CN114666166A - Method and system for acquiring and storing credible data of industrial internet - Google Patents

Method and system for acquiring and storing credible data of industrial internet Download PDF

Info

Publication number
CN114666166A
CN114666166A CN202210548987.5A CN202210548987A CN114666166A CN 114666166 A CN114666166 A CN 114666166A CN 202210548987 A CN202210548987 A CN 202210548987A CN 114666166 A CN114666166 A CN 114666166A
Authority
CN
China
Prior art keywords
node
data
industrial control
control network
industrial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210548987.5A
Other languages
Chinese (zh)
Other versions
CN114666166B (en
Inventor
吴伟
章渠丰
陈超
杨杰
马远洋
崔旭中
文昱博
朱奕辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Mulian Internet Of Things Technology Co ltd
Original Assignee
Zhejiang Mulian Internet Of Things Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Mulian Internet Of Things Technology Co ltd filed Critical Zhejiang Mulian Internet Of Things Technology Co ltd
Priority to CN202210548987.5A priority Critical patent/CN114666166B/en
Publication of CN114666166A publication Critical patent/CN114666166A/en
Application granted granted Critical
Publication of CN114666166B publication Critical patent/CN114666166B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The application provides a method and a system for acquiring and storing trusted data of an industrial internet in a multi-node industrial control network environment. The method adopts a multi-node industrial control network election method based on information entropy, and selects a node with the largest information entropy as a main node to report data to an edge server; the method for preventing the falsification of the data reporting of the multi-node industrial control network is adopted, when a single node initiates the data reporting, the data is copied to other nodes in the network, and the edge server stores the data after receiving the data which is more than the data confirmed by the quantitative node, so that the reliability of the data is ensured; and carrying out distributed safe storage on the data of the Internet of things in the edge server network. By combining the consensus mechanism of the block chain technology with the idea of distributed storage, the application provides a credible solution related to node mutual trust, data transmission and data storage, and can remarkably improve the fault tolerance, safety and traceability under the multi-node industrial control network environment.

Description

Method and system for acquiring and storing credible data of industrial internet
Technical Field
The application belongs to the technical field of industrial internet security, and particularly relates to a method and a system for acquiring and storing credible data of an industrial internet in a multi-node industrial control network environment.
Background
An Industrial Control System (ICS) consists of various automation control components and data collection and supervisory control system components. With the development of industrialization and informatization, an industrial control system is changed from an originally closed and isolated local area network environment to an open and intercommunicated internet environment. ICS is exposed in public networks, increases the risk of network attack, threatens the life and safe production environment of people, and causes huge economic loss in severe cases.
With the current international situation becoming more complex, the strategic game of the great country further focuses on the manufacturing industry, and the attack behavior aiming at the industrial network increasingly presents the professionality and the strict organization, and belongs to the typical APT attack. An attacker can send an industrial control protocol packet with a completely correct protocol format but with carefully tampered service content to other industrial control devices in the system through the broken industrial control device based on deep understanding of the service flow of the target system. The protocol packets with normal formats cannot trigger attack detection and audit alarm, but the abnormal service content in the protocol packets can tamper the running logic of the controller or falsely constitute the running state of a controlled object, and industrial control equipment can be controlled to continuously run under a 'safety critical state' or a 'component high loss state' without triggering fault alarm, so that serious safety accidents are caused, the accident reasons are difficult to be investigated, and serious consequences such as equipment damage, interruption of critical facility service, casualties and the like are caused.
Therefore, a perfect industrial trusted data management solution is to be provided for the problems of high data centralization degree and lack of a trust mechanism in the industrial field.
Disclosure of Invention
In view of this, the application provides a method and a system for acquiring and storing trusted data of an industrial internet in a multi-node industrial control network environment, which can significantly improve fault tolerance, security and traceability in the multi-node industrial control network environment.
The specific technical scheme of the application is as follows:
the application provides an industrial internet trusted data acquisition and storage method under a multi-node industrial control network environment, which comprises the following steps:
dividing and numbering industrial internet data, uploading the industrial internet data through each industrial control node in the multi-node industrial control network, and selecting main industrial control nodes reported in the round according to the information entropy mode;
the elected main industrial control node initiates data reporting according to the corresponding number, communicates with other industrial control nodes in the multi-node industrial control network, feeds back a negotiation session result to the edge server, and the edge server judges whether to store data according to the feedback result;
and the edge server network selects nodes for data transmission and storage according to the distance between each edge server and the industrial internet data to be stored.
Specifically, the selection of the main industrial control nodes reported in the current round according to the information entropy mode specifically includes:
calculating the sectional information entropy of the corresponding number of the industrial internet data which needs to be reported in each industrial control node;
calculating the information entropy sum of the industrial internet data which needs to be reported by each industrial control node according to the segmented information entropy of each corresponding number;
and the edge server receives the information entropy sum data of each industrial control node in the multi-node industrial control network, and selects the main industrial control node according to the information entropy sum data.
Specifically, selecting the main industrial control node according to the information entropy sum data specifically comprises:
sorting the information entropy sum data from each industrial control node according to the size of the data volume;
selecting one or more industrial control nodes with the largest data quantity and carrying out order marking according to the sorting result of the data quantity;
and sending the selected main industrial control nodes to a multi-node industrial control network through broadcasting.
Specifically, the communication with other industrial control nodes in the multi-node industrial control network specifically includes:
the main industrial control node reports the data and simultaneously copies the data to other nodes in the multi-node industrial control network and sends a confirmation request;
other nodes verify the received data logicality and repetition rate, and if the received data logicality and repetition rate pass the verification, the other nodes send receiving messages to the multi-node industrial control network;
and judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network, and if so, sending a feedback message to the edge server for processing.
Specifically, the verifying the received data logicality and repetition rate by other nodes is specifically as follows:
verifying current view number v, current request number q, digest of message content a(m)And the content m of the message, if v and q are repeated with what previously occurred in other messages, while a(m)And m is different from it, the request is rejected, and in addition the request is accepted and an acceptance message is sent.
Specifically, the specific step of judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network is as follows:
judging whether the number of the received message contents sent by different nodes in the multi-node industrial control network in a preset time range is consistent with the number of the received message contents sent by different nodes in the multi-node industrial control network exceeds a threshold value 2f or not;
if the node exceeds the threshold value, the main industrial control node sends a promise message to other nodes in the multi-node industrial control network, and when a certain node receives the promise message sent by 2f +1 nodes, the node judges that consensus is achieved.
Specifically, the step of the edge server judging whether to perform data storage according to the feedback result specifically includes:
acquiring the quantity of industrial control nodes in the current multi-node industrial control network;
and judging whether the quantity of the received feedback messages exceeds a preset proportion relative to the quantity of the industrial control nodes, if so, judging to store data, and otherwise, not storing the data.
Specifically, the selecting of the nodes according to the distances between each edge server and the industrial internet data to be stored specifically includes:
allocating an ID mark for each node in the edge server network;
calculating a 160-bit hash value of the data to be stored as a Key and calculating the distance from the ID to an edge server t closest to the Key;
after the query request confirmation is sent to the edge server t repeatedly, the data is transmitted to the corresponding node for data storage.
Specifically, the repeatedly sending of the query request to the edge server t confirms that:
sending a query request to an edge server t, judging whether a node target receiving the query request is the node target of the edge server t, and if so, returning the node ID of the node target;
if not, the distance between the ID and the edge server t is monitored, alpha closer node IDs in the K bucket corresponding to the ID are called, and the node IDs are returned as replies.
The application also provides an industrial internet trusted data acquisition and storage system under the multi-node industrial control network environment, which comprises a memory and a processor, wherein the memory comprises an industrial internet trusted data acquisition and storage program under the multi-node industrial control network environment, and the steps of the industrial internet trusted data acquisition and storage method under the multi-node industrial control network environment are realized when the processor executes the industrial internet trusted data acquisition and storage program under the multi-node industrial control network environment.
In summary, the application provides a method and a system for acquiring and storing credible data of an industrial internet in a multi-node industrial control network environment. The method comprises the steps of dividing and numbering industrial internet data by adopting a multi-node industrial control network election method based on information entropy to obtain N information segments, calculating the information entropy of each segment, and selecting a node with the largest information entropy as a main node to report data to an edge server; the method adopts a multi-node industrial control network data reporting tamper-proof method, when a single node initiates data reporting, the data is copied to other nodes in the network, and only after the edge server receives the data which is more than the data confirmed by the quantitative node, the distributed safe storage is carried out, so that the reliability of the data is ensured; the edge server uses Kademlia algorithm to realize distributed safe storage for the data of the Internet of things in the edge server network. By combining the consensus mechanism of the block chain technology with the idea of distributed storage, the credible solution related to node mutual trust, data transmission and data storage is provided, and the fault tolerance, the safety and the traceability under the multi-node industrial control network environment can be obviously improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a flowchart of a method for acquiring and storing trusted data of an industrial Internet in a multi-node industrial control network environment according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a multi-node industrial control network according to an embodiment of the present application;
FIG. 3 is an information flow diagram of the multi-node industrial control network in which all industrial control nodes achieve consensus according to the embodiment of the present application;
fig. 4 is a block diagram of an industrial internet trusted data acquisition and storage system in a multi-node industrial control network environment according to an embodiment of the present application.
Detailed Description
In order to make the objects, features and advantages of the present application more obvious and understandable, the technical solutions in the embodiments of the present application are clearly and completely described, and it is obvious that the embodiments described below are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The noun explains: a consensus mechanism: is an important component of block chain technology. The goal is to complete verification and validation of the transaction in a short time by voting for a particular node, so that all honest nodes maintain a consistent blockchain view.
Distributed storage: and storing the data on a plurality of data storage servers in a scattered manner.
Kademlia algorithm: the distributed storage and routing algorithm can perform elastic work under the condition that any node fails at any time.
Referring to fig. 1, fig. 1 is a flowchart illustrating an industrial internet trusted data acquiring and storing method in a multi-node industrial control network environment according to an embodiment of the present application.
The embodiment of the application provides an industrial internet trusted data acquisition and storage method under a multi-node industrial control network environment, which comprises the following steps:
s102: dividing and numbering industrial internet data, uploading the industrial internet data through each industrial control node in the multi-node industrial control network, and selecting main industrial control nodes reported in the round according to the information entropy mode;
s104: the elected main industrial control node initiates data reporting according to the corresponding number, communicates with other industrial control nodes in the multi-node industrial control network, feeds back a negotiation session result to the edge server, and the edge server judges whether to store data according to the feedback result;
s106: and the edge server network selects nodes to transmit and store data according to the distance between each edge server and the industrial internet data to be stored.
It should be noted that the industrial internet data in S102 may be divided according to the data type, the modification time, and the like. In the embodiment of the application, a schematic structural diagram of a multi-node industrial control network is shown in fig. 2, the multi-node industrial control network can be composed of n industrial control nodes, all nodes in the network have the same status and can communicate with each other, and the multi-node industrial control network can be connected with an edge server through an industrial switch, so that the whole process of data reporting is realized.
And S104 and S106, the industrial control node reports the data and simultaneously negotiates with other industrial control nodes in the multi-node industrial control network to verify the safety of the reported data and the industrial control nodes, and the edge server integrates and evaluates the verification information and then stores the data. And finally, selecting a proper node in the edge server network for distributed data storage.
According to the embodiment of the application, the selection of the main industrial control nodes reported in the current round according to the information entropy mode specifically comprises the following steps:
calculating the sectional information entropy of the corresponding number of the industrial internet data which needs to be reported in each industrial control node;
calculating the information entropy sum of the industrial internet data which needs to be reported by each industrial control node according to the segmented information entropy of each corresponding number;
and the edge server receives the information entropy sum data of each industrial control node in the multi-node industrial control network, and selects the main industrial control node according to the information entropy sum data.
It should be noted that each industrial control node can calculate the segment information entropy according to the number, and the calculation formula can be expressed as
Figure 986000DEST_PATH_IMAGE001
Then, the information entropy sum of the data needing to be reported is calculated for each node, and the calculation formula can be expressed as
Figure 234578DEST_PATH_IMAGE002
And finally, summing the information entropy to the edge server.
According to the embodiment of the application, the main industrial control node is selected according to the information entropy sum data, and specifically comprises the following steps:
sorting the information entropy sum data from each industrial control node according to the size of the data volume;
selecting one or more industrial control nodes with the largest data quantity and carrying out order marking according to the sequencing result of the data quantity;
and sending the selected main industrial control nodes to a multi-node industrial control network through broadcasting.
It should be noted that the edge server may select one or n nodes with the largest total entropy as the master nodes for reporting data in the next round according to the sorting result, and broadcast the master nodes to the multi-node industrial control network.
According to the embodiment of the application, the communication with other industrial control nodes in the multi-node industrial control network specifically comprises the following steps:
the main industrial control node reports the data and simultaneously copies the data to other nodes in the multi-node industrial control network and sends a confirmation request;
other nodes verify the received data logicality and repetition rate, and if the received data logicality and repetition rate pass the verification, the other nodes send receiving messages to the multi-node industrial control network;
and judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network, and if so, sending a feedback message to the edge server for processing.
It should be noted that after receiving the request, the other nodes sequentially execute the Pre-Prepare, Prepare and Commit stages according to the practical byzantine fault-tolerant algorithm, and respectively implement the functions of data verification, communication judgment and result feedback.
According to the embodiment of the application, the verification of the received data logicality and repetition rate by other nodes is specifically as follows:
verifying the current view number v, the current request number q, the digest of the message content a(m)And the content m of the message, if v and q are repeated with what previously occurred in other messages, while a(m)And m is different from it, the request is rejected, otherwise the request is accepted and an acceptance message is sent.
It should be noted that if the request is rejected, the other nodes end the current data verification stage and do not send any feedback message. The node receiving the request broadcasts and sends an acceptance message to the multi-node industrial control network.
According to the embodiment of the application, judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network specifically comprises the following steps:
judging whether the number of the received message contents sent by different nodes in the multi-node industrial control network in a preset time range is consistent with the number of the received message contents sent by different nodes in the multi-node industrial control network exceeds a threshold value 2f or not;
if the threshold value is exceeded, the main industrial control node sends a commitment message to other nodes in the multi-node industrial control network, and when a certain node receives the commitment message sent by 2f +1 nodes, the node judges that consensus is achieved.
It should be noted that f refers to the number of failed nodes, that is, the number of industrial control nodes that cannot reply or reply error messages in the multi-node industrial control network. The setting condition of the threshold 2f is that the total number of nodes n > =3f +1 in the multi-node industrial control network. If more than 2f acceptance message contents sent by different nodes in the multi-node industrial control network are consistent within a specified time, entering a Commit stage. The industrial control nodes broadcast the commitment message to other nodes in the network at the stage, when a certain industrial control node receives the commitment message (including the commitment message sent by the industrial control node) sent by 2f +1 nodes, a consensus is achieved, the stage is completed, and a feedback message is sent to the edge server. An information flow diagram that all industrial control nodes in the multi-node industrial control network achieve consensus in the embodiment of the present application is shown in fig. 3, where the industrial control device 0 is a master node, and the industrial control device 3 is a rogue node. Before the Commit stage, the messages sent by the industrial control equipment 0-2 are consistent, so that the Commit stage is normally carried out, and finally the edge server normally stores data.
According to the embodiment of the application, the step of judging whether to store the data according to the feedback result by the edge server specifically comprises the following steps:
acquiring the quantity of industrial control nodes in the current multi-node industrial control network;
and judging whether the quantity of the received feedback messages exceeds a preset proportion relative to the quantity of the industrial control nodes, if so, judging to store data, and otherwise, not storing the data.
It should be noted that, if the edge server receives the feedback message of the node with the ratio greater than or equal to the preset ratio in the multi-node industrial control network, the data is stored, where the preset ratio may be set to 2/3. If the data is judged not to be stored, the system sends out an alarm message.
According to the embodiment of the application, the node selection according to the distance between each edge server and the industrial internet data to be stored is specifically as follows:
assigning an ID tag to each node in the edge server network;
calculating a 160-bit hash value of the data to be stored as a Key and calculating the distance from the ID to an edge server t closest to the Key;
after the query request confirmation is sent to the edge server t repeatedly, the data is transmitted to the corresponding node for data storage.
It should be noted that each node in the edge server network is assigned with a 160-bit ID as a flag, and a calculation formula of the distance from the ID to the edge server t closest to the Key may be represented as d (x, y) = x ≦ y.
According to the embodiment of the application, the confirmation of the query request repeatedly sent to the edge server t specifically comprises the following steps:
sending a query request to an edge server t, judging whether a node target receiving the query request is the node target of the edge server t, and if so, returning the node ID of the node target;
if not, the distance between the ID and the edge server t is monitored, alpha closer node IDs in the K bucket corresponding to the ID are called, and the node IDs are returned as replies.
It should be noted that, according to the principle that each query can obtain information from the K bucket closer to t, a query operation is issued to the edge server closer to t. If the queried node is the target, the node answers that the node is the closest node; otherwise, measuring the distance between the node and the t, and selecting alpha closer nodes from the corresponding K bucket to reply. The above process is repeated until the data is transmitted to the edge server t for storage.
In another embodiment of the present application, the method further comprises:
the main industrial control node signs and encrypts the data according to the built-in information while reporting the data, and sends the data to other nodes in the multi-node industrial control network;
and the other nodes decrypt the received data according to the built-in information to obtain the identity information, verify the identity information and the built-in information of the corresponding industrial control node, and transmit the encrypted data to the edge server if the verification is passed.
The provisioning information includes a random number generated by the system, a timestamp, a private key from the provisioning information itself, a public key from another node, and the like. The identity information refers to real information obtained after a decryption process in a data transmission stage, and the identity information and the built-in information are verified to judge whether the data are tampered and whether the node authority meets the requirements.
In another embodiment of the present application, the method further comprises:
carrying out attribute setting and corresponding data transmission channel distribution on each industrial control node in the multi-node industrial control network according to the node function;
before industrial internet data is uploaded to each industrial control node, verifying the data format and the authority level to judge whether the data is legal data or not, and analyzing the verified legal data to obtain the data type and the data amount;
and matching the data type and the data quantity with the attributes of the industrial control nodes, and uploading the data according to the serial number sequence of the industrial internet data by adopting a data transmission channel under the current industrial control node.
It should be noted that the industrial control nodes can be classified according to the data type and the data amount, and different data transmission channels and data segmentation modes are set for different categories, for example, special nodes with complex applicable data types and high authority levels and special nodes with large applicable data amounts and high data type repetition rates are set.
Referring to fig. 4, fig. 4 is a block diagram of an industrial internet trusted data acquisition and storage system in a multi-node industrial control network environment according to the present application.
The application also provides an industrial internet trusted data acquisition and storage system under the multi-node industrial control network environment, which comprises a memory 21 and a processor 22, wherein the memory 21 comprises an industrial internet trusted data acquisition and storage program under the multi-node industrial control network environment, and the industrial internet trusted data acquisition and storage program under the multi-node industrial control network environment is executed by the processor 22 to realize the following steps:
dividing and numbering industrial internet data, uploading the industrial internet data through each industrial control node in the multi-node industrial control network, and selecting main industrial control nodes reported in the round according to the information entropy mode;
the elected main industrial control node initiates data reporting according to the corresponding number, communicates with other industrial control nodes in the multi-node industrial control network, feeds back a negotiation conversation result to the edge server, and the edge server judges whether to store data according to the feedback result;
and the edge server network selects nodes for data transmission and storage according to the distance between each edge server and the industrial internet data to be stored.
According to the embodiment of the application, the selection of the main industrial control nodes reported in the current round according to the information entropy mode specifically comprises the following steps:
calculating the sectional information entropy of the corresponding number of the industrial internet data which needs to be reported in each industrial control node;
calculating the information entropy sum of the industrial internet data which needs to be reported by each industrial control node according to the segmented information entropy of each corresponding number;
and the edge server receives the information entropy sum data of each industrial control node in the multi-node industrial control network, and selects the main industrial control node according to the information entropy sum data.
According to the embodiment of the application, the main industrial control node selected according to the information entropy sum data is specifically as follows:
sorting the information entropy sum data from each industrial control node according to the size of the data volume;
selecting one or more industrial control nodes with the largest data quantity and carrying out order marking according to the sorting result of the data quantity;
and sending the selected main industrial control nodes to a multi-node industrial control network through broadcasting.
According to the embodiment of the application, the communication with other industrial control nodes in the multi-node industrial control network specifically comprises the following steps:
the main industrial control node reports the data and simultaneously copies the data to other nodes in the multi-node industrial control network and sends a confirmation request;
other nodes verify the received data logicality and repetition rate, and if the received data logicality and repetition rate pass the verification, the other nodes send receiving messages to the multi-node industrial control network;
and judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network, and if so, sending a feedback message to the edge server for processing.
According to the embodiment of the application, the verification of the received data logicality and repetition rate by other nodes is specifically as follows:
verifying the current view number v, the current request number q, the digest of the message content a(m)And the content m of the message, if v and q are repeated with what previously occurred in other messages, while a(m)And m is different from it, the request is rejected, otherwise the request is accepted and an acceptance message is sent.
According to the embodiment of the application, judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network specifically comprises the following steps:
judging whether the number of the received message contents sent by different nodes in the multi-node industrial control network in a preset time range is consistent with the number of the received message contents sent by different nodes in the multi-node industrial control network exceeds a threshold value 2f or not;
if the threshold value is exceeded, the main industrial control node sends a commitment message to other nodes in the multi-node industrial control network, and when a certain node receives the commitment message sent by 2f +1 nodes, the node judges that consensus is achieved.
According to the embodiment of the application, the step of judging whether to store the data according to the feedback result by the edge server specifically comprises the following steps:
acquiring the quantity of industrial control nodes in the current multi-node industrial control network;
and judging whether the quantity of the received feedback messages exceeds a preset proportion relative to the quantity of the industrial control nodes, if so, judging to store the data, and otherwise, not storing the data.
According to the embodiment of the application, the node selection according to the distance between each edge server and the industrial internet data to be stored is specifically as follows:
assigning an ID tag to each node in the edge server network;
calculating a 160-bit hash value of the data to be stored as a Key and calculating the distance from the ID to an edge server t closest to the Key;
after the query request confirmation is sent to the edge server t repeatedly, the data is transmitted to the corresponding node for data storage.
According to the embodiment of the present application, the repeatedly sending the query request acknowledgement to the edge server t specifically includes:
sending a query request to an edge server t, judging whether a node target receiving the query request is the node target of the edge server t, and if so, returning the node ID of the node target;
if not, the distance between the ID and the edge server t is monitored, alpha closer node IDs in the K bucket corresponding to the ID are called, and the node IDs are returned as replies.
In another embodiment of the present application, the method further comprises:
the main industrial control node signs and encrypts the data according to the built-in information while reporting the data, and sends the data to other nodes in the multi-node industrial control network;
and the other nodes decrypt the received data according to the built-in information to obtain the identity information, verify the identity information and the built-in information of the corresponding industrial control node, and transmit the encrypted data to the edge server if the verification is passed.
In another embodiment of the present application, the method further comprises:
carrying out attribute setting and corresponding data transmission channel distribution on each industrial control node in the multi-node industrial control network according to the node function;
before industrial internet data is uploaded to each industrial control node, verifying the data format and the authority level to judge whether the data is legal data or not, and analyzing the verified legal data to obtain the data type and the data amount;
and matching the data type and the data quantity with the attributes of the industrial control nodes, and uploading the data according to the serial number sequence of the industrial internet data by adopting a data transmission channel under the current industrial control node.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method for acquiring and storing credible data of an industrial internet under a multi-node industrial control network environment is characterized by comprising the following steps:
dividing and numbering industrial internet data, uploading the industrial internet data through each industrial control node in the multi-node industrial control network, and selecting main industrial control nodes reported in the current round according to an information entropy mode;
the elected main industrial control node initiates data reporting according to the corresponding number, communicates with other industrial control nodes in the multi-node industrial control network, feeds back a negotiation session result to the edge server, and the edge server judges whether to store data according to the feedback result;
and the edge server network selects nodes for data transmission and storage according to the distance between each edge server and the industrial internet data to be stored.
2. The method for acquiring and storing the credible data of the industrial internet under the multi-node industrial control network environment as claimed in claim 1, wherein the selection of the main industrial control nodes reported in the current round according to the information entropy is specifically as follows:
calculating the sectional information entropy of the corresponding number of the industrial internet data which needs to be reported in each industrial control node;
calculating the information entropy sum of the industrial internet data which needs to be reported by each industrial control node according to the segmented information entropy of each corresponding number;
and the edge server receives the information entropy sum data of each industrial control node in the multi-node industrial control network, and selects the main industrial control node according to the information entropy sum data.
3. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 2, wherein the step of selecting the main industrial control nodes according to the total entropy data of each piece of information specifically comprises the following steps:
sorting the information entropy sum data from each industrial control node according to the size of the data volume;
selecting one or more industrial control nodes with the largest data quantity and carrying out order marking according to the sorting result of the data quantity;
and sending the selected main industrial control nodes to a multi-node industrial control network through broadcasting.
4. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 1, wherein the communication with other industrial control nodes in the multi-node industrial control network specifically comprises:
the main industrial control node reports the data and simultaneously copies the data to other nodes in the multi-node industrial control network and sends a confirmation request;
other nodes verify the received data logicality and repetition rate, and if the received data logicality and repetition rate pass the verification, the other nodes send receiving messages to the multi-node industrial control network;
and judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network, and if so, sending a feedback message to the edge server for processing.
5. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 4, wherein the verification of the received data logicality and repetition rate by other nodes is specifically as follows:
verifying the current view number v, the current request number q, the digest of the message content a(m)And the content m of the message, if v and q are repeated with what previously occurred in other messages, while a(m)And m is different from it, the request is rejected, and in addition the request is accepted and an acceptance message is sent.
6. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 4, wherein the step of judging whether to achieve consensus according to the release condition of the received message in the multi-node industrial control network specifically comprises the steps of:
judging whether the number of the received message contents sent by different nodes in the multi-node industrial control network in a preset time range is consistent with the number of the received message contents sent by different nodes in the multi-node industrial control network exceeds a threshold value 2f or not;
if the node exceeds the threshold value, the main industrial control node sends a promise message to other nodes in the multi-node industrial control network, and when a certain node receives the promise message sent by 2f +1 nodes, the node judges that consensus is achieved.
7. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 1, wherein the step of the edge server judging whether to store the data according to the feedback result specifically comprises the following steps:
acquiring the quantity of industrial control nodes in the current multi-node industrial control network;
and judging whether the quantity of the received feedback messages exceeds a preset proportion relative to the quantity of the industrial control nodes, if so, judging to store data, and otherwise, not storing the data.
8. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 1, wherein the step of selecting the node according to the distance between each edge server and the industrial internet data to be stored specifically comprises the following steps:
allocating an ID mark for each node in the edge server network;
calculating a 160-bit hash value of the data to be stored as a Key and calculating the distance from the ID to an edge server t closest to the Key;
after the query request confirmation is sent to the edge server t repeatedly, the data is transmitted to the corresponding node for data storage.
9. The method for acquiring and storing the trusted data of the industrial internet in the multi-node industrial control network environment according to claim 8, wherein the repeatedly sending the query request to the edge server t confirms that:
sending a query request to an edge server t, judging whether a node target receiving the query request is the node target of the edge server t, and if so, returning the node ID of the node target;
if not, the distance between the ID and the edge server t is monitored, alpha closer node IDs in the K bucket corresponding to the ID are called, and the node IDs are returned as replies.
10. An industrial internet trusted data acquisition and storage system in a multi-node industrial control network environment is characterized by comprising a memory and a processor, wherein the memory comprises an industrial internet trusted data acquisition and storage program in the multi-node industrial control network environment, and the steps of the industrial internet trusted data acquisition and storage method in the multi-node industrial control network environment according to any one of claims 1 to 9 are realized when the industrial internet trusted data acquisition and storage program in the multi-node industrial control network environment is executed by the processor.
CN202210548987.5A 2022-05-20 2022-05-20 Industrial internet trusted data acquisition and storage method and system Active CN114666166B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210548987.5A CN114666166B (en) 2022-05-20 2022-05-20 Industrial internet trusted data acquisition and storage method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210548987.5A CN114666166B (en) 2022-05-20 2022-05-20 Industrial internet trusted data acquisition and storage method and system

Publications (2)

Publication Number Publication Date
CN114666166A true CN114666166A (en) 2022-06-24
CN114666166B CN114666166B (en) 2022-10-04

Family

ID=82036588

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210548987.5A Active CN114666166B (en) 2022-05-20 2022-05-20 Industrial internet trusted data acquisition and storage method and system

Country Status (1)

Country Link
CN (1) CN114666166B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110321721A (en) * 2019-07-02 2019-10-11 石家庄铁道大学 Electronic health record access control method based on block chain
US10623429B1 (en) * 2017-09-22 2020-04-14 Amazon Technologies, Inc. Network management using entropy-based signatures
US20200162251A1 (en) * 2018-11-09 2020-05-21 Ares Technologies, Inc. Systems and methods for distributed key storage
CN112235379A (en) * 2020-09-30 2021-01-15 电子科技大学 Block chain bottom layer shared storage method
WO2022088807A1 (en) * 2020-10-30 2022-05-05 深圳壹账通智能科技有限公司 Distributed file storage method and system based on blockchain, and server and client

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10623429B1 (en) * 2017-09-22 2020-04-14 Amazon Technologies, Inc. Network management using entropy-based signatures
US20200162251A1 (en) * 2018-11-09 2020-05-21 Ares Technologies, Inc. Systems and methods for distributed key storage
CN110321721A (en) * 2019-07-02 2019-10-11 石家庄铁道大学 Electronic health record access control method based on block chain
CN112235379A (en) * 2020-09-30 2021-01-15 电子科技大学 Block chain bottom layer shared storage method
WO2022088807A1 (en) * 2020-10-30 2022-05-05 深圳壹账通智能科技有限公司 Distributed file storage method and system based on blockchain, and server and client

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘佳等: "《基于非均匀分簇和信息熵的无线传感网络路由算法》", 《传感技术学报》 *
梁小燕: "《区块链环境下基于信息熵的医疗数据共享激励机制》", 《中国优秀硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN114666166B (en) 2022-10-04

Similar Documents

Publication Publication Date Title
CN109302405B (en) Industrial data detection block chain network system based on edge calculation and detection method
CN106230851B (en) Data security method and system based on block chain
US10284377B2 (en) Method for validating messages
CN113282603B (en) Block chain consensus node checking method, device, equipment and storage medium
CN111427957A (en) Block chain voting information verification method, device, equipment and storage medium
CN110830520B (en) Robust and reliable edge storage method and system for Internet of things
CN110035058B (en) Resource request method, device and storage medium
US11362836B2 (en) Consensus protocol for permissioned ledgers
Singh et al. A state-of-art approach to misbehaviour detection and revocation in VANET: survey
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
US10091249B2 (en) Method and system for synchronization of two databases in a lawful interception network by comparing checksum values
CN111865595A (en) Block chain consensus method and device
HanataniI et al. A study on computational formal verification for practical cryptographic protocol: the case of synchronous RFID authentication
CN114666166B (en) Industrial internet trusted data acquisition and storage method and system
CN110618989A (en) Information processing method, information processing device and related product
CN115643030A (en) Power distribution network safety multistage blocking emergency response system and method
CN115208779A (en) Data stream monitoring method based on block chain and big data and cloud computing service platform
CN116224915A (en) Distributed manufacturing process quality monitoring method and system based on federal learning
CN111814204B (en) Block chain-based data consensus method, related equipment and storage medium
Wallis et al. Safeguarding data integrity by cluster-based data validation network
CN117036038B (en) Transaction processing method, device, equipment and storage medium based on alliance chain
Yakan et al. A Novel AI Security Application Function of 5G Core Network for V2X C-ITS Facilities Layer
CN113542251B (en) Data reporting method and device
CN113595240B (en) Method, device, equipment and storage medium for detecting electric power data
CN113079018B (en) Dining data processing method and intelligent dining table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Trusted Data Acquisition and Storage Methods and Systems for Industrial Internet

Effective date of registration: 20231108

Granted publication date: 20221004

Pledgee: Guotou Taikang Trust Co.,Ltd.

Pledgor: Zhejiang Mulian Internet of things Technology Co.,Ltd.

Registration number: Y2023980064454

PE01 Entry into force of the registration of the contract for pledge of patent right