CN113726726A - Power internet of things credibility measurement method based on edge calculation - Google Patents
Power internet of things credibility measurement method based on edge calculation Download PDFInfo
- Publication number
- CN113726726A CN113726726A CN202110596258.2A CN202110596258A CN113726726A CN 113726726 A CN113726726 A CN 113726726A CN 202110596258 A CN202110596258 A CN 202110596258A CN 113726726 A CN113726726 A CN 113726726A
- Authority
- CN
- China
- Prior art keywords
- things
- power internet
- node
- trusted
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/75—Information technology; Communication
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/10—Detection; Monitoring
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/30—Control
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Power Sources (AREA)
Abstract
The invention discloses an electric power internet of things credibility measuring method based on edge computing. The credible immune node realizes a basic immune function, ensures the immunity of the power internet of things node when the power internet of things node is started, operated and accessed, realizes a core immune function by the credible immune network, and ensures the immunity when the power internet of things is established, operated and accessed into the power internet of things information center. The credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
Description
Technical Field
The invention relates to the technical field of trusted computing, in particular to a power internet of things trusted measurement method based on edge computing.
Background
Along with the rapid development of the internet of things technology, under the mobile, ubiquitous, hybrid and wide-area interconnection environments, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, a video monitoring device, an intelligent electric meter, a charging pile and an office computer are deployed in the electric internet of things, the safety threat and the risk exceed the inherent boundary due to the fuzzy of the network boundary, and a certain safety risk exists in the aspects of trusted operation, identity validity and the like of a service end. Meanwhile, due to the construction of the power enterprise cloud, the power system faces the problems of large data scale, multiple service types, complex information interaction and the like, and illegal access is caused. The system is easy to be attacked and damaged by consciousness or unconsciousness, so that the operation of the power is difficult to guarantee. The root of the attack is that the problem is not solved from the actual reason of the network security risk, a passive defense means of blocking, checking and killing represented by a firewall, a virus checking and killing, intrusion detection and the like is adopted at one step, the attack is not enough to be prevented, and particularly, the attack initiated by the target system aiming at the loophole cannot be effectively prevented at all.
In order to solve the problem of the security of the current network space, the international TCG organization provides a trusted computing method, and provides a method which takes TPM and BIOS initial codes as trust roots and measures the trust by one level, thereby constructing a trust chain of a computer, protecting important resources of the computer from being illegally tampered and damaged, and achieving a better effect. However, the TPM is essentially only a passively hooked external device on the computer, and only functions when called by a host program, and once the host is controlled by an attacker, the function of the TPM is played indiscriminately, and the TPM only implements static metrics at the time of starting the computer and does not implement policy-based dynamic metrics at the time of running the computer, so that the trusted computing architecture of the TCG is basically difficult to defend when a hacker attacks with logic defects of the computer system, for example, Windows 10 fully implements the trusted computing architecture of the TCG, but fails to prevent the attack of Wannacry ransom virus.
Disclosure of Invention
The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By utilizing a trusted computing technology, active measurement is carried out on key components in the starting and running of the nodes of the power internet of things, and trusted access is implemented on the network connection of the nodes of the power internet of things, so that the credibility of the nodes of the power internet of things is ensured.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the credible immune network realizes the core immune function and ensures the immunity of the Internet of things during establishment and operation.
Further, as described above, the electric power internet of things trusted immune node based on edge computing is characterized in that the trusted immune node comprises an electric power internet of things node trusted immune system and an electric power internet of things node computing system, and the two systems operate on an electric power internet of things platform together.
The electric power internet of things node computing system bears the common functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system bears the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible base TSD (trusted Standard database).
The electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center). The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM. The core function of the credible immune system of the power internet of things network is to realize active measurement of the behavior of the power internet of things. The behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
Further, as described above, the electric power internet of things node credible immune system based on edge computing is provided, and the electric power internet of things node computing system undertakes conventional functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system bears the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible base TSD (trusted Standard database).
Furthermore, the credible immune system of the nodes of the power internet of things is characterized in that
The TPCM provides credible function supports such as credible measurement, credible storage and credible report for the nodes of the power Internet of things, and is a source and a physical credible basis of the node immunity of the power Internet of things;
the TSB takes the TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things. Active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system. Meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
Further, as for the trusted immune network, the trusted immune network comprises a trusted immune system of the power internet of things network and the power internet of things network.
And the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things.
The electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center).
The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded in the TPCM.
Further, as above, the electric power internet of things trusted immune service center mainly has the functions of: and the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things. And the credible strategy library is used for formulating a corresponding safety strategy aiming at the running environment and the purpose in the network and the nodes of the power internet of things. And the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
An edge computing-based power internet of things credibility measurement technology, comprising: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
The active measurement process when the power internet of things node is started is as follows: when the power internet of things Node is started, firstly, the TPCM is started before the power internet of things Node, and the TPCM performs credibility measurement on configuration of power internet of things Node bottom-layer hardware SNP (sensing Node platform). On the basis of ensuring that hardware of the power internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things node step by step, an operating system guides a power internet of things OS Loader, an operating system power internet of things OS kernel, and a power internet of things Application SAP (sensing Application program) (including a data acquisition Application program, a data processing Application program, a data transmission Application program and the like), and finally trusted starting of the power internet of things node is achieved.
The active measurement during the operation of the power internet of things node is realized by actively controlling and dynamically measuring the kernel data of the power internet of things node and the power internet of things application program.
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
The invention has the beneficial effects that: the invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
Drawings
Fig. 1 is a schematic structural diagram of an electric power internet of things credibility measurement technology based on edge computing in an embodiment of the present invention.
FIG. 2 is an active measurement process of a power Internet of things node during startup in the embodiment of the present invention
FIG. 3 is an active measurement process of nodes of the power internet of things in operation in the embodiment of the present invention
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
Aiming at the problem that the active defense of the power internet of things network and nodes is difficult to realize by mainly adopting passive defense mechanisms such as intrusion detection and the like in the safety protection mechanism of the current power internet of things, the invention constructs the power internet of things active immune architecture by using a trusted computing technology, provides an electric power internet of things trusted measurement technology and an electric power internet of things active measurement technology based on edge computing from the characteristics of the power internet of things network, and implements immune monitoring, immune defense and immune self-stabilization by locally and globally combining two layers of the active immune power internet of things and the active immune power internet of things network so as to realize the active defense of the power internet of things.
Interpretation of terms
And MEC: multi-access Edge Computing, Mobile Edge Computing.
TCA, Trusted network architecture.
TCA-IOT, Trusted connection architecture-Internet of Things (Internet of Things).
TPM: trusted Platform Module.
The TCM comprises a Trusted Cryptography Module, a Trusted Cryptography Module and a hardware Module of a Trusted computing platform, provides a cryptographic operation function for the Trusted computing platform and has a protected storage space.
A trusted platform control module, a hardware core module integrated in a trusted computing platform for establishing and guaranteeing a trusted source point, and functions of integrity measurement, safe storage, trusted report and cryptographic service for trusted computing.
TSB, Trusted Software Base, a collection of Software elements that provide support for the trustworthiness of a Trusted computing platform.
BIOS: the Basic Input Output System, is the first software loaded when a personal computer is started.
The basic framework of a trusted computing platform is described below.
As shown in fig. 1, the electric power internet of things credibility measurement technology based on edge computing is composed of an active immune electric power internet of things and an active immune electric power internet of things network. The basic immune function is realized by actively immunizing the power Internet of things, the immunity of the power Internet of things nodes and the server when the power Internet of things is started, operated and accessed is guaranteed, the core immune function is realized by actively immunizing the power Internet of things network, and the immunity when the power Internet of things is established, operated and accessed to the power Internet of things information center is guaranteed.
In the electric power internet of things credibility measurement technology based on edge computing, an active immune system and an electric power internet of things conventional function system coexist and mutually store to jointly form a dual-system structure. All parts of the active immune system are organically formed, and the active immunity of the power internet of things is realized through cooperative work.
The active measurement technology of the power internet of things is described in detail below.
The essence of the trusted computing is that the behavior is expected, so the key for realizing the active immunity of the power internet of things is to ensure that the computing and output results of the power internet of things server and the output results of the power internet of things network always meet the expectation. Based on the method, the credible computing technology is utilized to actively measure key components in the starting and running processes of the power internet of things server, and credible access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things.
Active measurement during starting of power internet of things
When the power internet of things is started, firstly, the TPCM is started before the power internet of things, and the TPCM carries out credibility measurement on the configuration of the bottom hardware BIOS of the power internet of things. On the basis of ensuring that the hardware of the power internet of things is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things step by step, an operating system boot OS Loader, an operating system OS kernel and Application programs SAP (sending Application program) (including a data acquisition Application program, a data processing Application program, a data transmission Application program and the like), and finally trusted starting of the power internet of things is achieved. The specific flow is shown in fig. 2. Based on the composition and the functional simplicity of the power internet of things, the credible reference values of all key components of the power internet of things are stored in the TPCM.
The trusted computing base TCB is the totality of the security protection devices of the system, and comprises a combination of hardware, firmware, software and the responsibility for executing security policies, and establishes a basic protection environment and provides additional application services required by the system. For the power internet of things, since the TPCM has measured the hardware layer separately, what is measured in the active measurement is that the software part of the TCB includes the trusted software base TSB as well as other security mechanisms.
TPCM starts and carries out the self-checking before electric power thing networking server. After the TPCM is successfully self-checked, the TPCM sends a control signal to reset a CPU, a controller, a dynamic memory and the like of the power Internet of things server.
TPCM measures the configuration of the underlying hardware BIOS, computes its digest and stores it in PCR [1 ]]In (1). TPCM calls credible reference value SPCR [1 ] of stored BIOS]ComputingAnd if Res is 0, the starting of the power Internet of things fails.
And starting bottom hardware of the power internet of things.
TPCM measures TCB, OS Loader, OS Kernel in turn, calculates their digests and stores them in PCR [2 ]],PCR[3],PCR[4]. TPCM calls credible reference value SPCR [2 ] of stored TCB, OS Loader and OS Kernel],SPCR[3],SPCR[4]Computing If Res1 ^ Res2 ^ Res3 ═ 0, the start of the power internet of things fails. TPCM measures TCB, OS Loader, OS Kernel in turn, the former measures success as a necessary condition for the latter, if the former fails, the subsequent item is not being measured. That is, if the TCB measurement fails, the OS Loader and the OS Kernel do no longer perform the measurement, and if the OS Loader measurement fails, the OS Kernel does not perform the measurement.
TPCM metrics application SAP, calculates a digest of application SAP and stores in PCR [5 ]](the PCR of data collection applications, data processing applications, data transmission applications, etc. can be measured in turn, as needed and function. TPCM calls stored credible reference value SPCR [5 ]]CalculatingIf Res ═ 1 then the platform loads the application SAP and executes.
And when the power internet of things server is started, the TPCM always masters the control right in the starting process of the power internet of things server, and measures and verifies each key component in the starting process of the power internet of things by using the credible reference value, so that the credible starting of the power internet of things is ensured.
Active measurement during operation of power internet of things node
The active measurement during the operation of the power internet of things node is realized by actively controlling the kernel data and the application program of the power internet of things node and dynamically measuring the credibility, as shown in fig. 3.
Active measurement points:
active metrology points are key to implementing active metrology techniques. According to the characteristics of the power internet of things node, the active measurement points in the operation of the power internet of things node mainly comprise the starting of an application program, the opening of a communication system, the access of application data and the like. And the trusted software base TSB judges whether the measurement point is an active measurement point or not according to a strategy by actively intercepting a Tiny OS system call, and implements active measurement at the active measurement point.
Active metrology techniques:
in the operation process of the power internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and application programs of a system kernel, and the specific flow is shown in the following diagram.
And in the running process of the node server of the power Internet of things, the TSB actively controls system calling. The TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy. If not, no action is taken.
At the active measurement point, the TSB calls the TPCM to perform active measurement according to the measurement strategy. Wherein, the active measurement objects of the kernel are a kernel Code area, a system vector table and the like; the active measurement object of the application program is the configuration file and the dynamic library of the application and the relevant data operated by the application.
The TSB computes a digest of the measured object and stores it in the corresponding PCR. For each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCRIf the result is 1, the measured object is determined to be authentic. If the measured objects at all the measurement points are credible, the power Internet of things node canThe letter is sent.
Active measurement when node of power internet of things joins edge computing network
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node. The specific process is as follows:
s101, enabling the node N of the power internet of things to identify the IDNAnd the node type of the power internet of things and the request information Req send the TCN to request to join the edge computing network.
And S102, after receiving the information, the TCN checks the type of the power Internet of things node. If the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things nodeCAnd a random number rC。
S103, using TCN identity ID by power Internet of things node NCObtaining authentication key K of both partiesCN(see chapter five for methods of acquisition). Random number r is selected to electric power thing networking node NNAnd calculateNode N of power internet of thingsrNThe TCN is sent.
S104, TCN utilizes the ID of the node of the power Internet of thingsNObtaining authentication key K of both partiesCN. TCN decryptionThe correctness of the signature is verified. TCN calculationAnd transmitting the power internet of things node N.
S105, decrypting by using node N of power internet of thingsThe correctness of the signature is verified.
The TCN and the power Internet of things node N utilize a shared communication keyAnd establishing a secure channel.
S106, TPCMN signs the platform integrity certificate AIK of itselfNRandom numberAnd sending to the TCN.
S107, trusted root TPCM C of TCN sends its own certificate AIKCRandom numberAnd platform integrity signed certificate AIK of TPCMNNRandom numberAnd sending the information to an IOT trusted authentication center IOTTC through a trusted sink node TSN.
S108, electric power thing networking trusted certificate authority IOTTC certificate of authentication AIKCAnd certificate AIKNAnd utilizes the shared secret key K of IOTTC and TPCM C and TPCM NC,KNComputingAndand respectively transmitting the TPCMC and the TPCMN.
S109, TPCM C and TPCM N are decrypted respectivelyAndobtaining platform integrity authentication key k of both partiesCN。
S110, TPCMC sends integrity request information Req { i } to TPCMN1,....,ir},{i1,....,irAnd the PCR identification corresponding to the power Internet of things node is obtained.
S111, TPCM N sends integrality information of power internet of things node N to TPCM CAnd integrity request information Req { j }1,....,js},{j1,....,jsAnd the PCR integrity mark corresponding to the TCN is used.
S112, TPCM C verificationAnd according to { a1,....,arAnd comprehensively judging the power Internet of things node N by the value in the node B, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network. TPCMC sends integrity information of TCN to TPCMN
S113, TPCM N verificationAnd according to { b1,....,bsAnd comprehensively judging the TCN by the obtained value, and refusing to join the edge computing network if the judgment result is not credible.
Therefore, bidirectional identity authentication and platform integrity authentication between the TCN and the node N of the power Internet of things are completed.
The trusted computing platform with the parallel dual-architecture computing and protection structure provided by the invention at least has the following advantages:
1. the parallel active immune power Internet of things and active immune power Internet of things network can actively carry out safety protection while carrying out calculation, and the active safety protection of the system is realized on the premise of not changing calculation logic.
2. The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates.
3. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured.
4. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.
Claims (7)
1. The utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the credible immune network realizes the core immune function and ensures the immunity of the Internet of things during establishment and operation.
2. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the credible immune node comprises an electric power internet of things node credible immune system and an electric power internet of things node computing system, and the two systems are operated together on an electric power internet of things platform;
the electric power Internet of things node computing system undertakes the common functions of data acquisition, data processing, data transmission and the like of the electric power Internet of things node; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the electric power internet of things network trusted immune system has the function of electric power internet of things network immunity and mainly comprises a trusted edge computing node MEC, a trusted sink node TSN, a behavior trusted reference library BTSD and an electric power internet of things trusted authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM; the core function of the credible immune system of the power Internet of things network is to realize active measurement of the behavior of the power Internet of things; the behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
3. The electric power internet of things credible immune system based on edge computing as claimed in claim 2, wherein the electric power internet of things node computing system undertakes common data acquisition, data processing and data transmission functions of the electric power internet of things node; the electric power internet of things node credible immune system takes charge of the electric power internet of things node immunity function and is composed of a TPCM, a credible software base TSB, a credible support mechanism and a credible reference library TSD.
4. The electric power Internet of things credible immune system based on edge computing as claimed in claim 3, characterized in that
The TPCM provides credible measurement, credible storage and credible report credible function support for the power Internet of things node, and is a source and a physical credible basis of the power Internet of things node immunity;
the TSB takes TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things; active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system; meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
5. The electric power internet of things credible immune system based on edge computing of claim 1, characterized in that: the credible immune network comprises a credible immune system of the power Internet of things network and the power Internet of things network;
the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things;
the electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center);
the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded in the TPCM.
6. The electric power internet of things credible immune system based on edge computing of claim 1, characterized in that: the electric power internet of things credible immune service center mainly has the functions of: the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things; the credible strategy library is used for making a corresponding safety strategy aiming at the running environment and the purpose in the power Internet of things network and the nodes; and the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
7. An electric power internet of things credibility measurement method based on edge computing and carried out by using the system of any one of claims 1-6, wherein the credibility measurement technology comprises the following steps: active measurement is carried out on key components of the power internet of things node during starting and running, and trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured;
the active measurement process when the power internet of things node is started is as follows: when the power internet of things node is started, firstly, the TPCM is started before the power internet of things node, and the TPCM performs credibility measurement on the configuration of the bottom hardware SNP of the power internet of things node; on the basis of ensuring that hardware of the power Internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power Internet of things node step by step, an operating system guides a power Internet of things OS Loader, an operating system power Internet of things OS kernel, and a power Internet of things application SAP comprise a data acquisition application program, a data processing application program and a data transmission application program, and finally trusted starting of the power Internet of things node is achieved;
the active measurement during the operation of the power internet-of-things node is realized by actively controlling and dynamically measuring the kernel data of the power internet-of-things node and the power internet-of-things application program;
when the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110596258.2A CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110596258.2A CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113726726A true CN113726726A (en) | 2021-11-30 |
CN113726726B CN113726726B (en) | 2022-11-22 |
Family
ID=78672823
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110596258.2A Active CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113726726B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114362933A (en) * | 2021-12-16 | 2022-04-15 | 国网河北省电力有限公司信息通信分公司 | Credible authentication method for data source under power Internet of things environment |
CN114697123A (en) * | 2022-04-11 | 2022-07-01 | 穆聪聪 | Active immune security defense method suitable for sensing node of Internet of things |
CN115001750A (en) * | 2022-05-06 | 2022-09-02 | 国网宁夏电力有限公司信息通信公司 | Trusted group construction method and system based on trust management in power internet of things |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180232031A1 (en) * | 2017-02-15 | 2018-08-16 | Dell Products, L.P. | Safeguard and recovery of internet of things (iot) devices from power anomalies |
CN111158906A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Credible cloud system for active immunization |
CN112257071A (en) * | 2020-10-23 | 2021-01-22 | 江西畅然科技发展有限公司 | Credibility measurement control method based on state and behavior of sensing layer of Internet of things |
CN112464271A (en) * | 2021-01-27 | 2021-03-09 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
CN112511618A (en) * | 2020-11-25 | 2021-03-16 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
CN112615841A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Layered security management and control system and method based on trusted computing |
-
2021
- 2021-05-30 CN CN202110596258.2A patent/CN113726726B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180232031A1 (en) * | 2017-02-15 | 2018-08-16 | Dell Products, L.P. | Safeguard and recovery of internet of things (iot) devices from power anomalies |
CN111158906A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Credible cloud system for active immunization |
CN112257071A (en) * | 2020-10-23 | 2021-01-22 | 江西畅然科技发展有限公司 | Credibility measurement control method based on state and behavior of sensing layer of Internet of things |
CN112511618A (en) * | 2020-11-25 | 2021-03-16 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
CN112615841A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Layered security management and control system and method based on trusted computing |
CN112464271A (en) * | 2021-01-27 | 2021-03-09 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114362933A (en) * | 2021-12-16 | 2022-04-15 | 国网河北省电力有限公司信息通信分公司 | Credible authentication method for data source under power Internet of things environment |
CN114697123A (en) * | 2022-04-11 | 2022-07-01 | 穆聪聪 | Active immune security defense method suitable for sensing node of Internet of things |
CN115001750A (en) * | 2022-05-06 | 2022-09-02 | 国网宁夏电力有限公司信息通信公司 | Trusted group construction method and system based on trust management in power internet of things |
CN115001750B (en) * | 2022-05-06 | 2024-04-05 | 国网宁夏电力有限公司信息通信公司 | Trusted group construction method and system based on trust management in electric power Internet of things |
Also Published As
Publication number | Publication date |
---|---|
CN113726726B (en) | 2022-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11477036B2 (en) | Devices and methods for application attestation | |
CN113726726B (en) | Electric power Internet of things credible immune system based on edge calculation and measurement method | |
US8909930B2 (en) | External reference monitor | |
CN103747036B (en) | Trusted security enhancement method in desktop virtualization environment | |
CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
US8782809B2 (en) | Limiting information leakage and piracy due to virtual machine cloning | |
US9665711B1 (en) | Managing and classifying states | |
CN111147252B (en) | Trusted connection method for cloud environment | |
Qin et al. | RIPTE: runtime integrity protection based on trusted execution for IoT device | |
Will et al. | Using a shared SGX enclave in the UNIX PAM authentication service | |
KR20150089696A (en) | Integrity Verification System and the method based on Access Control and Priority Level | |
CN111651740B (en) | Trusted platform sharing system for distributed intelligent embedded system | |
CN115879087A (en) | Safe and trusted starting method and system for power terminal | |
CN116956298A (en) | Application running environment detection method and device | |
CN113726837A (en) | Behavior measurement method and device for power system | |
CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
Niemi et al. | Platform attestation in consumer devices | |
Zhou et al. | Using asynchronous collaborative attestation to build a trusted computing environment for mobile applications | |
Murti et al. | Security in embedded systems | |
Yoon et al. | Mobile security technology for smart devices | |
Surendrababu | System Integrity–A Cautionary Tale | |
García Aguilar et al. | A Threat Model Analysis of a Mobile Agent-based system on Raspberry Pi | |
CN114297652B (en) | Endorsement chain system capable of preventing unknown network attack | |
CN113726727A (en) | Electric power Internet of things trusted connection method based on edge computing | |
Jian et al. | A New Method to Enhance Container with vTPM |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |