CN113726726B - Electric power Internet of things credible immune system based on edge calculation and measurement method - Google Patents
Electric power Internet of things credible immune system based on edge calculation and measurement method Download PDFInfo
- Publication number
- CN113726726B CN113726726B CN202110596258.2A CN202110596258A CN113726726B CN 113726726 B CN113726726 B CN 113726726B CN 202110596258 A CN202110596258 A CN 202110596258A CN 113726726 B CN113726726 B CN 113726726B
- Authority
- CN
- China
- Prior art keywords
- things
- power internet
- node
- credible
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/75—Information technology; Communication
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/10—Detection; Monitoring
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/30—Control
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses an electric power internet of things credible immune system based on edge computing and a measurement method. The credible immune node realizes a basic immune function, ensures the immunity of the power internet of things node when the power internet of things node is started, operated and accessed, realizes a core immune function by the credible immune network, and ensures the immunity when the power internet of things is established, operated and accessed into the power internet of things information center. The credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
Description
Technical Field
The invention relates to the technical field of trusted computing, in particular to a power internet of things trusted measurement method based on edge computing.
Background
Along with the rapid development of the internet of things technology, under the mobile, ubiquitous, hybrid and wide-area interconnection environments, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, a video monitoring device, an intelligent electric meter, a charging pile and an office computer are deployed in the electric internet of things, the safety threat and the risk exceed the inherent boundary due to the fuzzy of the network boundary, and a certain safety risk exists in the aspects of trusted operation, identity validity and the like of a service end. Meanwhile, due to the construction of the power enterprise cloud, the power system faces the problems of large data scale, multiple service types, complex information interaction and the like, and illegal access is caused. The system is easy to be attacked and damaged by consciousness or unconsciousness, so that the operation of the power is difficult to guarantee. The root of the attack is that the problem is not solved from the actual reason of the network security risk, a passive defense means of blocking, checking and killing represented by a firewall, a virus checking and killing, intrusion detection and the like is adopted at one step, the attack is not enough to be prevented, and particularly, the attack initiated by the target system aiming at the loophole cannot be effectively prevented at all.
In order to solve the problem of the security of the current network space, the international TCG organization provides a trusted computing method, and provides a method which takes TPM and BIOS initial codes as trust roots and measures the trust by one level, so that a trust chain of a computer is constructed, important resources of the computer are protected from being illegally tampered and damaged, and a better effect is achieved. However, the TPM is essentially only a passively hooked external device on the computer, and only functions when called by a host program, and once the host is controlled by an attacker, the function of the TPM is played indiscriminately, and the TPM only implements static metrics at the time of starting the computer and does not implement policy-based dynamic metrics at the time of running the computer, so that the trusted computing architecture of the TCG is basically difficult to defend when a hacker attacks with logic defects of the computer system, for example, windows 10 fully implements the trusted computing architecture of the TCG, but fails to prevent the attack of Wannacry ransom virus.
Disclosure of Invention
The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By utilizing the trusted computing technology, active measurement is carried out on key components in the starting and running processes of the nodes of the power internet of things, trusted access is implemented on the network connection of the nodes of the power internet of things, and the credibility of the nodes of the power internet of things is ensured.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the utility model provides a credible immune system of electric power thing networking based on edge calculation which characterized in that, credible immune system of electric power thing networking includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the trusted immune network realizes the core immune function and ensures the immunity of the internet of things during the establishment and operation.
Further, as described above, the electric power internet of things trusted immune node based on edge computing is characterized in that the trusted immune node comprises an electric power internet of things node trusted immune system and an electric power internet of things node computing system, and the two systems operate on an electric power internet of things platform together.
The electric power internet of things node computing system bears the common functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system has the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible reference base TSD (Trusted Standard Database).
The electric power Internet of things network Trusted immune system has the function of electric power Internet of things network immunity and mainly comprises a Trusted edge computing Node MEC (Trusted Cluster Node), a Trusted Sink Node TSN (Trusted Sink Node), a behavior Trusted Standard base BTSD (Behaviors Trusted Standard Database) and an electric power Internet of things Trusted authentication Center IOTTC (Internet of things Trusted Center). The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM. The core function of the credible immune system of the power internet of things network is to realize active measurement of the behavior of the power internet of things. The behaviors of the power internet of things comprise behaviors of nodes of the power internet of things in the edge computing network, output behaviors of the edge computing network and output behaviors of the power internet of things.
Further, as described above, the electric power internet of things node credible immune system based on edge computing is provided, and the electric power internet of things node computing system undertakes conventional functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system has the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible reference base TSD (Trusted Standard Database).
Furthermore, as above-mentioned credible immune system of electric power thing networking node, its characterized in that
The TPCM provides credible function supports such as credible measurement, credible storage and credible report for the nodes of the power Internet of things, and is a source and a physical credible basis of the node immunity of the power Internet of things;
the TSB takes the TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things. Active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system. Meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
Further, as for the trusted immune network, the trusted immune network comprises a trusted immune system of the power internet of things network and the power internet of things network.
And the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things.
The electric power Internet of things network Trusted immune system has the function of electric power Internet of things network immunity and mainly comprises a Trusted edge computing Node MEC (Trusted Cluster Node), a Trusted Sink Node TSN (Trusted Sink Node), a behavior Trusted Standard base BTSD (Behaviors Trusted Standard Database) and an electric power Internet of things Trusted authentication Center IOTTC (Internet of things Trusted Center).
The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with TPCM.
Further, as above, the electric power internet of things trusted immune service center mainly has the functions of: and the trusted software library service is used for uniformly managing and authenticating safety of all application programs in the power Internet of things. And the credible strategy library is used for formulating a corresponding safety strategy aiming at the running environment and the purpose in the network and the nodes of the power internet of things. And the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
An electric power internet of things credibility measurement technology based on edge computing, wherein the credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
The active measurement process when the power internet of things node is started is as follows: when the power internet of things Node is started, firstly, the TPCM is started before the power internet of things Node, and the TPCM performs credibility measurement on configuration of a Sensing Node Platform (SNP) of the bottom layer of the power internet of things Node. On the basis of ensuring that hardware of the power internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things node step by step, an operating system guides an OS Loader of the power internet of things, an OS kernel of the power internet of things of the operating system, and a power internet of things Application Program SAP (Sensing Application Program) (including a data acquisition Application Program, a data processing Application Program, a data transmission Application Program and the like), and finally trusted starting of the power internet of things node is achieved.
The active measurement during the operation of the power internet of things node is realized by actively controlling and dynamically measuring the kernel data of the power internet of things node and the power internet of things application program.
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
The invention has the beneficial effects that: the invention provides an electric power internet of things credibility measurement technology based on the characteristics of an electric power internet of things network, and active immune protection is performed while the electric power internet of things operates. By using the trusted computing technology, active measurement is carried out on key components in the starting and running processes of the power Internet of things server, trusted access is carried out on the power Internet of things network connection, and the credibility of the power Internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
Drawings
Fig. 1 is a schematic structural diagram of an electric power internet of things credibility measurement technology based on edge computing in an embodiment of the present invention.
Fig. 2 is an active measurement process when a power internet of things node is started in the embodiment of the present invention.
Fig. 3 is an active measurement flow during operation of a power internet of things node in the embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
Aiming at the problem that the current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like and is difficult to actively defend a power internet of things network and nodes, the invention utilizes a credible computing technology to construct a power internet of things active immunity framework, and provides a power internet of things credible measurement technology and a power internet of things active measurement technology based on edge computing from the characteristics of the power internet of things network, so that immune monitoring, immune defense and immune self-stabilization are implemented by locally and globally combining two layers of an active immunity power internet of things and an active immunity power internet of things network, and further active defense of the power internet of things is realized.
Interpretation of terms
And (4) MEC: multi-access Edge Computing, mobile Edge Computing.
TCA, trusted network architecture.
TCA-IOT, trusted connection architecture of Trusted connection of connectivity architecture-Internet of Things.
TPM: trusted Platform Module.
The TCM comprises a Trusted Cryptography Module, a Trusted cryptographic Module and a hardware Module of the Trusted computing platform, provides a cryptographic operation function for the Trusted computing platform and has a protected storage space.
A trusted platform control module, a hardware core module integrated in a trusted computing platform for establishing and guaranteeing a trusted source point, and functions of integrity measurement, safe storage, trusted report and cryptographic service for trusted computing.
TSB, trusted Software Base, a collection of Software elements that provide support for the trustworthiness of a Trusted computing platform.
BIOS: the Basic Input Output System, is the first software loaded when a personal computer is started.
The basic framework of a trusted computing platform is described below.
As shown in fig. 1, the credible immune system of the power internet of things comprises: the system comprises a trusted immune node, a trusted immune network and a power internet of things trusted immune service center. The basic immune function is realized by actively immunizing the power Internet of things, the immunity of the power Internet of things nodes and the server when the power Internet of things is started, operated and accessed is guaranteed, the core immune function is realized by actively immunizing the power Internet of things network, and the immunity when the power Internet of things is established, operated and accessed to the power Internet of things information center is guaranteed.
In the electric power internet of things credibility measurement technology based on edge computing, an active immune system and an electric power internet of things conventional function system coexist and mutually store to jointly form a dual-system structure. All parts of the active immune system are organically formed, and the active immunity of the power internet of things is realized through cooperative work.
The active measurement technology of the power internet of things is described in detail below.
The essence of the trusted computing is that the behavior is expected, so the key for realizing the active immunity of the power internet of things is to ensure that the computing and output results of the power internet of things server and the output results of the power internet of things network always meet the expectation. Based on the method, the credible computing technology is utilized to actively measure key components in the starting and running processes of the power internet of things server, and credible access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things.
Active measurement during starting of power internet of things
When the power internet of things is started, firstly, the TPCM is started before the power internet of things, and the TPCM carries out credibility measurement on the configuration of the bottom hardware BIOS of the power internet of things. On the basis of ensuring that the hardware of the power internet of things is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things step by step, an operating system boot OS Loader, an operating system OS kernel and an Application Program SAP (sending Application Program) (including a data acquisition Application Program, a data processing Application Program, a data transmission Application Program and the like), and finally trusted starting of the power internet of things is achieved. The specific flow is shown in fig. 2. Based on the composition and the functional simplicity of the power internet of things, the credible reference values of all key components of the power internet of things are stored in the TPCM.
The trusted computing base TCB is the totality of the security protection devices of the system, and comprises a combination of hardware, firmware, software and the responsibility for executing security policies, and establishes a basic protection environment and provides additional application services required by the system. For the power internet of things, since the TPCM has measured the hardware layer separately, what is measured in the active measurement is that the software part of the TCB includes the trusted software base TSB as well as other security mechanisms.
TPCM starts and carries out the self-checking before electric power thing networking server. After the TPCM is successfully self-checked, the TPCM sends a control signal to reset a CPU, a controller, a dynamic memory and the like of the power Internet of things server.
TPCM measures the configuration of the underlying hardware BIOS, computes its digest and stores it in PCR [1 ]]In (1). TPCM calls credible reference value SPCR [1 ] of stored BIOS]Calculating outAnd if Res =0, starting the power Internet of things fails.
And starting bottom hardware of the power internet of things.
TPCM measures TCB, OS Loader, OS Kernel in turn, calculates their digests and stores them in turn in PCR [2 ]],PCR[3],PCR[4]. TPCM calls TCB, OS Lo storedTrusted reference value SPCR [2 ] of loader, OS Kernel],SPCR[3],SPCR[4]Computing If Res1 ^ Res2 ^ Res3=0, the starting of the power Internet of things fails. TPCM measures TCB, OS Loader, OS Kernel in turn, the former measures success as a necessary condition for the latter, if the former fails, the subsequent item is not being measured. That is, if the TCB measurement fails, the OS Loader and the OS Kernel do no longer perform the measurement, and if the OS Loader measurement fails, the OS Kernel does not perform the measurement.
TPCM metrics application SAP, calculates a digest of application SAP and stores in PCR [5 ]](the PCR of data collection applications, data processing applications, data transmission applications, etc. can be measured in turn, as needed and function. TPCM calls stored credible reference value SPCR [5 ]]CalculatingIf Res =1, the platform loads the application SAP and executes.
So far, the power internet of things server is started, in the starting process of the power internet of things server, the TPCM always masters the control right, and the trusted reference value is used for measuring and verifying each key component in the starting of the power internet of things, so that the trusted starting of the power internet of things is ensured.
Active measurement during operation of nodes of power internet of things
The active measurement during the operation of the power internet of things node is realized by actively controlling the kernel data and the application program of the power internet of things node and dynamically measuring the credibility, as shown in fig. 3.
Active measurement points:
active metrology points are key to implementing active metrology techniques. According to the characteristics of the power internet of things node, the active measurement points in the operation of the power internet of things node mainly comprise the starting of an application program, the opening of a communication system, the access of application data and the like. And the trusted software base TSB judges whether the measurement point is an active measurement point or not according to a strategy by actively intercepting a Tiny OS system call, and implements active measurement at the active measurement point.
Active metrology techniques:
in the operation process of the power internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and application programs of a system kernel, and the specific flow is shown in the following diagram.
And in the running process of the node server of the power Internet of things, the TSB actively controls system calling. The TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy. If not, no action is taken.
At the active measurement point, the TSB calls the TPCM to perform active measurement according to the measurement strategy. Wherein, the active measurement objects of the kernel are a kernel Code area, a system vector table and the like; the active measurement objects of the application program are the configuration files and the dynamic libraries of the application and the related data operated by the application.
The TSB computes a digest of the measured object and stores it in the corresponding PCR. For each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCRIf the result is 1, the measured object is determined to be authentic. And if the measured objects at all the measurement points are credible, the power Internet of things node is credible.
Active measurement when node of power internet of things joins edge computing network
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node. The specific process is as follows:
s101, enabling the node N of the power Internet of things to identify the ID N And the node type of the power internet of things and the request information Req send the TCN to request to join the edge computing network.
S102, TCN receives the information and checksAnd checking the type of the nodes of the power Internet of things. If the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things node C And a random number r C 。
S103, TCN identity identification ID is utilized by node N of power Internet of things C Obtaining authentication key K of both parties CN . Random number r is selected to electric power thing networking node N N And calculateNode N of power internet of thingsr N The TCN is sent.
S104, TCN utilizes the ID of the node of the power Internet of things N Obtaining authentication key K of both parties CN . TCN decryptionThe correctness of the signature is verified. TCN calculationAnd transmitting the power internet of things node N.
S105, decrypting by using node N of power internet of thingsThe correctness of the signature is verified.
The TCN and the power Internet of things node N utilize a shared communication keyAnd establishing a secure channel.
S106, TPCMN signs the self platform integrity certificate AIK N Random numberAnd sending to the TCN.
S107, trusted root TPCM C of TCN sends its own certificate AIK C At the same timeMachine numberAnd platform integrity signed certificate AIK of TPCMN N Random numberAnd sending the information to an IOT trusted authentication center IOTTC through a TSN.
S108, electric power thing networking trusted certificate authority IOTTC certificate of authentication AIK C And certificate AIK N And utilizes the shared secret key K of IOTTC and TPCM C and TPCM N C ,K N ComputingAndand respectively transmitting the TPCMC and the TPCMN.
S109, TPCM C and TPCM N are decrypted respectivelyAndobtaining platform integrity authentication key k of both parties CN 。
S110, TPCMC sends integrity request information Req { i } to TPCMN 1 ,....,i r },{i 1 ,....,i r And the PCR identification corresponding to the power Internet of things node is obtained.
S111, TPCM N sends integrality information of power internet of things node N to TPCM CAnd integrity request information Req { j } 1 ,....,j s },{j 1 ,....,j s And the PCR integrity mark corresponding to the TCN is used.
S112, TPCM C verificationAnd according to { a 1 ,....,a r And comprehensively judging the power Internet of things node N by the value in the node B, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network. TPCMC sends integrity information of TCN to TPCMN
S113, TPCM N verificationAnd according to { b 1 ,....,b s And comprehensively judging the TCN by the obtained value, and refusing to join the edge computing network if the judgment result is not credible.
Therefore, bidirectional identity authentication and platform integrity authentication between the TCN and the node N of the power Internet of things are completed.
The trusted computing platform with the parallel dual-architecture computing and protection structure provided by the invention at least has the following advantages:
1. the parallel active immune power Internet of things and active immune power Internet of things network can actively carry out safety protection while carrying out calculation, and the active safety protection of the system is realized on the premise of not changing calculation logic.
2. The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge computing in the characteristics of an electric power internet of things network, and active immune protection is performed while the electric power internet of things runs.
3. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured.
4. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.
Claims (5)
1. The utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things; the trusted immune network realizes the core immune function and ensures the immunity of the Internet of things during the establishment and operation;
the credible immune nodes comprise a power Internet of things node credible immune system and a power Internet of things node computing system, and the power Internet of things node credible immune system and the power Internet of things node computing system are jointly operated on a power Internet of things platform; the electric power Internet of things node computing system undertakes the common functions of data acquisition, data processing and data transmission of the electric power Internet of things node; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the credible immune network comprises a credible immune system of the power Internet of things network and the power Internet of things network; the power Internet of things network undertakes the functions of completing data transmission and network management of the power Internet of things; the electric power internet of things network credible immune system plays a role in electric power internet of things network immunity and mainly comprises a credible edge computing node MEC, a credible sink node TSN, a behavior credible reference library BTSD and an electric power internet of things credible authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with TPCM;
the electric power thing networking credible immunity service center includes: the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things; the credible strategy library is used for making a corresponding safety strategy aiming at the running environment and the purpose in the power Internet of things network and the nodes; and the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
2. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the electric power internet of things credible immune system undertakes the function of electric power internet of things network immunization and comprises a credible edge computing node MEC, a credible sink node TSN, a behavior credible reference library BTSD and an electric power internet of things credible authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM; the core function of the credible immune system of the power Internet of things network is to realize active measurement of the behavior of the power Internet of things; the behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
3. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the electric power internet of things node computing system undertakes electric power internet of things node data acquisition, data processing and data transmission functions; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the TPCM provides credibility measurement, credibility storage and credibility report credibility function support for the nodes of the power Internet of things, and is an immunization source and a physical credibility basis of the nodes of the power Internet of things.
4. The electric power Internet of things credible immune system based on edge computing is characterized in that,
the TSB takes TPCM as a credible root and provides active measurement, credible network connection and credible storage credible function support for the power Internet of things node; active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system; meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
5. The electric power internet of things credibility measuring method based on edge computing and carried out by using the immune system of any one of claims 1-4, wherein the credibility measuring method comprises the following steps: active measurement is carried out on key components of the power Internet of things node in starting and running, trusted access is implemented on network connection of the power Internet of things node, and the credibility of the power Internet of things node is guaranteed;
the active measurement process when the power internet of things node is started is as follows: when the power internet of things node is started, firstly, the TPCM is started before the power internet of things node, and the TPCM performs credibility measurement on the configuration of the bottom hardware SNP of the power internet of things node; on the basis of ensuring that hardware of the power Internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power Internet of things node step by step, an operating system guides a power Internet of things OS Loader, an operating system power Internet of things OS kernel, and a power Internet of things application SAP comprise a data acquisition application program, a data processing application program and a data transmission application program, and finally trusted starting of the power Internet of things node is achieved;
the active measurement during the operation of the power internet-of-things node is realized by actively controlling and dynamically measuring the kernel data of the power internet-of-things node and the power internet-of-things application program; in the operation process of the power Internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and an application program of a system kernel; in the running process of the node server of the power Internet of things, the TSB actively controls system calling; the TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy; if not, no operation is performed; the TSB calculates the abstract of the measured object and stores the abstract in the corresponding PCR; for each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCRIf the result is 1, the measured object is judged to be credible; if the measured objects at all the measuring points are credible, the power Internet of things node is credible;
when the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node;
s101, enabling the node N of the power internet of things to identify the ID N The node type of the power internet of things requests information Req to send TCN and requests to join an edge computing network;
s102, after receiving the information, the TCN checks the type of the node of the power Internet of things; if the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things node C And a random number r C ;
S103TCN identity identification ID is utilized by node N of power Internet of things C Obtaining authentication key K of both parties CN (ii) a Random number r is selected to electric power thing networking node N N And calculateNode N of power internet of thingsr N Transmitting the TCN;
s104, TCN utilizes the ID of the node of the power Internet of things N Obtaining authentication key K of both parties CN (ii) a TCN decryptionVerifying the correctness of the signature; TCN calculationAnd transmitting a power Internet of things node N;
s105, decrypting by using node N of power internet of thingsVerifying the correctness of the signature;
the TCN and the power Internet of things node N utilize a shared communication keyEstablishing a safety channel;
s106, TPCM N signs its platform integrity certificate AIK N Random numberSending the data to the TCN;
s107, trusted root TPCM C of TCN sends its own certificate AIK C Random numberAnd TPlatform integrity signed certificate AIK of PCM N N Random numberThe method comprises the steps that the information is sent to an IOT (Internet of things) trusted authentication center IOTTC (Internet of things) through a trusted sink node TSN;
s108, electric power internet of things trusted authentication center IOTTC authentication certificate AIK C And certificate AIK N And utilizes the shared secret key K of IOTTC and TPCM C and TPCM N C ,K N ComputingAndrespectively transmitting TPCM C and TPCM N;
s109, TPCM C and TPCM N are decrypted respectivelyAndobtaining platform integrity authentication key k of both parties CN ;
S110, TPCM C sends integrality request information Req { i } to TPCM N 1 ,....,i r },{i 1 ,....,i r The PCR identification corresponding to the electric power Internet of things node is obtained;
s111, TPCM N sends integrality information of power internet of things node N to TPCM CAnd integrity request information Req { j } 1 ,....,j s },{j 1 ,....,j s The PCR integrality mark corresponding to the TCN is used as the PCR integrality mark;
s112, TPCM C verificationAnd according to { a 1 ,....,a r Comprehensively judging the power Internet of things node N by the value in the item, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network; TPCM C sends integrity information of TCN to TPCM N
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110596258.2A CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110596258.2A CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113726726A CN113726726A (en) | 2021-11-30 |
CN113726726B true CN113726726B (en) | 2022-11-22 |
Family
ID=78672823
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110596258.2A Active CN113726726B (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things credible immune system based on edge calculation and measurement method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113726726B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114362933A (en) * | 2021-12-16 | 2022-04-15 | 国网河北省电力有限公司信息通信分公司 | Credible authentication method for data source under power Internet of things environment |
CN114697123A (en) * | 2022-04-11 | 2022-07-01 | 穆聪聪 | Active immune security defense method suitable for sensing node of Internet of things |
CN115001750B (en) * | 2022-05-06 | 2024-04-05 | 国网宁夏电力有限公司信息通信公司 | Trusted group construction method and system based on trust management in electric power Internet of things |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112615841A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Layered security management and control system and method based on trusted computing |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10627882B2 (en) * | 2017-02-15 | 2020-04-21 | Dell Products, L.P. | Safeguard and recovery of internet of things (IoT) devices from power anomalies |
CN111158906B (en) * | 2019-12-19 | 2023-04-28 | 北京可信华泰信息技术有限公司 | Active immunity credible cloud system |
CN112257071B (en) * | 2020-10-23 | 2022-09-27 | 江西畅然科技发展有限公司 | Credibility measurement control method based on state and behavior of sensing layer of Internet of things |
CN112511618B (en) * | 2020-11-25 | 2023-03-24 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
CN112464271B (en) * | 2021-01-27 | 2021-05-04 | 信联科技(南京)有限公司 | Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent |
-
2021
- 2021-05-30 CN CN202110596258.2A patent/CN113726726B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112615841A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Layered security management and control system and method based on trusted computing |
Also Published As
Publication number | Publication date |
---|---|
CN113726726A (en) | 2021-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11477036B2 (en) | Devices and methods for application attestation | |
CN113726726B (en) | Electric power Internet of things credible immune system based on edge calculation and measurement method | |
US11163858B2 (en) | Client software attestation | |
US8909930B2 (en) | External reference monitor | |
CN103747036B (en) | Trusted security enhancement method in desktop virtualization environment | |
CN110768791B (en) | Data interaction method, node and equipment with zero knowledge proof | |
EP3061027A1 (en) | Verifying the security of a remote server | |
CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
Kumar et al. | Exploring security issues and solutions in cloud computing services–a survey | |
US8782809B2 (en) | Limiting information leakage and piracy due to virtual machine cloning | |
US9665711B1 (en) | Managing and classifying states | |
CN112784258A (en) | Trusted computing system and safety protection system | |
CN111160905B (en) | Block chain link point user request processing protection method and device | |
KR20150089696A (en) | Integrity Verification System and the method based on Access Control and Priority Level | |
CN111651740B (en) | Trusted platform sharing system for distributed intelligent embedded system | |
CN115879087A (en) | Safe and trusted starting method and system for power terminal | |
CN116956298A (en) | Application running environment detection method and device | |
Debes et al. | Blindtrust: Oblivious remote attestation for secure service function chains | |
Niemi et al. | Platform attestation in consumer devices | |
CN113726837A (en) | Behavior measurement method and device for power system | |
Yoon et al. | Mobile security technology for smart devices | |
Khattak et al. | Security, trust and privacy (STP) framework for federated single sign-on environment | |
García Aguilar et al. | A Threat Model Analysis of a Mobile Agent-based system on Raspberry Pi | |
Surendrababu | System Integrity–A Cautionary Tale | |
CN114297652B (en) | Endorsement chain system capable of preventing unknown network attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |