CN113726727A - Electric power Internet of things trusted connection method based on edge computing - Google Patents
Electric power Internet of things trusted connection method based on edge computing Download PDFInfo
- Publication number
- CN113726727A CN113726727A CN202110596259.7A CN202110596259A CN113726727A CN 113726727 A CN113726727 A CN 113726727A CN 202110596259 A CN202110596259 A CN 202110596259A CN 113726727 A CN113726727 A CN 113726727A
- Authority
- CN
- China
- Prior art keywords
- things
- power internet
- edge computing
- electric power
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000006399 behavior Effects 0.000 claims abstract description 124
- 238000005259 measurement Methods 0.000 claims abstract description 52
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 29
- 238000011156 evaluation Methods 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 5
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 claims description 5
- 230000006855 networking Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 description 9
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013139 quantization Methods 0.000 description 2
- 208000003443 Unconsciousness Diseases 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y20/00—Information sensed or collected by the things
- G16Y20/40—Information sensed or collected by the things relating to personal data, e.g. biometric data, records or preferences
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/10—Detection; Monitoring
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/30—Control
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Business, Economics & Management (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an electric power Internet of things trusted connection method based on edge computing, which is applicable to a trusted connection architecture and a process of electric power edge computing and comprises three levels, wherein bidirectional identity authentication between an electric power edge computing access requester and a physical network access controller is completed under the assistance of an electric power edge computing local trusted authentication center. And then, completing the two-way credible platform evaluation between the power Internet of things and the power edge computing network access point. And finally, completing the credibility measurement of the behavior of the power Internet of things and the behavior of the power MEC according to the strategy. The bidirectional identity authentication and bidirectional platform integrity authentication of the power edge computing network access point and the power MEC are realized, and the power edge computing local trusted authentication center trustable authentication of the power MEC behaviors is realized.
Description
Technical Field
The invention relates to the technical field of trusted computing, in particular to an electric power internet of things trusted connection technology based on edge computing.
Background
Along with the rapid development of the electric power internet of things technology, under the mobile, ubiquitous, mixed and wide-area interconnection environments, a large amount of internal and external network data acquisition, control and management equipment such as a sensing device, a mobile terminal, a video monitoring device, an intelligent electric meter, a charging pile and an office computer are deployed in the electric power internet of things, the safety threat and the risk exceed the inherent boundary due to the fuzzy of the network boundary, and a certain safety risk exists in the aspects of trusted operation, identity legality and the like of a business end. The system is easy to be attacked and damaged by consciousness or unconsciousness, so that the operation of the power is difficult to guarantee. The root of the attack is that the problem is not solved from the actual reason of the network security risk, a passive defense means of blocking, checking and killing represented by a firewall, a virus checking and killing, intrusion detection and the like is adopted at one step, the attack is not enough to be prevented, and particularly, the attack initiated by the target system aiming at the loophole cannot be effectively prevented at all.
In order to solve the problem of the security of the current network space, the international TCG organization provides a trusted computing method, and provides a method which takes TPM and BIOS initial codes as trust roots and measures the trust by one level, thereby constructing a trust chain of a computer, protecting important resources of the computer from being illegally tampered and damaged, and achieving a better effect. However, the TPM is essentially only a passively hooked external device on the computer, and only functions when called by a host program, and once the host is controlled by an attacker, the function of the TPM is played indiscriminately, and the TPM only implements static metrics at the time of starting the computer and does not implement policy-based dynamic metrics at the time of running the computer, so that the trusted computing architecture of the TCG is basically difficult to defend when a hacker attacks with logic defects of the computer system, for example, Windows 10 fully implements the trusted computing architecture of the TCG, but fails to prevent the attack of Wannacry ransom virus.
Disclosure of Invention
With the collection and aggregation and the practical application extension of power edge calculation data, the method provides edge data leading edge quantization service for power, but in the quantization process, the potential safety hazard of power edge calculation is faced. Aiming at the problem that when the power edge computing sensing layer is accessed to the power edge computing information center, the traditional access authentication mode is mostly directly adopted, and the malicious access of the non-trusted sensing terminal is difficult to prevent, the invention provides a trusted connection architecture and a flow suitable for power edge computing based on the trusted connection architecture TCA in China,
as shown in fig. 1, in order to achieve the above purpose, the technical solution adopted by the present invention is as follows:
the utility model provides an electric power thing networking credible connection technology based on edge calculation which characterized in that, the entity constitutes and includes: access requester, access controller, policy manager. Wherein the content of the first and second substances,
the access requester comprises the following components: the system comprises an electric power internet of things access requester, an electric power internet of things node LN, an edge computing node MEC, an integrity collector, an edge computing network output behavior collector and an electric power internet of things node behavior collector.
The access controller may be considered a power edge compute access controller, comprising the following components: the system comprises an electric power Internet of things access controller, an electric power Internet of things information center access point, an integrity collector and an electric power Internet of things behavior measurement component.
The local policy manager comprises the following components: the system comprises an electric power internet of things trusted authentication center IOTTC, an integrity checker, an electric power internet of things behavior checker, an edge computing network output behavior checker and an electric power internet of things node behavior checker.
Further, the trusted connection technology of the power internet of things based on edge computing is characterized in that,
the access requester has the main functions of: and initiating a request for accessing the trusted network, and finishing the bidirectional identity authentication between the trusted network and the access controller. And collecting integrity measurement reports of an access requester power Internet of things node LN (IoT node) and an Edge Computing node MEC (Multi-access Edge Computing) (all of LN, MEC and N are embedded with TPCM), and completing the two-way integrity evaluation of the trusted platform between the access controller and the access requester. And collecting the output behaviors of the edge computing network and the behaviors of the nodes of the power internet of things to form a behavior measurement report, and sending the behavior measurement report to the policy manager.
Further, the trusted connection technology of the power internet of things based on edge computing is characterized in that,
the main functions of the access controller include: completing bidirectional identity authentication and credible platform evaluation between the access requester and completing behavior measurement of the power internet of things; receiving an integrity metric value of an access requester of the power internet of things, collecting the integrity metric value of an access point of an information center of the power internet of things, and sending the integrity metric value to a trusted authentication center IOTTC of the power internet of things; performing behavior measurement on the power Internet of things, and sending a behavior measurement report to a policy manager; and performing access control on the user according to the policy manager aiming at the identity authentication of the access requester of the power internet of things, the integrity measurement of the node LN of the power internet of things and the edge computing node MEC, and the feedback report of the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things.
Further, the trusted connection technology of the power internet of things based on edge computing as described above is characterized in that the policy manager mainly functions include: the access requester and the access controller are assisted to realize bidirectional identity authentication, and the validity of the certificates of the two parties is verified. And checking the integrity of the nodes LN and the edge computing nodes MEC of the power internet of things, and checking the integrity of the access points of the information center of the power internet of things. And checking the integrity measurement of the computing node of the power internet of things, the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things. And generating a final credible evaluation report.
An electric power internet of things trusted connection technology based on edge computing is characterized in that an architecture layer comprises: the system comprises a network access control layer, a trusted platform evaluation layer, an integrity measurement layer and a power internet of things behavior measurement layer.
The network access control layer has the main functions of realizing bidirectional identity authentication between an electric power internet of things access requester and an electric power internet of things access controller under the assistance of an electric power internet of things trusted authentication center IOTTC. The IOT trusted authentication center IOTTC plays a role of a third party. And the power Internet of things access requester and the power Internet of things access controller execute access control according to the identity authentication result and the connection strategy sent by the trusted platform evaluation layer.
The trusted platform evaluation layer comprises the following main functions: under the assistance of an IOTTC (Internet of things trusted authentication center), bidirectional trusted platform evaluation of an LN (Internet of things node), an MEC (edge computing node) and an access point of an information center of the Internet of things is realized. The IOT trusted authentication center IOTTC is a trusted third party. The IOTTC verifies the validity of certificates of both an electric Internet of things access requester and an electric Internet of things access controller, and calls an integrity checker in an integrity checking layer to realize the integrity checking of the bidirectional trusted platform of the electric Internet of things node LN, the edge computing node MEC and the electric Internet of things information center access point. And calling a power internet of things behavior measurement layer according to the strategy to realize the verification of the node behavior of the power internet of things, the verification of the output behavior of the edge computing network and the verification of the output behavior of the power internet of things.
The integrity measurement layer function is jointly completed by an integrity collector and an integrity checker. And the integrity collector collects platform integrity information of the power internet of things node LN, the edge computing node MEC and the power internet of things information center access point. And the integrity checker checks the platform integrity of the power internet of things node LN, the edge computing node MEC and the power internet of things information center access point.
The main function of the power internet of things behavior measurement layer is to realize the collection and verification of power internet of things behaviors. According to the characteristics of layering of the power internet of things: namely, the whole power internet of things comprises a plurality of edge computing networks, and each edge computing network comprises a plurality of power internet of things nodes. The scheme is designed from a power internet of things node to an edge computing network and then to the whole power internet of things step-by-step behavior measurement scheme: the edge computing nodes finish the collection of the behavior of the nodes of the power internet of things, the nodes of the power internet of things finish the collection of the output behavior of the edge computing network, and the center of the power internet of things finishes the collection of the output behavior of the whole power internet of things. And the strategy manager completes the verification of the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things.
An electric power internet of things trusted connection technology based on edge computing is characterized in that functional components comprise:
the system comprises a power internet of things access requester, a power internet of things access controller, a power internet of things trusted authentication center IOTTC, a power internet of things node, a power internet of things information center access point, an integrity collector, an integrity checker, a power internet of things node behavior collector, an edge computing network output behavior collector, a power internet of things node behavior checker, an edge computing network output behavior checker and a power internet of things output behavior checker.
The electric power Internet of things access requester initiates a network access request to the electric power Internet of things access controller, and bidirectional identity authentication with the electric power Internet of things access controller is completed under the assistance of the electric power Internet of things trusted authentication center IOTTC. And forwarding the upper layer protocol to the access controller and the policy manager, and realizing access control on the access controller according to the identity authentication result and the connection policy generated by the power Internet of things node LN and the edge computing node MEC.
The electric power internet of things access controller completes bidirectional identity authentication with an electric power internet of things access requester with the assistance of an electric power internet of things trusted authentication center IOTTC. And forwarding the upper layer protocol to the access requester and the policy manager, and realizing access control on the access requester according to the identity authentication result and the connection policy of the access point of the power internet of things information center.
The electric power internet of things trusted authentication center IOTTC serves as a trusted third party to achieve bidirectional identity authentication between an electric power internet of things access requester and an electric power internet of things access controller, and bidirectional trusted platform evaluation of an electric power internet of things node LN, an edge computing node MEC and an electric power internet of things information center access point is achieved.
The electric power internet of things node comprises an electric power internet of things node LN and an edge computing node MEC, requests an integrity collector on an upper layer and collects integrity measurement, and under the assistance of an electric power internet of things trusted authentication center IOTTC, bidirectional trusted platform evaluation with an electric power internet of things information center access point is achieved.
The access point of the power internet of things information center requests an integrity collector on an upper layer and collects integrity measurement, and bidirectional trusted platform evaluation with the power internet of things node LN and the edge computing node MEC is realized under the assistance of the IOTTC. And sending a credible evaluation report generated by the IOTTC to an access controller of the IOT.
And the integrity collector collects integrity information of the access point of the power internet of things information center, the node LN of the power internet of things and the edge computing node MEC by using the TPCM.
And the integrity checker checks the integrity information of the access point of the power internet of things information center, the node LN and the edge computing node MEC by using the trusted platform control module TPCM.
The electric power internet of things node behavior collector collects behavior information of the electric power internet of things node by using the edge computing node MEC.
And the output behavior collector of the edge computing network collects the output behavior information of the edge computing network in the power internet of things by utilizing the node LN of the power internet of things.
The electric power internet of things output behavior collector collects the output behavior information of the whole electric power internet of things by using an electric power internet of things information center.
And the electric power Internet of things node behavior checker checks the behavior information of the electric power Internet of things node.
And the edge computing network output behavior checker checks the edge computing network output behavior information.
And the electric power Internet of things output behavior checker checks the whole electric power Internet of things output behavior information.
The invention has the beneficial effects that: firstly, the TCA-IOT is designed aiming at the characteristics of the power Internet of things, so that a security strategy with finer granularity of network connection of the power Internet of things can be realized, and the implementation and the deployment are more convenient. Secondly, TCA-IOT integrates chain identity measurement among the nodes of the power Internet of things, the edge computing nodes, the nodes of the power Internet of things and the trusted authentication center of the power Internet of things, and step-by-step state measurement and behavior measurement among the nodes of the power Internet of things, the edge computing network and the power Internet of things, so that the trusted measurement of the global property, the real-time property and the consistency can be carried out on the nodes of the power Internet of things. Thirdly, the TCA-IOT can be suitable for solving the credibility problem of the important power Internet of things system, and a credibility strategy can be configured according to the security level of the power Internet of things system so as to realize identity measurement, state measurement and behavior measurement of the power Internet of things node of the high-security level power Internet of things system.
Drawings
Fig. 1 is a schematic structural diagram of a trusted connection architecture and a process applicable to power edge computing according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a trusted connection architecture and a process connection process applicable to power edge computing according to an embodiment of the present invention.
Detailed Description
Interpretation of terms
And MEC: multi-access Edge Computing, Mobile Edge Computing.
TCA, Trusted network architecture.
TCA-IOT, Trusted connection architecture-Internet of Things (Internet of Things).
TPM: trusted Platform Module.
The TCM comprises a Trusted Cryptography Module, a Trusted Cryptography Module and a hardware Module of a Trusted computing platform, provides a cryptographic operation function for the Trusted computing platform and has a protected storage space.
A trusted platform control module, a hardware core module integrated in a trusted computing platform for establishing and guaranteeing a trusted source point, and functions of integrity measurement, safe storage, trusted report and cryptographic service for trusted computing.
The invention is described in further detail below with reference to the drawings and the detailed description.
The trusted connection architecture and the process applicable to the power edge computing are divided into three layers, and the bidirectional identity authentication between a power edge computing access requester and a physical network access controller is completed under the assistance of a power edge computing local trusted authentication center. And then, completing the two-way credible platform evaluation between the power Internet of things and the power edge computing network access point. And finally, completing the credibility measurement of the sensing node behavior, the cluster network output behavior and the sensing network output behavior according to the strategy.
The TCA-IOT main connection procedure is as follows (see FIG. 2).
S101, the power Internet of things access requester sends a network access request to a power Internet of things access controller.
S102, the power Internet of things access controller receives the request, and the power Internet of things access controller completes bidirectional identity authentication with the power Internet of things access requester under the assistance of the power Internet of things trusted authentication center IOTTC.
S103, after the identity authentication is completed, the power internet of things node and the power internet of things information center access point respectively acquire platform integrity information from an integrity collector and send the platform integrity information to the policy manager.
S104, the electric power internet of things trusted authentication center IOTTC calls an integrity checker to complete integrity check on the electric power internet of things nodes and the electric power internet of things information center. And generating an integrity assessment report.
And S105, sending the behavior information of the nodes of the power internet of things, the output behavior information of the edge computing network and the output behavior information of the power internet of things to a policy manager.
S106, the power internet of things trusted authentication center IOTTC calls a power internet of things node behavior checker, an edge computing network output behavior checker and a power internet of things behavior checker to check the power internet of things node behavior information, the edge computing network output behavior information and the power internet of things output behavior information.
S107, the IOTTC generates an IOT behavior evaluation report according to the node behavior of the IOT, the output behavior of the edge computing network and the measurement result of the output behavior of the IOT. .
And S108, generating a connection strategy by the power Internet of things node according to the integrity evaluation report, and sending the connection strategy to the power Internet of things access requester.
And S109, the power Internet of things information center access point generates a connection strategy according to the integrity evaluation report and the power Internet of things behavior evaluation report and sends the connection strategy to a power Internet of things access controller.
S110, the power Internet of things access requester and the power Internet of things access control the network connection according to respective connection strategies.
The electric power internet of things trusted connection technology based on edge computing provided by the invention at least comprises the following advantages:
firstly, the TCA-IOT is designed aiming at the characteristics of the power Internet of things, so that a security strategy with finer granularity of network connection of the power Internet of things can be realized, and the implementation and the deployment are more convenient. Secondly, TCA-IOT integrates chain identity measurement among the nodes of the power Internet of things, the edge computing nodes, the nodes of the power Internet of things and the trusted authentication center of the power Internet of things, and step-by-step state measurement and behavior measurement among the nodes of the power Internet of things, the edge computing network and the power Internet of things, so that the trusted measurement of the global property, the real-time property and the consistency can be carried out on the nodes of the power Internet of things. Thirdly, the TCA-IOT can be suitable for solving the credibility problem of the important power Internet of things system, and a credibility strategy can be configured according to the security level of the power Internet of things system so as to realize identity measurement, state measurement and behavior measurement of the power Internet of things node of the high-security level power Internet of things system.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.
Claims (10)
1. The utility model provides an electric power thing networking trusted connection system based on edge calculation which characterized in that, electric power thing networking trusted connection system's entity constitutes and includes: an access requester, an access controller, a policy manager; wherein the content of the first and second substances,
the access requester comprises the following components: the system comprises a power internet of things access requester, a power internet of things node LN, an edge computing node MEC, an integrity collector, an edge computing network output behavior collector and a power internet of things node behavior collector;
the access controller may be considered a power edge compute access controller, comprising the following components: the system comprises an electric power Internet of things access controller, an electric power Internet of things information center access point, an integrity collector and an electric power Internet of things behavior measurement component;
the local policy manager comprises the following components: the system comprises an electric power internet of things trusted authentication center IOTTC, an integrity checker, an electric power internet of things behavior checker, an edge computing network output behavior checker and an electric power internet of things node behavior checker.
2. The edge computing-based power internet of things trusted connection system of claim 1, wherein the access requester function comprises: initiating a request for accessing a trusted network, and completing bidirectional identity authentication between the trusted network and an access controller; collecting integrity measurement reports of an access requester power Internet of things node LN and an edge computing node MEC, and finishing the two-way integrity evaluation of a trusted platform between the access requester power Internet of things node LN and the edge computing node MEC and an access controller; and collecting the output behaviors of the edge computing network and the behaviors of the nodes of the power internet of things to form a behavior measurement report, and sending the behavior measurement report to the policy manager.
3. The electric power Internet of things trusted connection system based on edge computing of claim 1,
the functions of the access controller include: completing bidirectional identity authentication and credible platform evaluation between the access requester and completing behavior measurement of the power internet of things; receiving an integrity metric value of an access requester of the power internet of things, collecting the integrity metric value of an access point of an information center of the power internet of things, and sending the integrity metric value to a trusted authentication center IOTTC of the power internet of things; performing behavior measurement on the power Internet of things, and sending a behavior measurement report to a policy manager; and performing access control on the user according to the policy manager aiming at the identity authentication of the access requester of the power internet of things, the integrity measurement of the node LN of the power internet of things and the edge computing node MEC, and the feedback report of the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things.
4. An edge computing-based power internet of things trusted connectivity system according to claim 1, wherein the policy manager function comprises: the access requester and the access controller are assisted to realize bidirectional identity authentication, and the validity of certificates of both parties is verified; the integrity of the power internet of things node LN and the edge computing node MEC is verified, and the integrity of the power internet of things information center access point is verified; verifying the integrity measurement of the computing node of the power internet of things, the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things; and generating a final credible evaluation report.
5. An electric power internet of things trusted connection method based on edge computing and carried out by using any one of the systems of claims 1-4, wherein the architecture level comprises: the system comprises a network access control layer, a trusted platform evaluation layer, an integrity measurement layer and a power internet of things behavior measurement layer;
the network access control layer function comprises that bidirectional identity authentication between an electric power internet of things access requester and an electric power internet of things access controller is realized under the assistance of an electric power internet of things trusted authentication center IOTTC; the IOT trusted authentication center IOTTC plays a role of a third party; the access control is executed by the power Internet of things access requester and the power Internet of things access controller according to the identity authentication result and the connection strategy sent by the trusted platform evaluation layer;
the trusted platform evaluation layer functions include: under the assistance of an IOTTC (Internet of things trusted authentication center), bidirectional trusted platform evaluation of an LN (power Internet of things) node, an MEC (edge computing node) and an access point of an information center of the power Internet of things is realized; the IOT trusted authentication center IOTTC is a trusted third party; the IOTTC verifies the validity of certificates of both an electric Internet of things access requester and an electric Internet of things access controller, and calls an integrity checker in an integrity checking layer to realize the integrity checking of the bidirectional trusted platform of the electric Internet of things node LN, the edge computing node MEC and the electric Internet of things information center access point; calling a power internet of things behavior measurement layer according to the strategy to realize the verification of the node behavior of the power internet of things, the verification of the output behavior of the edge computing network and the verification of the output behavior of the power internet of things;
the integrity measurement layer function is jointly completed by an integrity collector and an integrity checker; an integrity collector collects platform integrity information of an electric power internet of things node LN, an edge computing node MEC and an electric power internet of things information center access point; an integrity checker checks the platform integrity of the power internet of things node LN, the edge computing node MEC and the power internet of things information center access point;
the power internet of things behavior measurement layer has the function of realizing the collection and verification of power internet of things behaviors; according to the characteristics of layering of the power internet of things: the whole power internet of things comprises a plurality of edge computing networks, and each edge computing network comprises a plurality of power internet of things nodes; the scheme is designed from a power internet of things node to an edge computing network and then to the whole power internet of things step-by-step behavior measurement scheme: the method comprises the following steps that an edge computing node finishes collection of power internet of things node behaviors, a power internet of things node finishes collection of edge computing network output behaviors, and a power internet of things center finishes collection of the whole power internet of things output behaviors; and the strategy manager completes the verification of the node behavior of the power internet of things, the output behavior of the edge computing network and the output behavior of the power internet of things.
6. An electric power internet of things trusted connection method based on edge computing and carried out by using any one of the systems of claims 1-4, wherein the functional components of the method comprise:
the system comprises a power internet of things access requester, a power internet of things access controller, a power internet of things trusted authentication center IOTTC, a power internet of things node, a power internet of things information center access point, an integrity collector, an integrity checker, a power internet of things node behavior collector, an edge computing network output behavior collector, a power internet of things node behavior checker, an edge computing network output behavior checker and a power internet of things output behavior checker;
the electric power Internet of things access requester initiates a network access request to the electric power Internet of things access controller, and bidirectional identity authentication with the electric power Internet of things access controller is completed under the assistance of an electric power Internet of things trusted authentication center IOTTC; forwarding the upper layer protocol to an access controller and a policy manager, and realizing access control on the access controller according to the identity authentication result and a connection policy generated by a power internet of things node LN and an edge computing node MEC;
the electric power internet of things access controller completes bidirectional identity authentication with an electric power internet of things access requester with the assistance of an electric power internet of things trusted authentication center IOTTC; the upper layer protocol is forwarded to the access requester and the policy manager, and access control on the access requester is achieved according to the identity authentication result and the connection policy of the access point of the power internet of things information center;
the electric power internet of things trusted authentication center IOTTC serves as a trusted third party to realize bidirectional identity authentication between an electric power internet of things access requester and an electric power internet of things access controller and realize bidirectional trusted platform evaluation of an electric power internet of things node LN, an edge computing node MEC and an electric power internet of things information center access point;
the electric power internet of things node comprises an electric power internet of things node LN and an edge computing node MEC, requests and collects integrity measurement from an integrity collector on an upper layer, and realizes bidirectional trusted platform evaluation with an electric power internet of things information center access point under the assistance of an electric power internet of things trusted authentication center IOTTC;
the access point of the power internet of things information center requests an integrity collector on an upper layer and collects integrity measurement, and bidirectional trusted platform evaluation with a power internet of things node LN and an edge computing node MEC of the power internet of things is realized under the assistance of an IOTTC (Internet of things trusted authentication center); sending a credible evaluation report generated by an IOTTC (Internet of things credible authentication center) to an IOT access controller;
the integrity collector collects integrity information of an electric power internet of things information center access point, an electric power internet of things node LN and an edge computing node MEC by using a trusted platform control module TPCM;
the integrity checker checks the integrity information of the power Internet of things information center access point, the node LN and the edge computing node MEC by using a trusted platform control module TPCM;
the electric power internet of things node behavior collector collects behavior information of the electric power internet of things node by using the edge computing node MEC;
and the output behavior collector of the edge computing network collects the output behavior information of the edge computing network in the power internet of things by utilizing the node LN of the power internet of things.
7. The electric power internet of things trusted connection method based on edge computing as claimed in claim 6, wherein the electric power internet of things output behavior collector collects output behavior information of the whole electric power internet of things by using an electric power internet of things information center.
8. The electric power internet of things trusted connection method based on edge computing as claimed in claim 6, wherein the electric power internet of things node behavior checker checks behavior information of electric power internet of things nodes.
9. The electric power internet of things trusted connection method based on edge computing of claim 6, wherein the edge computing network output behavior verifier verifies the edge computing network output behavior information.
10. The electric power internet of things trusted connection method based on edge computing as claimed in claim 6, wherein the electric power internet of things output behavior verifier verifies the whole electric power internet of things output behavior information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110596259.7A CN113726727A (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things trusted connection method based on edge computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110596259.7A CN113726727A (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things trusted connection method based on edge computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113726727A true CN113726727A (en) | 2021-11-30 |
Family
ID=78672827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110596259.7A Pending CN113726727A (en) | 2021-05-30 | 2021-05-30 | Electric power Internet of things trusted connection method based on edge computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726727A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136928A (en) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | Reliable network access framework |
| CN105577757A (en) * | 2015-12-15 | 2016-05-11 | 国网智能电网研究院 | Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112422516A (en) * | 2020-10-27 | 2021-02-26 | 中国南方电网有限责任公司 | Connection method and device of power system, computer equipment and storage medium |
| WO2021067510A1 (en) * | 2019-09-30 | 2021-04-08 | Intel Corporation | Methods and apparatus to attest objects in edge computing environments |
-
2021
- 2021-05-30 CN CN202110596259.7A patent/CN113726727A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136928A (en) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | Reliable network access framework |
| CN105577757A (en) * | 2015-12-15 | 2016-05-11 | 国网智能电网研究院 | Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof |
| WO2021067510A1 (en) * | 2019-09-30 | 2021-04-08 | Intel Corporation | Methods and apparatus to attest objects in edge computing environments |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112422516A (en) * | 2020-10-27 | 2021-02-26 | 中国南方电网有限责任公司 | Connection method and device of power system, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113051602B (en) | Database fine-grained access control method based on zero trust architecture | |
| US8255977B2 (en) | Trusted network connect method based on tri-element peer authentication | |
| US8806629B1 (en) | Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks | |
| US9639678B2 (en) | Identity risk score generation and implementation | |
| Pal et al. | A new trusted and collaborative agent based approach for ensuring cloud security | |
| Khattak et al. | A study on threat model for federated identities in federated identity management system | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| CN113726726B (en) | Electric power Internet of things credible immune system based on edge calculation and measurement method | |
| Kumar et al. | Exploring security issues and solutions in cloud computing services–a survey | |
| US20130167230A1 (en) | Device reputation management | |
| CN106713229A (en) | Intelligent power grid terminal trusted access system based on user behaviors and intelligent power grid terminal trusted access method thereof | |
| CN116708210A (en) | Operation and maintenance processing method and terminal equipment | |
| CN110401640A (en) | A kind of credible connection method based on trust computing binary system structure | |
| Kumar et al. | A real time fog computing applications their privacy issues and solutions | |
| Yu et al. | Research on zero trust access control model and formalization based on rail transit data platform | |
| CN113726727A (en) | Electric power Internet of things trusted connection method based on edge computing | |
| Li et al. | Research on security issues of military Internet of Things | |
| CN109639695A (en) | Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework | |
| Mahalaxmi et al. | Blockchain Solutions for IoT Devices Against DDoS Attacks: A Review | |
| Chouhan et al. | Software as a service: Analyzing security issues | |
| CN113965342A (en) | Trusted network connection system and method based on domestic platform | |
| Benabied et al. | A cloud security framework based on trust model and mobile agent | |
| Gaur et al. | Prevention of Security Attacks in Cloud Computing | |
| Tang et al. | Research on security protection countermeasures of internet of things | |
| CN114928481B (en) | Processing system, method and device for unknown attack defense, central scheduling point and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211130 |