CN113726726B - Electric power Internet of things credible immune system based on edge calculation and measurement method - Google Patents

Electric power Internet of things credible immune system based on edge calculation and measurement method Download PDF

Info

Publication number
CN113726726B
CN113726726B CN202110596258.2A CN202110596258A CN113726726B CN 113726726 B CN113726726 B CN 113726726B CN 202110596258 A CN202110596258 A CN 202110596258A CN 113726726 B CN113726726 B CN 113726726B
Authority
CN
China
Prior art keywords
things
power internet
node
credible
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110596258.2A
Other languages
Chinese (zh)
Other versions
CN113726726A (en
Inventor
陈连栋
赵保华
王文辉
韩龙玺
郭昊
杨超
李宁博
国明
程凯
刘咸通
申培培
辛晓鹏
王志浩
路欣
李毅超
伊进慈
公备
宁振虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
Beijing University of Technology
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology, State Grid Corp of China SGCC, Global Energy Interconnection Research Institute, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical Beijing University of Technology
Priority to CN202110596258.2A priority Critical patent/CN113726726B/en
Publication of CN113726726A publication Critical patent/CN113726726A/en
Application granted granted Critical
Publication of CN113726726B publication Critical patent/CN113726726B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/30Control
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention discloses an electric power internet of things credible immune system based on edge computing and a measurement method. The credible immune node realizes a basic immune function, ensures the immunity of the power internet of things node when the power internet of things node is started, operated and accessed, realizes a core immune function by the credible immune network, and ensures the immunity when the power internet of things is established, operated and accessed into the power internet of things information center. The credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.

Description

Electric power Internet of things credible immune system based on edge calculation and measurement method
Technical Field
The invention relates to the technical field of trusted computing, in particular to a power internet of things trusted measurement method based on edge computing.
Background
Along with the rapid development of the internet of things technology, under the mobile, ubiquitous, hybrid and wide-area interconnection environments, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, a video monitoring device, an intelligent electric meter, a charging pile and an office computer are deployed in the electric internet of things, the safety threat and the risk exceed the inherent boundary due to the fuzzy of the network boundary, and a certain safety risk exists in the aspects of trusted operation, identity validity and the like of a service end. Meanwhile, due to the construction of the power enterprise cloud, the power system faces the problems of large data scale, multiple service types, complex information interaction and the like, and illegal access is caused. The system is easy to be attacked and damaged by consciousness or unconsciousness, so that the operation of the power is difficult to guarantee. The root of the attack is that the problem is not solved from the actual reason of the network security risk, a passive defense means of blocking, checking and killing represented by a firewall, a virus checking and killing, intrusion detection and the like is adopted at one step, the attack is not enough to be prevented, and particularly, the attack initiated by the target system aiming at the loophole cannot be effectively prevented at all.
In order to solve the problem of the security of the current network space, the international TCG organization provides a trusted computing method, and provides a method which takes TPM and BIOS initial codes as trust roots and measures the trust by one level, so that a trust chain of a computer is constructed, important resources of the computer are protected from being illegally tampered and damaged, and a better effect is achieved. However, the TPM is essentially only a passively hooked external device on the computer, and only functions when called by a host program, and once the host is controlled by an attacker, the function of the TPM is played indiscriminately, and the TPM only implements static metrics at the time of starting the computer and does not implement policy-based dynamic metrics at the time of running the computer, so that the trusted computing architecture of the TCG is basically difficult to defend when a hacker attacks with logic defects of the computer system, for example, windows 10 fully implements the trusted computing architecture of the TCG, but fails to prevent the attack of Wannacry ransom virus.
Disclosure of Invention
The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge calculation based on the characteristics of an electric power internet of things network, and active immune protection is carried out while the electric power internet of things operates. By utilizing the trusted computing technology, active measurement is carried out on key components in the starting and running processes of the nodes of the power internet of things, trusted access is implemented on the network connection of the nodes of the power internet of things, and the credibility of the nodes of the power internet of things is ensured.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the utility model provides a credible immune system of electric power thing networking based on edge calculation which characterized in that, credible immune system of electric power thing networking includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things;
the trusted immune network realizes the core immune function and ensures the immunity of the internet of things during the establishment and operation.
Further, as described above, the electric power internet of things trusted immune node based on edge computing is characterized in that the trusted immune node comprises an electric power internet of things node trusted immune system and an electric power internet of things node computing system, and the two systems operate on an electric power internet of things platform together.
The electric power internet of things node computing system bears the common functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system has the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible reference base TSD (Trusted Standard Database).
The electric power Internet of things network Trusted immune system has the function of electric power Internet of things network immunity and mainly comprises a Trusted edge computing Node MEC (Trusted Cluster Node), a Trusted Sink Node TSN (Trusted Sink Node), a behavior Trusted Standard base BTSD (Behaviors Trusted Standard Database) and an electric power Internet of things Trusted authentication Center IOTTC (Internet of things Trusted Center). The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM. The core function of the credible immune system of the power internet of things network is to realize active measurement of the behavior of the power internet of things. The behaviors of the power internet of things comprise behaviors of nodes of the power internet of things in the edge computing network, output behaviors of the edge computing network and output behaviors of the power internet of things.
Further, as described above, the electric power internet of things node credible immune system based on edge computing is provided, and the electric power internet of things node computing system undertakes conventional functions of data acquisition, data processing, data transmission and the like of the electric power internet of things node. The electric power internet of things node credible immune system has the function of electric power internet of things node immunity and mainly comprises a TPCM, a credible software base TSB, a credible support mechanism and a credible reference base TSD (Trusted Standard Database).
Furthermore, as above-mentioned credible immune system of electric power thing networking node, its characterized in that
The TPCM provides credible function supports such as credible measurement, credible storage and credible report for the nodes of the power Internet of things, and is a source and a physical credible basis of the node immunity of the power Internet of things;
the TSB takes the TPCM as a credible root and provides credible function supports such as active measurement, credible network connection, credible storage and the like for the nodes of the power Internet of things. Active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system. Meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
Further, as for the trusted immune network, the trusted immune network comprises a trusted immune system of the power internet of things network and the power internet of things network.
And the power Internet of things network undertakes conventional functions of completing data transmission, network management and the like of the power Internet of things.
The electric power Internet of things network Trusted immune system has the function of electric power Internet of things network immunity and mainly comprises a Trusted edge computing Node MEC (Trusted Cluster Node), a Trusted Sink Node TSN (Trusted Sink Node), a behavior Trusted Standard base BTSD (Behaviors Trusted Standard Database) and an electric power Internet of things Trusted authentication Center IOTTC (Internet of things Trusted Center).
The trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with TPCM.
Further, as above, the electric power internet of things trusted immune service center mainly has the functions of: and the trusted software library service is used for uniformly managing and authenticating safety of all application programs in the power Internet of things. And the credible strategy library is used for formulating a corresponding safety strategy aiming at the running environment and the purpose in the network and the nodes of the power internet of things. And the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
An electric power internet of things credibility measurement technology based on edge computing, wherein the credibility measurement technology comprises the following steps: the active measurement is carried out on key components of the power internet of things node during starting and running, and the trusted access is implemented on the network connection of the power internet of things node, so that the credibility of the power internet of things node is ensured.
The active measurement process when the power internet of things node is started is as follows: when the power internet of things Node is started, firstly, the TPCM is started before the power internet of things Node, and the TPCM performs credibility measurement on configuration of a Sensing Node Platform (SNP) of the bottom layer of the power internet of things Node. On the basis of ensuring that hardware of the power internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things node step by step, an operating system guides an OS Loader of the power internet of things, an OS kernel of the power internet of things of the operating system, and a power internet of things Application Program SAP (Sensing Application Program) (including a data acquisition Application Program, a data processing Application Program, a data transmission Application Program and the like), and finally trusted starting of the power internet of things node is achieved.
The active measurement during the operation of the power internet of things node is realized by actively controlling and dynamically measuring the kernel data of the power internet of things node and the power internet of things application program.
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node.
The invention has the beneficial effects that: the invention provides an electric power internet of things credibility measurement technology based on the characteristics of an electric power internet of things network, and active immune protection is performed while the electric power internet of things operates. By using the trusted computing technology, active measurement is carried out on key components in the starting and running processes of the power Internet of things server, trusted access is carried out on the power Internet of things network connection, and the credibility of the power Internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
Drawings
Fig. 1 is a schematic structural diagram of an electric power internet of things credibility measurement technology based on edge computing in an embodiment of the present invention.
Fig. 2 is an active measurement process when a power internet of things node is started in the embodiment of the present invention.
Fig. 3 is an active measurement flow during operation of a power internet of things node in the embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
Aiming at the problem that the current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like and is difficult to actively defend a power internet of things network and nodes, the invention utilizes a credible computing technology to construct a power internet of things active immunity framework, and provides a power internet of things credible measurement technology and a power internet of things active measurement technology based on edge computing from the characteristics of the power internet of things network, so that immune monitoring, immune defense and immune self-stabilization are implemented by locally and globally combining two layers of an active immunity power internet of things and an active immunity power internet of things network, and further active defense of the power internet of things is realized.
Interpretation of terms
And (4) MEC: multi-access Edge Computing, mobile Edge Computing.
TCA, trusted network architecture.
TCA-IOT, trusted connection architecture of Trusted connection of connectivity architecture-Internet of Things.
TPM: trusted Platform Module.
The TCM comprises a Trusted Cryptography Module, a Trusted cryptographic Module and a hardware Module of the Trusted computing platform, provides a cryptographic operation function for the Trusted computing platform and has a protected storage space.
A trusted platform control module, a hardware core module integrated in a trusted computing platform for establishing and guaranteeing a trusted source point, and functions of integrity measurement, safe storage, trusted report and cryptographic service for trusted computing.
TSB, trusted Software Base, a collection of Software elements that provide support for the trustworthiness of a Trusted computing platform.
BIOS: the Basic Input Output System, is the first software loaded when a personal computer is started.
The basic framework of a trusted computing platform is described below.
As shown in fig. 1, the credible immune system of the power internet of things comprises: the system comprises a trusted immune node, a trusted immune network and a power internet of things trusted immune service center. The basic immune function is realized by actively immunizing the power Internet of things, the immunity of the power Internet of things nodes and the server when the power Internet of things is started, operated and accessed is guaranteed, the core immune function is realized by actively immunizing the power Internet of things network, and the immunity when the power Internet of things is established, operated and accessed to the power Internet of things information center is guaranteed.
In the electric power internet of things credibility measurement technology based on edge computing, an active immune system and an electric power internet of things conventional function system coexist and mutually store to jointly form a dual-system structure. All parts of the active immune system are organically formed, and the active immunity of the power internet of things is realized through cooperative work.
The active measurement technology of the power internet of things is described in detail below.
The essence of the trusted computing is that the behavior is expected, so the key for realizing the active immunity of the power internet of things is to ensure that the computing and output results of the power internet of things server and the output results of the power internet of things network always meet the expectation. Based on the method, the credible computing technology is utilized to actively measure key components in the starting and running processes of the power internet of things server, and credible access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is guaranteed. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things.
Active measurement during starting of power internet of things
When the power internet of things is started, firstly, the TPCM is started before the power internet of things, and the TPCM carries out credibility measurement on the configuration of the bottom hardware BIOS of the power internet of things. On the basis of ensuring that the hardware of the power internet of things is not tampered, the TPCM measures a trusted computing base TCB of the power internet of things step by step, an operating system boot OS Loader, an operating system OS kernel and an Application Program SAP (sending Application Program) (including a data acquisition Application Program, a data processing Application Program, a data transmission Application Program and the like), and finally trusted starting of the power internet of things is achieved. The specific flow is shown in fig. 2. Based on the composition and the functional simplicity of the power internet of things, the credible reference values of all key components of the power internet of things are stored in the TPCM.
The trusted computing base TCB is the totality of the security protection devices of the system, and comprises a combination of hardware, firmware, software and the responsibility for executing security policies, and establishes a basic protection environment and provides additional application services required by the system. For the power internet of things, since the TPCM has measured the hardware layer separately, what is measured in the active measurement is that the software part of the TCB includes the trusted software base TSB as well as other security mechanisms.
TPCM starts and carries out the self-checking before electric power thing networking server. After the TPCM is successfully self-checked, the TPCM sends a control signal to reset a CPU, a controller, a dynamic memory and the like of the power Internet of things server.
TPCM measures the configuration of the underlying hardware BIOS, computes its digest and stores it in PCR [1 ]]In (1). TPCM calls credible reference value SPCR [1 ] of stored BIOS]Calculating out
Figure GDA0003731776560000071
And if Res =0, starting the power Internet of things fails.
And starting bottom hardware of the power internet of things.
TPCM measures TCB, OS Loader, OS Kernel in turn, calculates their digests and stores them in turn in PCR [2 ]],PCR[3],PCR[4]. TPCM calls TCB, OS Lo storedTrusted reference value SPCR [2 ] of loader, OS Kernel],SPCR[3],SPCR[4]Computing
Figure GDA0003731776560000072
Figure GDA0003731776560000073
If Res1 ^ Res2 ^ Res3=0, the starting of the power Internet of things fails. TPCM measures TCB, OS Loader, OS Kernel in turn, the former measures success as a necessary condition for the latter, if the former fails, the subsequent item is not being measured. That is, if the TCB measurement fails, the OS Loader and the OS Kernel do no longer perform the measurement, and if the OS Loader measurement fails, the OS Kernel does not perform the measurement.
TPCM metrics application SAP, calculates a digest of application SAP and stores in PCR [5 ]](the PCR of data collection applications, data processing applications, data transmission applications, etc. can be measured in turn, as needed and function. TPCM calls stored credible reference value SPCR [5 ]]Calculating
Figure GDA0003731776560000074
If Res =1, the platform loads the application SAP and executes.
So far, the power internet of things server is started, in the starting process of the power internet of things server, the TPCM always masters the control right, and the trusted reference value is used for measuring and verifying each key component in the starting of the power internet of things, so that the trusted starting of the power internet of things is ensured.
Active measurement during operation of nodes of power internet of things
The active measurement during the operation of the power internet of things node is realized by actively controlling the kernel data and the application program of the power internet of things node and dynamically measuring the credibility, as shown in fig. 3.
Active measurement points:
active metrology points are key to implementing active metrology techniques. According to the characteristics of the power internet of things node, the active measurement points in the operation of the power internet of things node mainly comprise the starting of an application program, the opening of a communication system, the access of application data and the like. And the trusted software base TSB judges whether the measurement point is an active measurement point or not according to a strategy by actively intercepting a Tiny OS system call, and implements active measurement at the active measurement point.
Active metrology techniques:
in the operation process of the power internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and application programs of a system kernel, and the specific flow is shown in the following diagram.
And in the running process of the node server of the power Internet of things, the TSB actively controls system calling. The TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy. If not, no action is taken.
At the active measurement point, the TSB calls the TPCM to perform active measurement according to the measurement strategy. Wherein, the active measurement objects of the kernel are a kernel Code area, a system vector table and the like; the active measurement objects of the application program are the configuration files and the dynamic libraries of the application and the related data operated by the application.
The TSB computes a digest of the measured object and stores it in the corresponding PCR. For each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCR
Figure GDA0003731776560000081
If the result is 1, the measured object is determined to be authentic. And if the measured objects at all the measurement points are credible, the power Internet of things node is credible.
Active measurement when node of power internet of things joins edge computing network
When the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node. The specific process is as follows:
s101, enabling the node N of the power Internet of things to identify the ID N And the node type of the power internet of things and the request information Req send the TCN to request to join the edge computing network.
S102, TCN receives the information and checksAnd checking the type of the nodes of the power Internet of things. If the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things node C And a random number r C
S103, TCN identity identification ID is utilized by node N of power Internet of things C Obtaining authentication key K of both parties CN . Random number r is selected to electric power thing networking node N N And calculate
Figure GDA0003731776560000091
Node N of power internet of things
Figure GDA0003731776560000092
r N The TCN is sent.
S104, TCN utilizes the ID of the node of the power Internet of things N Obtaining authentication key K of both parties CN . TCN decryption
Figure GDA0003731776560000093
The correctness of the signature is verified. TCN calculation
Figure GDA0003731776560000094
And transmitting the power internet of things node N.
S105, decrypting by using node N of power internet of things
Figure GDA0003731776560000095
The correctness of the signature is verified.
The TCN and the power Internet of things node N utilize a shared communication key
Figure GDA0003731776560000096
And establishing a secure channel.
S106, TPCMN signs the self platform integrity certificate AIK N Random number
Figure GDA0003731776560000097
And sending to the TCN.
S107, trusted root TPCM C of TCN sends its own certificate AIK C At the same timeMachine number
Figure GDA0003731776560000098
And platform integrity signed certificate AIK of TPCMN N Random number
Figure GDA0003731776560000099
And sending the information to an IOT trusted authentication center IOTTC through a TSN.
S108, electric power thing networking trusted certificate authority IOTTC certificate of authentication AIK C And certificate AIK N And utilizes the shared secret key K of IOTTC and TPCM C and TPCM N C ,K N Computing
Figure GDA00037317765600000910
And
Figure GDA00037317765600000911
and respectively transmitting the TPCMC and the TPCMN.
S109, TPCM C and TPCM N are decrypted respectively
Figure GDA00037317765600000912
And
Figure GDA00037317765600000913
obtaining platform integrity authentication key k of both parties CN
S110, TPCMC sends integrity request information Req { i } to TPCMN 1 ,....,i r },{i 1 ,....,i r And the PCR identification corresponding to the power Internet of things node is obtained.
S111, TPCM N sends integrality information of power internet of things node N to TPCM C
Figure GDA00037317765600000914
And integrity request information Req { j } 1 ,....,j s },{j 1 ,....,j s And the PCR integrity mark corresponding to the TCN is used.
S112, TPCM C verification
Figure GDA0003731776560000101
And according to { a 1 ,....,a r And comprehensively judging the power Internet of things node N by the value in the node B, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network. TPCMC sends integrity information of TCN to TPCMN
Figure GDA0003731776560000102
Figure GDA0003731776560000103
S113, TPCM N verification
Figure GDA0003731776560000104
And according to { b 1 ,....,b s And comprehensively judging the TCN by the obtained value, and refusing to join the edge computing network if the judgment result is not credible.
Therefore, bidirectional identity authentication and platform integrity authentication between the TCN and the node N of the power Internet of things are completed.
The trusted computing platform with the parallel dual-architecture computing and protection structure provided by the invention at least has the following advantages:
1. the parallel active immune power Internet of things and active immune power Internet of things network can actively carry out safety protection while carrying out calculation, and the active safety protection of the system is realized on the premise of not changing calculation logic.
2. The current safety protection mechanism of the power internet of things mainly adopts passive defense mechanisms such as intrusion detection and the like, so that when malicious behaviors are found, harm is caused, and the network and nodes of the power internet of things can not work normally. The invention provides an electric power internet of things credibility measurement technology based on edge computing in the characteristics of an electric power internet of things network, and active immune protection is performed while the electric power internet of things runs.
3. By using the trusted computing technology, active measurement is carried out on key components in the starting and running of the power internet of things server, and trusted access is implemented on the power internet of things network connection, so that the credibility of the power internet of things network is ensured.
4. The credibility of the power internet of things provides support for immune functions of immune monitoring, immune defense, immune self-stability and the like of the power internet of things, and the active immunity of the power internet of things is realized by locally and globally combining two layers of the active immunity power internet of things and the active immunity power internet of things.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.

Claims (5)

1. The utility model provides an electric power thing networking credible immune system based on edge calculation which characterized in that, electric power thing networking credible immune system includes: the system comprises a credible immune node, a credible immune network and a credible immune service center of the power internet of things, wherein,
the credible immune node realizes the basic immune function and ensures the immunity of the Internet of things node when starting, running and accessing the Internet of things; the trusted immune network realizes the core immune function and ensures the immunity of the Internet of things during the establishment and operation;
the credible immune nodes comprise a power Internet of things node credible immune system and a power Internet of things node computing system, and the power Internet of things node credible immune system and the power Internet of things node computing system are jointly operated on a power Internet of things platform; the electric power Internet of things node computing system undertakes the common functions of data acquisition, data processing and data transmission of the electric power Internet of things node; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the credible immune network comprises a credible immune system of the power Internet of things network and the power Internet of things network; the power Internet of things network undertakes the functions of completing data transmission and network management of the power Internet of things; the electric power internet of things network credible immune system plays a role in electric power internet of things network immunity and mainly comprises a credible edge computing node MEC, a credible sink node TSN, a behavior credible reference library BTSD and an electric power internet of things credible authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with TPCM;
the electric power thing networking credible immunity service center includes: the trusted software library service is used for carrying out unified management and security authentication on all application programs in the power Internet of things; the credible strategy library is used for making a corresponding safety strategy aiming at the running environment and the purpose in the power Internet of things network and the nodes; and the emergency response service is used for carrying out disaster recovery backup on key strategy configuration in the network and the nodes of the power Internet of things, so that the safety and the credibility of the power Internet of things are guaranteed.
2. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the electric power internet of things credible immune system undertakes the function of electric power internet of things network immunization and comprises a credible edge computing node MEC, a credible sink node TSN, a behavior credible reference library BTSD and an electric power internet of things credible authentication center IOTTC; the trusted edge computing node MEC and the trusted sink node TSN are trusted computing nodes embedded with the TPCM; the core function of the credible immune system of the power Internet of things network is to realize active measurement of the behavior of the power Internet of things; the behavior of the power internet of things comprises the behavior of a power internet of things node in an edge computing network, the output behavior of the edge computing network and the output behavior of the power internet of things.
3. The electric power internet of things credible immune system based on edge computing of claim 1, wherein the electric power internet of things node computing system undertakes electric power internet of things node data acquisition, data processing and data transmission functions; the electric power internet of things node trusted immune system has the function of electric power internet of things node immunity and consists of a TPCM (trusted platform control module), a trusted software base TSB (trusted software base), a trusted support mechanism and a trusted reference library TSD;
the TPCM provides credibility measurement, credibility storage and credibility report credibility function support for the nodes of the power Internet of things, and is an immunization source and a physical credibility basis of the nodes of the power Internet of things.
4. The electric power Internet of things credible immune system based on edge computing is characterized in that,
the TSB takes TPCM as a credible root and provides active measurement, credible network connection and credible storage credible function support for the power Internet of things node; active measurement is the core of power internet of things node immunity, and the TSB can ensure the credibility of the power internet of things node by monitoring the running environment of the power internet of things node in real time and actively measuring the subject, object, operation and environment of the system; meanwhile, the TSB generates a trusted network connection strategy for accessing the power internet of things node to the power internet of things and completes the privacy protection of a system and an application key data structure based on the TPCM according to the active measurement result of the power internet of things node;
the TSD stores core data of the power Internet of things node and reference values of the key modules, and is a reference basis and a criterion for distinguishing self from non-self by the trusted immune system;
the credible support mechanism provides immune support for the application of the power internet of things node and other safety mechanisms.
5. The electric power internet of things credibility measuring method based on edge computing and carried out by using the immune system of any one of claims 1-4, wherein the credibility measuring method comprises the following steps: active measurement is carried out on key components of the power Internet of things node in starting and running, trusted access is implemented on network connection of the power Internet of things node, and the credibility of the power Internet of things node is guaranteed;
the active measurement process when the power internet of things node is started is as follows: when the power internet of things node is started, firstly, the TPCM is started before the power internet of things node, and the TPCM performs credibility measurement on the configuration of the bottom hardware SNP of the power internet of things node; on the basis of ensuring that hardware of the power Internet of things node is not tampered, the TPCM measures a trusted computing base TCB of the power Internet of things node step by step, an operating system guides a power Internet of things OS Loader, an operating system power Internet of things OS kernel, and a power Internet of things application SAP comprise a data acquisition application program, a data processing application program and a data transmission application program, and finally trusted starting of the power Internet of things node is achieved;
the active measurement during the operation of the power internet-of-things node is realized by actively controlling and dynamically measuring the kernel data of the power internet-of-things node and the power internet-of-things application program; in the operation process of the power Internet of things node, the trusted software base TSB sets an active measurement point in the node and calls the TPCM to perform active measurement on key data and an application program of a system kernel; in the running process of the node server of the power Internet of things, the TSB actively controls system calling; the TSB intercepts each system call and judges whether the system call is an active measurement point or not according to a strategy; if not, no operation is performed; the TSB calculates the abstract of the measured object and stores the abstract in the corresponding PCR; for each digest PCR of the object under measurement, the TPCM calculates using the corresponding confidence reference value SPCR
Figure FDA0003731776550000035
If the result is 1, the measured object is judged to be credible; if the measured objects at all the measuring points are credible, the power Internet of things node is credible;
when the power internet of things node joins the edge computing network, the trusted edge computing node MEC needs to perform identity measurement and platform integrity measurement on the power internet of things node;
s101, enabling the node N of the power internet of things to identify the ID N The node type of the power internet of things requests information Req to send TCN and requests to join an edge computing network;
s102, after receiving the information, the TCN checks the type of the node of the power Internet of things; if the type of the power Internet of things node meets the requirement of the edge computing network, the TCN sends an identity ID to the power Internet of things node C And a random number r C
S103TCN identity identification ID is utilized by node N of power Internet of things C Obtaining authentication key K of both parties CN (ii) a Random number r is selected to electric power thing networking node N N And calculate
Figure FDA0003731776550000031
Node N of power internet of things
Figure FDA0003731776550000032
r N Transmitting the TCN;
s104, TCN utilizes the ID of the node of the power Internet of things N Obtaining authentication key K of both parties CN (ii) a TCN decryption
Figure FDA0003731776550000033
Verifying the correctness of the signature; TCN calculation
Figure FDA0003731776550000034
And transmitting a power Internet of things node N;
s105, decrypting by using node N of power internet of things
Figure FDA0003731776550000041
Verifying the correctness of the signature;
the TCN and the power Internet of things node N utilize a shared communication key
Figure FDA0003731776550000042
Establishing a safety channel;
s106, TPCM N signs its platform integrity certificate AIK N Random number
Figure FDA0003731776550000043
Sending the data to the TCN;
s107, trusted root TPCM C of TCN sends its own certificate AIK C Random number
Figure FDA0003731776550000044
And TPlatform integrity signed certificate AIK of PCM N N Random number
Figure FDA0003731776550000045
The method comprises the steps that the information is sent to an IOT (Internet of things) trusted authentication center IOTTC (Internet of things) through a trusted sink node TSN;
s108, electric power internet of things trusted authentication center IOTTC authentication certificate AIK C And certificate AIK N And utilizes the shared secret key K of IOTTC and TPCM C and TPCM N C ,K N Computing
Figure FDA0003731776550000046
And
Figure FDA0003731776550000047
respectively transmitting TPCM C and TPCM N;
s109, TPCM C and TPCM N are decrypted respectively
Figure FDA0003731776550000048
And
Figure FDA0003731776550000049
obtaining platform integrity authentication key k of both parties CN
S110, TPCM C sends integrality request information Req { i } to TPCM N 1 ,....,i r },{i 1 ,....,i r The PCR identification corresponding to the electric power Internet of things node is obtained;
s111, TPCM N sends integrality information of power internet of things node N to TPCM C
Figure FDA00037317765500000410
And integrity request information Req { j } 1 ,....,j s },{j 1 ,....,j s The PCR integrality mark corresponding to the TCN is used as the PCR integrality mark;
s112, TPCM C verification
Figure FDA00037317765500000411
And according to { a 1 ,....,a r Comprehensively judging the power Internet of things node N by the value in the item, and if the judgment result is unreliable, refusing the power Internet of things node N to join the edge computing network; TPCM C sends integrity information of TCN to TPCM N
Figure FDA00037317765500000412
Figure FDA00037317765500000413
S113, TPCM N verification
Figure FDA00037317765500000414
And according to { b 1 ,....,b s And comprehensively judging the TCN by the obtained value, and refusing to join the edge computing network if the judgment result is not credible.
CN202110596258.2A 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method Active CN113726726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110596258.2A CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110596258.2A CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Publications (2)

Publication Number Publication Date
CN113726726A CN113726726A (en) 2021-11-30
CN113726726B true CN113726726B (en) 2022-11-22

Family

ID=78672823

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110596258.2A Active CN113726726B (en) 2021-05-30 2021-05-30 Electric power Internet of things credible immune system based on edge calculation and measurement method

Country Status (1)

Country Link
CN (1) CN113726726B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362933A (en) * 2021-12-16 2022-04-15 国网河北省电力有限公司信息通信分公司 Credible authentication method for data source under power Internet of things environment
CN114697123A (en) * 2022-04-11 2022-07-01 穆聪聪 Active immune security defense method suitable for sensing node of Internet of things
CN115001750B (en) * 2022-05-06 2024-04-05 国网宁夏电力有限公司信息通信公司 Trusted group construction method and system based on trust management in electric power Internet of things

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615841A (en) * 2020-12-11 2021-04-06 辽宁电力能源发展集团有限公司 Layered security management and control system and method based on trusted computing

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10627882B2 (en) * 2017-02-15 2020-04-21 Dell Products, L.P. Safeguard and recovery of internet of things (IoT) devices from power anomalies
CN111158906B (en) * 2019-12-19 2023-04-28 北京可信华泰信息技术有限公司 Active immunity credible cloud system
CN112257071B (en) * 2020-10-23 2022-09-27 江西畅然科技发展有限公司 Credibility measurement control method based on state and behavior of sensing layer of Internet of things
CN112511618B (en) * 2020-11-25 2023-03-24 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN112464271B (en) * 2021-01-27 2021-05-04 信联科技(南京)有限公司 Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615841A (en) * 2020-12-11 2021-04-06 辽宁电力能源发展集团有限公司 Layered security management and control system and method based on trusted computing

Also Published As

Publication number Publication date
CN113726726A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
US11477036B2 (en) Devices and methods for application attestation
CN113726726B (en) Electric power Internet of things credible immune system based on edge calculation and measurement method
US11163858B2 (en) Client software attestation
US8909930B2 (en) External reference monitor
CN103747036B (en) Trusted security enhancement method in desktop virtualization environment
CN110768791B (en) Data interaction method, node and equipment with zero knowledge proof
EP3061027A1 (en) Verifying the security of a remote server
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
Kumar et al. Exploring security issues and solutions in cloud computing services–a survey
US8782809B2 (en) Limiting information leakage and piracy due to virtual machine cloning
US9665711B1 (en) Managing and classifying states
CN112784258A (en) Trusted computing system and safety protection system
CN111160905B (en) Block chain link point user request processing protection method and device
KR20150089696A (en) Integrity Verification System and the method based on Access Control and Priority Level
CN111651740B (en) Trusted platform sharing system for distributed intelligent embedded system
CN115879087A (en) Safe and trusted starting method and system for power terminal
CN116956298A (en) Application running environment detection method and device
Debes et al. Blindtrust: Oblivious remote attestation for secure service function chains
Niemi et al. Platform attestation in consumer devices
CN113726837A (en) Behavior measurement method and device for power system
Yoon et al. Mobile security technology for smart devices
Khattak et al. Security, trust and privacy (STP) framework for federated single sign-on environment
García Aguilar et al. A Threat Model Analysis of a Mobile Agent-based system on Raspberry Pi
Surendrababu System Integrity–A Cautionary Tale
CN114297652B (en) Endorsement chain system capable of preventing unknown network attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant