CN113726726A - Power internet of things credibility measurement method based on edge calculation - Google Patents

Power internet of things credibility measurement method based on edge calculation Download PDF

Info

Publication number
CN113726726A
CN113726726A CN202110596258.2A CN202110596258A CN113726726A CN 113726726 A CN113726726 A CN 113726726A CN 202110596258 A CN202110596258 A CN 202110596258A CN 113726726 A CN113726726 A CN 113726726A
Authority
CN
China
Prior art keywords
things
power internet
node
trusted
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110596258.2A
Other languages
Chinese (zh)
Other versions
CN113726726B (en
Inventor
陈连栋
赵保华
王文辉
韩龙玺
郭昊
杨超
李宁博
国明
程凯
刘咸通
申培培
辛晓鹏
王志浩
路欣
李毅超
伊进慈
公备
宁振虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
Beijing University of Technology
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology, State Grid Corp of China SGCC, Global Energy Interconnection Research Institute, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical Beijing University of Technology
Priority to CN202110596258.2A priority Critical patent/CN113726726B/en
Publication of CN113726726A publication Critical patent/CN113726726A/en
Application granted granted Critical
Publication of CN113726726B publication Critical patent/CN113726726B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/30Control
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Power Sources (AREA)

Abstract

The invention discloses an electric power internet of things credibility measuring method based on edge computing. The credible immune node realizes a basic immune function, ensures the immunity of the power internet of things node when the power internet of things node is started, operated and accessed, realizes a core immune function by the credible immune network, and ensures the immunity when the power internet of things is established, operated and accessed into the power internet of things information center. The credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.

Description

Power internet of things credibility measurement method based on edge calculation
Technical Field
The invention relates to the technical field of trusted computing, in particular to a power internet of things trusted measurement method based on edge computing.
Background
Along with the rapid development of the internet of things technology, under the mobile, ubiquitous, hybrid and wide-area interconnection environments, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, a video monitoring device, an intelligent electric meter, a charging pile and an office computer are deployed in the electric internet of things, the safety threat and the risk exceed the inherent boundary due to the fuzzy of the network boundary, and a certain safety risk exists in the aspects of trusted operation, identity validity and the like of a service end. Meanwhile, due to the construction of the power enterprise cloud, the power system faces the problems of large data scale, multiple service types, complex information interaction and the like, and illegal access is caused. The system is easy to be attacked and damaged by consciousness or unconsciousness, so that the operation of the power is difficult to guarantee. The root of the attack is that the problem is not solved from the actual reason of the network security risk, a passive defense means of blocking, checking and killing represented by a firewall, a virus checking and killing, intrusion detection and the like is adopted at one step, the attack is not enough to be prevented, and particularly, the attack initiated by the target system aiming at the loophole cannot be effectively prevented at all.
In order to solve the problem of the security of the current network space, the international TCG organization provides a trusted computing method, and provides a method which takes TPM and BIOS initial codes as trust roots and measures the trust by one level, thereby constructing a trust chain of a computer, protecting important resources of the computer from being illegally tampered and damaged, and achieving a better effect. However, the TPM is essentially only a passively hooked external device on the computer, and only functions when called by a host program, and once the host is controlled by an attacker, the function of the TPM is played indiscriminately, and the TPM only implements static metrics at the time of starting the computer and does not implement policy-based dynamic metrics at the time of running the computer, so that the trusted computing architecture of the TCG is basically difficult to defend when a hacker attacks with logic defects of the computer system, for example, Windows 10 fully implements the trusted computing architecture of the TCG, but fails to prevent the attack of Wannacry ransom virus.
Disclosure of Invention
The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By utilizing a trusted computing technology, active measurement is carried out on key components in the starting and running of the nodes of the power internet of things, and trusted access is implemented on the network connection of the nodes of the power internet of things, so that the credibility of the nodes of the power internet of things is ensured.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the credible immune network realizes the core immune function and ensures the immunity of the Internet of things during establishment and operation.
Further, as described above, the electric power internet of things trusted immune node based on edge computing is characterized in that the trusted immune node comprises an electric power internet of things node trusted immune system and an electric power internet of things node computing system, and the two systems operate on an electric power internet of things platform together.
The electric power internet of things node computing system bears the common functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system bears the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible base TSD (trusted Standard database).
The electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center). The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM. The core function of the credible immune system of the power internet of things network is to realize active measurement of the behavior of the power internet of things. The behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
Further, as described above, the electric power internet of things node credible immune system based on edge computing is provided, and the electric power internet of things node computing system undertakes conventional functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system bears the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible base TSD (trusted Standard database).
Furthermore, the credible immune system of the nodes of the power internet of things is characterized in that
The TPCM provides credible function supports such as credible measurement, credible storage and credible report for the nodes of the power Internet of things, and is a source and a physical credible basis of the node immunity of the power Internet of things;
the TSB takes the TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things. Active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system. Meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
Further, as for the trusted immune network, the trusted immune network comprises a trusted immune system of the power internet of things network and the power internet of things network.
And the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things.
The electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center).
The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded in the TPCM.
Further, as above, the electric power internet of things trusted immune service center mainly has the functions of: and the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things. And the credible strategy library is used for formulating a corresponding safety strategy aiming at the running environment and the purpose in the network and the nodes of the power internet of things. And the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
An edge computing-based power internet of things credibility measurement technology, comprising: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
The active measurement process when the power internet of things node is started is as follows: when the power internet of things Node is started, firstly, the TPCM is started before the power internet of things Node, and the TPCM performs credibility measurement on configuration of power internet of things Node bottom-layer hardware SNP (sensing Node platform). On the basis of ensuring that hardware of the power internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things node step by step, an operating system guides a power internet of things OS Loader, an operating system power internet of things OS kernel, and a power internet of things Application SAP (sensing Application program) (including a data acquisition Application program, a data processing Application program, a data transmission Application program and the like), and finally trusted starting of the power internet of things node is achieved.
The active measurement during the operation of the power internet of things node is realized by actively controlling and dynamically measuring the kernel data of the power internet of things node and the power internet of things application program.
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
The invention has the beneficial effects that: the invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
Drawings
Fig. 1 is a schematic structural diagram of an electric power internet of things credibility measurement technology based on edge computing in an embodiment of the present invention.
FIG. 2 is an active measurement process of a power Internet of things node during startup in the embodiment of the present invention
FIG. 3 is an active measurement process of nodes of the power internet of things in operation in the embodiment of the present invention
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
Aiming at the problem that the active defense of the power internet of things network and nodes is difficult to realize by mainly adopting passive defense mechanisms such as intrusion detection and the like in the safety protection mechanism of the current power internet of things, the invention constructs the power internet of things active immune architecture by using a trusted computing technology, provides an electric power internet of things trusted measurement technology and an electric power internet of things active measurement technology based on edge computing from the characteristics of the power internet of things network, and implements immune monitoring, immune defense and immune self-stabilization by locally and globally combining two layers of the active immune power internet of things and the active immune power internet of things network so as to realize the active defense of the power internet of things.
Interpretation of terms
And MEC: multi-access Edge Computing, Mobile Edge Computing.
TCA, Trusted network architecture.
TCA-IOT, Trusted connection architecture-Internet of Things (Internet of Things).
TPM: trusted Platform Module.
The TCM comprises a Trusted Cryptography Module, a Trusted Cryptography Module and a hardware Module of a Trusted computing platform, provides a cryptographic operation function for the Trusted computing platform and has a protected storage space.
A trusted platform control module, a hardware core module integrated in a trusted computing platform for establishing and guaranteeing a trusted source point, and functions of integrity measurement, safe storage, trusted report and cryptographic service for trusted computing.
TSB, Trusted Software Base, a collection of Software elements that provide support for the trustworthiness of a Trusted computing platform.
BIOS: the Basic Input Output System, is the first software loaded when a personal computer is started.
The basic framework of a trusted computing platform is described below.
As shown in fig. 1, the electric power internet of things credibility measurement technology based on edge computing is composed of an active immune electric power internet of things and an active immune electric power internet of things network. The basic immune function is realized by actively immunizing the power Internet of things, the immunity of the power Internet of things nodes and the server when the power Internet of things is started, operated and accessed is guaranteed, the core immune function is realized by actively immunizing the power Internet of things network, and the immunity when the power Internet of things is established, operated and accessed to the power Internet of things information center is guaranteed.
In the electric power internet of things credibility measurement technology based on edge computing, an active immune system and an electric power internet of things conventional function system coexist and mutually store to jointly form a dual-system structure. All parts of the active immune system are organically formed, and the active immunity of the power internet of things is realized through cooperative work.
The active measurement technology of the power internet of things is described in detail below.
The essence of the trusted computing is that the behavior is expected, so the key for realizing the active immunity of the power internet of things is to ensure that the computing and output results of the power internet of things server and the output results of the power internet of things network always meet the expectation. Based on the method, the credible computing technology is utilized to actively measure key components in the starting and running processes of the power internet of things server, and credible access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things.
Active measurement during starting of power internet of things
When the power internet of things is started, firstly, the TPCM is started before the power internet of things, and the TPCM carries out credibility measurement on the configuration of the bottom hardware BIOS of the power internet of things. On the basis of ensuring that the hardware of the power internet of things is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things step by step, an operating system boot OS Loader, an operating system OS kernel and Application programs SAP (sending Application program) (including a data acquisition Application program, a data processing Application program, a data transmission Application program and the like), and finally trusted starting of the power internet of things is achieved. The specific flow is shown in fig. 2. Based on the composition and the functional simplicity of the power internet of things, the credible reference values of all key components of the power internet of things are stored in the TPCM.
The trusted computing base TCB is the totality of the security protection devices of the system, and comprises a combination of hardware, firmware, software and the responsibility for executing security policies, and establishes a basic protection environment and provides additional application services required by the system. For the power internet of things, since the TPCM has measured the hardware layer separately, what is measured in the active measurement is that the software part of the TCB includes the trusted software base TSB as well as other security mechanisms.
TPCM starts and carries out the self-checking before electric power thing networking server. After the TPCM is successfully self-checked, the TPCM sends a control signal to reset a CPU, a controller, a dynamic memory and the like of the power Internet of things server.
TPCM measures the configuration of the underlying hardware BIOS, computes its digest and stores it in PCR [1 ]]In (1). TPCM calls credible reference value SPCR [1 ] of stored BIOS]Computing
Figure BDA0003091237650000071
And if Res is 0, the starting of the power Internet of things fails.
And starting bottom hardware of the power internet of things.
TPCM measures TCB, OS Loader, OS Kernel in turn, calculates their digests and stores them in PCR [2 ]],PCR[3],PCR[4]. TPCM calls credible reference value SPCR [2 ] of stored TCB, OS Loader and OS Kernel],SPCR[3],SPCR[4]Computing
Figure BDA0003091237650000072
Figure BDA0003091237650000073
If Res1 ^ Res2 ^ Res3 ═ 0, the start of the power internet of things fails. TPCM measures TCB, OS Loader, OS Kernel in turn, the former measures success as a necessary condition for the latter, if the former fails, the subsequent item is not being measured. That is, if the TCB measurement fails, the OS Loader and the OS Kernel do no longer perform the measurement, and if the OS Loader measurement fails, the OS Kernel does not perform the measurement.
TPCM metrics application SAP, calculates a digest of application SAP and stores in PCR [5 ]](the PCR of data collection applications, data processing applications, data transmission applications, etc. can be measured in turn, as needed and function. TPCM calls stored credible reference value SPCR [5 ]]Calculating
Figure BDA0003091237650000074
If Res ═ 1 then the platform loads the application SAP and executes.
And when the power internet of things server is started, the TPCM always masters the control right in the starting process of the power internet of things server, and measures and verifies each key component in the starting process of the power internet of things by using the credible reference value, so that the credible starting of the power internet of things is ensured.
Active measurement during operation of power internet of things node
The active measurement during the operation of the power internet of things node is realized by actively controlling the kernel data and the application program of the power internet of things node and dynamically measuring the credibility, as shown in fig. 3.
Active measurement points:
active metrology points are key to implementing active metrology techniques. According to the characteristics of the power internet of things node, the active measurement points in the operation of the power internet of things node mainly comprise the starting of an application program, the opening of a communication system, the access of application data and the like. And the trusted software base TSB judges whether the measurement point is an active measurement point or not according to a strategy by actively intercepting a Tiny OS system call, and implements active measurement at the active measurement point.
Active metrology techniques:
in the operation process of the power internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and application programs of a system kernel, and the specific flow is shown in the following diagram.
And in the running process of the node server of the power Internet of things, the TSB actively controls system calling. The TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy. If not, no action is taken.
At the active measurement point, the TSB calls the TPCM to perform active measurement according to the measurement strategy. Wherein, the active measurement objects of the kernel are a kernel Code area, a system vector table and the like; the active measurement object of the application program is the configuration file and the dynamic library of the application and the relevant data operated by the application.
The TSB computes a digest of the measured object and stores it in the corresponding PCR. For each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCR
Figure BDA0003091237650000081
If the result is 1, the measured object is determined to be authentic. If the measured objects at all the measurement points are credible, the power Internet of things node canThe letter is sent.
Active measurement when node of power internet of things joins edge computing network
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node. The specific process is as follows:
s101, enabling the node N of the power internet of things to identify the IDNAnd the node type of the power internet of things and the request information Req send the TCN to request to join the edge computing network.
And S102, after receiving the information, the TCN checks the type of the power Internet of things node. If the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things nodeCAnd a random number rC
S103, using TCN identity ID by power Internet of things node NCObtaining authentication key K of both partiesCN(see chapter five for methods of acquisition). Random number r is selected to electric power thing networking node NNAnd calculate
Figure BDA0003091237650000091
Node N of power internet of things
Figure BDA0003091237650000092
rNThe TCN is sent.
S104, TCN utilizes the ID of the node of the power Internet of thingsNObtaining authentication key K of both partiesCN. TCN decryption
Figure BDA0003091237650000093
The correctness of the signature is verified. TCN calculation
Figure BDA0003091237650000094
And transmitting the power internet of things node N.
S105, decrypting by using node N of power internet of things
Figure BDA0003091237650000095
The correctness of the signature is verified.
The TCN and the power Internet of things node N utilize a shared communication key
Figure BDA0003091237650000096
And establishing a secure channel.
S106, TPCMN signs the platform integrity certificate AIK of itselfNRandom number
Figure BDA0003091237650000097
And sending to the TCN.
S107, trusted root TPCM C of TCN sends its own certificate AIKCRandom number
Figure BDA0003091237650000098
And platform integrity signed certificate AIK of TPCMNNRandom number
Figure BDA0003091237650000099
And sending the information to an IOT trusted authentication center IOTTC through a trusted sink node TSN.
S108, electric power thing networking trusted certificate authority IOTTC certificate of authentication AIKCAnd certificate AIKNAnd utilizes the shared secret key K of IOTTC and TPCM C and TPCM NC,KNComputing
Figure BDA00030912376500000910
And
Figure BDA00030912376500000911
and respectively transmitting the TPCMC and the TPCMN.
S109, TPCM C and TPCM N are decrypted respectively
Figure BDA00030912376500000912
And
Figure BDA00030912376500000913
obtaining platform integrity authentication key k of both partiesCN
S110, TPCMC sends integrity request information Req { i } to TPCMN1,....,ir},{i1,....,irAnd the PCR identification corresponding to the power Internet of things node is obtained.
S111, TPCM N sends integrality information of power internet of things node N to TPCM C
Figure BDA00030912376500000914
And integrity request information Req { j }1,....,js},{j1,....,jsAnd the PCR integrity mark corresponding to the TCN is used.
S112, TPCM C verification
Figure BDA0003091237650000101
And according to { a1,....,arAnd comprehensively judging the power Internet of things node N by the value in the node B, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network. TPCMC sends integrity information of TCN to TPCMN
Figure BDA0003091237650000102
Figure BDA0003091237650000103
S113, TPCM N verification
Figure BDA0003091237650000104
And according to { b1,....,bsAnd comprehensively judging the TCN by the obtained value, and refusing to join the edge computing network if the judgment result is not credible.
Therefore, bidirectional identity authentication and platform integrity authentication between the TCN and the node N of the power Internet of things are completed.
The trusted computing platform with the parallel dual-architecture computing and protection structure provided by the invention at least has the following advantages:
1. the parallel active immune power Internet of things and active immune power Internet of things network can actively carry out safety protection while carrying out calculation, and the active safety protection of the system is realized on the premise of not changing calculation logic.
2. The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates.
3. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured.
4. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.

Claims (7)

1. The utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the credible immune network realizes the core immune function and ensures the immunity of the Internet of things during establishment and operation.
2. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the credible immune node comprises an electric power internet of things node credible immune system and an electric power internet of things node computing system, and the two systems are operated together on an electric power internet of things platform;
the electric power Internet of things node computing system undertakes the common functions of data acquisition, data processing, data transmission and the like of the electric power Internet of things node; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the electric power internet of things network trusted immune system has the function of electric power internet of things network immunity and mainly comprises a trusted edge computing node MEC, a trusted sink node TSN, a behavior trusted reference library BTSD and an electric power internet of things trusted authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM; the core function of the credible immune system of the power Internet of things network is to realize active measurement of the behavior of the power Internet of things; the behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
3. The electric power internet of things credible immune system based on edge computing as claimed in claim 2, wherein the electric power internet of things node computing system undertakes common data acquisition, data processing and data transmission functions of the electric power internet of things node; the electric power internet of things node credible immune system takes charge of the electric power internet of things node immunity function and is composed of a TPCM, a credible software base TSB, a credible support mechanism and a credible reference library TSD.
4. The electric power Internet of things credible immune system based on edge computing as claimed in claim 3, characterized in that
The TPCM provides credible measurement, credible storage and credible report credible function support for the power Internet of things node, and is a source and a physical credible basis of the power Internet of things node immunity;
the TSB takes TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things; active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system; meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
5. The electric power internet of things credible immune system based on edge computing of claim 1, characterized in that: the credible immune network comprises a credible immune system of the power Internet of things network and the power Internet of things network;
the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things;
the electric power internet of things network Trusted immune system has the function of electric power internet of things network immunity and mainly comprises a Trusted edge computing node MEC (Trusted Cluster node), a Trusted Sink node TSN (Trusted Sink node), a behavior Trusted Standard library BTSD (behavors Trusted Standard database) and an electric power internet of things Trusted authentication center IOTTC (Internet of things Trusted center);
the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded in the TPCM.
6. The electric power internet of things credible immune system based on edge computing of claim 1, characterized in that: the electric power internet of things credible immune service center mainly has the functions of: the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things; the credible strategy library is used for making a corresponding safety strategy aiming at the running environment and the purpose in the power Internet of things network and the nodes; and the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
7. An electric power internet of things credibility measurement method based on edge computing and carried out by using the system of any one of claims 1-6, wherein the credibility measurement technology comprises the following steps: active measurement is carried out on key components of the power internet of things node during starting and running, and trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured;
the active measurement process when the power internet of things node is started is as follows: when the power internet of things node is started, firstly, the TPCM is started before the power internet of things node, and the TPCM performs credibility measurement on the configuration of the bottom hardware SNP of the power internet of things node; on the basis of ensuring that hardware of the power Internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power Internet of things node step by step, an operating system guides a power Internet of things OS Loader, an operating system power Internet of things OS kernel, and a power Internet of things application SAP comprise a data acquisition application program, a data processing application program and a data transmission application program, and finally trusted starting of the power Internet of things node is achieved;
the active measurement during the operation of the power internet-of-things node is realized by actively controlling and dynamically measuring the kernel data of the power internet-of-things node and the power internet-of-things application program;
when the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
CN202110596258.2A 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method Active CN113726726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110596258.2A CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110596258.2A CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Publications (2)

Publication Number Publication Date
CN113726726A true CN113726726A (en) 2021-11-30
CN113726726B CN113726726B (en) 2022-11-22

Family

ID=78672823

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110596258.2A Active CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Country Status (1)

Country Link
CN (1) CN113726726B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362933A (en) * 2021-12-16 2022-04-15 国网河北省电力有限公司信息通信分公司 Credible authentication method for data source under power Internet of things environment
CN114697123A (en) * 2022-04-11 2022-07-01 穆聪聪 Active immune security defense method suitable for sensing node of Internet of things
CN115001750A (en) * 2022-05-06 2022-09-02 国网宁夏电力有限公司信息通信公司 Trusted group construction method and system based on trust management in power internet of things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180232031A1 (en) * 2017-02-15 2018-08-16 Dell Products, L.P. Safeguard and recovery of internet of things (iot) devices from power anomalies
CN111158906A (en) * 2019-12-19 2020-05-15 北京可信华泰信息技术有限公司 Credible cloud system for active immunization
CN112257071A (en) * 2020-10-23 2021-01-22 江西畅然科技发展有限公司 Credibility measurement control method based on state and behavior of sensing layer of Internet of things
CN112464271A (en) * 2021-01-27 2021-03-09 信联科技(南京)有限公司 Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN112615841A (en) * 2020-12-11 2021-04-06 辽宁电力能源发展集团有限公司 Layered security management and control system and method based on trusted computing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180232031A1 (en) * 2017-02-15 2018-08-16 Dell Products, L.P. Safeguard and recovery of internet of things (iot) devices from power anomalies
CN111158906A (en) * 2019-12-19 2020-05-15 北京可信华泰信息技术有限公司 Credible cloud system for active immunization
CN112257071A (en) * 2020-10-23 2021-01-22 江西畅然科技发展有限公司 Credibility measurement control method based on state and behavior of sensing layer of Internet of things
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN112615841A (en) * 2020-12-11 2021-04-06 辽宁电力能源发展集团有限公司 Layered security management and control system and method based on trusted computing
CN112464271A (en) * 2021-01-27 2021-03-09 信联科技(南京)有限公司 Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362933A (en) * 2021-12-16 2022-04-15 国网河北省电力有限公司信息通信分公司 Credible authentication method for data source under power Internet of things environment
CN114697123A (en) * 2022-04-11 2022-07-01 穆聪聪 Active immune security defense method suitable for sensing node of Internet of things
CN115001750A (en) * 2022-05-06 2022-09-02 国网宁夏电力有限公司信息通信公司 Trusted group construction method and system based on trust management in power internet of things
CN115001750B (en) * 2022-05-06 2024-04-05 国网宁夏电力有限公司信息通信公司 Trusted group construction method and system based on trust management in electric power Internet of things

Also Published As

Publication number Publication date
CN113726726B (en) 2022-11-22

Similar Documents

Publication Publication Date Title
US11477036B2 (en) Devices and methods for application attestation
CN113726726B (en) Electric power Internet of things credible immune system based on edge calculation and measurement method
US8909930B2 (en) External reference monitor
CN103747036B (en) Trusted security enhancement method in desktop virtualization environment
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
US8782809B2 (en) Limiting information leakage and piracy due to virtual machine cloning
US9665711B1 (en) Managing and classifying states
CN111147252B (en) Trusted connection method for cloud environment
Qin et al. RIPTE: runtime integrity protection based on trusted execution for IoT device
Will et al. Using a shared SGX enclave in the UNIX PAM authentication service
KR20150089696A (en) Integrity Verification System and the method based on Access Control and Priority Level
CN111651740B (en) Trusted platform sharing system for distributed intelligent embedded system
CN115879087A (en) Safe and trusted starting method and system for power terminal
CN116956298A (en) Application running environment detection method and device
CN113726837A (en) Behavior measurement method and device for power system
CN108449753B (en) Method for reading data in trusted computing environment by mobile phone device
Niemi et al. Platform attestation in consumer devices
Zhou et al. Using asynchronous collaborative attestation to build a trusted computing environment for mobile applications
Murti et al. Security in embedded systems
Yoon et al. Mobile security technology for smart devices
Surendrababu System Integrity–A Cautionary Tale
García Aguilar et al. A Threat Model Analysis of a Mobile Agent-based system on Raspberry Pi
CN114297652B (en) Endorsement chain system capable of preventing unknown network attack
CN113726727A (en) Electric power Internet of things trusted connection method based on edge computing
Jian et al. A New Method to Enhance Container with vTPM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant