CN113542339A - Electric power Internet of things safety protection design method - Google Patents
Electric power Internet of things safety protection design method Download PDFInfo
- Publication number
- CN113542339A CN113542339A CN202011537404.6A CN202011537404A CN113542339A CN 113542339 A CN113542339 A CN 113542339A CN 202011537404 A CN202011537404 A CN 202011537404A CN 113542339 A CN113542339 A CN 113542339A
- Authority
- CN
- China
- Prior art keywords
- data
- security
- things
- application
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000013461 design Methods 0.000 title claims abstract description 19
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 230000008447 perception Effects 0.000 claims abstract description 14
- 238000012502 risk assessment Methods 0.000 claims abstract description 12
- 230000007246 mechanism Effects 0.000 claims description 100
- 238000007726 management method Methods 0.000 claims description 31
- 238000005516 engineering process Methods 0.000 claims description 17
- 238000012544 monitoring process Methods 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000000903 blocking effect Effects 0.000 claims description 6
- 238000012384 transportation and delivery Methods 0.000 claims description 6
- 238000007792 addition Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 3
- 230000002457 bidirectional effect Effects 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims 1
- 230000006855 networking Effects 0.000 abstract 2
- 238000011161 development Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a safety protection design method for an electric power Internet of things, which comprises the following steps: s1, performing security assessment and risk analysis on the original data; s2, collecting data which pass the safety assessment and risk analysis of S1 by a perception layer; s3, the sensing layer carries out first secure transmission on the sensing data in the S2 to the network layer; s4, the network layer carries out second secure transmission on the perception data in the S3 to the application layer; s5, the application layer analyzes and processes the sensing data into application data, and then transmits the application data to the application platform; the potential safety hazard that the electric power thing networking exists is helped to be prevented and dealt with to provide more effective control, propose risk precontrol measures, solved the risk problem that people neglected easily when using the thing networking, make data acquisition, transmission data obtain safer protection.
Description
Technical Field
The invention relates to the technical field of electric power internet of things safety protection, in particular to a design method of electric power internet of things safety protection.
Background
Currently, the internet of things is an internet connected with things, which extends and expands a user end of the internet to any goods, and is a network extending and expanding on the basis of the internet. With the rise of intelligent hardware technology, the development of the internet of things presents an exponential growth situation. The era of everything interconnection is already opened, and everything interconnection becomes a necessary trend of technical development and industrial application. Meanwhile, global Internet of things security events are frequent, the destructive power is extremely high, and the Internet of things security also becomes a global general concern topic.
The internet of things integrates a sensing network, a mobile communication network and the internet, and the security problems of the networks are no exception. Meanwhile, the internet of things is a heterogeneous network formed by fusing multiple networks, so that the internet of things has the safety problems of authentication, access control, information storage, information management and the like of the heterogeneous network, and the equipment has the characteristics of large quantity, complexity, multiple elements, lack of effective monitoring, limited node resources, dynamic discrete structure and the like, so that the safety problem of the internet of things is more complex than that of other networks.
Disclosure of Invention
The invention provides a safety protection design method for an electric power Internet of things, which solves the technical problem of safety protection of the electric power Internet of things in a sensing layer, a network layer and an application layer in the prior art.
The invention provides a safety protection design method for an electric power Internet of things, which comprises the following steps:
s1, performing security assessment and risk analysis on the original data;
s2, collecting data which pass the safety assessment and risk analysis of S1 by a perception layer;
s3, the sensing layer carries out first secure transmission on the sensing data in the S2 to the network layer;
s4, the network layer carries out second secure transmission on the perception data in the S3 to the application layer;
and S5, the application layer analyzes and processes the perception data into application data, and then transmits the application data to the application platform.
Preferably, the security assessment and risk analysis in S1 includes: a security control mechanism of sensor confidentiality, a reinforced node authentication technology mechanism, an intrusion monitoring technology mechanism and a security routing control mechanism of a sensor network.
Preferably, the security control mechanism of sensor confidentiality needs an effective key management mechanism for ensuring the security of the internal communication of the sensor network, and the confidentiality needs to establish a temporary session key during communication to ensure the data security.
Preferably, a node authentication technical mechanism is strengthened, the fact that an illegal node cannot be accessed is guaranteed, and the authentication can be achieved through a symmetrical password scheme or an asymmetrical password scheme; performing key agreement on the basis of authentication is a necessary step in establishing a session key.
Preferably, the intrusion monitoring technology mechanism needs to evaluate the node behavior which is possibly controlled by the adversary so as to reduce the harm of the adversary after the intrusion. The node needs to set a blocking or self-destruction program, finds that the node leaves a specific application and place, and starts blocking or self-destruction, so that an attacker cannot complete the analysis of the node.
Preferably, the security routing control mechanism of the sensor network, and the cryptographic techniques related to the security requirements of the sensor network include a lightweight cryptographic algorithm, a lightweight cryptographic protocol, a cryptographic technique capable of setting a security level, and the like.
Preferably, the first secure transmission in step S3 includes a lightweight key management mechanism, a privacy information protection mechanism, a sensing layer authentication mechanism, and a data confidentiality and data integrity protection mechanism of a network layer;
wherein,
the lightweight key management mechanism refers to a key management mechanism of a resource-limited unit in the environment of the Internet of things, and comprises a lightweight key management technology and a resource asymmetric key management mechanism, wherein a key management scheme suitable for a perception layer and a network layer is designed, and security analysis is given.
The privacy information protection mechanism is used for carrying out security protection on privacy information data by the Internet of things; the main objects of the privacy information security of the Internet of things are information leakage and user tracking. The solution of information leakage is to only store one ID on the RFID tag, and to store the real information in a background database, which must be extracted by the ID. The user tracking problem is complex, and an ID updating mechanism and an anonymous authentication mechanism during the query of the Internet of things object name resolution service are adopted.
The sensing layer authentication mechanism is used for authenticating the sensing layer, wherein a bidirectional authentication mechanism between an RFID reader and a tag is adopted.
The protection mechanism of data confidentiality and data integrity of the network layer means that the data confidentiality of the transmission layer needs to ensure that the content of the transmitted data is not leaked in the transmission process, and the data integrity needs to ensure that the transmitted data is not illegally tampered in the transmission process or the tampering is easily detected.
Preferably, the second secure transmission in step S4 includes an application system access control mechanism, a database system security mechanism, an identity authentication system mechanism, an interface protection mechanism, and a delivery mechanism;
wherein,
the access control mechanism of the application system refers to the authority for controlling the inquiry, addition, modification and deletion of different users on different data and different business links; providing URL-oriented control capability, providing Service-oriented control capability, providing IP-oriented control capability, and providing Session timeout control. Limiting the login failure times: the method limits the login failure times of the client within a configurable time length, prevents the password of the client from being stolen, and increases the settings of a multilayer gateway and a firewall.
The database system safety mechanism is a permission control mechanism for establishing the database system through system permission, data permission and role permission management; the service terminal forbids to directly access the database server, can only access the database server through the Web server or the interface server, and sets strict database access authority. Secondly, a complete data modification log is established, and the security responsibility to the database is determined by recording and tracking the operation of the user on the database through security audit. The safety of the data can be ensured by adopting the strategies of regular full backup, differential backup, on-demand backup and incremental backup respectively.
The identity authentication system mechanism comprehensively solves the problems of confidentiality, integrity, identity authenticity and non-repudiation of operation of information through measures such as information encryption, digital signature, identity authentication and the like.
Interface protection mechanisms refer to devices that most hardware and software designers access through Application Programming Interfaces (APIs) that require the ability to authenticate and authorize devices that need to exchange data, and only if authorized, developers and applications can communicate between these devices.
The delivery mechanism refers to that the device needs to be continuously updated and patched to cope with the changing network attacks.
Preferably, the step S5 of analyzing and processing the sensing data into application data by the application layer, and then transmitting the application data to the application platform means that the application layer analyzes and processes the information obtained in the sensing layer to realize data such as intelligent identification, positioning, tracking, monitoring and management, and then transmits the data to the application platform.
According to the technical scheme, the invention has the following advantages:
the method and the system are beneficial to preventing and treating potential safety hazards existing in the power internet of things, so that more effective monitoring is provided, risk pre-control measures are provided, the risk problem that people easily ignore when using the internet of things is solved, and collected data and transmitted data are protected more safely.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a method for designing a security protection of an electric power internet of things according to an embodiment of the present invention.
Fig. 2 is a structural diagram of an implementation system of a safety protection design method of an electric power internet of things according to an embodiment of the present invention.
Fig. 3 is an implementation application diagram of a power internet of things safety protection design method provided by the embodiment of the invention.
Detailed Description
The embodiment of the invention provides a design method for safety protection of an electric power Internet of things.
Example 1:
the invention provides a design method for safety protection of an electric power internet of things, which is shown in figure 1: the method comprises the following steps:
s1, performing security assessment and risk analysis on the original data;
s2, collecting data which pass the safety assessment and risk analysis of S1 by a perception layer;
s3, the sensing layer carries out first secure transmission on the sensing data in the S2 to the network layer;
s4, the network layer carries out second secure transmission on the perception data in the S3 to the application layer;
and S5, the application layer analyzes and processes the perception data into application data, and then transmits the application data to the application platform.
As a preferred embodiment, the security assessment and risk analysis in S1 includes: a security control mechanism of sensor confidentiality, a reinforced node authentication technology mechanism, an intrusion monitoring technology mechanism and a security routing control mechanism of a sensor network.
As a preferred embodiment, the security control mechanism of sensor confidentiality needs an effective key management mechanism for securing the communication inside the sensor network, and the confidentiality needs to establish a temporary session key during the communication to ensure data security.
As a preferred embodiment, a node authentication technical mechanism is strengthened to ensure that an illegal node cannot access, and the authentication can be solved through a symmetric password or an asymmetric password scheme; performing key agreement on the basis of authentication is a necessary step in establishing a session key.
As a preferred embodiment, the intrusion monitoring technology mechanism needs to evaluate the node behavior that may be controlled by the adversary, so as to reduce the harm caused by the adversary after the intrusion. The node needs to set a blocking or self-destruction program, finds that the node leaves a specific application and place, and starts blocking or self-destruction, so that an attacker cannot complete the analysis of the node.
As a preferred embodiment, the secure routing control mechanism of the sensor network, and the cryptographic techniques involved in the security requirement of the sensor network include a lightweight cryptographic algorithm, a lightweight cryptographic protocol, a cryptographic technique capable of setting a security level, and the like.
As a preferred embodiment, the first secure transmission in step S3 includes a lightweight key management mechanism, a privacy information protection mechanism, a sensing layer authentication mechanism, and a network layer data confidentiality and data integrity protection mechanism;
wherein,
the lightweight key management mechanism refers to a key management mechanism of a resource-limited unit in the environment of the Internet of things, and comprises a lightweight key management technology and a resource asymmetric key management mechanism, wherein a key management scheme suitable for a perception layer and a network layer is designed, and security analysis is given.
The privacy information protection mechanism is used for carrying out security protection on privacy information data by the Internet of things; the main objects of the privacy information security of the Internet of things are information leakage and user tracking. The solution of information leakage is to only store one ID on the RFID tag, and to store the real information in a background database, which must be extracted by the ID. The user tracking problem is complex, and an ID updating mechanism and an anonymous authentication mechanism during the query of the Internet of things object name resolution service are adopted.
The sensing layer authentication mechanism is used for authenticating the sensing layer, wherein a bidirectional authentication mechanism between an RFID reader and a tag is adopted.
The protection mechanism of data confidentiality and data integrity of the network layer means that the data confidentiality of the transmission layer needs to ensure that the content of the transmitted data is not leaked in the transmission process, and the data integrity needs to ensure that the transmitted data is not illegally tampered in the transmission process or the tampering is easily detected.
As a preferred embodiment, the second secure transmission in step S4 includes an application system access control mechanism, a database system security mechanism, an identity authentication system mechanism, an interface protection mechanism, and a delivery mechanism;
wherein,
the access control mechanism of the application system refers to the authority for controlling the inquiry, addition, modification and deletion of different users on different data and different business links; providing URL-oriented control capability, providing Service-oriented control capability, providing IP-oriented control capability, and providing Session timeout control. Limiting the login failure times: the method limits the login failure times of the client within a configurable time length, prevents the password of the client from being stolen, and increases the settings of a multilayer gateway and a firewall.
The database system safety mechanism is a permission control mechanism for establishing the database system through system permission, data permission and role permission management; the service terminal forbids to directly access the database server, can only access the database server through the Web server or the interface server, and sets strict database access authority. Secondly, a complete data modification log is established, and the security responsibility to the database is determined by recording and tracking the operation of the user on the database through security audit. The safety of the data can be ensured by adopting the strategies of regular full backup, differential backup, on-demand backup and incremental backup respectively.
The identity authentication system mechanism comprehensively solves the problems of confidentiality, integrity, identity authenticity and non-repudiation of operation of information through measures such as information encryption, digital signature, identity authentication and the like.
Interface protection mechanisms refer to devices that most hardware and software designers access through Application Programming Interfaces (APIs) that require the ability to authenticate and authorize devices that need to exchange data, and only if authorized, developers and applications can communicate between these devices.
The delivery mechanism refers to that the device needs to be continuously updated and patched to cope with the changing network attacks.
As a preferred embodiment, the step S5 of the application layer analyzing and processing the sensing data into application data, and then transmitting the application data to the application platform means that the application layer analyzing and processing the information obtained in the sensing layer to realize data such as intelligent identification, positioning, tracking, monitoring, and management, and then transmitting the data to the application platform.
Example 2:
the overall demand of the security of the internet of things is the integration of physical security, information acquisition security, information transmission security and information processing security, and the final aim of the security is to ensure the confidentiality, integrity, authenticity and data freshness of information. The security mechanism of the internet of things should be established on the basis of technical characteristics of each layer and security threats faced.
The technology and application of the internet of things are a huge system and cover the aspects of architecture standards, communication protocols, identification standards, safety standards, application standards, data standards, information processing standards and the like. Since the internet of things involves the collection, transmission and processing of massive data, how to ensure the security of the data becomes especially important. The data characteristics and the security threats of the Internet of things are classified according to the network architecture of the Internet of things and the potential safety hazards thereof, and a layered security architecture is provided on the basis, so that the security protection of the data of the Internet of things in links such as a sensing layer, a transmission layer and an application layer is realized.
As shown in fig. 2:
in this embodiment, to achieve the purpose of security protection, security management is performed from data acquisition, where the security management includes security management operations such as security assessment and risk analysis on raw data, so that a sensing layer, a network layer, and an application layer are supported securely; further, the sensing layer and the network layer perform safe data transmission, and the network layer and the application layer perform safe data transmission.
Example 3:
as shown in fig. 3: in the process of docking the field device with the platform of the Internet of things, the platform of the Internet of things supports the access of the video device by the national standard TB/T28181 protocol. However, a large number of video cameras which have been deployed for years and have older versions and only support PG protocol transmission are used on the site, and certain difficulty exists in how the large number of cameras on stock can be safely accessed to the platform and the original cameras can be safely and normally used.
The conversion development of the protocol and the introduction of the middleware exist, namely, an original video system is used as a main station gateway, the south direction docking equipment of the main station not only directly docks the original video system through a PG protocol in the north direction but also needs another channel to dock the gateway through the PG protocol, the protocol conversion development is carried out on the gateway, the PG protocol is converted into a national standard TB/T28181 protocol, and then the gateway docks the Internet of things platform through a firewall through the national standard TB/T28181.
In the process, the security gateway and the firewall are introduced, so that conversion of different protocols is completed, and the original massive video cameras are used as the sub-devices of the video master station and are accessed to the Internet of things platform through the gateway and the firewall.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A safety protection design method for an electric power Internet of things is characterized by comprising the following steps:
s1, performing security assessment and risk analysis on the original data;
s2, collecting data which pass the safety assessment and risk analysis of S1 by a perception layer;
s3, the sensing layer carries out first secure transmission on the sensing data in the S2 to the network layer;
s4, the network layer carries out second secure transmission on the perception data in the S3 to the application layer;
and S5, the application layer analyzes and processes the perception data into application data, and then transmits the application data to the application platform.
2. The electric power internet of things safety protection design method according to claim 1, wherein the safety assessment and risk analysis in the step S1 includes: a security control mechanism of sensor confidentiality, a reinforced node authentication technology mechanism, an intrusion monitoring technology mechanism and a security routing control mechanism of a sensor network.
3. The electric power internet of things security design method as claimed in claim 2, wherein the security control mechanism of sensor confidentiality needs an effective key management mechanism for ensuring security of internal communication of the sensor network, and the confidentiality needs to establish a temporary session key during communication to ensure data security.
4. The electric power internet of things security protection design method of claim 2, characterized in that the node authentication technology mechanism is strengthened to ensure that an illegal node cannot be accessed, and the authentication can be solved through a symmetric password or an asymmetric password scheme; performing key agreement on the basis of authentication is a necessary step in establishing a session key.
5. The electric power internet of things safety protection design method as claimed in claim 2, wherein the intrusion monitoring technology mechanism needs to evaluate node behaviors which are possibly controlled by an adversary so as to reduce harm after the adversary intrudes; the node needs to set a blocking or self-destruction program, finds that the node leaves a specific application and place, and starts blocking or self-destruction, so that an attacker cannot complete the analysis of the node.
6. The electric power internet of things security protection design method as claimed in claim 2, wherein the security routing control mechanism of the sensor network and the cryptographic technology related to the security requirement of the sensor network include but are not limited to a lightweight cryptographic algorithm, a lightweight cryptographic protocol, and a cryptographic technology capable of setting a security level.
7. The electric power internet of things security protection design method of claim 1, wherein the first security transmission in step S3 includes a lightweight key management mechanism, a privacy information protection mechanism, a sensing layer authentication mechanism, and a network layer data confidentiality and data integrity protection mechanism;
wherein,
the lightweight key management mechanism refers to a key management mechanism of a resource-limited unit in the environment of the Internet of things, and comprises a lightweight key management technology and a resource asymmetric key management mechanism, wherein a key management scheme suitable for a perception layer and a network layer is designed, and security analysis is given.
The privacy information protection mechanism is used for carrying out security protection on privacy information data by the Internet of things; the main objects of the privacy information security of the Internet of things are information leakage and user tracking. The solution of information leakage is to only store one ID on the RFID tag, and to store the real information in a background database, which must be extracted by the ID. The user tracking problem is complex, and an ID updating mechanism and an anonymous authentication mechanism during the query of the Internet of things object name resolution service are adopted.
The sensing layer authentication mechanism is used for authenticating the sensing layer, wherein a bidirectional authentication mechanism between an RFID reader and a tag is adopted.
The protection mechanism of data confidentiality and data integrity of the network layer means that the data confidentiality of the transmission layer needs to ensure that the content of the transmitted data is not leaked in the transmission process, and the data integrity needs to ensure that the transmitted data is not illegally tampered in the transmission process or the tampering is easily detected.
8. The electric power internet of things security protection design method according to claim 1, wherein the second security transmission in step S4 includes an application system access control mechanism, a database system security mechanism, an identity authentication system mechanism, an interface protection mechanism, and a delivery mechanism;
wherein,
the access control mechanism of the application system refers to the authority for controlling the inquiry, addition, modification and deletion of different users on different data and different business links; providing URL-oriented control capability, providing Service-oriented control capability, providing IP-oriented control capability, and providing Session timeout control. Limiting the login failure times: the method limits the login failure times of the client within a configurable time length, prevents the password of the client from being stolen, and increases the settings of a multilayer gateway and a firewall.
The database system safety mechanism is a permission control mechanism for establishing the database system through system permission, data permission and role permission management; the service terminal forbids to directly access the database server, can only access the database server through the Web server or the interface server, and sets strict database access authority. Secondly, a complete data modification log is established, and the security responsibility to the database is determined by recording and tracking the operation of the user on the database through security audit. The safety of the data can be ensured by adopting the strategies of regular full backup, differential backup, on-demand backup and incremental backup respectively.
The identity authentication system mechanism comprehensively solves the problems of confidentiality, integrity, identity authenticity and non-repudiation of operation of information through measures such as information encryption, digital signature, identity authentication and the like.
Interface protection mechanisms refer to devices that most hardware and software designers access through Application Programming Interfaces (APIs) that require the ability to authenticate and authorize devices that need to exchange data, and only if authorized, developers and applications can communicate between these devices.
The delivery mechanism refers to that the device needs to be continuously updated and patched to cope with the changing network attacks.
9. The electric power internet of things safety protection design method as claimed in claim 1, wherein the application layer in step S5 analyzes and processes the sensing data into application data, and then transmits the application data to the application platform, that is, the application layer analyzes and processes the information obtained in the sensing layer to realize data such as intelligent identification, positioning, tracking, monitoring and management, and then transmits the data to the application platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011537404.6A CN113542339A (en) | 2020-12-23 | 2020-12-23 | Electric power Internet of things safety protection design method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011537404.6A CN113542339A (en) | 2020-12-23 | 2020-12-23 | Electric power Internet of things safety protection design method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113542339A true CN113542339A (en) | 2021-10-22 |
Family
ID=78124218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011537404.6A Pending CN113542339A (en) | 2020-12-23 | 2020-12-23 | Electric power Internet of things safety protection design method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542339A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070607A (en) * | 2021-11-12 | 2022-02-18 | 国网江苏省电力有限公司营销服务中心 | Electric power data distribution and data leakage risk control system |
| CN114205816A (en) * | 2021-12-14 | 2022-03-18 | 中国电力科学研究院有限公司 | Information security architecture of power mobile Internet of things and use method thereof |
| CN114884817A (en) * | 2022-04-02 | 2022-08-09 | 许继集团有限公司 | Data interaction method and system for power transmission and transformation equipment internet of things |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404324A (en) * | 2011-11-23 | 2012-04-04 | 郭正韦华 | System for sensing safety of node data of Internet of things |
| CN109974780A (en) * | 2019-04-01 | 2019-07-05 | 西京学院 | A kind of electrical equipment status monitoring system based on Internet of Things |
| CN110492607A (en) * | 2019-07-24 | 2019-11-22 | 广东电网有限责任公司 | A kind of intelligent substation condition monitoring system based on ubiquitous electric power Internet of Things |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
| CN111030841A (en) * | 2019-11-07 | 2020-04-17 | 西安科成新果信息科技有限公司 | Forestry internet of things safety communication system |
-
2020
- 2020-12-23 CN CN202011537404.6A patent/CN113542339A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404324A (en) * | 2011-11-23 | 2012-04-04 | 郭正韦华 | System for sensing safety of node data of Internet of things |
| CN109974780A (en) * | 2019-04-01 | 2019-07-05 | 西京学院 | A kind of electrical equipment status monitoring system based on Internet of Things |
| CN110492607A (en) * | 2019-07-24 | 2019-11-22 | 广东电网有限责任公司 | A kind of intelligent substation condition monitoring system based on ubiquitous electric power Internet of Things |
| CN111030841A (en) * | 2019-11-07 | 2020-04-17 | 西安科成新果信息科技有限公司 | Forestry internet of things safety communication system |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
Non-Patent Citations (1)
| Title |
|---|
| 凯信特安全团队: ""物联网漏洞防御或修复措施"", 《HTTPS://M.FREEBUF.COM/GEEK/198896.HTML》, 21 March 2019 (2019-03-21) * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070607A (en) * | 2021-11-12 | 2022-02-18 | 国网江苏省电力有限公司营销服务中心 | Electric power data distribution and data leakage risk control system |
| CN114205816A (en) * | 2021-12-14 | 2022-03-18 | 中国电力科学研究院有限公司 | Information security architecture of power mobile Internet of things and use method thereof |
| CN114205816B (en) * | 2021-12-14 | 2023-08-08 | 中国电力科学研究院有限公司 | Electric power mobile internet of things information security architecture and application method thereof |
| CN114884817A (en) * | 2022-04-02 | 2022-08-09 | 许继集团有限公司 | Data interaction method and system for power transmission and transformation equipment internet of things |
| CN114884817B (en) * | 2022-04-02 | 2024-03-01 | 许继集团有限公司 | Internet of things data interaction method and system for power transmission and transformation equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Diaz Lopez et al. | Shielding IoT against cyber‐attacks: an event‐based approach using SIEM | |
| Bhabad et al. | Internet of things: architecture, security issues and countermeasures | |
| CN113542339A (en) | Electric power Internet of things safety protection design method | |
| EP3490212B1 (en) | Actively identifying and neutralizing network hot spots | |
| Vijayakumaran et al. | A reliable next generation cyber security architecture for industrial internet of things environment | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| US9608973B2 (en) | Security management system including multiple relay servers and security management method | |
| KR20190030317A (en) | IoT Security System Based on the BlockChain and Security Method thereof | |
| CN107222508B (en) | Security access control method, device and system | |
| Alfaqih et al. | Internet of things security based on devices architecture | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| Kloibhofer et al. | LoRaWAN with HSM as a security improvement for agriculture applications | |
| Mohideen et al. | Internet of Things (IoT): classification, secured architecture based on data sensitivity, security issues and their countermeasures | |
| Bhardwaj et al. | Taxonomy of Security Attacks on Internet of Things | |
| KR102219018B1 (en) | Blockchain based data transmission method in internet of things | |
| Altayaran et al. | Security threats of application programming interface (API's) in internet of things (IoT) communications | |
| KR102531376B1 (en) | System for monitoring information security and network security based on network connection and method thereof | |
| Gu et al. | IoT security and new trends of solutions | |
| CN115277237A (en) | Control method and device for accessing mobile terminal to enterprise intranet | |
| Ihita et al. | Security for oneM2M-Based Smart City Network: An OM2M Implementation | |
| Benayas-Ayuso et al. | Internet of things cybersecurity: Blockchain as First Securitisation layer of an IoT network | |
| Raja et al. | Threat Modeling and IoT Attack Surfaces | |
| Wells | Better practices for IoT smart home security | |
| KR102049889B1 (en) | Apparatus and method for preventing forgery of data using hardware security module | |
| Amokrane | Internet of things: security issues, challenges and directions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |