the service data into a general format; the proxy nodes are also used for forwarding data to other computing instances in the private blockchain network in large-scale data processing by the edge proxy nodes.
In a specific embodiment, the proxy node is provided with a proxy component; the proxy component includes: the system comprises a function mapping module, an equipment registration module, a block chain authentication module and a high-speed channel; the function mapping module is used for acquiring information and addresses of applications on the edge server, managing mapping information of different applications on the edge server, and transmitting application information and application data to a task queue of the edge server; the equipment registration module is used for registering aiming at the terminal; the block chain authentication module is used for realizing bidirectional authentication between the application on the edge server and the terminal; the high-speed channel is used for connecting the cloud computing center.
In a specific embodiment, the edge service layer is composed of a plurality of edge service nodes; the edge service node is divided into a general computing node and a storage library node; the general computing node needs to be accessed through an intelligent contract; the general computing nodes use vector clocks to realize synchronization; when executing a command, the general purpose computing node interacts with the associated proxy nodes in a one-to-one manner, and the general purpose computing node executes at most one application program at a time; the repository nodes provide an interface for instant access and analysis of historical data, and manage all data in a log structured manner.
In a specific embodiment, the general purpose computing node stores block chain information, wherein the block chain information comprises index information of data; the repository node is used for storing data corresponding to the index information.
In a specific embodiment, a computing component is disposed in the general-purpose computing node, and the computing component includes: the system comprises a task queue module, a monitoring unit, an application executor and a safety control module; the task queue module comprises a set of a plurality of queues and is used for scheduling tasks among different queues; a monitoring unit for monitoring a busy/idle status of a computer resource; the system is also used for entering an emergency state when detecting that the resource load exceeds a preset threshold or an uncertain fault occurs; the system is also used for answering the context which is known by the task and the data source when the computer resources are insufficient or the task queue overflows, generating a transaction request and sending the transaction request to the intelligent contract in the public block chain; the application executor is used for executing tasks; the safety control module is used for guaranteeing the data safety of the application actuator.
In a specific embodiment, a storage module is disposed in the repository node, and the storage module includes: the system comprises an authentication center, a mirror image directory module, a database, a cache area, a mirror image file area, an identity information area and a cloud expander; the authentication center is used for storing authentication credentials of the general computing node of which the initialization is set; the data processing device is also used for encrypting and decrypting data in the database; the system is also used for periodically updating the mirror image of the system in the cloud computing center; the mirror image directory module is used for storing information of mirror image files and is also used for connecting an application executor on the general computing node; the database is used for storing data of the terminal, the application executor and the cloud extender; the high-speed buffer area is used for storing data with the frequency higher than a preset value; the mirror image file area is used for storing a mirror image file of an application program; the identity information area is used for acquiring a verification result of an authentication center and is synchronously associated with the cloud extender; the cloud extender is used for extending the application program specification, transmitting the security attribute and exchanging data.
In a specific embodiment, the cloud computing center is configured to process the data or the service overloading the edge service layer when the edge service layer is overloaded or a service requirement tolerates a delay.
In a specific embodiment, the private blockchain further stores a request record and an instruction record of the terminal, so that all operations of the terminal can be traced.
Compared with the prior art, the scheme has the following effects:
the scheme provides an edge computing network architecture based on a double-layer block chain. The two-layer block chain is respectively maintained by the edge proxy layer and the edge service layer, and the terminal executes the function of the edge proxy layer under the management of the private block chain and cannot directly communicate with the cloud computing center on the network. The terminal completes data transmission and receiving service through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public block chain, and the edge server initiates and executes the request of the terminal equipment after the verification is passed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic diagram of an edge computing network architecture based on a block chain according to an embodiment of the present invention;
fig. 2 is a schematic hardware framework diagram of an edge computing network architecture based on a block chain according to an embodiment of the present invention;
fig. 3 is a functional diagram of an edge computing network architecture based on a block chain according to an embodiment of the present invention;
fig. 4 is a system sequence diagram of an edge computing network architecture based on a block chain according to an embodiment of the present invention.
Detailed Description
Various embodiments of the present disclosure will be described more fully hereinafter. The present disclosure is capable of various embodiments and of modifications and variations therein.
Example 1
Embodiment 1 of the present invention discloses an edge computing network architecture based on a block chain, as shown in fig. 1, including: the system comprises a terminal, an edge proxy layer provided with a private block chain, an edge service layer provided with a public block chain and a cloud computing center; wherein the terminal connects the edge service layer through the edge proxy layer; the edge service layer is connected with the cloud computing center;
the edge proxy layer is used for judging whether the accessed terminal is an authenticated terminal or not according to the identity information of the authenticated terminal in the private block chain; if the judgment result is yes, the data transmission and reception of the terminal are executed;
and the edge service layer is used for authenticating the edge proxy layer through an identity authentication function in the public block chain, and executing the request of the terminal if the authentication is passed.
Specifically, the private block chain further stores a request record and an instruction record of the terminal, so that all operations of the terminal can be traced.
In this regard, as shown in fig. 1, one of the complexities of the internet of things environment is reflected in the diversity of the devices. Considering the situation that the application scenarios of different devices determine the simplicity or complexity of their execution functions, which results in differences in device performance, for convenience of management, the internet of things devices can be roughly classified into three types: the system comprises an edge server, edge proxy equipment and Internet of things terminal equipment.
In consideration of the current architecture of the centralized internet of things, all terminal devices and data generated by the terminal devices are supervised by a cloud computing center, and huge pressure is exerted on the whole network by massive data flow. Meanwhile, because single-point failure is an inevitable hidden trouble, the server of the cloud computing center is difficult to ensure network security. The architecture proposed by the scheme aims to remarkably relieve the pressure of a cloud computing center through edge computing, and processing data by using edge nodes with excellent performance near a data source is one of the central ideas of the architecture. The internet of things in the edge computing mode has a highly distributed characteristic, and the traditional centralized security risk control is difficult to be applied to the current environment. The credible distributed account book constructed by the block chain provides more transparent and controllable safety guarantee for edge calculation. Meanwhile, the computational power allocation of the edge calculation at the edge side can also ensure the computational resources required by the operation of the block chain.
In the scheme, an edge computing network architecture based on a dual-layer block chain is provided. The two-layer block chain is respectively maintained by an edge server (a plurality of edge servers form an edge service layer) and an edge proxy device (a plurality of edge proxy devices form an edge proxy layer), and the terminal executes the function under the management of the edge proxy layer and cannot directly communicate with the cloud center on the network. The terminal selects the edge proxy equipment in the area according to the actual position and the communication condition, and completes data transmission and receiving service through the edge proxy equipment. The edge server parses and constructs (including parsing and identifying) the data from the received data packets. After verification, the detailed data is recorded in the repository node of the edge server, and the edge proxy device only stores the array digest. Also, the request of the terminal device is finally initiated and executed by the edge server.
As shown in fig. 1, from the bottom layer to the top layer are a terminal device layer, an edge proxy layer, an edge service layer and a cloud computing center, respectively, wherein,
1. a terminal equipment layer: the layer is composed of a large number of sensing devices with limited resources, the communication capability and the computing capability of the sensing devices are limited, instructions cannot be sent and received independently, and services need to be completed by means of edge proxy devices.
2. An edge proxy layer: the layer is composed of a plurality of edge proxy devices in a certain area, each proxy device manages a batch of terminal devices nearby, and provides services such as identity authentication, service request sending, instruction receiving and the like for the terminal devices. To protect the security of the terminal device, a private chain is maintained between the proxy devices. The private block chain is used for storing the identity information of the terminal equipment, request record, instruction record and other information. Therefore, when initiating a request, the terminal device first needs to perform identity authentication on the private blockchain to obtain an operation right, and then can initiate the request. Therefore, potential safety hazards caused by the fact that the terminal equipment is stolen according to the identity information can be prevented, and all operations of the terminal equipment can be traced.
3. An edge service layer: the layer is composed of server devices with superior computing and storage performance, and in the layer, a traditional server is divided into a general computing server and a storage server with stronger specificity. The general computing server has high computing power, is responsible for managing a group of edge proxy devices and operates as a control node of a private block chain among the group of the edge proxy devices. The general purpose computing server manages the operation of the private chain while accepting the service request of the edge device. A public chain is also maintained among a plurality of general computing servers, the public chain has the meaning of protecting the data security of an edge service layer, and a block chain network is constructed to enable a plurality of edge servers to be interconnected and intercommunicated. The storage server is a server focusing on the storage function, and the computing power of the storage server is not as good as that of a general computing server, but the storage server has more abundant storage space and a high-speed read-write channel. The blockchain information stored in the general computation server is only the index value of the data, and the storage place of the real data is in the storage server. In order to ensure the security, when data on the storage server is read, an identity authentication function written by an intelligent contract on a block chain needs to be executed, and the database can be operated only when legal identity information is obtained.
4. The cloud computing center: the data center is a traditional cloud server, has strong computing capacity, and can complete data intensive high-computing-capacity services such as artificial intelligence and big data. Terminal data are processed layer by layer through the framework, are highly refined when arriving at the cloud computing center, and the problems of data redundancy, data safety and the like are not needed to be worried during processing, so that the efficiency of the cloud computing center is greatly improved.
Therefore, the scheme provides an edge computing network architecture based on the double-layer block chain. The two-layer block chain is respectively maintained by the edge proxy layer and the edge service layer, and the terminal executes the function of the edge proxy layer under the management of the private block chain and cannot directly communicate with the cloud computing center on the network. The terminal completes data transmission and receiving service through the edge proxy layer. The edge service layer verifies the edge proxy layer based on the public block chain, and the edge server initiates and executes the request of the terminal equipment after the verification is passed.
Example 2
Embodiment 2 of the present invention further provides an edge computing network architecture based on a block chain, where on the basis of embodiment 1, as shown in fig. 2, the terminal includes a sensor for sensing an external environment and/or an actuator for converting a command into a physical action.
A terminal: terminals are divided into two categories: sensors responsible for sensing the external environment and actuators that translate commands into physical actions. Generally, the internet of things terminal is limited by various resources and only serves as a producer or a consumer at both ends of a data chain. In some cases, the computing power of the internet of things equipment terminal is limited, and the raw data cannot be preprocessed. The architecture of the patent allows the internet of things terminal to connect with nearby edge proxy nodes through wireless or wired communication protocols (e.g., Zigbee, bluetooth, and NFC). The frequency of the internet of things terminal sensing service can be adjusted according to the system context, and the format of data generated by the terminal is different according to equipment.
The edge proxy layer consists of a plurality of proxy nodes; the proxy node is connected with the terminal in a wireless or wired mode; the agent node provides a front-end interactive interface of an application program so that a user can conveniently set an authentication credential, access a back-end program, transmit a service request, receive a service result and manage the terminal; the proxy node is used for controlling the resource request according to the traffic volume and the bearing capacity; the proxy node is also used for filtering the received service data and converting the service data into a general format; the proxy nodes are also used for forwarding data to other computing instances in the private blockchain network in large-scale data processing by the edge proxy nodes.
The proxy node: in edge computing, a proxy node is the entry to distributed computing. The agent node assists the terminal of the internet of things in configuring the integrated environment so as to install and execute the corresponding application program on the agent node. When accessing the agent node, the agent node provides a front-end interactive interface of the application program, so that a user can conveniently set an authentication credential, access a back-end program, convey a service expectation, receive a service result and manage the terminal. The proxy node will control the resource request according to its traffic and bearer capabilities. In addition, the proxy node filters the received traffic data and converts it into a common format. The agent nodes also aggregate data received from different sources of the intelligent system. For large-scale data processing, the proxy node forwards the data to other compute instances in the private blockchain network. The proxy node maintains fast and dynamic communication with the accessible edge compute nodes through CoAP or SNMP.
The edge service layer consists of a plurality of edge service nodes; the edge service node is divided into a general computing node and a storage library node; the general computing node needs to be accessed through an intelligent contract; the general computing nodes use vector clocks to realize synchronization; when executing a command, the general purpose computing node interacts with the associated proxy nodes in a one-to-one manner, and the general purpose computing node executes at most one application program at a time; the repository nodes provide an interface for instant access and analysis of historical data, and manage all data in a log structured manner.
The cloud computing center is used for processing the data or the service overloading the edge service layer when the edge service layer is overloaded or the service requirement tolerates delay.
An edge server node: the edge server node set gives the edge computing framework the ability to process data at high speed. The edge server nodes divide computation and storage into independent entities, and each computation entity is connected through a blockchain network and maintains a common blockchain. Based on the idea, the edge server node is designed into the following two types of entities:
specifically, with respect to general purpose computing nodes: in view of security, the present architecture does not expose all general purpose compute nodes directly to edge proxy nodes, but rather is accessed through intelligent contracts. In this case, the smart contract may act as a firewall for the general purpose computing node. In addition, the intelligent contracts monitor server resources in the blockchain network and forward data along with executable backend applications for processing. In executing a distributed application, the general purpose computing nodes form a cluster under supervision of an intelligent contract. A general purpose computing node may be associated with a plurality of proxy nodes. In this case, a basic vector clock is used for system synchronization. The vector clock may help the general purpose compute node identify the concurrent commands issued to them by the different agent nodes. Later, the concurrent commands are arbitrarily ordered by the general purpose compute node and the corresponding proxy node is notified. When executing commands, the general purpose compute nodes interact in a one-to-one manner with the associated proxy nodes. Furthermore, to ensure application level consistency, general purpose computing nodes execute at most one application at a time.
Storing block chain information in the general computing node, wherein the block chain information comprises index information of data; the repository node is used for storing data corresponding to the index information.
As for the repository node: the repository nodes provide an interface for instant access and analysis of historical data. They maintain metadata for various applications, including application models, runtime environment configurations, and dependencies. Furthermore, these nodes may retain some intermediate data during application execution for data processing from any exception-driven stopping point. Further, to ensure data-level consistency, the repository nodes manage all data in a log-structured manner.
The cloud computing center: when the edge computing infrastructure is overloaded or service requirements tolerate delays, the edge computing may extend resources from the cloud computing center to back-end internet of things applications. Through the cloud computing center, the edge computing expands the computing platform of the application of the Internet of things. Associated with the repository nodes, it may facilitate extensive data storage and distribution, thereby making access and processing of data location-independent.
Example 3
Embodiment 3 of the present invention further provides an edge computing network architecture based on a block chain, where on the basis of embodiments 1 and 2, a proxy component is arranged in the proxy node; the proxy component includes: the system comprises a function mapping module, an equipment registration module, a block chain authentication module and a high-speed channel; the function mapping module is used for acquiring information and addresses of applications on the edge server, managing mapping information of different applications on the edge server, and transmitting application information and application data to a task queue of the edge server; the equipment registration module is used for registering aiming at the terminal; the block chain authentication module is used for realizing bidirectional authentication between the application on the edge server and the terminal; the high-speed channel is used for connecting the cloud computing center.
The general computing node is provided with a computing component, and the computing component comprises: the system comprises a task queue module, a monitoring unit, an application executor and a safety control module; the task queue module comprises a set of a plurality of queues and is used for scheduling tasks among different queues; a monitoring unit for monitoring a busy/idle status of a computer resource; the system is also used for entering an emergency state when detecting that the resource load exceeds a preset threshold or an uncertain fault occurs; the system is also used for answering the context which is known by the task and the data source when the computer resources are insufficient or the task queue overflows, generating a transaction request and sending the transaction request to the intelligent contract in the public block chain; the application executor is used for executing tasks; the safety control module is used for guaranteeing the data safety of the application actuator.
The repository node is provided with a storage module, and the storage module comprises: the system comprises an authentication center, a mirror image directory module, a database, a cache area, a mirror image file area, an identity information area and a cloud expander; the authentication center is used for storing authentication credentials of the general computing node of which the initialization is set; the data processing device is also used for encrypting and decrypting data in the database; the system is also used for periodically updating the mirror image of the system in the cloud computing center; the mirror image directory module is used for storing information of mirror image files and is also used for connecting an application executor on the general computing node; the database is used for storing data of the terminal, the application executor and the cloud extender; the high-speed buffer area is used for storing data with the frequency higher than a preset value; the mirror image file area is used for storing a mirror image file of an application program; the identity information area is used for acquiring a verification result of an authentication center and is synchronously associated with the cloud extender; the cloud extender is used for extending the application program specification, transmitting the security attribute and exchanging data.
In particular, as shown in fig. 3, to simplify the architecture of the present solution, various interrelated components may be used to handle the heterogeneity of the operating system communicating with different hardware devices P2P. Specific components can be divided into three categories: an agent component, a compute component, and a storage component. The edge proxy node performs the functions of the proxy component and accesses other components as needed. The edge compute server is responsible for the operation of the compute component, and when a proxy node starts executing a back-end application, it will access the edge server in its flow, triggering the compute service. The storage component may run on all storage nodes, managing operations associated with the storage library.
Wherein, the agent component comprises the following parts:
a function mapping module: the module is responsible for acquiring information and addresses of application programs on the edge server and managing mapping information of different applications on application executors of the compute nodes. Meanwhile, an application request of the agent node is received, and the application information and the source data are transmitted to a task queue of the edge server. And the block chain authentication module assists the function mapping module to complete the identity information authentication of the registered equipment. After the authentication is passed, the edge server will default to trust the request because the request sent by the lower edge proxy node is already securely authenticated. In addition, this component maintains a resource mapping table that tracks the addresses of edge server node instances so that subsequent data streams can be sent directly to valid resource addresses for processing.
A device registration module: when the IOT equipment leaves a factory, a public and private key and a self-signed certificate are generated, written into the equipment by a manufacturer, and submitted to a release application to the block chain identity authentication module. And after the block chain authentication module checks the certificate, recording the certificate into the block chain.
Block chain authentication module: when connection needs to be established between the terminal of the Internet of things and the edge computing application, the terminal of the Internet of things sends a certificate identifier to the edge computing application, the edge computing application inquires a certificate to the blockchain identity authentication system, the blockchain authentication module returns the certificate and the state, the edge computing application authenticates equipment, and the equipment of the Internet of things authenticates the edge computing application in the same way. Then, the two processes keep on TLS handshake process to establish safe data transmission channel.
High-speed passage: typically, the edge proxy's request is sent through a function mapping control and accepted by the edge service node. When the delay tolerance of the demand is large and data intensive technologies such as artificial intelligence and big data are needed to process the demand, the edge agent directly sends the demand to the cloud through the component. It notifies the framework of the context of the cloud instance and forwards storage and resource configuration commands to the cloud.
The calculation module comprises the following parts:
a task queue module: the component is a collection of a series of queues, such as an execution queue, a ready queue, a pending queue. The compute node uses multithreading to allow multiple tasks in the execution queue to run simultaneously. When the data in the task queue is ready, a free application program is selected from the queue of the queue, and the data of the application program is loaded to the head of the queue. Sometimes, due to external factors, the tasks in the execution queue will be forced to pause operations. At this point, the pending task will be transferred to the pending queue and the context and intermediate data for the task will be saved accordingly. Task queues schedule tasks between different queues. When the execution queue overflows, an alarm is actively sent to the monitoring unit, the overflowing task is transferred to the suspension queue, and the monitoring unit completes the subsequent operation.
A monitoring unit: this component monitors the busy/idle status of computer resources (e.g., CPU utilization, memory usage, network usage, power consumption, etc.). Based on these perceived information, the monitoring unit provides resources for the different applications. It also tracks the performance of the allocated resources at runtime to meet the QoS requirements of the application. The monitoring unit immediately enters an emergency state whenever the resource load exceeds a service provider defined threshold or an indeterminate failure occurs. The monitoring unit may initiate operations such as standby resource provisioning, application migration and intermediate data storage. One of the most important functions in the monitor unit is application execution migration, when computing resources are scarce or the task queue overflows, the monitor unit packages the task execution context and the data source, generates a transaction request and sends it to the smart contract. The intelligent contract will find the appropriate computing node as the service provider and then establish a P2P communication link between the "consumer" and the "provider" where the parties complete the transaction over the P2P link.
An actuator is applied: the execution of the task needs to be completed in the application executor through the stages of environment configuration, container loading, data input, calculation execution, result output and the like. The application executor extends the application executable from the mirror directory for deployment on the allocated resources. Once the application deployment is complete, it begins receiving data forwarded by the function mapping control for processing. In a multi-core architecture, the component will prefer the same type of task as the previous task in the ready queue due to the higher cost of context switching. However, to ensure that the latency of each task in the task stream is optimal, the context of the component will be forced to switch when the delayed task reaches a certain number of times. Each task completed by the component will be recorded as a transaction on the blockchain. In addition, the component periodically notifies the monitoring unit of the status of the resource. When any anomaly is detected or predicted, the monitoring unit will ask the component to extract intermediate data from the application execution and store it to make the framework fault tolerant.
A safety control module: the module is a bridge connecting a network of block chains. When performing computing operations, seamless security interactions between the application executor and other executors are managed by the security control. The identity verification center of the repository service provides the required security attributes for the component. Together with the authentication center, this component plays an important role in verifying the blockchain.
The memory module includes the following parts:
the authentication center: and the authentication certificate of the general computing node set during the initialization of the block chain network is stored in the authentication center. It distributes the security keys and detailed information of each data block generated by the smart contract to others. The component also provides Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates for cloud integration. In addition, the method also supports the database to encrypt and decrypt the stored data. Through the cloud extender of the storage server, the cloud extender updates its own images on the cloud periodically, so that the security attributes can be easily restored and distributed after an uncertain fault occurs.
A mirror directory module: this component is responsible for maintaining detailed information of the various image files, including their operation, system attributes recommended by developers, execution and programming models, memory address mapping in the database. In addition, it also specifies the resource permissions and dependencies of the application and its member tasks. The mirror catalog can expand this information from the cloud through a cloud expander. The component is tightly coupled to an application executor on a general purpose computing node. The method not only accepts the mirror image file request sent by the application executor, but also can monitor the mirror image file version in the database and execute the updating operation according to the requirement of the application executor.
A database: data received from the internet of things equipment, the application executor and the cloud extender are stored in a database and can be used for long-term analysis. Here, data privacy is ensured by applying encryption technology. According to the difference of data sources, types and purposes, the database is divided into the following areas:
a cache region for storing higher frequency data;
the mirror image file area is used for storing a mirror image file of the application program;
an identity information area in which the verification result of the storage authentication center is also used. In addition, the data container remains in synchronized association with the cloud extender to grab remote data and disperse local data through the cloud.
A cloud extender: this component may facilitate interaction with other software components of the database service in the cloud. In this case, the application executors of the general purpose computing nodes may assist the cloud extender in providing the required commands to extend the application specifications, transfer security attributes and exchange data.
Specifically, an edge proxy is a hardware device with some intelligence on the edge side and works only with the local network. Edge proxies consist of single board computers, such as Raspberry Pi series boards, Nvidia Jetson, and Intel UP boards, which have sufficient computing power to run algorithms designed for resource constrained devices.
The internet of things equipment consists of a plurality of actuators or sensors, and the actuators or sensors do not have any computing capability of directly participating in a block chain network. Thus, internet of things devices need to be installed on edge proxies, and requests for these devices are initiated and executed by the proxies. Between edge proxies, a private blockchain is maintained to record the identity information and request records for each device. After the edge proxy verifies the identity of the equipment, the information such as the source data, the target object, the request type and the like of the current request is encrypted and stored. Based on the privacy permissions of the registration information, a particular data block will be determined to be public or not.
Although the private blockchain is generated by the edge server, it is difficult for a malicious device to control the private blockchain by forging the identity of the edge server. A plurality of edge servers form a blockchain network and maintain a common blockchain. The identity data of each edge server is stored in a common blockchain. The blockchain is a distributed ledger generated and maintained by a plurality of general purpose computing nodes and is used for protecting data circulating in the network. The edge server is not only composed of general purpose computing nodes, but also includes servers dedicated to storage and data validation. The public blockchain aims at simulating the storage capacity of the cloud data center of the Internet of things.
The data processing, encryption and storage blocks embodied in the sequence diagram shown in fig. 4 describe the complete flow of data generation from the internet of things device, processing at the edge proxy and storage on the edge server. In this way, the edge proxy layer collects and aggregates important or useful data, which is then submitted to the general purpose compute nodes in a unified format. After the identity of the edge proxy layer and the validity of the data are verified, the blocks can be recorded on a common block chain. The raw data in the general purpose computing node is stored in a data block of the general purpose computing node, rather than in the raw data block of the general purpose computing node. If the current general computing node can not provide the resources required by the task, the task information can be packaged into blocks and issued to the block chain network for help.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above-mentioned invention numbers are merely for description and do not represent the merits of the implementation scenarios.
The above disclosure is only a few specific implementation scenarios of the present invention, however, the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.

Claims (10)

1. An edge computing network architecture based on blockchains, comprising: the system comprises a terminal, an edge proxy layer provided with a private block chain, an edge service layer provided with a public block chain and a cloud computing center; wherein the terminal connects the edge service layer through the edge proxy layer; the edge service layer is connected with the cloud computing center;
the edge proxy layer is used for judging whether the accessed terminal is an authenticated terminal or not according to the identity information of the authenticated terminal in the private block chain; if the judgment result is yes, the data transmission and reception of the terminal are executed;
and the edge service layer is used for authenticating the edge proxy layer through an identity authentication function in the public block chain, and executing the request of the terminal if the authentication is passed.
2. The network architecture according to claim 1, characterized in that said terminal comprises sensors for sensing the external environment and/or actuators for translating commands into physical actions.
3. The network architecture of claim 1, wherein the edge proxy layer is comprised of a plurality of proxy nodes; the proxy node is connected with the terminal in a wireless or wired mode;
the agent node provides a front-end interactive interface of an application program so that a user can conveniently set an authentication credential, access a back-end program, transmit a service request, receive a service result and manage the terminal;
the proxy node is used for controlling the resource request according to the traffic volume and the bearing capacity;
the proxy node is also used for filtering the received service data and converting the service data into a general format;
the proxy nodes are also used for forwarding data to other computing instances in the private blockchain network in large-scale data processing by the edge proxy nodes.
4. The network architecture of claim 3, wherein a proxy component is disposed in the proxy node; the proxy component includes: the system comprises a function mapping module, an equipment registration module, a block chain authentication module and a high-speed channel; wherein the content of the first and second substances,
the function mapping module is used for acquiring information and addresses of all applications on the edge server, managing mapping information of different applications on the edge server and transmitting application information and application data to a task queue of the edge server;
the equipment registration module is used for registering aiming at the terminal;
the block chain authentication module is used for realizing bidirectional authentication between the application on the edge server and the terminal;
the high-speed channel is used for connecting the cloud computing center.
5. The network architecture of claim 1, wherein the edge service layer is comprised of a plurality of edge service nodes; the edge service node is divided into a general computing node and a storage library node;
the general computing node needs to be accessed through an intelligent contract; the general computing nodes use vector clocks to realize synchronization; when executing a command, the general purpose computing node interacts with the associated proxy nodes in a one-to-one manner, and the general purpose computing node executes at most one application program at a time;
the repository nodes provide an interface for instant access and analysis of historical data, and manage all data in a log structured manner.
6. The network architecture of claim 5, wherein the general purpose computing node stores therein blockchain information, the blockchain information including index information of data; the repository node is used for storing data corresponding to the index information.
7. The network architecture of claim 5, wherein the general purpose computing node has disposed therein a computing component, the computing component comprising: the system comprises a task queue module, a monitoring unit, an application executor and a safety control module; wherein the content of the first and second substances,
the task queue module comprises a set of a plurality of queues and is used for scheduling tasks among different queues;
a monitoring unit for monitoring a busy/idle status of a computer resource; the system is also used for entering an emergency state when detecting that the resource load exceeds a preset threshold or an uncertain fault occurs; the system is also used for answering the context which is known by the task and the data source when the computer resources are insufficient or the task queue overflows, generating a transaction request and sending the transaction request to the intelligent contract in the public block chain;
the application executor is used for executing tasks;
the safety control module is used for guaranteeing the data safety of the application actuator.
8. The network architecture of claim 5, wherein the repository node has disposed therein a storage module comprising: the system comprises an authentication center, a mirror image directory module, a database, a cache area, a mirror image file area, an identity information area and a cloud expander; wherein the content of the first and second substances,
the authentication center is used for storing authentication credentials of the general computing node of which the initialization is set; the data processing device is also used for encrypting and decrypting data in the database; the system is also used for periodically updating the mirror image of the system in the cloud computing center;
the mirror image directory module is used for storing information of mirror image files and is also used for connecting an application executor on the general computing node;
the database is used for storing data of the terminal, the application executor and the cloud extender;
the high-speed buffer area is used for storing data with the frequency higher than a preset value;
the mirror image file area is used for storing a mirror image file of an application program;
the identity information area is used for acquiring a verification result of an authentication center and is synchronously associated with the cloud extender;
the cloud extender is used for extending the application program specification, transmitting the security attribute and exchanging data.
9. The network architecture of claim 1, wherein the cloud computing center is to process the data or the service that overloads the edge service layer when the edge service layer is overloaded or a service requirement tolerates a delay.
10. The network architecture of claim 1, wherein the private blockchain further stores a request record and an instruction record for the terminal such that all operations of the terminal can be traced.
CN202110356016.6A 2021-04-01 2021-04-01 Edge computing network system based on block chain Active CN113079159B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110356016.6A CN113079159B (en) 2021-04-01 2021-04-01 Edge computing network system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110356016.6A CN113079159B (en) 2021-04-01 2021-04-01 Edge computing network system based on block chain

Publications (2)

Publication Number Publication Date
CN113079159A true CN113079159A (en) 2021-07-06
CN113079159B CN113079159B (en) 2022-06-10

Family

ID=76614458

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110356016.6A Active CN113079159B (en) 2021-04-01 2021-04-01 Edge computing network system based on block chain

Country Status (1)

Country Link
CN (1) CN113079159B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113328864A (en) * 2021-08-03 2021-08-31 北京理工大学 Data transmission method and system based on function encryption, block chain and machine learning
CN113590328A (en) * 2021-08-02 2021-11-02 重庆大学 Block chain-based edge computing service interaction method and system
CN113612854A (en) * 2021-08-16 2021-11-05 中国联合网络通信集团有限公司 Communication method, server and terminal based on block chain
CN113949575A (en) * 2021-10-19 2022-01-18 中国电子科技集团公司第二十研究所 Block chain frame construction counting data storage method based on edge node calculation
CN114500049A (en) * 2022-01-26 2022-05-13 北京邮电大学 Mobile terminal equipment identity authentication method and system in Internet of things system
CN114726836A (en) * 2022-04-25 2022-07-08 四川智能建造科技股份有限公司 Distributed application distribution deployment method and system
CN115118449A (en) * 2022-05-13 2022-09-27 国网浙江省电力有限公司信息通信分公司 Energy internet oriented safe and efficient interaction edge proxy server
CN115550375A (en) * 2022-08-31 2022-12-30 云南电网有限责任公司信息中心 System, method and equipment for realizing block chain lightweight based on containerization technology
CN116455674A (en) * 2023-06-05 2023-07-18 天津市城市规划设计研究总院有限公司 User identity information management method based on block chain
CN117412349A (en) * 2023-12-13 2024-01-16 湖南大学无锡智能控制研究院 Service switching method, device and system based on edge server performance
CN117494111A (en) * 2023-09-11 2024-02-02 德浦勒仪表(广州)有限公司 Edge computing system and method for data processing and transmission of industrial flowmeter

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170279774A1 (en) * 2016-03-28 2017-09-28 International Business Machines Corporation Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain
CN108769031A (en) * 2018-05-31 2018-11-06 中化能源科技有限公司 The material object of edge calculations service based on block chain deposits card traceability system
CN109302405A (en) * 2018-10-31 2019-02-01 北京邮电大学 Industrial data detection block chain network framework and detection method based on edge calculations
US20190140919A1 (en) * 2018-04-12 2019-05-09 Ned M. Smith Edge computing service global validation
CN110928678A (en) * 2020-01-20 2020-03-27 西北工业大学 Block chain system resource allocation method based on mobile edge calculation
US20200127861A1 (en) * 2019-09-28 2020-04-23 Kshitij Arum Doshi Decentralized edge computing transactions with fine-grained time coordination
CN111753269A (en) * 2020-06-24 2020-10-09 海南大学 Identity authentication method and device based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170279774A1 (en) * 2016-03-28 2017-09-28 International Business Machines Corporation Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain
US20190140919A1 (en) * 2018-04-12 2019-05-09 Ned M. Smith Edge computing service global validation
CN108769031A (en) * 2018-05-31 2018-11-06 中化能源科技有限公司 The material object of edge calculations service based on block chain deposits card traceability system
CN109302405A (en) * 2018-10-31 2019-02-01 北京邮电大学 Industrial data detection block chain network framework and detection method based on edge calculations
US20200127861A1 (en) * 2019-09-28 2020-04-23 Kshitij Arum Doshi Decentralized edge computing transactions with fine-grained time coordination
CN110928678A (en) * 2020-01-20 2020-03-27 西北工业大学 Block chain system resource allocation method based on mobile edge calculation
CN111753269A (en) * 2020-06-24 2020-10-09 海南大学 Identity authentication method and device based on block chain

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ZHANG,J. ET AL;: "ABlockchain-BasedTrustedEdgePlatforminEdgeComputingEnvironment", 《SENSORS》 *
刘帅 等: "一种基于区块链和边缘计算的物联网方案", 《南京信息工程大学学报》 *
方俊杰等: "面向边缘人工智能计算的区块链技术综述", 《应用科学学报》 *
武继刚等: "移动边缘计算中的区块链技术研究进展", 《计算机工程》 *
黄忠义: "区块链在边缘计算与物联网安全领域应用", 《网络空间安全》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113590328A (en) * 2021-08-02 2021-11-02 重庆大学 Block chain-based edge computing service interaction method and system
CN113328864B (en) * 2021-08-03 2021-12-07 北京理工大学 Data transmission method and system based on function encryption, block chain and machine learning
CN113328864A (en) * 2021-08-03 2021-08-31 北京理工大学 Data transmission method and system based on function encryption, block chain and machine learning
CN113612854B (en) * 2021-08-16 2023-07-25 中国联合网络通信集团有限公司 Communication method, server and terminal based on block chain
CN113612854A (en) * 2021-08-16 2021-11-05 中国联合网络通信集团有限公司 Communication method, server and terminal based on block chain
CN113949575A (en) * 2021-10-19 2022-01-18 中国电子科技集团公司第二十研究所 Block chain frame construction counting data storage method based on edge node calculation
CN114500049B (en) * 2022-01-26 2022-11-11 北京邮电大学 Identity authentication method and system for mobile terminal equipment in Internet of things system
CN114500049A (en) * 2022-01-26 2022-05-13 北京邮电大学 Mobile terminal equipment identity authentication method and system in Internet of things system
CN114726836A (en) * 2022-04-25 2022-07-08 四川智能建造科技股份有限公司 Distributed application distribution deployment method and system
CN115118449A (en) * 2022-05-13 2022-09-27 国网浙江省电力有限公司信息通信分公司 Energy internet oriented safe and efficient interaction edge proxy server
CN115118449B (en) * 2022-05-13 2023-06-27 国网浙江省电力有限公司信息通信分公司 Energy internet-oriented safe and efficient interactive edge proxy server
CN115550375A (en) * 2022-08-31 2022-12-30 云南电网有限责任公司信息中心 System, method and equipment for realizing block chain lightweight based on containerization technology
CN115550375B (en) * 2022-08-31 2024-03-15 云南电网有限责任公司信息中心 System, method and equipment for realizing block chain light weight based on containerization technology
CN116455674A (en) * 2023-06-05 2023-07-18 天津市城市规划设计研究总院有限公司 User identity information management method based on block chain
CN116455674B (en) * 2023-06-05 2023-08-18 天津市城市规划设计研究总院有限公司 User identity information management method based on block chain
CN117494111A (en) * 2023-09-11 2024-02-02 德浦勒仪表(广州)有限公司 Edge computing system and method for data processing and transmission of industrial flowmeter
CN117412349A (en) * 2023-12-13 2024-01-16 湖南大学无锡智能控制研究院 Service switching method, device and system based on edge server performance

Also Published As

Publication number Publication date
CN113079159B (en) 2022-06-10

Similar Documents

Publication Publication Date Title
CN113079159B (en) Edge computing network system based on block chain
Cao et al. An overview on edge computing research
CN108650262B (en) Cloud platform expansion method and system based on micro-service architecture
CN104753817B (en) A kind of cloud computing Message Queuing Services local analogy method and system
CN111552676A (en) Block chain based evidence storing method, device, equipment and medium
CN105247529B (en) The synchronous voucher hash between directory service
US10425411B2 (en) Systems and apparatuses for a secure mobile cloud framework for mobile computing and communication
US11281476B2 (en) Plugin framework to support zero touch management of heterogeneous infrastructure elements across distributed data centers
WO2020186807A1 (en) System and method for power data linking based on blockchain technology
Cunsolo et al. Cloud@ home: Bridging the gap between volunteer and cloud computing
WO2021143462A1 (en) Front end processor-based data exchange system and method
US20230137879A1 (en) In-flight incremental processing
CN110213338A (en) A kind of clustering acceleration calculating method and system based on cryptographic calculation
CN111600755B (en) Internet access behavior management system and method
US9288116B2 (en) System and method for NAS server test load generation
Fazio et al. Managing volunteer resources in the cloud
Huai et al. CROWN: A service grid middleware with trust management mechanism
CN113905094B (en) Industrial Internet integration method, device and system
CN105847428A (en) Mobile cloud platform
CN115842866A (en) Data processing method and device, computer readable medium and electronic equipment
CN115242646B (en) Block chain-based network slice application method and related device
Ji et al. Research and application of internet of things edge autonomy technology based on microservice in power pipe gallary
CN110990458B (en) Distributed database system, interface communication middleware
Costa et al. Efficient Secure Communication for Distributed Multi-Agent Systems.
Gonçalves Fog Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant