CN114615006A - Edge layer data security protection method and system for power distribution Internet of things and storage medium - Google Patents
Edge layer data security protection method and system for power distribution Internet of things and storage medium Download PDFInfo
- Publication number
- CN114615006A CN114615006A CN202111454706.1A CN202111454706A CN114615006A CN 114615006 A CN114615006 A CN 114615006A CN 202111454706 A CN202111454706 A CN 202111454706A CN 114615006 A CN114615006 A CN 114615006A
- Authority
- CN
- China
- Prior art keywords
- data
- storage
- key
- signature
- storage node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000009826 distribution Methods 0.000 title claims abstract description 33
- 238000013500 data storage Methods 0.000 claims abstract description 30
- 230000002452 interceptive effect Effects 0.000 claims abstract description 22
- 230000008569 process Effects 0.000 claims description 17
- 230000003993 interaction Effects 0.000 claims description 12
- 238000011156 evaluation Methods 0.000 claims description 7
- 230000000875 corresponding effect Effects 0.000 claims description 6
- 230000002596 correlated effect Effects 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000004927 fusion Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a system and a storage medium for protecting edge layer data security facing to a power distribution Internet of things, wherein the method comprises the steps of establishing a ring signature group, and adopting a disposable ring signature and a key image as a mark in a CryptoNote protocol to provide a stealth address protocol for a user; an edge layer distributed power data storage architecture is designed, interactive data between storage nodes of edge equipment are encrypted by using a ring signature and a CryptoNote protocol, and identity authentication of two parties is realized; and realizing data sharing among nodes in the distributed power data security storage system based on the block chain intelligent contract. The distributed storage power data can overcome the potential safety hazard of centralized storage, improves the safety and the high efficiency of data storage through the block chain and various encryption technologies, and simultaneously ensures the high-efficiency safe sharing of the stored data through the intelligent contract of the block chain.
Description
Technical Field
The invention relates to a distribution Internet of things-oriented edge layer data security protection method, and belongs to the technical field of digital distribution networks.
Background
Safe and efficient storage and sharing of power data are important guarantees for stable and reliable service users of power grid services. The traditional power system architecture of a power grid company is generally divided into two layers, namely a main station layer and a terminal layer, data information of each department is independently collected and stored, and cannot be shared, so that a large amount of resources are repeatedly built and wasted. Therefore, in recent years, units such as national grid companies and the like propose power distribution internet of things construction, and an edge computing layer is introduced into a system architecture of the power distribution internet of things to form a cloud-edge-end three-layer system architecture, wherein data among various systems of operation, distribution and dispatching in a cloud master station platform needs to be stored and accessed in a sharing mode, data sharing and access need to be carried out between edge equipment and the edge equipment, so that the development trend of operation, distribution and dispatching integration is supported, and a large power grid strategy is created. Therefore, how to perform safe and efficient shared access on data stored between edge devices is a difficult problem to be solved urgently, and becomes one of the key directions for the development of the power distribution internet of things at present.
In a traditional power data storage mode, centralized storage is a main mode, power management and distribution data are mainly stored in a master station system, in order to achieve service application, terminal access data are all carried out through the master station, but with the fact that the scale of a power grid is larger and larger, when massive terminals all depend on the master station to carry out data storage and sharing, the storage and calculation pressure of the centralized mode on the master station is larger and larger, and once the master station in the center is attacked maliciously, system breakdown can even be caused. The most obvious characteristics of the blockchain technology are decentralization and tamper prevention, in a blockchain system, all storage nodes adopt a unified public ledger, and any storage node cannot illegally tamper the public ledger.
Therefore, distributed storage of the power data at the edge layer of the power internet of things is realized by using the block chain technology, the high efficiency and the safety of data storage can be greatly saved, and meanwhile, an effective data sharing method in the block chain is very necessary to be researched.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: how to realize the safety protection of the data of the edge layer of the power distribution internet of things.
In order to achieve the purpose, the invention adopts the technical scheme that:
an edge layer data security protection method facing a power distribution Internet of things comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
A computer readable storage medium is used for storing the edge layer data security protection system facing the power distribution Internet of things.
The invention achieves the following beneficial effects: according to the edge layer data safety protection method facing the power distribution Internet of things, the distributed data storage architecture of the edge layer of the power Internet of things is provided, the distributed storage database and the block chain bottom layer support are designed, a high-stability, safe and reliable power data storage mode can be provided, and the problems that a centralized data storage mode has great potential safety hazards and low storage efficiency are solved. The invention adopts ring signature and CryptoNote protocol to carry out storage interactive encryption, overcomes the problem that group signature needs group manager to participate, and further improves the storage security of electric power data in a block chain by adopting a stealth address. The data sharing mechanism based on the intelligent contract can solve the problems that internal access right limitation is difficult to control, data is difficult to share among nodes and the like, and meanwhile, efficient and safe sharing of stored data is achieved.
Drawings
FIG. 1 is a diagram of a distributed storage framework for power data in the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;
and sharing data among nodes in the distributed power data security storage system by using an intelligent contract in the block chain.
The ring signature is a digital signature scheme, all members in a final signature authentication requirement group agree to become effective to a message signing party, and the specific process of the ring signature is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,…,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token that provides information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
because the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is untraceable to an attacker.
Example 2
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The generation process of the stealth address comprises the following steps:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
Example 3
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The block chain technology is applied to the practical scenario of power data storage, and the specific architecture is shown in fig. 1. The distributed power data storage model is divided into two modules, wherein the left side is a distributed storage database, the right side is a block chain, the storage database supports storage of the block chain, and the block chain supports safety protection of the storage database. In a distributed power data storage architecture, a power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal, an Internet of things agent device and the like, each edge equipment has a plurality of storage nodes and is combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, the data distributed storage utilizes multi-level encryption service of the block chain, and the encryption storage process is as follows:
1) the method comprises the steps that a power consumer transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;
2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;
3) and uploading records of data storage completed by the storage nodes to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the credit evaluation is performed on the storage process by side equipment or a power user according to a preset evaluation standard, and the corresponding evaluation is performed on the performance of the storage nodes according to an evaluation result.
In the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, and if the public key of a new member is known, a ring signature group is constructed based on the encryption of the member public key:
in the formula, yn=fn(xn) Wherein f isnDefined by an extended threshold permutation function, fn(xn) At {0,1}bIs extended upwards toStoring data by b-bit number omega ═ lin+qiComposition, therefore, of the extended threshold permutation function fiThe value of (ω) is expressed as:
in the formula, qiIs a random number generated by the sender,/iIs a random number generated by the receiver, n is the number of signers, xi…xnIs an argument of the function;representing a Boolean operation;mod represents a modulo operation; intermediate variable ω ═ lin+qi;
The data sharing steps using the smart contract are as follows:
1) sharing access request: the request Req for data sharing is the data storage node NpIssued by the storage node NqReceiving, wherein the request Req comprises information such as an access address, time, frequency and the like; storage nodeNqFor storage node NpSetting an access constraint condition Con to re-authorize access, and accessing a private key SK of information such as address, time, frequency and the like, constraint condition and the likePIDTo the neighboring collector Bj:
Where t is the timestamp, Cert is the certificate, fPKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;encrypting information for a public key of a storage node;encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;
2) executing the intelligent contract: collector BjAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilizedEncrypting the ring signature, and then outputting a decryption result of the shared data;
3) sending the shared data: when the storage node NqAnd storage node NpWithin the service scope of the same data aggregator, to the storage node NpAccess data to obtain data aggregator B directlyjThe data to be transmitted; if storage node NqAnd storage node NpIf the data packets are not in the same aggregator category, the data packets are stored by the currently running intelligent contractThe node transmits to a distance storage node N in an encrypted modepNearest collector BjThe specific process comprises the following steps:
where Share denotes sharing, S _ Mes is shared data;
4) specifying access data: storage node NpAnd after receiving the data, carrying out data access through private key decryption.
The invention firstly provides a block chain-based electric power data distributed storage architecture, overcomes the security threat of centralized storage, and improves the data storage efficiency and stability on a bottom architecture supported by the block chain; then, during the power data storage process, the designed CryptoNote protocol provides a disposable ring signature group and a key image as the marks of the data storage, and the privacy during the data storage interaction process is ensured by the used privacy address. And finally, data sharing among edge layer devices is realized by using an intelligent contract, the problems that internal access right limitation is difficult to control, data sharing among nodes is difficult and the like are solved, efficient and safe sharing of private data is ensured, and the safety and the efficiency of power data storage and sharing are further improved.
The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The working steps of each functional module are the same as the edge layer data safety protection method facing the power distribution internet of things.
A computer-readable storage medium is used for storing the edge layer data security protection method and system for the power distribution Internet of things.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.
Claims (11)
1. An edge layer data security protection method facing a power distribution Internet of things is characterized by comprising the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
2. The power distribution internet of things-oriented edge layer data security protection method according to claim 1, wherein the specific process of creating the ring signature group is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,...,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.
3. An edge layer data security protection method facing to a power distribution internet of things as claimed in claim 1, wherein the generation process of the stealth address is as follows:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
4. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 1, wherein: in the distributed electric power data safety storage system, an electric power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal and an Internet of things agent device, each edge equipment is provided with a plurality of storage nodes and combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, and the data distributed storage utilizes the multi-level encryption service of the block chain.
5. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that: in the encryption service, the encryption storage process is as follows:
1) the method comprises the steps that a power user transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;
2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;
3) and uploading a record of completing data storage of the storage node to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the edge equipment or the power user performs credit evaluation on the storage process according to a preset evaluation standard, and the performance of the storage node is correspondingly evaluated according to an evaluation result.
6. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that:
in the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, if the public key of a new member is known, a ring signature group is constructed based on the encryption of the public key of the member:
in the formula, yn=fn(xn) Wherein f isnDefined by an extended threshold permutation function, fn(xn) At {0,1}bIs extended upwards toStoring data by b-bit number omega ═ lin+qiComposition, therefore, of the extended threshold permutation function fiThe value of (ω) is expressed as:
7. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 4, wherein: the data sharing steps using the smart contract are as follows:
1) the request Req for data sharing is the data storage node NpIssued by the storage node NqReceiving, wherein the request Req comprises access address, time and frequency information; storage node NqFor storage node NpSetting access constraint conditions Con to re-authorize access, and accessing address, time and frequency, and private key SK of constraint condition informationPIDTo the neighboring collector Bj:
Where t is the timestamp, Cert is the certificate, fPKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;encrypting information for a public key of a storage node;encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;
2) collector BjAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilizedEncrypting the ring signature, and then outputting a decryption result of the shared data;
3) when the storage node NqAnd storage node NpWithin the service scope of the same data aggregator, to the storage node NpAccess the data to obtain the data aggregator B directlyjThe data to be transmitted; if storage node NqAnd storage node NpIf the data packets are not in the same aggregator category, the data packets are transmitted to the distance storage node N by the storage node currently running the intelligent contract in an encrypted modepNearest collector BjThe specific process is as follows:
where Share denotes sharing, S _ Mes is shared data;
4) storage node NpAnd after receiving the data, carrying out data access through private key decryption.
8. The utility model provides an edge layer data safety protection system towards distribution thing networking which characterized in that includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
9. An edge layer data security protection system for the power distribution internet of things as claimed in claim 8, wherein the specific process of creating the ring signature group is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,...,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.
10. An edge layer data security protection method facing to the power distribution internet of things as claimed in claim 8, wherein the generation process of the stealth address is as follows:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
11. A computer readable storage medium for storing the edge layer data security protection method for the power distribution internet of things as claimed in any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111454706.1A CN114615006A (en) | 2021-12-01 | 2021-12-01 | Edge layer data security protection method and system for power distribution Internet of things and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111454706.1A CN114615006A (en) | 2021-12-01 | 2021-12-01 | Edge layer data security protection method and system for power distribution Internet of things and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114615006A true CN114615006A (en) | 2022-06-10 |
Family
ID=81857652
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111454706.1A Pending CN114615006A (en) | 2021-12-01 | 2021-12-01 | Edge layer data security protection method and system for power distribution Internet of things and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114615006A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115242549A (en) * | 2022-09-21 | 2022-10-25 | 佛山市元亨利贞信息科技有限公司 | Data security sharing method, device, equipment and medium based on open protocol |
CN118400206A (en) * | 2024-06-28 | 2024-07-26 | 国网浙江省电力有限公司 | Intelligent control method and system for number of rooms of power distribution station |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112948868A (en) * | 2021-03-31 | 2021-06-11 | 江苏省电力试验研究院有限公司 | Electric power data storage method and electric power data sharing method based on block chain |
CN113162768A (en) * | 2021-02-24 | 2021-07-23 | 北京科技大学 | Intelligent Internet of things equipment authentication method and system based on block chain |
CN113553574A (en) * | 2021-07-28 | 2021-10-26 | 浙江大学 | Internet of things trusted data management method based on block chain technology |
-
2021
- 2021-12-01 CN CN202111454706.1A patent/CN114615006A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113162768A (en) * | 2021-02-24 | 2021-07-23 | 北京科技大学 | Intelligent Internet of things equipment authentication method and system based on block chain |
CN112948868A (en) * | 2021-03-31 | 2021-06-11 | 江苏省电力试验研究院有限公司 | Electric power data storage method and electric power data sharing method based on block chain |
CN113553574A (en) * | 2021-07-28 | 2021-10-26 | 浙江大学 | Internet of things trusted data management method based on block chain technology |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115242549A (en) * | 2022-09-21 | 2022-10-25 | 佛山市元亨利贞信息科技有限公司 | Data security sharing method, device, equipment and medium based on open protocol |
CN118400206A (en) * | 2024-06-28 | 2024-07-26 | 国网浙江省电力有限公司 | Intelligent control method and system for number of rooms of power distribution station |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112491846B (en) | Cross-chain block chain communication method and device | |
Liu et al. | Blockchain empowered cooperative authentication with data traceability in vehicular edge computing | |
Cui et al. | An efficient and safe road condition monitoring authentication scheme based on fog computing | |
Wang et al. | B-TSCA: Blockchain assisted trustworthiness scalable computation for V2I authentication in VANETs | |
CN110138538B (en) | Smart grid security and privacy protection data aggregation method based on fog calculation | |
Zhang et al. | Privacy-preserving communication and power injection over vehicle networks and 5G smart grid slice | |
Zhao et al. | An efficient certificateless aggregate signature scheme for the Internet of Vehicles | |
CN105873031B (en) | Distributed unmanned plane cryptographic key negotiation method based on credible platform | |
CN112565230B (en) | Software-defined Internet of things network topology data transmission safety management method and system | |
CN114499952B (en) | Alliance chain consensus identity authentication method | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN110087239A (en) | Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network | |
CN114710275B (en) | Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment | |
CN112187450B (en) | Method, device, equipment and storage medium for key management communication | |
Ometov et al. | Securing network-assisted direct communication: The case of unreliable cellular connectivity | |
CN114615006A (en) | Edge layer data security protection method and system for power distribution Internet of things and storage medium | |
CN109767218A (en) | Block chain certificate processing method and system | |
Zhang et al. | DBCPA: Dual blockchain-assisted conditional privacy-preserving authentication framework and protocol for vehicular ad hoc networks | |
CN113872760A (en) | SM9 key infrastructure and security system | |
CN114024698A (en) | Power distribution Internet of things service safety interaction method and system based on state cryptographic algorithm | |
CN115514474A (en) | Industrial equipment trusted access method based on cloud-edge-end cooperation | |
CN110012443A (en) | A kind of the data encryption polymerization and its system of full homomorphism | |
CN110945833B (en) | Method and system for multi-mode identification network privacy protection and identity management | |
Itoo et al. | A robust ECC-based authentication framework for energy internet (EI)-based vehicle to grid communication system | |
Tian et al. | Accountable fine-grained blockchain rewriting in the permissionless setting |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |