CN116455596A - Virtual power plant data security protection method based on consensus mechanism - Google Patents

Virtual power plant data security protection method based on consensus mechanism Download PDF

Info

Publication number
CN116455596A
CN116455596A CN202310125864.5A CN202310125864A CN116455596A CN 116455596 A CN116455596 A CN 116455596A CN 202310125864 A CN202310125864 A CN 202310125864A CN 116455596 A CN116455596 A CN 116455596A
Authority
CN
China
Prior art keywords
data
information
energy
index
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310125864.5A
Other languages
Chinese (zh)
Inventor
廖波
徐鸿飞
赵云飞
沈子卿
屠智辉
戈伟
辜琳瑾
苏敏锐
蓝新斌
涂丹丹
温穆宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shunde Electric Power Design Institute Co ltd
Original Assignee
Guangdong Shunde Electric Power Design Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Shunde Electric Power Design Institute Co ltd filed Critical Guangdong Shunde Electric Power Design Institute Co ltd
Priority to CN202310125864.5A priority Critical patent/CN116455596A/en
Publication of CN116455596A publication Critical patent/CN116455596A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the field of virtual power plant information security, in particular to a virtual power plant data security protection method based on a consensus mechanism, which comprises the following encryption steps: the data providing node applies for registration to the system and generates a symmetric key and attribute information; symmetrically encrypting the data plaintext information by using the symmetric key to generate data ciphertext information; uploading data ciphertext information to a data chain; the method comprises the steps that index information generated and sent by a data chain according to data ciphertext information is received; performing secondary encryption on the index information according to the attribute information and the symmetric key to generate index ciphertext information; and uploading the generated index ciphertext information to an index chain. The encryption step of the invention relates to two block chains of the data chain and the index chain, and different ciphertext information is respectively stored through the two block chains, so that the decentralised storage of data in a public network or a alliance chain can be ensured, and the integrity and the safety of the data are ensured.

Description

Virtual power plant data security protection method based on consensus mechanism
Technical Field
The invention relates to the field of virtual power plant information safety, in particular to a virtual power plant data safety protection method based on a consensus mechanism.
Background
In the context of new rounds of power system innovation, the power system electricity selling side market has gradually released to social capital, where a large array of new participating entities, such as integrated energy servers, load aggregators, and virtual power plants (Virtual Power Plant, VPP), are emerging. The controllable resources of the power grid are also richer, and the flexibility of the power side and the demand side is more outstanding. The virtual power plants are used as a plurality of small-scale resource entities to flexibly cooperate under the market driving, can provide electric energy service similar to the traditional power plants, support safe and stable operation of a power grid, and realize autonomy and sharing. Autonomy is an operation concept, and aims to ensure that the system can be effectively aggregated in pairs, and the market operation and accurate regulation and control can be unified; sharing is a business model to address the collaboration and win-win of multiple heterogeneous distributed energy sources. To achieve this objective, all that is needed is to solve the trust foundation problem, and weaken the market predominance of third party operating agents.
Problems in conventional virtual power plants mainly include two major aspects: accounting period and information security because energy information and revenue accounting in conventional virtual power plants depend on a centralized structure, there may be phenomena of poor revenue accounting efficiency and false energy information. Meanwhile, the system is a centralized system, and the virtual power plant needs to be continuously connected with new distributed energy sources, so that the system is flexibly allocated, the system is inevitably required to be connected through a public network, at the moment, hacker invasion is easy to cause user identity disguise and data leakage, and the safe operation of the virtual power plant is also threatened greatly.
Some current transaction systems have gradually begun to evolve towards "decentralization", from technology morphology analysis, i.e. the introduction of modern cryptography techniques, and blockchain techniques incorporating consensus mechanisms, based on the strategic achievement of consensus among different organizations and organizations within a federation, to form a federated chain. However, the use case of combining the blockchain and the virtual power plant is still in blank period, the data sharing and the information security based on the blockchain can effectively ensure the transparent disclosure of the energy transaction, so that each node has equal speaking right, and the introduction of the blockchain based on the consensus mechanism into the transaction management mode of the virtual power plant is certainly a new idea.
Disclosure of Invention
The invention aims to overcome at least one defect (deficiency) of the prior art, and provides a virtual power plant data security protection method based on a consensus mechanism, which is used for encrypting data and guaranteeing information security.
The technical scheme adopted by the invention is that the virtual power plant data security protection method based on a consensus mechanism is provided, the method comprises an encryption step, and the encryption step comprises the following steps:
the data providing node applies for registration to the system and generates a symmetric key and attribute information;
the data providing node symmetrically encrypts the data plaintext information by using the symmetric key to generate data ciphertext information;
the data providing node uploads the data ciphertext information to the data chain;
the data providing node receives index information generated and sent by a data chain according to the data ciphertext information;
the data providing node carries out secondary encryption on the index information according to the attribute information and the symmetric key to generate index ciphertext information;
the data providing node uploads the generated index ciphertext information to the index chain.
The encryption process of the invention relates to two block chains of a data chain and an index chain, wherein a ciphertext chain stores data ciphertext information, and the index chain stores index ciphertext information. Different ciphertext information is stored through the two block chains respectively, so that the decentralization storage of data can be ensured in a public network or a alliance chain, and the integrity and the safety of the data are ensured. The invention further utilizes the re-encryption algorithm based on the attribute information to carry out secondary encryption on the index ciphertext information stored in the index chain, thereby further ensuring the privacy security and privacy sharing of the data on the index chain and effectively reducing the calculation load of the system. The method does not depend on a single data chain to improve the sharing safety problem of data, reduces the calculation and communication expenditure in actual production, and ensures the integrity, confidentiality and anti-repudiation of the system.
Further, the method includes a decryption step, the decryption step including:
the data demand node applies for registration to the system to generate a key pair and attribute information;
the data demand node sends the public key in the key pair to the data providing node;
the data providing node re-encrypts the public key to generate a re-encryption key;
the data providing node sends the re-encryption key to the data proxy node;
the data proxy node acquires corresponding index ciphertext information from the index chain according to the re-encryption key, and performs ciphertext conversion on the index ciphertext information;
the data agent node sends index ciphertext information after ciphertext conversion to the data demand node;
the data demand node decrypts the index ciphertext information after ciphertext conversion according to the private key and the attribute information in the key pair to obtain index information and a symmetric key;
the data demand node acquires data ciphertext information from the data chain through the index information and decrypts the data ciphertext information according to the symmetric key to obtain data plaintext information.
The decryption process of the invention involves the data providing node re-encrypting the public key generated by the data demand node to generate a re-encryption key; the data proxy node acquires the needed index ciphertext information from the index chain, and performs ciphertext conversion on the index ciphertext information through a re-encryption algorithm according to the re-encryption key; the key pair generated by the data demand node comprises a public key and a private key, and the ciphertext encrypted by the public key needs to be decrypted by using the private key, so that the data demand node decrypts the index ciphertext information converted by the ciphertext according to the private key and the attribute information in the key pair, index information and a symmetric key generated in the encryption process can be obtained, the data ciphertext information stored in the data chain is obtained according to the index information and the symmetric key, and then the data plaintext information is decrypted to obtain the data plaintext information. The security and confidentiality of the decryption process can be ensured by using the re-encryption algorithm, and authority filtering can be performed, so that the data proxy node can acquire the public key required to be used.
Further, the data chain and the index chain are federation chains and/or private chains.
The data chain and the index chain used in the invention can be replaced by the alliance chain or the private chain, and the specific use needs to be determined according to the use scene, wherein the alliance chain has a consensus mechanism and is decentralised, so that the alliance chain is preferentially considered, and the private chain is considered when partial data with higher external security is needed. The data chain and the index chain are selected and replaced by combining the advantages and disadvantages of the data types and different block chains, so that the encryption step and the decryption step are more flexible.
Further, the attribute information includes a system parameter and a system master key.
According to the invention, an attribute re-encryption algorithm is used according to the attribute information, the system parameters can verify the nodes during data uplink, and the combination of the system parameters and the system master key can carry out secondary encryption on the index information, so that the security of data uplink is further ensured.
Further, the data providing node and the data requiring node each comprise an energy wallet for conducting energy transactions.
The energy wallets used in the present invention are also implemented using blockchain for use as a payment means during energy transactions.
Further, the data plaintext information is energy transaction list information, and the energy transaction process comprises the following steps:
the energy demand party is used as a data providing node to generate an energy transaction list, and the energy transaction list is encrypted through an encryption step to generate ciphertext information;
the data providing node broadcasts the ciphertext information to each data demand node, the data demand node receives the ciphertext information, decrypts the received ciphertext information through a decryption step to obtain an energy transaction list, and responds and contracts if the energy transaction list meets the requirement;
after contract signing is completed, the data demand node for contract signing is used as an energy provider to conduct point-to-point electricity selling on the energy demand side according to the contract;
after the point-to-point electricity selling is finished, the energy demand party confirms the electricity selling process, deducts the corresponding quantity in the energy wallet of the energy demand party according to the contract if no objection exists, and increases the deducted quantity to the energy provider.
Problems in conventional virtual power plants mainly include two major aspects: settlement period and information security. Since energy information and revenue settlement in conventional virtual power plants depend on a centralized structure, there may be a phenomenon that revenue settlement efficiency is low and false energy information. Meanwhile, in order to ensure flexible allocation, the virtual power plant inevitably needs to access a system through a public network, and at the moment, the risk of disguising user identity and data leakage caused by hacker invasion is high, so that the safe operation of the virtual power plant is also greatly threatened. Therefore, in the process of energy transaction, the encryption process and the decryption process are used for encrypting and decrypting the energy transaction list, and contract signing is carried out according to actual conditions, so that the safety of the energy transaction process can be ensured, the settlement period is effectively shortened by using the energy wallet for transaction, and the safety of the energy transaction process is further improved.
Further, the energy demand and energy provider includes a number of virtual power plants and/or a number of distributed energy production consumers.
The invention supports energy transaction between a plurality of virtual power plants and a plurality of distributed energy production consumers, contract signing processes of the energy transaction are mutually selected, authority responsibility between the virtual power plants and the distributed energy production consumers is equal, and measurement disclosure is transparent. Meanwhile, the invention is not limited to energy transaction between the virtual power plants and the distributed energy production consumers, and the energy transaction can be performed point-to-point between the two virtual power plants or between the two distributed energy production consumers, so that the energy distribution is more flexible.
Furthermore, both the energy demand party and the energy provider party are provided with embedded tamper-proof intelligent metering equipment for ensuring accurate metering in the energy transaction process.
The embedded tamper-resistant intelligent metering device is mainly applied to intelligent meters of energy demand parties and energy providers, and is used for protecting intelligent meter data by combining methods such as security authentication, encryption algorithm or clock protection. If the embedded tamper-resistant intelligent metering device is not used, the data of the data provider can be intercepted and modified, so that the transaction data is diverged; by adopting the embedded tamper-proof intelligent metering equipment, the absolute reality and effectiveness of metering data can be ensured, and anyone can not directly modify uplink data, so that reliable shared transaction data can be provided by both energy transaction parties.
Further, the system comprises an access service module for registering, logging in and logging out the data providing node and the data demand node;
the system comprises an attribute authorization module for issuing attribute information to the data providing node and the data demand node.
The system also comprises a business module for monitoring the operation scheduling of the virtual power plant and the process of carrying out energy transaction, and for different business types, the business module can be used for instantiating the blockchain into a scheduling private chain or a transaction alliance chain.
Further, the system performs periodic updating or on-demand updating on the symmetric key. Updating the symmetric key may further improve the security of key management. More specifically, the system updates the symmetric key using the cryptographic module.
Compared with the prior art, the invention has the beneficial effects that:
(1) The encryption process of the invention relates to two block chains of a data chain and an index chain, wherein a ciphertext chain stores data ciphertext information, and the index chain stores index ciphertext information. Different ciphertext information is respectively stored through the two block chains, so that the decentralised storage of data can be ensured in a public network or a alliance chain, and the integrity and the safety of the data are ensured;
(2) The invention utilizes the re-encryption algorithm based on the attribute information to carry out secondary encryption on the index ciphertext information stored in the index chain, thereby further ensuring the privacy security and privacy sharing of the data on the index chain and effectively reducing the calculation load of the system;
(3) The invention does not depend on a single data chain to improve the sharing safety problem of data, reduces the calculation and communication expenditure in actual production, and ensures the integrity, confidentiality and anti-repudiation of the system;
(4) In the invention, the encryption process and the decryption process are used for encrypting and decrypting the energy transaction list in the process of carrying out the energy transaction, and contract signing is carried out according to the actual situation, so that the safety of the energy transaction process can be ensured, the calculation period is effectively shortened by using the energy wallet for carrying out the transaction, and the safety of the energy transaction process is further improved.
Drawings
FIG. 1 is a flowchart of the encryption steps of the present invention.
Fig. 2 is a flowchart of the decryption step of the present invention.
Fig. 3 is a flow chart of the energy transaction process of the present invention.
FIG. 4 is a schematic diagram of energy transactions between a plurality of virtual power plants and a plurality of distributed energy production consumers according to the present invention.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the invention. For better illustration of the following embodiments, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the actual product dimensions; it will be appreciated by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
Example 1
As shown in fig. 1, the present embodiment provides a virtual power plant data security protection method based on a consensus mechanism, where the method includes an encryption step, and the encryption step includes:
a1, the data providing node applies for registration to the system to generate a symmetric key and attribute information;
a2, the data providing node symmetrically encrypts the data ciphertext information by using the symmetric key to generate the data ciphertext information;
a3, the data providing node uploads the data ciphertext information to the data chain;
a4, the data providing node receives index information generated and transmitted by a data chain according to the data ciphertext information;
a5, the data providing node carries out secondary encryption on the index information according to the attribute information and the symmetric key to generate index ciphertext information;
a6, the data providing node uploads the generated index ciphertext information to an index chain.
The method and the device are mainly applied to data security protection of the virtual power plant, and data of the virtual power plant relate to a data provider, a data demander and a data agent in the process of interaction. The data provider is responsible for providing data plaintext information and encrypting and uploading the data plaintext information to generate ciphertext information; the data demander is responsible for decrypting the ciphertext information so as to acquire the needed data plaintext information; the data agent is responsible for acquiring the needed index ciphertext information from the index chain, and performing ciphertext conversion on the index ciphertext information through a re-encryption algorithm according to the re-encryption key, so that the safety of the decryption step is ensured.
In this embodiment, the data provider applies for registration as a data providing node to the system, generates a symmetric key and attribute information, and is responsible for symmetrically encrypting data plaintext information by using the symmetric key in the encryption step, generating data ciphertext information, uploading the data ciphertext information to the data chain, receiving index information generated and transmitted by the data chain according to the data ciphertext information, performing secondary encryption on the index information according to the attribute information and the symmetric key thereof, generating index ciphertext information, and uploading the generated index ciphertext information to the index chain.
The encryption step of the embodiment is directed to a data provider, and relates to a data chain and an index chain, wherein the two block chains respectively store different ciphertext information, so that the decentralization storage of data can be ensured in a public network or a alliance chain, and the integrity and the safety of the data are ensured. The method does not depend on a single data chain to improve the sharing safety problem of data, reduces the calculation and communication expenditure in actual production, and ensures the integrity, confidentiality and anti-repudiation of the system.
The embodiment also utilizes the re-encryption algorithm based on the attribute information to carry out secondary encryption on the index ciphertext information stored in the index chain, thereby further ensuring the privacy security and privacy sharing of the data on the index chain and effectively reducing the calculation load of the system.
As shown in fig. 2, the method in this embodiment includes a decryption step, where the decryption step includes:
b1, the data demand node applies for registration to the system to generate a key pair and attribute information;
b2, the data demand node sends the public key in the key pair to the data providing node;
b3, the data providing node re-encrypts the public key to generate a re-encryption key;
b4, the data providing node sends the re-encryption key to the data proxy node;
b5, the data proxy node acquires corresponding index ciphertext information from the index chain according to the re-encryption key, and performs ciphertext conversion on the index ciphertext information;
b6, the data agent node sends the index ciphertext information after ciphertext conversion to the data demand node;
b7, the data demand node decrypts the index ciphertext information after ciphertext conversion according to the private key and the attribute information in the key pair to obtain index information and a symmetric key;
and B8, the data demand node acquires the data ciphertext information from the data chain through the index information and decrypts the data ciphertext information according to the symmetric key to obtain the data plaintext information.
The decryption step of the embodiment is directed to a data provider, a data demander and a data agent, and a re-encryption algorithm is used to ensure the security and confidentiality of the decryption process, and authority filtering can be performed to ensure that the data agent can acquire a public key required to be used.
In this embodiment, the data provider is used as a data providing node, and is responsible for re-encrypting the public key in the decryption step, generating a re-encryption key, and sending the re-encryption key to the data proxy node; the data demander applies for registration to the system as a data demand node, generates a key pair and attribute information, sends a public key in the key pair to a data providing node, decrypts the index ciphertext information converted by ciphertext according to the private key and the attribute information in the key pair to obtain index information and a symmetric key, obtains the data ciphertext information from a data chain through the index information, and decrypts the data ciphertext information according to the symmetric key to obtain data plaintext information. The data agent is used as a data agent node to acquire corresponding index ciphertext information from the index chain according to the re-encryption key, ciphertext conversion is carried out on the index ciphertext information, and the index ciphertext information after ciphertext conversion is sent to the data demand node.
In the actual use process, the data chain and the index chain are alliance chains and/or private chains. The federation chain and the private chain have corresponding advantages and disadvantages when in use, wherein the private chain is a blockchain in which only permitted nodes can participate in and view all data, the external security is higher, and the policy can be completely customized by a user himself, so that the response speed is extremely high, but compared with a public chain and the federation chain, the private chain has no decentralization characteristic, and the user can randomly modify the data stored on the private chain; the alliance chain is a blockchain which is jointly participated in management by a plurality of institutions or organizations, each institution or organization respectively runs one or more nodes, each institution or organization forms consensus on the policies of the blockchain, data allow the institutions or organizations in the alliance chain to read and send transactions and jointly record transaction information, but the external security of the data of the alliance chain is lower than that of the private chain, and the different institutions or organizations in the alliance chain can jointly modify blockchain data. The embodiment can select according to the self conditions of different data and combining the advantages and disadvantages of the alliance chain and the private chain.
In the embodiment, the data link and the index link in the encryption step and the decryption step can use the alliance link and/or the private link, so that the data of the virtual power plant is coordinated and matched by the alliance link and the private link, and compared with the single use of the alliance link to store all the data, the system is more intelligent by coordinating and storing the data by matching the private link. In the actual use process, in order to realize the decentralization, the use of the alliance chain is prioritized, and meanwhile, the consensus mechanism can be realized only by using the alliance chain. However, part of data such as scheduling information of the virtual power plant needs to be stored in the private chain, so that the system operation efficiency is improved, the system redundancy is reduced to be excessively larger than that of the multi-chain co-stored data, and meanwhile, the guarantee is further increased for the safety of the data outside.
The attribute information in this embodiment includes a system parameter and a system master key. And according to the attribute information, an attribute re-encryption algorithm is used, system parameters can be used for verifying the nodes during data uplink, and index information can be encrypted for the second time by combining the system parameters with a system master key, so that the security of data uplink is ensured.
The data providing node and the data requiring node of this embodiment each include an energy wallet for performing energy transactions. The energy wallets used are also implemented using blockchain for use as a payment means during energy transactions.
Problems in conventional virtual power plants mainly include two major aspects: settlement period and information security. The data plaintext information in this embodiment may be scheduling information of the virtual power plant, communication information between the virtual power plants, communication information between the virtual power plant and the user side, real-time measurement information of an ammeter at the user side, energy transaction list information, and the like, and when in use, the information is encrypted and decrypted through an encryption step and a decryption step according to specific conditions, so that information security of the virtual power plant is ensured.
In the energy transaction process, the data plaintext information is energy transaction bill information, and encryption and decryption are needed to ensure the safety of the energy transaction process. As shown in fig. 3, the energy transaction process includes:
s1, an energy demand party is used as a data providing node to generate an energy transaction list, and the energy transaction list is encrypted through an encryption step to generate ciphertext information;
s2, broadcasting ciphertext information to each data demand node by the data supply node, receiving the ciphertext information by the data demand nodes, decrypting the received ciphertext information through a decryption step to obtain an energy transaction list, and responding and contracting if the energy transaction list meets the requirement;
s3, after contract signing is completed, the data demand node for contract signing is used as an energy provider to conduct point-to-point electricity selling on the energy demand side according to the contract;
and S4, after the point-to-point electricity selling is finished, the energy demand party confirms the electricity selling process, deducts the corresponding quantity in the energy wallet of the energy demand party according to the contract if no objection exists, and increases the deducted quantity to the energy provider.
In the embodiment, the encryption process and the decryption process are used for encrypting and decrypting the energy transaction list in the process of carrying out the energy transaction, and contract signing is carried out according to the actual situation, so that the safety of the energy transaction process can be ensured, the calculation period is effectively shortened when the energy wallet is used for carrying out the transaction, and the safety of the energy transaction process is further improved.
When the energy transaction is carried out, the alliance chain is used for information storage, because the private chain is completely formulated by a user, if the private chain is used for storing transaction information, the transaction information such as money and the like can be modified at will, so that the credibility of the data is lower.
The energy demand and energy provider described in this embodiment includes several virtual power plants and/or several distributed energy production consumers. As shown in fig. 4, the embodiment supports energy transaction between a plurality of virtual power plants and a plurality of distributed energy production consumers, contract signing processes of the energy transaction are mutually selected, authority responsibility between the virtual power plants and the distributed energy production consumers is equal, and measurement disclosure is transparent. Meanwhile, the energy transaction between the virtual power plants and the distributed energy production consumers is not limited, and the energy transaction between the two virtual power plants or between the two distributed energy production consumers can be performed point-to-point, so that the energy distribution is more flexible.
The data providing node and the data demand node in this embodiment each include embedded tamper-resistant intelligent metering devices.
The embedded tamper-resistant intelligent metering device is mainly applied to intelligent meters of energy demand parties and energy providers, and is used for protecting intelligent meter data by combining methods such as security authentication, encryption algorithm or clock protection. In the embodiment, the data can be protected through the SDK module of the data on the embedded chain of the intelligent meter, trusted hardware can be integrated in the SDK module, the common key is made by combining the data on the chain, the key is strongly correlated with time, and the key used by each authentication has common knowledge decision of all nodes on the chain, so that any single node can not change the key, and the accurate measurement of the data of the intelligent meter can not be tampered.
The system of the embodiment carries out periodic updating or updating according to the requirement on the symmetric key, thereby improving the security of key management.
The system comprises an access service module, an attribute authorization module, a service module and a password module;
the access service module is used for registering, logging in and logging out the data providing node and the data demand node, and the nodes accessed by the alliance chain and the private chain can be used only by permission, so that the access service module is required to register, log in and log out the nodes;
the attribute authorization module is used for issuing attribute information to the data providing node and the data demand node and issuing a symmetric key to the data providing node;
the service module is used for monitoring the operation scheduling of the virtual power plant and the process of carrying out energy transaction, and for different service types, the service module can be used for instantiating the blockchain into a private chain or a alliance chain, for example, the private chain is used for the scheduling service of the virtual power plant, and the alliance chain is used for the energy transaction service;
the cryptographic module is used for updating the symmetric key, and can be updated according to the actual selection period or on demand.
It should be understood that the foregoing examples of the present invention are merely illustrative of the present invention and are not intended to limit the present invention to the specific embodiments thereof. Any modification, equivalent replacement, improvement, etc. that comes within the spirit and principle of the claims of the present invention should be included in the protection scope of the claims of the present invention.

Claims (10)

1. The virtual power plant data security protection method based on the consensus mechanism is characterized by comprising an encryption step, wherein the encryption step comprises the following steps:
the data providing node applies for registration to the system and generates a symmetric key and attribute information;
the data providing node symmetrically encrypts the data plaintext information by using the symmetric key to generate data ciphertext information;
the data providing node uploads the data ciphertext information to the data chain;
the data providing node receives index information generated and sent by a data chain according to the data ciphertext information;
the data providing node carries out secondary encryption on the index information according to the attribute information and the symmetric key to generate index ciphertext information;
the data providing node uploads the generated index ciphertext information to the index chain.
2. The method for protecting data security of a virtual power plant based on a consensus mechanism according to claim 1, wherein the method comprises a decryption step comprising:
the data demand node applies for registration to the system to generate a key pair and attribute information;
the data demand node sends the public key in the key pair to the data providing node;
the data providing node re-encrypts the public key to generate a re-encryption key;
the data providing node sends the re-encryption key to the data proxy node;
the data proxy node acquires corresponding index ciphertext information from the index chain according to the re-encryption key, and performs ciphertext conversion on the index ciphertext information;
the data agent node sends index ciphertext information after ciphertext conversion to the data demand node;
the data demand node decrypts the index ciphertext information after ciphertext conversion according to the private key and the attribute information in the key pair to obtain index information and a symmetric key;
the data demand node acquires data ciphertext information from the data chain through the index information and decrypts the data ciphertext information according to the symmetric key to obtain data plaintext information.
3. The virtual power plant data security protection method based on the consensus mechanism according to claim 2, wherein the data chain and the index chain are alliance chains and/or private chains.
4. The method for protecting data security of a virtual power plant based on a consensus mechanism according to claim 2, wherein the attribute information comprises a system parameter and a system master key.
5. A virtual power plant data security protection method based on a consensus mechanism according to claim 2, wherein the data providing node and the data requiring node each comprise an energy wallet for energy transactions.
6. The method for protecting data security of a virtual power plant based on a consensus mechanism according to claim 5, wherein the plaintext information of the data is energy trading order information, and the energy trading process comprises:
the energy demand party is used as a data providing node to generate an energy transaction list, and the energy transaction list is encrypted through an encryption step to generate ciphertext information;
the data providing node broadcasts the ciphertext information to each data demand node, the data demand node receives the ciphertext information, decrypts the received ciphertext information through a decryption step to obtain an energy transaction list, and responds and contracts if the energy transaction list meets the requirement;
after contract signing is completed, the data demand node for contract signing is used as an energy provider to conduct point-to-point electricity selling on the energy demand side according to the contract;
after the point-to-point electricity selling is finished, the energy demand party confirms the electricity selling process, deducts the corresponding quantity in the energy wallet of the energy demand party according to the contract if no objection exists, and increases the deducted quantity to the energy provider.
7. The method for protecting data security of a virtual power plant based on a consensus mechanism according to claim 6, wherein the energy demand side and the energy provider side comprise a plurality of virtual power plants and/or a plurality of distributed energy production consumers.
8. The virtual power plant data security protection method based on the consensus mechanism according to claim 6, wherein the energy demand party and the energy provider are provided with embedded tamper-proof intelligent metering devices.
9. A virtual power plant data security protection method based on a consensus mechanism according to any of claims 1 to 8 and wherein the system comprises an access service module for registering, logging in and logging out data providing nodes and data requiring nodes;
the system comprises an attribute authorization module for issuing attribute information to the data providing node and the data demand node.
10. A virtual power plant data security protection method based on a consensus mechanism according to any of the claims 1 to 8, wherein a system updates the symmetric key periodically or on demand.
CN202310125864.5A 2023-02-16 2023-02-16 Virtual power plant data security protection method based on consensus mechanism Pending CN116455596A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310125864.5A CN116455596A (en) 2023-02-16 2023-02-16 Virtual power plant data security protection method based on consensus mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310125864.5A CN116455596A (en) 2023-02-16 2023-02-16 Virtual power plant data security protection method based on consensus mechanism

Publications (1)

Publication Number Publication Date
CN116455596A true CN116455596A (en) 2023-07-18

Family

ID=87122621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310125864.5A Pending CN116455596A (en) 2023-02-16 2023-02-16 Virtual power plant data security protection method based on consensus mechanism

Country Status (1)

Country Link
CN (1) CN116455596A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109522681A (en) * 2018-09-19 2019-03-26 北京非对称区块链科技有限公司 Digital content really weighs method, apparatus and storage medium
CN111414435A (en) * 2020-05-22 2020-07-14 浙江工商大学 Searchable encryption data cloud storage method based on block chain and homomorphic encryption
CN112434343A (en) * 2020-11-25 2021-03-02 江西理工大学 Virtual power plant safety scheduling and transaction method based on dual block chain technology
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 Block chain-based cross-domain trusted data security management method and system
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109522681A (en) * 2018-09-19 2019-03-26 北京非对称区块链科技有限公司 Digital content really weighs method, apparatus and storage medium
CN111414435A (en) * 2020-05-22 2020-07-14 浙江工商大学 Searchable encryption data cloud storage method based on block chain and homomorphic encryption
CN112434343A (en) * 2020-11-25 2021-03-02 江西理工大学 Virtual power plant safety scheduling and transaction method based on dual block chain technology
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 Block chain-based cross-domain trusted data security management method and system

Similar Documents

Publication Publication Date Title
Yu et al. A blockchain-based shamir’s threshold cryptography scheme for data protection in industrial internet of things settings
Li et al. Blockchain-enabled secure energy trading with verifiable fairness in industrial Internet of Things
Bernabe et al. Privacy-preserving solutions for blockchain: Review and challenges
Erkin et al. Privacy-preserving data aggregation in smart metering systems: An overview
Abdallah et al. Lightweight authentication and privacy-preserving scheme for V2G connections
Xue et al. PPSO: A privacy-preserving service outsourcing scheme for real-time pricing demand response in smart grid
CN113595971A (en) Block chain-based distributed data security sharing method, system and computer readable medium
US20170019248A1 (en) Homomorphic Based Method For Distributing Data From One or More Metering Devices To Two or More Third Parties
CN109450843B (en) SSL certificate management method and system based on block chain
CN110807206B (en) College certificate storage management system based on block chain and attribute password
CN109495592A (en) Data collaborative method and electronic equipment
CN109194523A (en) The multi-party diagnostic model fusion method and system, cloud server of secret protection
CN111461712B (en) Transaction privacy protection and hierarchical supervision in blockchain supply chain financial scenarios
Cao et al. Blockchain-empowered security and privacy protection technologies for smart grid
Ford et al. Secure and efficient protection of consumer privacy in advanced metering infrastructure supporting fine-grained data analysis
Zhang et al. Blockchain-based secure equipment diagnosis mechanism of smart grid
Gong et al. A data privacy protection scheme for Internet of things based on blockchain
Aung et al. Ethereum-based emergency service for smart home system: Smart contract implementation
CN104660583A (en) Encryption service method based on Web encryption service
Vetter et al. Homomorphic primitives for a privacy-friendly smart metering architecture.
George et al. Hybrid key management scheme for secure AMI communications
Muzumdar et al. Designing a blockchain-enabled privacy-preserving energy theft detection system for smart grid neighborhood area network
CN114547677B (en) Multiparty power department collaborative user privacy protection and tracing method and system
Saha et al. Integrating hardware security into a blockchain-based transactive energy platform
Yang et al. A blockchain based data monitoring and sharing approach for smart grids

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination