CN114615006A - Edge layer data security protection method and system for power distribution Internet of things and storage medium - Google Patents

Edge layer data security protection method and system for power distribution Internet of things and storage medium Download PDF

Info

Publication number
CN114615006A
CN114615006A CN202111454706.1A CN202111454706A CN114615006A CN 114615006 A CN114615006 A CN 114615006A CN 202111454706 A CN202111454706 A CN 202111454706A CN 114615006 A CN114615006 A CN 114615006A
Authority
CN
China
Prior art keywords
data
storage
key
signature
storage node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111454706.1A
Other languages
Chinese (zh)
Inventor
曾飞
杨雄
杨景刚
袁晓冬
史明明
孙健
肖小龙
苏伟
司鑫尧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority to CN202111454706.1A priority Critical patent/CN114615006A/en
Publication of CN114615006A publication Critical patent/CN114615006A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a system and a storage medium for protecting edge layer data security facing to a power distribution Internet of things, wherein the method comprises the steps of establishing a ring signature group, and adopting a disposable ring signature and a key image as a mark in a CryptoNote protocol to provide a stealth address protocol for a user; an edge layer distributed power data storage architecture is designed, interactive data between storage nodes of edge equipment are encrypted by using a ring signature and a CryptoNote protocol, and identity authentication of two parties is realized; and realizing data sharing among nodes in the distributed power data security storage system based on the block chain intelligent contract. The distributed storage power data can overcome the potential safety hazard of centralized storage, improves the safety and the high efficiency of data storage through the block chain and various encryption technologies, and simultaneously ensures the high-efficiency safe sharing of the stored data through the intelligent contract of the block chain.

Description

Edge layer data security protection method and system for power distribution Internet of things and storage medium
Technical Field
The invention relates to a distribution Internet of things-oriented edge layer data security protection method, and belongs to the technical field of digital distribution networks.
Background
Safe and efficient storage and sharing of power data are important guarantees for stable and reliable service users of power grid services. The traditional power system architecture of a power grid company is generally divided into two layers, namely a main station layer and a terminal layer, data information of each department is independently collected and stored, and cannot be shared, so that a large amount of resources are repeatedly built and wasted. Therefore, in recent years, units such as national grid companies and the like propose power distribution internet of things construction, and an edge computing layer is introduced into a system architecture of the power distribution internet of things to form a cloud-edge-end three-layer system architecture, wherein data among various systems of operation, distribution and dispatching in a cloud master station platform needs to be stored and accessed in a sharing mode, data sharing and access need to be carried out between edge equipment and the edge equipment, so that the development trend of operation, distribution and dispatching integration is supported, and a large power grid strategy is created. Therefore, how to perform safe and efficient shared access on data stored between edge devices is a difficult problem to be solved urgently, and becomes one of the key directions for the development of the power distribution internet of things at present.
In a traditional power data storage mode, centralized storage is a main mode, power management and distribution data are mainly stored in a master station system, in order to achieve service application, terminal access data are all carried out through the master station, but with the fact that the scale of a power grid is larger and larger, when massive terminals all depend on the master station to carry out data storage and sharing, the storage and calculation pressure of the centralized mode on the master station is larger and larger, and once the master station in the center is attacked maliciously, system breakdown can even be caused. The most obvious characteristics of the blockchain technology are decentralization and tamper prevention, in a blockchain system, all storage nodes adopt a unified public ledger, and any storage node cannot illegally tamper the public ledger.
Therefore, distributed storage of the power data at the edge layer of the power internet of things is realized by using the block chain technology, the high efficiency and the safety of data storage can be greatly saved, and meanwhile, an effective data sharing method in the block chain is very necessary to be researched.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: how to realize the safety protection of the data of the edge layer of the power distribution internet of things.
In order to achieve the purpose, the invention adopts the technical scheme that:
an edge layer data security protection method facing a power distribution Internet of things comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
A computer readable storage medium is used for storing the edge layer data security protection system facing the power distribution Internet of things.
The invention achieves the following beneficial effects: according to the edge layer data safety protection method facing the power distribution Internet of things, the distributed data storage architecture of the edge layer of the power Internet of things is provided, the distributed storage database and the block chain bottom layer support are designed, a high-stability, safe and reliable power data storage mode can be provided, and the problems that a centralized data storage mode has great potential safety hazards and low storage efficiency are solved. The invention adopts ring signature and CryptoNote protocol to carry out storage interactive encryption, overcomes the problem that group signature needs group manager to participate, and further improves the storage security of electric power data in a block chain by adopting a stealth address. The data sharing mechanism based on the intelligent contract can solve the problems that internal access right limitation is difficult to control, data is difficult to share among nodes and the like, and meanwhile, efficient and safe sharing of stored data is achieved.
Drawings
FIG. 1 is a diagram of a distributed storage framework for power data in the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;
and sharing data among nodes in the distributed power data security storage system by using an intelligent contract in the block chain.
The ring signature is a digital signature scheme, all members in a final signature authentication requirement group agree to become effective to a message signing party, and the specific process of the ring signature is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,…,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token that provides information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
because the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is untraceable to an attacker.
Example 2
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of a boundary layer, encrypting interactive data between storage nodes of edge equipment by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interaction nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The generation process of the stealth address comprises the following steps:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
Example 3
The invention discloses a power distribution Internet of things-oriented edge layer data security protection method, which comprises the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The block chain technology is applied to the practical scenario of power data storage, and the specific architecture is shown in fig. 1. The distributed power data storage model is divided into two modules, wherein the left side is a distributed storage database, the right side is a block chain, the storage database supports storage of the block chain, and the block chain supports safety protection of the storage database. In a distributed power data storage architecture, a power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal, an Internet of things agent device and the like, each edge equipment has a plurality of storage nodes and is combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, the data distributed storage utilizes multi-level encryption service of the block chain, and the encryption storage process is as follows:
1) the method comprises the steps that a power consumer transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;
2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;
3) and uploading records of data storage completed by the storage nodes to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the credit evaluation is performed on the storage process by side equipment or a power user according to a preset evaluation standard, and the corresponding evaluation is performed on the performance of the storage nodes according to an evaluation result.
In the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, and if the public key of a new member is known, a ring signature group is constructed based on the encryption of the member public key:
Figure BDA0003386262430000061
in the formula, yn=fn(xn) Wherein f isnDefined by an extended threshold permutation function, fn(xn) At {0,1}bIs extended upwards to
Figure BDA0003386262430000062
Storing data by b-bit number omega ═ lin+qiComposition, therefore, of the extended threshold permutation function fiThe value of (ω) is expressed as:
Figure BDA0003386262430000063
in the formula, qiIs a random number generated by the sender,/iIs a random number generated by the receiver, n is the number of signers, xi…xnIs an argument of the function;
Figure BDA0003386262430000064
representing a Boolean operation;
Figure BDA0003386262430000065
mod represents a modulo operation; intermediate variable ω ═ lin+qi
The data sharing steps using the smart contract are as follows:
1) sharing access request: the request Req for data sharing is the data storage node NpIssued by the storage node NqReceiving, wherein the request Req comprises information such as an access address, time, frequency and the like; storage nodeNqFor storage node NpSetting an access constraint condition Con to re-authorize access, and accessing a private key SK of information such as address, time, frequency and the like, constraint condition and the likePIDTo the neighboring collector Bj
Figure BDA0003386262430000071
Figure BDA0003386262430000072
Where t is the timestamp, Cert is the certificate, fPKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;
Figure BDA0003386262430000073
encrypting information for a public key of a storage node;
Figure BDA0003386262430000074
encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;
2) executing the intelligent contract: collector BjAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilized
Figure BDA0003386262430000075
Encrypting the ring signature, and then outputting a decryption result of the shared data;
3) sending the shared data: when the storage node NqAnd storage node NpWithin the service scope of the same data aggregator, to the storage node NpAccess data to obtain data aggregator B directlyjThe data to be transmitted; if storage node NqAnd storage node NpIf the data packets are not in the same aggregator category, the data packets are stored by the currently running intelligent contractThe node transmits to a distance storage node N in an encrypted modepNearest collector BjThe specific process comprises the following steps:
Figure BDA0003386262430000076
Figure BDA0003386262430000077
where Share denotes sharing, S _ Mes is shared data;
4) specifying access data: storage node NpAnd after receiving the data, carrying out data access through private key decryption.
The invention firstly provides a block chain-based electric power data distributed storage architecture, overcomes the security threat of centralized storage, and improves the data storage efficiency and stability on a bottom architecture supported by the block chain; then, during the power data storage process, the designed CryptoNote protocol provides a disposable ring signature group and a key image as the marks of the data storage, and the privacy during the data storage interaction process is ensured by the used privacy address. And finally, data sharing among edge layer devices is realized by using an intelligent contract, the problems that internal access right limitation is difficult to control, data sharing among nodes is difficult and the like are solved, efficient and safe sharing of private data is ensured, and the safety and the efficiency of power data storage and sharing are further improved.
The utility model provides an edge layer data safety protection system towards distribution thing networking, includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
The working steps of each functional module are the same as the edge layer data safety protection method facing the power distribution internet of things.
A computer-readable storage medium is used for storing the edge layer data security protection method and system for the power distribution Internet of things.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.

Claims (11)

1. An edge layer data security protection method facing a power distribution Internet of things is characterized by comprising the following steps:
creating a ring signature group, designing a disposable ring signature and a key image in a CryptoNote protocol as a mark, and providing a stealth address protocol for a user;
establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
2. The power distribution internet of things-oriented edge layer data security protection method according to claim 1, wherein the specific process of creating the ring signature group is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,...,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.
3. An edge layer data security protection method facing to a power distribution internet of things as claimed in claim 1, wherein the generation process of the stealth address is as follows:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
4. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 1, wherein: in the distributed electric power data safety storage system, an electric power user transmits a storage request to edge equipment through end equipment, the edge equipment comprises an intelligent fusion terminal and an Internet of things agent device, each edge equipment is provided with a plurality of storage nodes and combined into a data aggregator, the edge equipment transmits the requirement to the respective storage node after receiving the storage request, the storage nodes respond, the whole storage process is recorded in a block chain, and the data distributed storage utilizes the multi-level encryption service of the block chain.
5. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that: in the encryption service, the encryption storage process is as follows:
1) the method comprises the steps that a power user transmits a storage requirement to a side device, namely, one node is selected from distributed storage nodes to store data, if the storage requirement is sent out, a request is not transmitted to other nodes within set time, and after the storage node receives the request, power data needing to be stored are transmitted;
2) if the storage node receives the request, the storage node provides corresponding storage service to a request sending party, namely an electric power user, the sequence of providing the storage service meets the sequence of sending time of the request, and when the confirmation message is received, data transmission is carried out;
3) and uploading a record of completing data storage of the storage node to a block chain, wherein the block chain is composed of a plurality of blocks, each block comprises a block head and a block body, the edge equipment or the power user performs credit evaluation on the storage process according to a preset evaluation standard, and the performance of the storage node is correspondingly evaluated according to an evaluation result.
6. The distribution Internet of things-oriented edge layer data security protection method according to claim 4, characterized in that:
in the distributed data storage system, a ring signature group is set, the ring signature group comprises intelligent power equipment, users and storage nodes, if the public key of a new member is known, a ring signature group is constructed based on the encryption of the public key of the member:
Figure RE-FDA0003595779400000031
in the formula, yn=fn(xn) Wherein f isnDefined by an extended threshold permutation function, fn(xn) At {0,1}bIs extended upwards to
Figure RE-FDA0003595779400000032
Storing data by b-bit number omega ═ lin+qiComposition, therefore, of the extended threshold permutation function fiThe value of (ω) is expressed as:
Figure RE-FDA0003595779400000033
in the formula, qiIs a random number generated by the sender,/iIs a random number generated by the receiver, n is the number of signers, xi…xnIs an argument of the function;
Figure RE-FDA0003595779400000034
representing a boolean operation;
Figure RE-FDA0003595779400000035
mod represents a modulo operation; intermediate variable ω ═ lin+qi
7. The edge layer data security protection method facing the power distribution internet of things as claimed in claim 4, wherein: the data sharing steps using the smart contract are as follows:
1) the request Req for data sharing is the data storage node NpIssued by the storage node NqReceiving, wherein the request Req comprises access address, time and frequency information; storage node NqFor storage node NpSetting access constraint conditions Con to re-authorize access, and accessing address, time and frequency, and private key SK of constraint condition informationPIDTo the neighboring collector Bj
Nq→Np:
Figure RE-FDA0003595779400000041
Np→Bj:
Figure RE-FDA0003595779400000042
Figure RE-FDA0003595779400000043
Where t is the timestamp, Cert is the certificate, fPKEncrypting information by using a public key of an entity, wherein PK is the public key, SK is a private key, and Mes represents stored data;
Figure RE-FDA0003595779400000044
encrypting information for a public key of a storage node;
Figure RE-FDA0003595779400000045
encrypting information for a public key of the aggregator; con represents an access constraint; s is the order of members as actual signers;
2) collector BjAfter information is verified, an intelligent contract is executed according to constraint conditions set by the storage node, the script is locked according to the existing secret key, then the shared data packet is decrypted, and meanwhile, the public key is utilized
Figure RE-FDA0003595779400000046
Encrypting the ring signature, and then outputting a decryption result of the shared data;
3) when the storage node NqAnd storage node NpWithin the service scope of the same data aggregator, to the storage node NpAccess the data to obtain the data aggregator B directlyjThe data to be transmitted; if storage node NqAnd storage node NpIf the data packets are not in the same aggregator category, the data packets are transmitted to the distance storage node N by the storage node currently running the intelligent contract in an encrypted modepNearest collector BjThe specific process is as follows:
Bj→Bj+1:
Figure RE-FDA0003595779400000047
Figure RE-FDA0003595779400000048
where Share denotes sharing, S _ Mes is shared data;
4) storage node NpAnd after receiving the data, carrying out data access through private key decryption.
8. The utility model provides an edge layer data safety protection system towards distribution thing networking which characterized in that includes following functional module:
a ring signature group creation module: designing a disposable ring signature and a key image as marks in a CryptoNote protocol to provide a stealth address protocol for a user;
the data interaction module: establishing a distributed power data storage architecture of an edge layer, encrypting interactive data between edge equipment storage nodes by using a ring signature and a CryptoNote protocol, and performing identity authentication of both sides of the data interactive nodes;
a data sharing module: and carrying out data sharing among nodes in the distributed power data security storage system by using the intelligent contract in the block chain.
9. An edge layer data security protection system for the power distribution internet of things as claimed in claim 8, wherein the specific process of creating the ring signature group is as follows:
1) constructing a signature, i.e. Sign phi (ms, P)s,Pk1,Pk2,…,Pkn) Signed by the public key (P) of each message mss,Pk1,Pk2,...,Pkn) Formed with and associated with the private key P of the signersAre correlated to produce a signature phi, PknIs the signature of the nth member, n is the number of signers;
2) verifying the signature, namely phi Verify (ms, phi), which consists of public keys of all possible signers and a message ms, wherein the output result is true or false, and the ms represents the message;
the CryptoNote protocol provides a one-time-use ring signature and a key image as a token, the key image providing information about having a particular signature φnThe signature value P is derived from the association of the random data (a, B) of the receiver with the random data r of the sender as:
P=Hs(rA)G+B
wherein HsThe random data of the receiver is obtained by inquiring the receiver through a secure channel by a sender; A. b are random data one and random data two respectively, the receiver checks the received storage interaction data by using the private key (a, B) of the receiver, and obtains an authentication value P' as:
P′=Hs(aR)G+b
r represents the authentication weight, and finally the receiver can reply with the corresponding one-time key x as:
x=Hs(aR)+b
since the message received by the receiver is associated with the one-time key, the CryptoNote protocol's data store interaction is not traceable to an attacker.
10. An edge layer data security protection method facing to the power distribution internet of things as claimed in claim 8, wherein the generation process of the stealth address is as follows:
1) the member generates a father key pair and a temporary key to form a one-time adding key I together, and issues the one-time adding key I, wherein the issued one-time adding key I is called a stealth address, and the father key pair comprises a father public key and a father private key;
2) and the member II receives the one-time adding key I and generates a temporary key II by itself, the one-time adding key I of the member I and the temporary key II generated by the member II are combined to generate a one-time adding key II, namely a one-time storage interactive address II, and the one-time storage interactive address II is generated by threshold replacement.
11. A computer readable storage medium for storing the edge layer data security protection method for the power distribution internet of things as claimed in any one of claims 1 to 6.
CN202111454706.1A 2021-12-01 2021-12-01 Edge layer data security protection method and system for power distribution Internet of things and storage medium Pending CN114615006A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111454706.1A CN114615006A (en) 2021-12-01 2021-12-01 Edge layer data security protection method and system for power distribution Internet of things and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111454706.1A CN114615006A (en) 2021-12-01 2021-12-01 Edge layer data security protection method and system for power distribution Internet of things and storage medium

Publications (1)

Publication Number Publication Date
CN114615006A true CN114615006A (en) 2022-06-10

Family

ID=81857652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111454706.1A Pending CN114615006A (en) 2021-12-01 2021-12-01 Edge layer data security protection method and system for power distribution Internet of things and storage medium

Country Status (1)

Country Link
CN (1) CN114615006A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242549A (en) * 2022-09-21 2022-10-25 佛山市元亨利贞信息科技有限公司 Data security sharing method, device, equipment and medium based on open protocol
CN118400206A (en) * 2024-06-28 2024-07-26 国网浙江省电力有限公司 Intelligent control method and system for number of rooms of power distribution station

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948868A (en) * 2021-03-31 2021-06-11 江苏省电力试验研究院有限公司 Electric power data storage method and electric power data sharing method based on block chain
CN113162768A (en) * 2021-02-24 2021-07-23 北京科技大学 Intelligent Internet of things equipment authentication method and system based on block chain
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162768A (en) * 2021-02-24 2021-07-23 北京科技大学 Intelligent Internet of things equipment authentication method and system based on block chain
CN112948868A (en) * 2021-03-31 2021-06-11 江苏省电力试验研究院有限公司 Electric power data storage method and electric power data sharing method based on block chain
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242549A (en) * 2022-09-21 2022-10-25 佛山市元亨利贞信息科技有限公司 Data security sharing method, device, equipment and medium based on open protocol
CN118400206A (en) * 2024-06-28 2024-07-26 国网浙江省电力有限公司 Intelligent control method and system for number of rooms of power distribution station

Similar Documents

Publication Publication Date Title
CN112491846B (en) Cross-chain block chain communication method and device
Liu et al. Blockchain empowered cooperative authentication with data traceability in vehicular edge computing
Cui et al. An efficient and safe road condition monitoring authentication scheme based on fog computing
Wang et al. B-TSCA: Blockchain assisted trustworthiness scalable computation for V2I authentication in VANETs
CN110138538B (en) Smart grid security and privacy protection data aggregation method based on fog calculation
Zhao et al. An efficient certificateless aggregate signature scheme for the Internet of Vehicles
CN114499952B (en) Alliance chain consensus identity authentication method
CN105873031B (en) Distributed unmanned plane cryptographic key negotiation method based on credible platform
CN112565230B (en) Software-defined Internet of things network topology data transmission safety management method and system
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110087239A (en) Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN112187450B (en) Method, device, equipment and storage medium for key management communication
Ometov et al. Securing network-assisted direct communication: The case of unreliable cellular connectivity
CN114615006A (en) Edge layer data security protection method and system for power distribution Internet of things and storage medium
CN109767218A (en) Block chain certificate processing method and system
Zhang et al. DBCPA: Dual blockchain-assisted conditional privacy-preserving authentication framework and protocol for vehicular ad hoc networks
CN113872760A (en) SM9 key infrastructure and security system
CN115514474A (en) Industrial equipment trusted access method based on cloud-edge-end cooperation
CN110012443A (en) A kind of the data encryption polymerization and its system of full homomorphism
CN110945833B (en) Method and system for multi-mode identification network privacy protection and identity management
Itoo et al. A robust ECC-based authentication framework for energy internet (EI)-based vehicle to grid communication system
Tian et al. Accountable fine-grained blockchain rewriting in the permissionless setting
CN112948868A (en) Electric power data storage method and electric power data sharing method based on block chain
Di et al. A Novel Identity‐Based Mutual Authentication Scheme for Vehicle Ad Hoc Networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination