CN114615006A - Edge layer data security protection method and system for power distribution Internet of things and storage medium - Google Patents

Abstract

The invention discloses a method, a system and a storage medium for protecting edge layer data security facing to a power distribution Internet of things, wherein the method comprises the steps of establishing a ring signature group, and adopting a disposable ring signature and a key image as a mark in a CryptoNote protocol to provide a stealth address protocol for a user; an edge layer distributed power data storage architecture is designed, interactive data between storage nodes of edge equipment are encrypted by using a ring signature and a CryptoNote protocol, and identity authentication of two parties is realized; and realizing data sharing among nodes in the distributed power data security storage system based on the block chain intelligent contract. The distributed storage power data can overcome the potential safety hazard of centralized storage, improves the safety and the high efficiency of data storage through the block chain and various encryption technologies, and simultaneously ensures the high-efficiency safe sharing of the stored data through the intelligent contract of the block chain.

Description

Edge layer data security protection method and system for power distribution Internet of things and storage medium

Technical Field

The invention relates to a distribution Internet of things-oriented edge layer data security protection method, and belongs to the technical field of digital distribution networks.

Background

Safe and efficient storage and sharing of power data are important guarantees for stable and reliable service users of power grid services. The traditional power system architecture of a power grid company is generally divided into two layers, namely a main station layer and a terminal layer, data information of each department is independently collected and stored, and cannot be shared, so that a large amount of resources are repeatedly built and wasted. Therefore, in recent years, units such as national grid companies and the like propose power distribution internet of things construction, and an edge computing layer is introduced into a system architecture of the power distribution internet of things to form a cloud-edge-end three-layer system architecture, wherein data among various systems of operation, distribution and dispatching in a cloud master station platform needs to be stored and accessed in a sharing mode, data sharing and access need to be carried out between edge equipment and the edge equipment, so that the development trend of operation, distribution and dispatching integration is supported, and a large power grid strategy is created. Therefore, how to perform safe and efficient shared access on data stored between edge devices is a difficult problem to be solved urgently, and becomes one of the key directions for the development of the power distribution internet of things at present.

In a traditional power data storage mode, centralized storage is a main mode, power management and distribution data are mainly stored in a master station system, in order to achieve service application, terminal access data are all carried out through the master station, but with the fact that the scale of a power grid is larger and larger, when massive terminals all depend on the master station to carry out data storage and sharing, the storage and calculation pressure of the centralized mode on the master station is larger and larger, and once the master station in the center is attacked maliciously, system breakdown can even be caused. The most obvious characteristics of the blockchain technology are decentralization and tamper prevention, in a blockchain system, all storage nodes adopt a unified public ledger, and any storage node cannot illegally tamper the public ledger.

Therefore, distributed storage of the power data at the edge layer of the power internet of things is realized by using the block chain technology, the high efficiency and the safety of data storage can be greatly saved, and meanwhile, an effective data sharing method in the block chain is very necessary to be researched.

Disclosure of Invention

The technical problem to be solved by the invention is as follows: how to realize the safety protection of the data of the edge layer of the power distribution internet of things.

In order to achieve the purpose, the invention adopts the technical scheme that:

an edge layer data security protection method facing a power distribution Internet of things comprises the following steps:

creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;

establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:

a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;

the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

A computer readable storage medium is used for storing the edge layer data security protection system facing the power distribution Internet of things.

The invention achieves the following beneficial effects: according to the edge layer data safety protection method facing the power distribution Internet of things, the distributed data storage architecture of the edge layer of the power Internet of things is provided, the distributed storage database and the block chain bottom layer support are designed, a high-stability, safe and reliable power data storage mode can be provided, and the problems that a centralized data storage mode has great potential safety hazards and low storage efficiency are solved. The invention adopts ring signature and CryptoNote protocol to carry out storage interactive encryption, overcomes the problem that group signature needs group manager to participate, and further improves the storage security of electric power data in a block chain by adopting a stealth address. The data sharing mechanism based on the intelligent contract can solve the problems that internal access right limitation is difficult to control, data is difficult to share among nodes and the like, and meanwhile, efficient and safe sharing of stored data is achieved.

Drawings

FIG. 1 is a diagram of a distributed storage framework for power data in the method of the present invention.

Detailed Description

The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.

The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:

creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;

establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;

and sharing data among nodes in the distributed power data security storage system by using an intelligent contract in the block chain.

The ring signature is a digital signature scheme, all members in a final signature authentication requirement group agree to become effective to a message signing party, and the specific process of the ring signature is as follows:

1) constructing a signature, i.e. Sign phi (ms, P)_s，P_k1，P_k2，…，P_kn) Signed by the public key (P) of each message ms_s，P_k1，P_k2，…，P_kn) Formed with and associated with the private key P of the signer_sAre correlated to produce a signature phi, P_knIs the signature of the nth member, n is the number of signers;

2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;

the CryptoNote protocol provides a one-time-use ring signature and a key image as a token that provides information about having a particular signature φ_nThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:

P＝H_s(rA)G+B

wherein H_sThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:

P′＝H_s(aR)G+b

r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:

x＝H_s(aR)+b

because the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is untraceable to an attacker.

Example 2

The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:

creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;

establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;

and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

The generation process of the stealth address comprises the following steps:

1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;

2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.

Example 3

The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:

creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;

establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

The block chain technology is applied to the practical scenario of power data storage, and the specific architecture is shown in fig. 1. The distributed power data storage model is divided into two modules, wherein the left side is a distributed storage database, the right side is a block chain, the storage database supports storage of the block chain, and the block chain supports safety protection of the storage database. In a distributed power data storage architecture, a power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal, an Internet of things agent device and the like, each edge equipment has a plurality of storage nodes and is combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, the data distributed storage utilizes multi-level encryption service of the block chain, and the encryption storage process is as follows:

1) the method comprises the steps that a power consumer transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;

2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;

3) and uploading records of data storage completed by the storage nodes to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the credit evaluation is performed on the storage process by side equipment or a power user according to a preset evaluation standard, and the corresponding evaluation is performed on the performance of the storage nodes according to an evaluation result.

In the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, and if the public key of a new member is known, a ring signature group is constructed based on the encryption of the member public key:

in the formula, y_n＝f_n(x_n) Wherein f is_nDefined by an extended threshold permutation function, f_n(x_n) At {0,1}^bIs extended upwards to

Storing data by b-bit number omega ═ l_in+q_iComposition, therefore, of the extended threshold permutation function f_iThe value of (ω) is expressed as:

in the formula, q_iIs a random number generated by the sender,/_iIs a random number generated by the receiver, n is the number of signers, x_i…x_nIs an argument of the function;

representing a Boolean operation;

mod represents a modulo operation; intermediate variable ω ═ l_in+q_i；

The data sharing steps using the smart contract are as follows:

1) sharing access request: the request Req for data sharing is the data storage node N_pIssued by the storage node N_qReceiving, wherein the request Req comprises information such as an access address, time, frequency and the like; storage nodeN_qFor storage node N_pSetting an access constraint condition Con to re-authorize access, and accessing a private key SK of information such as address, time, frequency and the like, constraint condition and the like_PIDTo the neighboring collector B_j：

Where t is the timestamp, Cert is the certificate, f_PKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;

encrypting information for a public key of a storage node;

encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;

2) executing the intelligent contract: collector B_jAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilized

Encrypting the ring signature, and then outputting a decryption result of the shared data;

3) sending the shared data: when the storage node N_qAnd storage node N_pWithin the service scope of the same data aggregator, to the storage node N_pAccess data to obtain data aggregator B directly_jThe data to be transmitted; if storage node N_qAnd storage node N_pIf the data packets are not in the same aggregator category, the data packets are stored by the currently running intelligent contractThe node transmits to a distance storage node N in an encrypted mode_pNearest collector B_jThe specific process comprises the following steps:

where Share denotes sharing, S _ Mes is shared data;

4) specifying access data: storage node N_pAnd after receiving the data, carrying out data access through private key decryption.

The invention firstly provides a block chain-based electric power data distributed storage architecture, overcomes the security threat of centralized storage, and improves the data storage efficiency and stability on a bottom architecture supported by the block chain; then, during the power data storage process, the designed CryptoNote protocol provides a disposable ring signature group and a key image as the marks of the data storage, and the privacy during the data storage interaction process is ensured by the used privacy address. And finally, data sharing among edge layer devices is realized by using an intelligent contract, the problems that internal access right limitation is difficult to control, data sharing among nodes is difficult and the like are solved, efficient and safe sharing of private data is ensured, and the safety and the efficiency of power data storage and sharing are further improved.

The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:

a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;

the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

The working steps of each functional module are the same as the edge layer data safety protection method facing the power distribution internet of things.

A computer-readable storage medium is used for storing the edge layer data security protection method and system for the power distribution Internet of things.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.

Claims (11)

1. An edge layer data security protection method facing a power distribution Internet of things is characterized by comprising the following steps:

creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;

establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

2. The power distribution internet of things-oriented edge layer data security protection method according to claim 1, wherein the specific process of creating the ring signature group is as follows:

1) constructing a signature, i.e. Sign phi (ms, P)_s，P_k1，P_k2，…，P_kn) Signed by the public key (P) of each message ms_s，P_k1，P_k2，...，P_kn) Formed with and associated with the private key P of the signer_sAre correlated to produce a signature phi, P_knIs the signature of the nth member, n is the number of signers;

2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;

the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φ_nThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:

P＝H_s(rA)G+B

wherein H_sThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:

P′＝H_s(aR)G+b

r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:

x＝H_s(aR)+b

since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.

3. An edge layer data security protection method facing to a power distribution internet of things as claimed in claim 1, wherein the generation process of the stealth address is as follows:

1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;

2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.

4. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 1, wherein: in the distributed electric power data safety storage system, an electric power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal and an Internet of things agent device, each edge equipment is provided with a plurality of storage nodes and combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, and the data distributed storage utilizes the multi-level encryption service of the block chain.

5. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that: in the encryption service, the encryption storage process is as follows:

1) the method comprises the steps that a power user transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;

2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;

3) and uploading a record of completing data storage of the storage node to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the edge equipment or the power user performs credit evaluation on the storage process according to a preset evaluation standard, and the performance of the storage node is correspondingly evaluated according to an evaluation result.

6. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that:

in the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, if the public key of a new member is known, a ring signature group is constructed based on the encryption of the public key of the member:

in the formula, y_n＝f_n(x_n) Wherein f is_nDefined by an extended threshold permutation function, f_n(x_n) At {0,1}^bIs extended upwards to

Storing data by b-bit number omega ═ l_in+q_iComposition, therefore, of the extended threshold permutation function f_iThe value of (ω) is expressed as:

in the formula, q_iIs a random number generated by the sender,/_iIs a random number generated by the receiver, n is the number of signers, x_i…x_nIs an argument of the function;

representing a boolean operation;

mod represents a modulo operation; intermediate variable ω ═ l_in+q_i。

7. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 4, wherein: the data sharing steps using the smart contract are as follows:

1) the request Req for data sharing is the data storage node N_pIssued by the storage node N_qReceiving, wherein the request Req comprises access address, time and frequency information; storage node N_qFor storage node N_pSetting access constraint conditions Con to re-authorize access, and accessing address, time and frequency, and private key SK of constraint condition information_PIDTo the neighboring collector B_j：

N_q→N_p:

N_p→B_j:

Where t is the timestamp, Cert is the certificate, f_PKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;

encrypting information for a public key of a storage node;

encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;

2) collector B_jAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilized

Encrypting the ring signature, and then outputting a decryption result of the shared data;

3) when the storage node N_qAnd storage node N_pWithin the service scope of the same data aggregator, to the storage node N_pAccess the data to obtain the data aggregator B directly_jThe data to be transmitted; if storage node N_qAnd storage node N_pIf the data packets are not in the same aggregator category, the data packets are transmitted to the distance storage node N by the storage node currently running the intelligent contract in an encrypted mode_pNearest collector B_jThe specific process is as follows:

B_j→B_j+1:

where Share denotes sharing, S _ Mes is shared data;

4) storage node N_pAnd after receiving the data, carrying out data access through private key decryption.

8. The utility model provides an edge layer data safety protection system towards distribution thing networking which characterized in that includes following functional module:

a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;

the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;

a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.

9. An edge layer data security protection system for the power distribution internet of things as claimed in claim 8, wherein the specific process of creating the ring signature group is as follows:

1) constructing a signature, i.e. Sign phi (ms, P)_s，P_k1，P_k2，…，P_kn) Signed by the public key (P) of each message ms_s，P_k1，P_k2，...，P_kn) Formed with and associated with the private key P of the signer_sAre correlated to produce a signature phi, P_knIs the signature of the nth member, n is the number of signers;

2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;

the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φ_nThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:

P＝H_s(rA)G+B

wherein H_sThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:

P′＝H_s(aR)G+b

r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:

x＝H_s(aR)+b

since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.

10. An edge layer data security protection method facing to the power distribution internet of things as claimed in claim 8, wherein the generation process of the stealth address is as follows:

1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;

2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.

11. A computer readable storage medium for storing the edge layer data security protection method for the power distribution internet of things as claimed in any one of claims 1 to 6.

Images