CN116743379B - Encryption transmission scheme determining method for power network data - Google Patents

Encryption transmission scheme determining method for power network data Download PDF

Info

Publication number
CN116743379B
CN116743379B CN202311009694.0A CN202311009694A CN116743379B CN 116743379 B CN116743379 B CN 116743379B CN 202311009694 A CN202311009694 A CN 202311009694A CN 116743379 B CN116743379 B CN 116743379B
Authority
CN
China
Prior art keywords
node
information
quantum key
data
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311009694.0A
Other languages
Chinese (zh)
Other versions
CN116743379A (en
Inventor
张磐
徐科
杨挺
吴磊
庞超
晋萃萃
陈沛
魏然
郑悦
陈沼宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Original Assignee
Tianjin University
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University, State Grid Corp of China SGCC, State Grid Tianjin Electric Power Co Ltd, Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd filed Critical Tianjin University
Priority to CN202311009694.0A priority Critical patent/CN116743379B/en
Publication of CN116743379A publication Critical patent/CN116743379A/en
Application granted granted Critical
Publication of CN116743379B publication Critical patent/CN116743379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Electromagnetism (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Optics & Photonics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Optical Communication System (AREA)

Abstract

The invention provides a method for determining an encryption transmission scheme of power network data, which comprises the following steps: verifying authenticity of quantum keys corresponding to all transmission paths through the information sink terminal; when the information sink terminal receives the true quantum key, determining whether all the received quantum keys are monitored by the information sink terminal of the non-information source; when all the quantum keys are determined not to be monitored in a preset time period, the true quantum keys are accepted and encrypted for transmission; and when the quantum key is determined to be monitored, the transmission is abandoned. When the information sink receives the true quantum keys and determines that all quantum keys are not monitored in a preset time period, the true quantum keys are adopted for encryption transmission; and when the quantum key is monitored, the transmission is abandoned, and the probability that the true quantum key is directly monitored is reduced by confusion of each pseudo quantum key, so that hidden danger caused by that a listener obtains a part of information of the true quantum key is reduced.

Description

Encryption transmission scheme determining method for power network data
Technical Field
The invention relates to the field of distribution automation, in particular to a method for determining an encryption transmission scheme of power network data.
Background
With the development of transverse and longitudinal data interaction applications of a power system, the power system has an increasing requirement on network security. Quantum communication is an important secret means of the power network in the data transmission process, has the characteristics of monitoring prevention, acquisition prevention and the like, and compared with the traditional communication technology, the quantum communication needs a special communication channel and has special requirements on network resources and transmission QoS.
The existing quantum communication technology mainly carries out encryption transmission on power grid data through a single quantum key, the transmission mode is to measure data under the same base selected by a signal destination end and a signal source end through a parity check method, whether the data are monitored is determined according to the correct probability of a measurement result, and the communication is abandoned when the monitoring is determined to exist. In the monitoring process, if the substrate of the listener is the same as the source end, the listener still obtains a part of photon states, and a certain potential safety hazard exists although a complete secret key cannot be obtained.
Disclosure of Invention
The invention provides a method for determining an encryption transmission scheme of power network data, which aims to solve the technical problem of reducing hidden danger caused by a listener obtaining a part of photon states of a true quantum key and improve the reliability of communication.
In order to solve the above technical problems, an embodiment of the present invention provides a method for determining an encryption transmission scheme of power network data, including:
verifying authenticity of quantum keys corresponding to all transmission paths through the information sink terminal; wherein each transmission path selected from the power network corresponds to one quantum key, and only one true quantum key exists; the key content of the true quantum key is different from that of the pseudo quantum key;
when the information sink terminal receives the true quantum key, determining whether all the received quantum keys are monitored by the non-information source information sink terminal by comparing the character strings of the information sink terminal with the character strings of the information source terminal and measuring based on the quantum keys;
when all the quantum keys are determined not to be monitored in a preset time period, the true quantum key is accepted, and data of the power network are transmitted in an encrypted mode through the true quantum key; and when the fact that the quantum key exists in the preset time period is monitored is determined, the transmission is abandoned.
As a preferred solution, the encrypting transmission is performed on the data of the power network through the true quantum key, specifically:
encrypting and transmitting the data of the power network on all transmission paths receiving the quantum key through the true quantum key; each transmission path receiving the quantum key transmits data with the size of D is all data to be transmitted of the power network, and m is the number of transmission paths for receiving the quantum key.
As a preferred scheme, the determining whether all the received quantum keys are monitored by the non-source information sink end specifically includes:
determining a base of the information sink terminal and a base of the information source terminal according to the character string of the information sink terminal and the character string of the information source terminal;
and acquiring measurement data through the corresponding quantum key, reserving the measurement data when the information sink terminal is the same as the information source terminal, taking the measurement data as first measurement reserved data, and determining whether the corresponding quantum key is monitored by the non-information source information sink terminal according to the proportion of the same character strings in the first measurement reserved data.
Preferably, after the measurement data is obtained through the corresponding quantum key, the method further comprises:
when the number of bits of the acquired measurement data is greater than twice of the number of character strings of the information sink end or the information source end, the measurement data when the information sink end and the information source end are the same as each other is reserved as second measurement reserved data; the number of the character string bits of the information sink end is the same as that of the character string bits of the information source end;
calculating a security index Se in real time according to the second measurement reservation data and the proportion of the same character strings i
The method comprises the steps of carrying out a first treatment on the surface of the Wherein I is same_base Reserving the length of the data for the second measurement, I same_bit The number of character strings is the same as the number of character strings when the information destination end is the same as the information source end;
according to the safety index calculated each time, calculating to obtain a standard index Se z =(Se i - μ)/σ; wherein μ is the average of all calculated security indexes in a current time period, and σ is the variance of all calculated security indexes in the current time period; the standard index is used for quantifying the relation between the network security index and the overall security of the power network in the current time period.
As a preferred solution, before verifying the authenticity of the quantum keys corresponding to all the transmission paths through the information destination, the method further includes:
acquiring a plurality of disjoint transmission paths based on equivalent multipaths through a preset equivalent multipath model; wherein, the optimization objective function of the equivalent multipath model is to minimize the maximum transmission delay in all transmission paths;
the constraint conditions corresponding to the equivalent multipath model comprise:
wherein t is the destination node,for a certain node pair in the power network, < > j->Node pair consisting of source node and destination node for power service, < > >For unidirectional links from node i to node j in the topology of the power network, i (e) For the link start, j (e) For the end of the link +.>Link indicating endpoint node t +.>A link representing the origin node v, +.>Link indicating endpoint node v +.>A link representing the origin node k, +.>For node pair->Electric power traffic of h vt For node pair->Is>For the capacity of link e>Is a binary variable +.>When 1, it indicates that link e is used for power traffic with destination node t, +.>When 0, it indicates that link e is not used for power traffic with destination node t, +.>The sum of the flows of all power traffic on link e for destination node t, +.>Representing node pair->The average load on all equivalent shortest path outlet links between,representing node i (e) Average load on all equivalent shortest path egress links between and node t, +.>Is node pairDistance between->For node j (e) Distance from node t,/>For node i (e) Distance from node t,/>For the weight corresponding to link e, +.>For maximum link utilization of the power network, S k Is a binary variable S k When the number is 0, the node with the number of k has the equal-cost multi-path load splitting function, S k When the number of the node is =1, one of all the exit links of the node with the number of k is selected as the shortest path for data transmission, that is, the node with the number of k does not have an equal-cost multi-path load splitting function, and M is a constant.
Preferably, after the obtaining the disjoint multiple transmission paths based on equivalent multipaths, the method further includes:
dynamically selecting nodes by adjusting route configuration and adopting a heuristic optimization algorithm, and configuring an equivalent multi-path function for the selected nodes so as to iteratively update the network state of the power network; wherein, in the process of updating each iteration, the mode of selecting the node comprises the following steps:
the priority of each service outflow node is calculated according to the following formula:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>For the priority of the service outflow node u, l e For the link connected to node u, k u The degree of the node u;
and selecting a part of nodes with highest priorities to configure the equivalent multi-path transmission function.
As a preferred scheme, the power network comprises a quantum key management center, a 5G communication network layer and a plurality of power distribution terminals; wherein, the liquid crystal display device comprises a liquid crystal display device,
the quantum key management center is used for generating, storing and managing quantum keys;
the 5G communication network layer is used for generating and distributing quantum keys and transmitting power business;
The power distribution terminal is a power distribution terminal with a data interaction function and a data interaction requirement and is used for generating, comparing and using quantum keys.
As a preferred scheme, the 5G communication network layer adopts a 5G slicing technology, and is divided into a plurality of virtual networks, and the plurality of virtual networks obtained by division are used for isolating the application of different power services; each virtual network comprises a corresponding communication channel, forwarding equipment and storage computing equipment.
As a preferred solution, before verifying the authenticity of the quantum keys corresponding to all the transmission paths through the information destination, the method further includes:
according to the first state information respectively corresponding to a plurality of photon states of photons sent by the information source end, obtaining a first code corresponding to each first state information; obtaining second codes corresponding to the second state information according to the second state information corresponding to the photon states of the photons received by the information sink terminal;
constructing a plurality of code sets based on each of the first codes and each of the second codes; each encoding set comprises an element corresponding to the first encoding, an element corresponding to the second encoding and an encryption element; the encryption element is generated according to the first code, the second code and a preset function;
Adding the maximum value in the state deviation interval of the first code and the maximum value in the state deviation interval of the second code to obtain a state deviation value corresponding to each code set; wherein the first encoded state deviation interval and the second encoded state deviation interval are both associated with a polarization angle of a photon;
and generating a plurality of quantum keys based on the maximum value in each state deviation value by combining the second state information, and respectively putting the generated quantum keys into each transmission path.
As a preferred solution, the quantum key is generated based on the maximum value of the state deviation values and combined with the second state information, specifically:
obtaining the variation of the photon state according to the maximum value in each state deviation value through a preset entropy function;
and further, based on the variation, calculating the state information N which is not stolen by combining the second state information:
N=[1-X]×l(M i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein l (M i ) M is the number of photon states received by the signal sink end i For the ith photon state, X is the variation of the photon state;
and generating a quantum key through the state information which is not stolen.
As a preferable scheme, the information sink end and the information source end are both power distribution terminals; the first state information and the second state information both include a polarization angle of a photon;
Before the first code corresponding to each piece of first state information is obtained, the method further comprises: according to the photon transmission paths, a mapping relation between a power distribution terminal corresponding to a signal sink end and a power distribution terminal corresponding to a signal source end is established, and then mapping numbers corresponding to the transmission paths are obtained;
the first code and the second code include a header field, a middle field, and an end field; the first coded header field is generated according to a polarization angle in the first state information, the second coded header field is generated according to a polarization angle in the second state information, the first coded intermediate field and the second coded intermediate field are both generated according to a mapping number corresponding to a photon transmission path, the end field of the first code is generated according to a power distribution terminal number corresponding to a source end, and the end field of the second code is generated according to a power distribution terminal number corresponding to a sink end.
As a preferred solution, the mapping relationship between the power distribution terminal corresponding to the sink terminal and the power distribution terminal corresponding to the source terminal is established according to the transmission path of the photon, specifically:
identifying the identity of a user through user information of the power distribution terminal according to a photon transmission path, and determining the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source terminal;
Establishing a feature set according to the power feature data of the power distribution terminal corresponding to the information source end and the power feature data of the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source end;
and extracting the mapping relation between the power distribution terminal corresponding to the information sink end and the power distribution terminal corresponding to the information source end from the characteristic set according to the user identity and the authority level thereof.
Preferably, before determining the power distribution terminal having the pre-mapping relation with the power distribution terminal corresponding to the source end, the method further includes:
acquiring equipment information of each power distribution terminal and node information of corresponding nodes; wherein the node information includes a network communication rate of the node; the device information includes a device type;
screening out power distribution terminals corresponding to nodes with network communication rates greater than a preset threshold, classifying the screened power distribution terminals according to the network communication rates, and respectively constructing a first type of pre-mapping relation and a second type of pre-mapping relation for each type of power distribution terminals according to the corresponding first type of mapping function and second type of mapping function; the first type of pre-mapping relation is a pre-mapping relation between power distribution terminals of the same equipment type, and the second type of pre-mapping relation is a pre-mapping relation between power distribution terminals of different equipment types; the first type mapping function is used for constructing the first type pre-mapping relation, and the second type mapping function is used for constructing the second type pre-mapping relation.
Preferably, the device information further includes an encryption priority corresponding to the device type; the constructing the pre-mapping relation of the second type comprises the following steps:
constructing a pre-mapping network E of power distribution terminals of different equipment types:
E=(w 1 a 1 +w 2 a 2 +w 3 a 3 +…+w n a n )/n;
wherein a is n Mapping function relation, w, for nth device type n And setting the weight corresponding to the equipment type n according to the encryption priority.
As a preferred solution, the calculation formula of the encryption element S is:
S=k 1 A²+k 2 B²;
wherein k is 1 And k 2 And (3) as the association coefficient of the preset function, A is the first code, and B is the second code.
Compared with the prior art, the embodiment of the application has the following beneficial effects:
the application provides a method for determining an encryption transmission scheme of power network data, which comprises the following steps: verifying authenticity of quantum keys corresponding to all transmission paths through the information sink terminal; wherein each transmission path selected from the power network corresponds to one quantum key, and only one true quantum key exists; the key content of the true quantum key is different from that of the pseudo quantum key; when the information sink terminal receives the true quantum key, determining whether all the received quantum keys are monitored by the non-information source information sink terminal by comparing the character strings of the information sink terminal with the character strings of the information source terminal and measuring based on the quantum keys; when all the quantum keys are determined not to be monitored in a preset time period, the true quantum key is accepted, and data of the power network are transmitted in an encrypted mode through the true quantum key; and when the fact that the quantum key exists in the preset time period is monitored is determined, the transmission is abandoned. When the embodiment of the application is implemented, the true quantum key is received at the information sink, and all the quantum keys are determined not to be monitored in a preset time period, the true quantum key is adopted for encryption transmission; when the quantum key is monitored in the time period, transmission is abandoned, and the probability that the true quantum key is directly monitored can be reduced through confusion of each pseudo quantum key, so that hidden danger caused by that a listener obtains a part of photon states corresponding to the true quantum key is reduced, the real information quantity which can be obtained by the listener is reduced from the whole of communication, and the reliability of communication is improved.
Drawings
Fig. 1: the invention provides a flow diagram of one embodiment of a method for determining an encryption transmission scheme of power network data.
Fig. 2: schematic diagrams of an embodiment of a multi-constraint equal cost path generation method are provided for the present invention.
Fig. 3: the flow diagram of a preferred implementation of an embodiment of the method for determining an encryption transmission scheme of power network data is provided in the present invention.
Fig. 4: a flow chart of another preferred implementation of an embodiment of the method for determining an encryption transmission scheme of power network data according to the present invention is shown.
Fig. 5: the invention provides a structural schematic diagram of an embodiment of an encryption transmission scheme determining device for power network data.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As described in the related art, the existing quantum communication technology mainly encrypts and transmits the power grid data through a single quantum key. The encryption transmission mode can be that the data of the information destination end and the information source end under the same base are measured by a method such as parity check, whether the information is monitored or intercepted is determined according to the correct probability of the measurement result, and the communication is abandoned when the monitoring or intercepting is determined to exist. However, during the process of interception, if the substrate of the listener/eavesdropper is the same as the source end, the listener/eavesdropper still obtains a part of photon states, and the quantum key is usually associated with the photon states, and at this time, although the eavesdropper/listener cannot obtain the complete quantum key, a certain potential safety hazard still exists.
Referring to fig. 1, fig. 1 is a diagram illustrating a method for determining an encryption transmission scheme of power network data according to an embodiment of the present invention, which includes steps S1 to S3; wherein, the liquid crystal display device comprises a liquid crystal display device,
step S1, verifying authenticity of quantum keys corresponding to all transmission paths through a signal sink terminal; wherein each transmission path selected from the power network corresponds to one quantum key, and only one true quantum key exists; the true quantum key differs from the key content of the pseudo quantum key.
And step S2, when the information sink terminal receives the true quantum key, determining whether all the received quantum keys are monitored by the non-information source information sink terminal by comparing the character strings of the information sink terminal with the character strings of the information source terminal and measuring based on the quantum keys.
Step S3, when all quantum keys are determined not to be monitored in a preset time period, accepting the true quantum key and carrying out encryption transmission on the data of the power network through the true quantum key; and when the fact that the quantum key exists in the preset time period is monitored is determined, the transmission is abandoned.
In this embodiment, both the sink terminal and the source terminal are power distribution terminals. When the information sink receives the true quantum keys and all the quantum keys are determined not to be monitored in a preset time period, the true quantum keys are adopted for encryption transmission; when the quantum key is monitored in the time period, transmission is abandoned, the listener can be confused by each pseudo quantum key, the probability that the true quantum key is directly monitored is reduced, hidden danger caused by that the listener obtains a part of photon states corresponding to the true quantum key is reduced, the real information quantity which can be obtained by the listener is reduced from the whole of communication, and the reliability of communication is improved.
It should be noted that, the encryption transmission method of this embodiment may be directed to a continuous transmission process. For example, the quantum key according to the present embodiment includes n quantum keys a1, a2, a3, …, an, and the like, where a1 is a true quantum key and the rest are pseudo quantum keys. The true quantum key and the false quantum key can adopt the same generation method, but the key content or the coding content is different, and the false quantum keys can be the same or different key content or coding content, and the key content can be defined according to the requirement of an application scene through a preset rule. As an example, when any one or more of the dummy quantum keys a2 to an is listened to by a third party (non-source side and non-sink side, or non-source sink side), the transmission may be aborted until the next true quantum key is received, and then the processes of step S2 and step S3 are re-performed. At this time, the eavesdropper/listener obtains information related to a pseudo quantum key, so that the probability of obtaining the true quantum key can be reduced. And reduces the amount of valid information associated with the listener's acquisition of the true quantum key from the entirety of the power network long-term communication.
In this embodiment, before verifying, by the sink, authenticity of the quantum keys corresponding to all transmission paths of the quantum keys in step S1, the method further includes:
obtaining a plurality of disjoint transmission paths based on equivalent multipaths through a preset equivalent multipath model (refer to fig. 2); wherein the optimization objective function of the equal cost multipath model is to minimize the maximum transmission delay in all transmission paths.
The constraint conditions corresponding to the equivalent multipath model comprise:
;(1)
;(2)
;(3)
;(4)
;(5)
;(6)
;(7)
;(8)
wherein t is the destination node,for a certain node pair in the power network, < > j->Node pair consisting of source node and destination node for power service, < >>For unidirectional links from node i to node j in the topology G (N, E) of the power network, E is a link set, N is a node set, i (e) For the link start, j (e) For the end of the link +.>Link indicating endpoint node t +.>A link representing the origin node v, +.>Link indicating endpoint node v +.>A link representing the origin node k, +.>For node pair->Electric power traffic of h vt Is node pairIs>For the capacity of link e>Is a binary variable +.>When 1, it indicates that link e is used for power traffic with destination node t, +. >A 0 indicates that link e is not being used for power traffic with destination node t,the sum of the flows of all power traffic on link e for destination node t, +.>Representing node pair->Average load on all equivalent shortest path outlet links between +.>Representing node i (e) Average load on all equivalent shortest path egress links between and node t, +.>For node pair->Distance between->For node j (e) Distance from node t,/>For node i (e) Distance from node t,/>For the weight corresponding to link e, +.>For maximum link utilization of the power network, S k Is a binary variable S k The node with the number k when 0 is represented to have the equal-cost multi-path load splitting function,S k When the number of the node is =1, one of all the exit links of the node with the number of k is selected as the shortest path for data transmission, that is, the node with the number of k does not have an equal-cost multi-path load splitting function, and M is a constant.
As an example of this embodiment, the equal cost multi-path model may also be based on constraints of key timeliness requirement T, traffic bandwidth B, and end-to-end P2P address.
Further, the optimization objective function of the equal cost multipath model (minimizing the maximum transmission delay in k equal cost multipaths) can be described as:
Wherein q refers to the q-th transmission delay, and the q can be 1, 2, 3, … and k.
It should be noted that, the equal cost multipath model of this embodiment is used to determine an optimal link weight configuration scheme. Wherein the sum of the flows of all power traffic with destination node t on link e is equal to the source destination node pairTraffic between them. Formula (2) shows that the node pair +.>The power traffic demand between them always originates from node v. Equations (1) and (2) constitute traffic conservation. Equation (3) indicates that the utilization rate of all links is equal to or less than the maximum link utilization rate. Formulae (4) and (5) are constraints on the equivalent multipath flow when +.>When=1, link e belongs to node +.>One of the equivalent shortest paths to t, then the allocated traffic on link e +.>For average load on all equivalent shortest path exit links +.>. If->By =0, it is meant that link e is not the shortest path, not assuming node +.>Traffic flow to node t. Equations (6) and (7) are the shortest weight constraint when +.>When=1, link e is node +.>One of the equivalent shortest paths to node t, vice versa>When =0, then link e is not node +.>One of the equivalent shortest paths to node t.
In addition, referring to equation (8), the present application also introduces a link state control factor S k Can control the factor S through the link state k And controlling whether the equal-cost multi-path function of each node in the power network is on or not. S of the present embodiment k As a binary variable, when S k When the number k node is equal to 0, the equal-cost multi-path load splitting function is provided, and when S k When=1, the constraint becomesIt means that only one of all the egress links of the node can be selected as the shortest path for data transmission, i.e. the node does not have the equal cost multi-path function. Thus, by the link state control factor S k The equivalent multipath configuration strategy of the power network can be flexibly adjusted, and the power network is subjected to the power networkAnd carrying out global optimization on flow sharing, improving transmission efficiency between power distribution terminals, and reducing transmission delay so as to realize the optimization target of the equivalent multipath model.
Illustratively, after the disjoint multiple transmission paths based on equivalent multipaths are obtained, dynamically selecting nodes by adjusting route configuration and adopting a heuristic optimization algorithm, and configuring an equivalent multipath function for the selected nodes so as to iteratively update the network state of the power network; wherein, in the process of updating each iteration, the mode of selecting the node comprises the following steps:
The priority of each service outflow node is calculated according to the following formula:
;(9)
wherein, the liquid crystal display device comprises a liquid crystal display device,for the priority of the service outflow node u, l e For the link connected to node u, k u The degree of the node u;
and selecting a part of nodes with highest priorities to configure the equivalent multi-path transmission function. Each power service outflow node can determine whether to distribute the traffic in the corresponding link by looking up the forwarding routing table, that is, the traffic adjustment is performed based on the service outflow node. In this embodiment, the configuration priority of the node u is equal to the product of the maximum value of all the link utilization rates connected to the node u and the node degree, and the higher the utilization rate of the link connected to the node u is, the higher the configuration priority of the node is, which means that the more necessary the node is to share traffic.
Further, the embodiment adopts a dynamic selection strategy, and the initial selection has the highest priorityProportional node configures an equal cost multipath function (where +.>To round down, v is the total number of nodes in the power network) and then update the network state of the power network. When the network state is updated, the priority of the nodes not configured with the equivalent multipath function can be recalculated, and then the next batch of nodes are selected until the optimal target is reached. Illustratively, the heuristic optimization algorithm described in the present embodiment may be further a genetic algorithm or a particle swarm algorithm. By implementing the embodiment of the application, the equivalent multipath function is configured for the node with high priority, and the network state is updated through the dynamic selection strategy and the heuristic optimization algorithm, so that the sharing capacity of the power network to the power service can be improved, the link utilization rate is reasonably regulated, the transmission delay is reduced as much as possible, and the network transmission blockage is avoided. After obtaining the disjoint multiple transmission paths based on equivalent multipaths through the equivalent multipath model, in step S1, at least one quantum key is put in each of the transmission paths based on equivalent multipaths, where one quantum key is true and the remaining quantum keys are pseudo. Therefore, the network traffic of the transmission path with the true quantum key or the false quantum key can be effectively shared, the transmission efficiency between the power distribution terminals is improved, and the transmission delay can be effectively reduced while encryption transmission is performed.
As a preferred implementation manner of this embodiment, before the verifying, by the sink, the authenticity of the quantum keys corresponding to all the transmission paths of the quantum keys, the method further includes:
and according to the photon transmission paths, establishing a mapping relation between the power distribution terminal corresponding to the information sink terminal and the power distribution terminal corresponding to the information source terminal, and further obtaining the mapping numbers corresponding to the transmission paths.
According to the first state information respectively corresponding to a plurality of photon states of photons sent by the information source end, obtaining a first code corresponding to each first state information; and obtaining second codes corresponding to the second state information according to the second state information corresponding to the photon states of the photons received by the information sink. Each photon state corresponds to a type of state information. The first state information is mainly aimed at the source end, and the second state information is mainly aimed at the sink end.
Constructing a plurality of code sets based on each of the first codes and each of the second codes; each encoding set comprises an element corresponding to the first encoding, an element corresponding to the second encoding and an encryption element; the encryption element is generated according to the first code, the second code and a preset function.
The first code and the second code include a header field, a middle field, and an end field; the first coded header field is generated according to a polarization angle in the first state information, the second coded header field is generated according to a polarization angle in the second state information, the first coded intermediate field and the second coded intermediate field are both generated according to a mapping number corresponding to a photon transmission path, the end field of the first code is generated according to a power distribution terminal number corresponding to a source end, and the end field of the second code is generated according to a power distribution terminal number corresponding to a sink end.
Adding the maximum value in the state deviation interval of the first code and the maximum value in the state deviation interval of the second code to obtain a state deviation value corresponding to each code set; wherein the state deviation interval of the first code and the state deviation interval of the second code are both associated with the polarization angle of the photon, for example, can be obtained through intermediate fields of the first code and the second code.
And generating a plurality of quantum keys based on the maximum value in each state deviation value by combining the second state information, and respectively putting the generated quantum keys into each transmission path. The preferred embodiment may be performed before or after the acquisition of the disjoint plurality of transmission paths based on equivalent multipaths. With the preferred embodiment, each encoding set includes an element corresponding to the first encoding, an element corresponding to the second encoding, and an encryption element, and the encryption element can complicate a quantum key generated later and has a certain randomness (such as randomly selecting a preset function), thereby improving the reliability of encrypted transmission. In addition, the fields of the first code and the second code contain mapping numbers, distribution terminal numbers and photon state information corresponding to the photon transmission paths, and the photon state information specifically comprises the polarization angle of photons. In this way, the correlation between the subsequently generated quantum key and the transmission path and photon state can be embodied, so that the quantum key can be conveniently verified, and the correlation of the measurement result of the step S2 is improved.
Further, the quantum key is generated based on the maximum value of the state deviation values and combined with the second state information, specifically:
obtaining the variation of the photon state according to the maximum value in each state deviation value through a preset entropy function;
and further, based on the variation, calculating the state information N which is not stolen by combining the second state information:
N=[1-X]×l(M i );(10)
wherein l (M i ) M is the number of photon states received by the signal sink end i For the ith photon state, X is the variation of the photon state;
and generating a quantum key through the state information which is not stolen. In the implementation of the preferred embodiment, a plurality of quantum keys are generated through the maximum value in the state deviation values, the state deviation values can be obtained through information such as the polarization angle and the phase of photons, so that the information quantity which is or is not intercepted is reflected, the quantum keys generated on the basis of the state deviation values can be more reliable, and the information quantity which can be obtained by a listener is reduced.
Preferably, the calculation formula of the encryption element S is:
S=k 1 A²+k 2 B²;(11)
wherein k is 1 And k 2 And (3) as the association coefficient of the preset function, A is the first code, and B is the second code.
Optionally, a mapping relationship between a power distribution terminal corresponding to the sink terminal and a power distribution terminal corresponding to the source terminal is established according to the transmission path of the photon, which specifically includes:
Identifying the identity of a user through user information of the power distribution terminal according to a photon transmission path, and determining the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source terminal;
establishing a feature set according to the power feature data of the power distribution terminal corresponding to the information source end and the power feature data of the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source end;
and extracting the mapping relation between the power distribution terminal corresponding to the information sink end and the power distribution terminal corresponding to the information source end from the characteristic set according to the user identity and the authority level thereof. By implementing the embodiment of the application, the identity of the user is identified through the user information of the power distribution terminal, and the mapping relation is extracted from the feature set through the relevance of the user identity and the authority level by combining the user identity and the authority level, so that the accuracy of the mapping model can be improved.
Preferably, before determining the power distribution terminal having the pre-mapping relation with the power distribution terminal corresponding to the source end, the method further includes:
acquiring equipment information of each power distribution terminal and node information of corresponding nodes; wherein the node information includes a network communication rate of the node; the device information includes a device type;
Screening out power distribution terminals corresponding to nodes with network communication rates greater than a preset threshold, classifying the screened power distribution terminals according to the network communication rates (for example, the network communication rates belong to a first equipment type in a first interval, the network communication rates can be classified into a second equipment type in a second interval, and so on; the first type of pre-mapping relation is a pre-mapping relation between power distribution terminals of the same equipment type, and the second type of pre-mapping relation is a pre-mapping relation between power distribution terminals of different equipment types; the first type mapping function is used for constructing the first type pre-mapping relation, and the second type mapping function is used for constructing the second type pre-mapping relation. By implementing the preferred scheme, the device types of the power distribution terminal are considered, namely, the first type mapping function and the second type mapping function are respectively endowed according to the same device type and different device types, so that the first type pre-mapping relation and the second type pre-mapping relation are built.
Preferably, the device information further includes an encryption priority corresponding to the device type; the constructing the pre-mapping relation of the second type comprises the following steps:
constructing a pre-mapping network E of power distribution terminals of different equipment types:
E=(w 1 a 1 +w 2 a 2 +w 3 a 3 +…+w n a n )/n;(12)
wherein a is n Mapping function relation, w, for nth device type n And setting the weight corresponding to the equipment type n according to the encryption priority. In this embodiment, different mapping relationships are given to different device types, and weighting corresponding to the device types by encryption priority is considered, so that the rationality and accuracy of the pre-mapping network can be improved as a whole, and the association between the distribution terminals can be constructed.
As a preferred implementation manner of this embodiment, referring to fig. 3, for the step S2, the determining whether all received quantum keys are monitored by the non-source sink specifically includes:
step S21, the base of the information sink terminal and the base of the information source terminal are respectively determined according to the character string of the information sink terminal and the character string of the information source terminal.
As an example of the present embodiment, the photon state at each time of light receiving and emitting may be represented by different character strings, each character string representing one photon state, and the type of photon state may include a plurality of types. Optionally, the base used for measurement at the sink end and the source end may be determined further based on the selected character string.
Step S22, obtaining measurement data through the corresponding quantum key, reserving the measurement data when the information sink terminal is the same as the information source terminal base, and determining whether the corresponding quantum key is monitored or not according to the proportion of the same character strings in the first measurement reservation data as the first measurement reservation data.
In this embodiment, the measurement data is obtained by the corresponding quantum key, and if the sink end and the source end select the same substrate, and the measurement result is basically unchanged, it is safe to measure the quantum key. When two parties select different substrates, 50% probability of the measurement result is correct, and the quantum key is monitored or measurement errors exist. Therefore, it can be determined whether the corresponding quantum key is monitored by the ratio of the number of the same strings in the first measurement reserved data.
Further, referring to fig. 4, after the measurement data is obtained by the corresponding quantum key, the method further includes:
step S221, when the number of bits of the obtained measurement data is greater than twice the number of bits of the character string of the information sink end or the information source end, the measurement data when the information sink end and the information source end are the same as each other is reserved as second measurement reserved data; the number of the character string bits of the information sink end is the same as that of the character string bits of the information source end.
Step S222, calculating the security index Se in real time according to the second measurement reservation data and the ratio of the number of the same character strings i
;(13)
Wherein I is same_base Reserving the length of the data for the second measurement, I same_bit The number of character strings is the same as the base of the source terminal.
Step S223, calculating to obtain standard index Se according to the safety index calculated each time z
Se z =(Se i -μ)/σ;(14)
Wherein μ is the average of all calculated security indexes in a current time period, and σ is the variance of all calculated security indexes in the current time period; the standard index Se z And the method is used for quantifying the relation between the network security index and the overall security of the power network in the current time period. As can be seen from the calculation formula (13), the standard index Se z In particular, the current security index S is quantized i And a relationship between the ensemble average that represents a relative position of the current network security indicator over a period of time of the power network. When Se is i Below the average μ during this period, the standard index Se z Less than 0, otherwise Se i Higher than or equal to the average mu in the time period, the standard index Se z And 0 or more. Thereby can be according to standard index Se z Determining the security status of the current power network, determining the relationship between the current network security index and the overall network security, such as if the standard split index Se is found z And if the network security is smaller than 0, the current network security is reduced, and early warning can be performed. The whole calculation process can be dynamic and rolling calculation, and the distribution form of the original safety index does not need to be changed.
For the above step S3, as a preferred solution, the encrypting the data of the power network by the true quantum key includes:
encrypting and transmitting the data of the power network on all transmission paths receiving the quantum key through the true quantum key; each transmission path receiving the quantum key transmits data with the size ofD is all data to be transmitted of the power network, and m is the number of transmission paths for receiving the quantum key. The preferred embodiment can independently transmit through the main and standby paths, and divide data into +.>After the portions, the data size of each portion is +.>The embodiment realizes the balance of network bandwidth and ensures the transmission reliability of the main and standby paths.
At a network architecture level, the power network may include a quantum key management center, a 5G communication network layer, and a number of distribution terminals; wherein, the liquid crystal display device comprises a liquid crystal display device,
The quantum key management center is used for generating, storing and managing quantum keys;
the 5G communication network layer is used for generating and distributing quantum keys and transmitting power business;
the power distribution terminal is a power distribution terminal with a data interaction function and a data interaction requirement and is used for generating, comparing and using quantum keys.
The 5G communication network layer adopts a 5G slicing technology and is divided into a plurality of virtual networks, and the plurality of virtual networks obtained by division are used for isolating the application of different power services; each virtual network includes a corresponding communication channel, forwarding device and storage computing device, that is, the communication channel, forwarding device and storage computing device in this embodiment participate in resource slicing, and each virtual network includes access, transmission and core network. Compared with the traditional 5G communication network layer, the embodiment has a classical channel for transmitting quantum character string comparison, and can provide a network base different from the existing data transmission for quantum key transmission.
Correspondingly, referring to fig. 5, the embodiment of the invention also provides an encryption transmission scheme determining device for the power network data, which comprises a verification module 101, a monitoring detection module 102 and a transmission scheme determining module 103; wherein, the liquid crystal display device comprises a liquid crystal display device,
The verification module 101 is configured to verify, by using the sink, authenticity of quantum keys corresponding to all transmission paths of the quantum keys; wherein each transmission path selected from the power network corresponds to one quantum key, and only one true quantum key exists; the key content of the true quantum key is different from that of the pseudo quantum key;
the monitoring detection module 102 is configured to, when determining that the sink receives the true quantum key, determine whether all received quantum keys are monitored by a non-source sink by comparing the character string of the sink with the character string of the source and measuring based on each quantum key;
the transmission scheme determining module 103 is configured to accept the true quantum key and encrypt data of the power network by using the true quantum key when it is determined that all quantum keys are not monitored in a preset time period; and when the fact that the quantum key exists in the preset time period is monitored is determined, the transmission is abandoned.
As a preferred solution, the transmission scheme determining module 103 encrypts the data of the power network through the true quantum key, specifically:
The transmission scheme determining module 103 encrypts and transmits the data of the power network on all transmission paths receiving the quantum key through the true quantum key; each transmission path receiving the quantum key transmits data with the size ofD is all data to be transmitted of the power network, and m is the number of transmission paths for receiving the quantum key.
As a preferred solution, the interception detection module 102 determines whether all received quantum keys are intercepted by a non-source sink, specifically:
the monitoring detection module 102 determines a substrate of the information sink terminal and a substrate of the information source terminal according to the character string of the information sink terminal and the character string of the information source terminal respectively;
and acquiring measurement data through the corresponding quantum key, reserving the measurement data when the information sink terminal is the same as the information source terminal, taking the measurement data as first measurement reserved data, and determining whether the corresponding quantum key is monitored by the non-information source information sink terminal according to the proportion of the same character strings in the first measurement reserved data.
As a preferred scheme, the encryption transmission scheme determining device further comprises a network security performance evaluating module;
the network security performance evaluation module is used for reserving the measurement data when the information sink end and the information source end are the same as each other as second measurement reserved data after the measurement data are acquired through the corresponding quantum key and when the number of bits of the acquired measurement data is more than twice of the number of character strings of the information sink end or the information source end; the number of the character string bits of the information sink end is the same as that of the character string bits of the information source end;
Calculating a security index Se in real time according to the second measurement reservation data and the proportion of the same character strings i
The method comprises the steps of carrying out a first treatment on the surface of the Wherein I is same_base Reserving the length of the data for the second measurement, I same_bit The number of character strings is the same as the number of character strings when the information destination end is the same as the information source end;
according to the safety index calculated each time, calculating to obtain a standard index Se z =(Se i - μ)/σ; wherein μ is the average of all calculated security indexes in a current time period, and σ is the variance of all calculated security indexes in the current time period; the standard index is used for quantifying the relation between the network security index and the overall security of the power network in the current time period.
As a preferred aspect, the encryption transmission scheme determination device further includes a transmission path determination module;
the transmission path determining module is used for obtaining a plurality of disjoint transmission paths based on equivalent multipaths through a preset equivalent multipath model before verifying the authenticity of quantum keys corresponding to all the transmission paths through the information destination; wherein, the optimization objective function of the equivalent multipath model is to minimize the maximum transmission delay in all transmission paths;
The constraint conditions corresponding to the equivalent multipath model comprise:
wherein t is the destination node,for a certain node pair in the power network, < > j->Node pair consisting of source node and destination node for power service,/>For unidirectional links from node i to node j in the topology of the power network, i (e) For the link start, j (e) For the end of the link +.>Link indicating endpoint node t +.>A link representing the origin node v, +.>Link indicating endpoint node v +.>A link representing the origin node k, +.>For node pair->Electric power traffic of h vt For node pair->Is>For the capacity of link e>Is a binary variable +.>When 1, it indicates that link e is used for power traffic with destination node t, +.>When 0, it indicates that link e is not used for power traffic with destination node t, +.>The sum of the flows of all power traffic on link e for destination node t, +.>Representing node pair->The average load on all equivalent shortest path outlet links between,representing node i (e) Average load on all equivalent shortest path egress links between and node t, +.>Is node pairDistance between->For node j (e) Distance from node t,/ >For node i (e) Distance from node t,/>For the weight corresponding to link e, +.>For maximum link utilization of the power network, S k Is a binary variable S k When the number is 0, the node with the number of k has the equal-cost multi-path load splitting function, S k When the number of the node is =1, one of all the exit links of the node with the number of k is selected as the shortest path for data transmission, that is, the node with the number of k does not have an equal-cost multi-path load splitting function, and M is a constant.
As a preferred solution, the transmission path determining module is further configured to dynamically select a node by adjusting a routing configuration after the disjoint multiple transmission paths based on equivalent multipaths are obtained, and configure an equivalent multipath function for the selected node by adopting a heuristic optimization algorithm, so as to iteratively update a network state of the power network; wherein, in the process of updating each iteration, the mode of selecting the node comprises the following steps:
the priority of each service outflow node is calculated according to the following formula:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>For the priority of the service outflow node u, l e For the link connected to node u, k u The degree of the node u;
and selecting a part of nodes with highest priorities to configure the equivalent multi-path transmission function.
As a preferred scheme, the power network comprises a quantum key management center, a 5G communication network layer and a plurality of power distribution terminals; wherein, the liquid crystal display device comprises a liquid crystal display device,
the quantum key management center is used for generating, storing and managing quantum keys;
the 5G communication network layer is used for generating and distributing quantum keys and transmitting power business;
the power distribution terminal is a power distribution terminal with a data interaction function and a data interaction requirement and is used for generating, comparing and using quantum keys.
As a preferred scheme, the 5G communication network layer adopts a 5G slicing technology, and is divided into a plurality of virtual networks, and the plurality of virtual networks obtained by division are used for isolating the application of different power services; each virtual network comprises a corresponding communication channel, forwarding equipment and storage computing equipment.
As a preferred scheme, the encryption transmission scheme determining device further comprises a quantum key delivery module;
the quantum key delivery module is used for obtaining first codes corresponding to all the first state information according to the first state information respectively corresponding to a plurality of photon states of photons sent by the information source end before verifying authenticity of quantum keys corresponding to all transmission paths through the information sink end; obtaining second codes corresponding to the second state information according to the second state information corresponding to the photon states of the photons received by the information sink terminal;
Constructing a plurality of code sets based on each of the first codes and each of the second codes; each encoding set comprises an element corresponding to the first encoding, an element corresponding to the second encoding and an encryption element; the encryption element is generated according to the first code, the second code and a preset function;
adding the maximum value in the state deviation interval of the first code and the maximum value in the state deviation interval of the second code to obtain a state deviation value corresponding to each code set; wherein the first encoded state deviation interval and the second encoded state deviation interval are both associated with a polarization angle of a photon;
and generating a plurality of quantum keys based on the maximum value in each state deviation value by combining the second state information, and respectively putting the generated quantum keys into each transmission path.
As a preferred solution, the quantum key delivery module generates the quantum key based on the maximum value of the state deviation values and in combination with the second state information, specifically:
the quantum key delivery module obtains the variation of the photon state according to the maximum value in each state deviation value through a preset entropy function;
and further, based on the variation, calculating the state information N which is not stolen by combining the second state information:
N=[1-X]×l(M i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein l (M i ) M is the number of photon states received by the signal sink end i For the ith photon state, X is the variation of the photon state;
and generating a quantum key through the state information which is not stolen.
As a preferable scheme, the information sink end and the information source end are both power distribution terminals; the first state information and the second state information both include a polarization angle of a photon;
the quantum key delivery module is further configured to establish a mapping relationship between a power distribution terminal corresponding to the sink terminal and a power distribution terminal corresponding to the source terminal according to the transmission paths of photons before the first codes corresponding to the first state information are obtained, so as to obtain mapping numbers corresponding to the transmission paths;
the first code and the second code include a header field, a middle field, and an end field; the first coded header field is generated according to a polarization angle in the first state information, the second coded header field is generated according to a polarization angle in the second state information, the first coded intermediate field and the second coded intermediate field are both generated according to a mapping number corresponding to a photon transmission path, the end field of the first code is generated according to a power distribution terminal number corresponding to a source end, and the end field of the second code is generated according to a power distribution terminal number corresponding to a sink end.
As a preferred scheme, the quantum key delivery module establishes a mapping relationship between a power distribution terminal corresponding to a sink terminal and a power distribution terminal corresponding to a source terminal according to a photon transmission path, specifically:
the quantum key delivery module identifies the identity of a user through the user information of the power distribution terminal according to the transmission path of photons, and determines the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source terminal;
establishing a feature set according to the power feature data of the power distribution terminal corresponding to the information source end and the power feature data of the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source end;
and extracting the mapping relation between the power distribution terminal corresponding to the information sink end and the power distribution terminal corresponding to the information source end from the characteristic set according to the user identity and the authority level thereof.
As a preferred solution, the calculation formula of the encryption element S is:
S=k 1 A²+k 2 B²;
wherein k is 1 And k 2 And (3) as the association coefficient of the preset function, A is the first code, and B is the second code.
As a preferred solution, the encryption transmission scheme determining device further includes a pre-mapping construction module, where the pre-mapping construction module is configured to obtain device information of each power distribution terminal and node information of a corresponding node before the power distribution terminal having a pre-mapping relation with the power distribution terminal corresponding to the source end is determined; wherein the node information includes a network communication rate of the node; the device information includes a device type;
Screening out power distribution terminals corresponding to nodes with network communication rates greater than a preset threshold, classifying the screened power distribution terminals according to the network communication rates, and respectively constructing a first type of pre-mapping relation and a second type of pre-mapping relation for each type of power distribution terminals according to the corresponding first type of mapping function and second type of mapping function; the first type of pre-mapping relation is a pre-mapping relation between power distribution terminals of the same equipment type, and the second type of pre-mapping relation is a pre-mapping relation between power distribution terminals of different equipment types; the first type mapping function is used for constructing the first type pre-mapping relation, and the second type mapping function is used for constructing the second type pre-mapping relation.
Preferably, the device information further includes an encryption priority corresponding to the device type; the pre-mapping construction module constructs a second type of pre-mapping relation, including:
the pre-mapping construction module constructs a pre-mapping network E of the power distribution terminals with different equipment types:
E=(w 1 a 1 +w 2 a 2 +w 3 a 3 +…+w n a n )/n;
wherein a is n Is a mapping functional relation with the nth device type, w n For the weight corresponding to the device type n, the weight is carried out according to the encryption prioritySetting.
Correspondingly, the embodiment of the invention also provides a terminal device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the encryption transmission scheme determination method of the power network data when executing the computer program.
The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the terminal, connecting various parts of the entire terminal using various interfaces and lines.
The memory may be used to store the computer program, and the processor may implement various functions of the terminal by running or executing the computer program stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Correspondingly, the embodiment of the invention also provides a computer readable storage medium, which comprises a stored computer program, wherein when the computer program runs, the equipment where the computer readable storage medium is located is controlled to execute the encryption transmission scheme determining method of the power network data.
Wherein the modules integrated by the encryption transmission scheme determination device of the power network data can be stored in a computer readable storage medium if the modules are realized in the form of software functional units and sold or used as independent products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.

Claims (10)

1. A method for determining an encrypted transmission scheme of power network data, comprising:
verifying authenticity of quantum keys corresponding to all transmission paths through the information sink terminal; wherein each transmission path selected from the power network corresponds to one quantum key, and only one true quantum key exists; the key content of the true quantum key is different from that of the pseudo quantum key;
when the information sink terminal receives the true quantum key, determining whether all the received quantum keys are monitored by the non-information source information sink terminal by comparing the character strings of the information sink terminal with the character strings of the information source terminal and measuring based on the quantum keys;
when all the quantum keys are determined not to be monitored in a preset time period, the true quantum key is accepted, and data of the power network are transmitted in an encrypted mode through the true quantum key; and when the fact that the quantum key exists in the preset time period is monitored is determined, the transmission is abandoned.
2. The method for determining the encryption transmission scheme of the power network data according to claim 1, wherein the encrypting transmission of the data of the power network by the true quantum key is specifically:
encrypting and transmitting the data of the power network on all transmission paths receiving the quantum key through the true quantum key; each transmission path receiving the quantum key transmits data with the size ofD is all data to be transmitted of the power network, and m is the number of transmission paths for receiving the quantum key.
3. The method for determining an encrypted transmission scheme of power network data according to claim 1, wherein the determining whether all received quantum keys are monitored by non-source information sink terminals is specifically as follows:
determining a base of the information sink terminal and a base of the information source terminal according to the character string of the information sink terminal and the character string of the information source terminal;
and acquiring measurement data through the corresponding quantum key, reserving the measurement data when the information sink terminal is the same as the information source terminal, taking the measurement data as first measurement reserved data, and determining whether the corresponding quantum key is monitored by the non-information source information sink terminal according to the proportion of the same character strings in the first measurement reserved data.
4. A method of determining an encrypted transmission scheme for power network data according to claim 3, further comprising, after said obtaining measurement data by means of the corresponding quantum key:
when the number of bits of the acquired measurement data is greater than twice of the number of character strings of the information sink end or the information source end, the measurement data when the information sink end and the information source end are the same as each other is reserved as second measurement reserved data; the number of the character string bits of the information sink end is the same as that of the character string bits of the information source end;
calculating a security index Se in real time according to the second measurement reservation data and the proportion of the same character strings i
The method comprises the steps of carrying out a first treatment on the surface of the Wherein I is same_base Reserving the length of the data for the second measurement, I same_bit The number of the same character strings;
according to the safety index calculated each time, calculating to obtain a standard index Se z =(Se i - μ)/σ; wherein μ is the average of all calculated security indexes in a current time period, and σ is the variance of all calculated security indexes in the current time period; the standard index is used for quantifying the relation between the network security index and the overall security of the power network in the current time period.
5. The method for determining an encrypted transmission scheme of power network data according to claim 1, further comprising, before said verifying, by the sink, authenticity of the quantum keys corresponding to all transmission paths thereof:
Acquiring a plurality of disjoint transmission paths based on equivalent multipaths through a preset equivalent multipath model; wherein, the optimization objective function of the equivalent multipath model is to minimize the maximum transmission delay in all transmission paths;
the constraint conditions corresponding to the equivalent multipath model comprise:
wherein t is the destination node,for a certain node pair in the power network, < > j->Node pair consisting of source node and destination node for power service, < >>For unidirectional links from node i to node j in the topology of the power network, i (e) For the link start, j (e) For the end of the link +.>Link indicating endpoint node t +.>A link representing the origin node v, +.>Link indicating endpoint node v +.>A link representing the origin node k, +.>For node pair->Electric power traffic of h vt For node pair->Is>For the capacity of link e>Is a binary variable +.>When 1, it indicates that link e is used for power traffic with destination node t, +.>When 0, it indicates that link e is not used for power traffic with destination node t, +.>The sum of the flows of all power traffic on link e for destination node t, +.>Representing node pair- >The average load on all equivalent shortest path outlet links between,representing node i (e) Average load on all equivalent shortest path egress links between and node t, +.>Is node pairDistance between->For node j (e) Distance from node t,/>For node i (e) Distance from node t,/>For the weight corresponding to link e, +.>For the electricityMaximum link utilization of force network, S k Is a binary variable S k When the number is 0, the node with the number of k has the equal-cost multi-path load splitting function, S k When the number of the node is =1, one of all the exit links of the node with the number of k is selected as the shortest path for data transmission, that is, the node with the number of k does not have an equal-cost multi-path load splitting function, and M is a constant.
6. The method for determining an encrypted transmission scheme for power network data according to claim 5, further comprising, after said obtaining a plurality of disjoint equal-multipath-based transmission paths:
dynamically selecting nodes by adjusting route configuration and adopting a heuristic optimization algorithm, and configuring an equivalent multi-path function for the selected nodes so as to iteratively update the network state of the power network; wherein, in the process of updating each iteration, the mode of selecting the node comprises the following steps:
The priority of each service outflow node is calculated according to the following formula:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>For the priority of the service outflow node u, l e For the link connected to node u, k u The degree of the node u;
and selecting a part of nodes with highest priorities to configure the equivalent multi-path transmission function.
7. The method for determining an encrypted transmission scheme of power network data according to claim 1, further comprising, before said verifying, by the sink, authenticity of the quantum keys corresponding to all transmission paths thereof:
according to the first state information respectively corresponding to a plurality of photon states of photons sent by the information source end, obtaining a first code corresponding to each first state information; obtaining second codes corresponding to the second state information according to the second state information corresponding to the photon states of the photons received by the information sink terminal;
constructing a plurality of code sets based on each of the first codes and each of the second codes; each encoding set comprises an element corresponding to the first encoding, an element corresponding to the second encoding and an encryption element; the encryption element is generated according to the first code, the second code and a preset function;
adding the maximum value in the state deviation interval of the first code and the maximum value in the state deviation interval of the second code to obtain a state deviation value corresponding to each code set; wherein the first encoded state deviation interval and the second encoded state deviation interval are both associated with a polarization angle of a photon;
And generating a plurality of quantum keys based on the maximum value in each state deviation value by combining the second state information, and respectively putting the generated quantum keys into each transmission path.
8. The method for determining an encrypted transmission scheme of power network data according to claim 7, wherein the quantum key is generated based on a maximum value of each state deviation value in combination with the second state information, specifically:
obtaining the variation of the photon state according to the maximum value in each state deviation value through a preset entropy function;
and further, based on the variation, calculating the state information N which is not stolen by combining the second state information:
N=[1-X]×l(M i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein l (M i ) M is the number of photon states received by the signal sink end i For the ith photon state, X is the variation of the photon state;
and generating a quantum key through the state information which is not stolen.
9. The method for determining an encrypted transmission scheme for power network data according to claim 7, wherein said sink terminal and said source terminal are power distribution terminals; the first state information and the second state information both include a polarization angle of a photon;
Before the first code corresponding to each piece of first state information is obtained, the method further comprises: according to the photon transmission paths, a mapping relation between a power distribution terminal corresponding to a signal sink end and a power distribution terminal corresponding to a signal source end is established, and then mapping numbers corresponding to the transmission paths are obtained;
the first code and the second code include a header field, a middle field, and an end field; the first coded header field is generated according to a polarization angle in the first state information, the second coded header field is generated according to a polarization angle in the second state information, the first coded intermediate field and the second coded intermediate field are both generated according to a mapping number corresponding to a photon transmission path, the end field of the first code is generated according to a power distribution terminal number corresponding to a source end, and the end field of the second code is generated according to a power distribution terminal number corresponding to a sink end.
10. The method for determining an encrypted transmission scheme of power network data according to claim 9, wherein the mapping relationship between the power distribution terminal corresponding to the sink terminal and the power distribution terminal corresponding to the source terminal is established according to the transmission path of photons, specifically:
Identifying the identity of a user through user information of the power distribution terminal according to a photon transmission path, and determining the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source terminal;
establishing a feature set according to the power feature data of the power distribution terminal corresponding to the information source end and the power feature data of the power distribution terminal with a pre-mapping relation with the power distribution terminal corresponding to the information source end;
and extracting the mapping relation between the power distribution terminal corresponding to the information sink end and the power distribution terminal corresponding to the information source end from the characteristic set according to the user identity and the authority level thereof.
CN202311009694.0A 2023-08-11 2023-08-11 Encryption transmission scheme determining method for power network data Active CN116743379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311009694.0A CN116743379B (en) 2023-08-11 2023-08-11 Encryption transmission scheme determining method for power network data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311009694.0A CN116743379B (en) 2023-08-11 2023-08-11 Encryption transmission scheme determining method for power network data

Publications (2)

Publication Number Publication Date
CN116743379A CN116743379A (en) 2023-09-12
CN116743379B true CN116743379B (en) 2023-10-31

Family

ID=87918916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311009694.0A Active CN116743379B (en) 2023-08-11 2023-08-11 Encryption transmission scheme determining method for power network data

Country Status (1)

Country Link
CN (1) CN116743379B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011127A2 (en) * 2008-07-23 2010-01-28 Mimos Berhad Quantum network relay
CN104734845A (en) * 2015-03-25 2015-06-24 上海交通大学 Side-channel attack protection method based on full-encryption algorithm pseudo-operation
CN106685650A (en) * 2016-12-20 2017-05-17 安徽继远软件有限公司 Electric power wide area industrial control network communication method based on quantum communication technology
CN109921903A (en) * 2019-03-26 2019-06-21 北京信而泰科技股份有限公司 A kind of system, method and apparatus that quantum key is detected at code rate authenticity
CN114285551A (en) * 2021-12-08 2022-04-05 中国联合网络通信集团有限公司 Quantum key distribution method and device, readable storage medium and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011127A2 (en) * 2008-07-23 2010-01-28 Mimos Berhad Quantum network relay
CN104734845A (en) * 2015-03-25 2015-06-24 上海交通大学 Side-channel attack protection method based on full-encryption algorithm pseudo-operation
CN106685650A (en) * 2016-12-20 2017-05-17 安徽继远软件有限公司 Electric power wide area industrial control network communication method based on quantum communication technology
CN109921903A (en) * 2019-03-26 2019-06-21 北京信而泰科技股份有限公司 A kind of system, method and apparatus that quantum key is detected at code rate authenticity
CN114285551A (en) * 2021-12-08 2022-04-05 中国联合网络通信集团有限公司 Quantum key distribution method and device, readable storage medium and electronic equipment

Also Published As

Publication number Publication date
CN116743379A (en) 2023-09-12

Similar Documents

Publication Publication Date Title
CN107508671B (en) Business communication method and device based on quantum key distribution
CN110380844B (en) Quantum key distribution method, equipment and storage medium
WO2018082345A1 (en) Quantum key relay method and device based on centralized management and control network
CN110224815B (en) QKD network resource distribution method and system
CA2883444C (en) System and method for quantum key distribution
CN110690928B (en) Quantum relay link virtualization method and device
US8050410B2 (en) Distributed encryption methods and systems
EP0753979A1 (en) Routing method and system for a high speed packet switching network
CN112769550B (en) Load balancing quantum key resource distribution system facing data center
CN110677241B (en) Quantum network virtualization architecture method and device
US20140023192A1 (en) Communication device, communication method, and communication system
WO2020125967A1 (en) Quantum key distribution apparatus and method
CN112737776B (en) Data center-oriented quantum key resource allocation method for load balancing
CN108449146A (en) A kind of quantum key distribution method and quantum key distribution network system
CN112367163A (en) Quantum network virtualization method and device
CN109412797B (en) Key negotiation method and client based on bit error rate decision state base
US11424836B2 (en) Path computation engine and method of configuring an optical path for quantum key distribution
US20230396421A1 (en) Method and device for quantum key distribution
CN107659400A (en) A kind of quantum secret communication method and device based on mark identification
CN116743379B (en) Encryption transmission scheme determining method for power network data
Lin et al. Efficient key agreements in dynamic multicast height balanced tree for secure multicast communications in Ad Hoc networks
CN115834054B (en) Multistage key progression management method and device
CN114362939A (en) Trusted relay quantum secret communication network-based dynamic routing forwarding method, storage device and intelligent terminal
Huang et al. A novel key distribution scheme based on transmission delays
CN117792626A (en) Quantum key distribution network routing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant