CN116886261A - Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things - Google Patents
Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things Download PDFInfo
- Publication number
- CN116886261A CN116886261A CN202310830252.6A CN202310830252A CN116886261A CN 116886261 A CN116886261 A CN 116886261A CN 202310830252 A CN202310830252 A CN 202310830252A CN 116886261 A CN116886261 A CN 116886261A
- Authority
- CN
- China
- Prior art keywords
- trust
- internet
- things
- threshold
- terminal entity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 114
- 230000008859 change Effects 0.000 claims abstract description 98
- 238000000034 method Methods 0.000 claims description 39
- 230000006399 behavior Effects 0.000 claims description 16
- 230000003993 interaction Effects 0.000 claims description 16
- 238000005259 measurement Methods 0.000 claims description 10
- 230000006855 networking Effects 0.000 claims 1
- 238000013475 authorization Methods 0.000 abstract description 18
- 230000008569 process Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 9
- 230000002159 abnormal effect Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 230000001186 cumulative effect Effects 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013179 statistical model Methods 0.000 description 3
- 230000001052 transient effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 240000001987 Pyrus communis Species 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the technical field of Internet of things security and discloses a zero trust evaluation method, device and equipment based on Internet of things terminal equipment. When an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining early warning probability according to the threshold boundary; and comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to the comparison result. According to the invention, by constructing a discrete interval evaluation set and a trust value interval in a multi-form, introducing fluctuation, threshold boundaries and the like, evaluating comprehensively on multiple layers, evaluating the trust state of the terminal of the Internet of things through early warning and other angles, and providing more objective and accurate basis for dynamic authorization of a zero-trust network security architecture.
Description
Technical Field
The invention relates to the technical field of security of the Internet of things, in particular to a zero trust evaluation method, device and equipment based on terminal equipment of the Internet of things.
Background
The concept of zero trust was originally sourced from the yesso Li Ge forum established in 2004, which formally emerged in 2010, indicating that all network traffic was not trusted and that secure control was required for any request for any resource. With the continuous evolution of zero trust, by continuously perfecting the theory and implementation of zero trust, the zero trust has gradually evolved into a security solution based on identity, which can contain many scenes.
However, with the advance of the digital age, the concept and method of data security also need to be correspondingly changed, and the main direction is to complete the static-dynamic change. In the zero trust architecture, the dynamic authorization system is a main means for solving the problem of data security access in the digital era, so ensuring the correctness of dynamic authorization has become a problem to be solved urgently.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a zero trust evaluation method, device and equipment based on internet of things terminal equipment, and aims to solve the technical problem that the accuracy of a dynamic authorization system of the existing internet of things access equipment is low.
In order to achieve the above purpose, the present invention provides a zero trust evaluation method based on an internet of things terminal device, the method comprising:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In some embodiments, when the terminal entity of the internet of things is started, the terminal entity of the internet of things is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including:
When an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
selecting a target trust change interval from the trust value intervals;
and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In some embodiments, when the terminal entity of the internet of things starts, the analyzing the terminal entity of the internet of things based on the zero trust architecture to obtain the discrete interval evaluation set includes:
when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture;
assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication;
collecting data interaction and behavior information of the terminal entity of the Internet of things;
and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set.
In some embodiments, the performing measurement analysis based on the data interactions and behavior information to obtain a discrete interval assessment set includes:
Expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain;
and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
In some embodiments, the determining the trust change frequency attribute set of the terminal entity of the internet of things according to the preset trust change algorithm and the target trust change interval includes:
determining a trust starting point and a trust ending point of the target trust change interval;
determining an initial trust value and an ending trust value according to the time range of the target trust change interval;
determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm;
and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In some embodiments, the determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval, and the trust change frequency attribute set includes:
carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold;
Determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold;
and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In some embodiments, the comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes:
comparing the early warning probability with a preset safety threshold;
and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
In some embodiments, the method further comprises:
determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold;
adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold;
and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In addition, in order to achieve the above purpose, the invention also provides a zero trust evaluation device based on the terminal equipment of the internet of things, which comprises:
the analysis module is used for analyzing the terminal entity of the Internet of things based on a zero trust architecture when the terminal entity of the Internet of things is started so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
The boundary determining module is used for determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module is used for determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and the comparison evaluation module is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In addition, in order to achieve the above purpose, the present invention further provides a zero trust evaluation device based on an internet of things terminal device, where the zero trust evaluation device based on the internet of things terminal device includes: the system comprises a memory, a processor and a zero trust evaluation program which is stored in the memory and can run on the processor and is based on the internet of things terminal equipment, wherein the zero trust evaluation program based on the internet of things terminal equipment is configured to realize the zero trust evaluation method based on the internet of things terminal equipment.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set are obtained; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary; and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the invention, the mathematical idea is associated with trust analysis, the trust condition of an entity is obtained by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, introducing the concepts of trust variation fluctuation, threshold value boundary and the like in the trust analysis, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the Internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the traditional access equipment of the Internet of things is solved.
Drawings
Fig. 1 is a schematic structural diagram of a zero trust evaluation device based on an internet of things terminal device in a hardware operation environment according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a first embodiment of a zero trust evaluation method based on an internet of things terminal device according to the present invention;
fig. 3 is a schematic flow chart of evaluating trust variation trend in the zero trust evaluation method based on the terminal equipment of the internet of things;
fig. 4 is a schematic flow chart of a second embodiment of the zero trust evaluation method based on the terminal equipment of the internet of things;
fig. 5 is a block diagram of a first embodiment of a zero trust evaluation device based on an internet of things terminal device.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the present invention are merely used to explain the relative positional relationship, movement, etc. between the components in a particular posture (as shown in the drawings), and if the particular posture is changed, the directional indicator is changed accordingly.
Furthermore, the description of "first," "second," etc. in this disclosure is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a zero trust evaluation device based on an internet of things terminal device in a hardware operation environment according to an embodiment of the present invention.
As shown in fig. 1, the zero trust evaluation device based on the terminal device of the internet of things may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface, such as a Wireless-Fidelity (Wi-Fi) interface. The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM Memory) or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the zero trust evaluation device based on the internet of things terminal device, and may include more or fewer components than shown, or may combine certain components, or may be a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a zero trust evaluation program based on the terminal device of the internet of things may be included in the memory 1005 as one storage medium.
In the zero trust evaluation device based on the terminal device of the internet of things shown in fig. 1, the network interface 1004 is mainly used for performing data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the zero trust evaluation device based on the internet of things terminal device can be arranged in the zero trust evaluation device based on the internet of things terminal device, and the zero trust evaluation device based on the internet of things terminal device invokes the zero trust evaluation program based on the internet of things terminal device stored in the memory 1005 through the processor 1001 and executes the zero trust evaluation method based on the internet of things terminal device provided by the embodiment of the invention.
The internet of things is an intelligent network which is finally constructed and covers everything by utilizing equipment such as radio frequency identification, two-dimensional codes, infrared sensors, GPS and the like, realizing interconnection of the equipment in a wireless data communication mode and the like, accessing the internet in a certain mode. The electric power internet of things is a concrete expression form and application of the internet of things in the electric power industry, terminal equipment of the internet of things in the electric power internet of things is usually deployed in a plurality of power grid links such as transmission, distribution, use and the like, and the intelligent terminals or the equipment usually exist in an unattended or safe uncontrollable environment, so that an attacker can easily directly contact the equipment to implement physical destruction, or clone the equipment to forge the equipment, or attack such as information theft, software tampering, remote control and the like in a plurality of modes such as short range or long range.
The number of the current Internet of things terminal equipment is greatly increased, and particularly in the electric Internet of things widely applied to the current Internet of things terminal equipment, a large number of potential safety hazards exist while the large-scale Internet of things equipment brings convenience to people, wherein the trusted identity authentication of the Internet of things equipment is the basis for solving the related safety problem, a dynamic authorization system in a zero-trust architecture can be adopted when the trusted identity authentication is carried out on the Internet of things equipment at present, but the correctness of the dynamic authorization system in the zero-trust architecture is low, and the potential safety hazard exists.
In view of this, the embodiment of the invention provides a zero trust evaluation method, a zero trust evaluation device and zero trust evaluation equipment based on terminal equipment of the internet of things.
Referring to fig. 2, fig. 2 is a flowchart of a first embodiment of a zero trust evaluation method based on an internet of things terminal device according to the present invention.
As shown in fig. 2, the zero trust evaluation method based on the terminal device of the internet of things includes:
step S100: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
step S200: determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
Step S300: determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
step S400: and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
It should be noted that, in this embodiment, trust evaluation is performed by an internet of things terminal entity oriented to the electric power internet of things as an example. The internet of things terminal entities of the electric power internet of things include, but are not limited to, a distribution transformer monitoring terminal (TTU), a distribution switch monitoring terminal (FTU), and a data transmission terminal (DTU).
The method for evaluating the zero trust of the terminal equipment of the internet of things introduces a mathematical idea, associates the mathematical idea with a trust analysis technology, and comprehensively evaluates the terminal entity of the internet of things from different aspects.
Specifically, a zero trust evaluation metric of an internet of things terminal entity is determined. Defining default rules: the confidence values are consecutive within interval 0,1, and the embodiment uses consecutive confidence values to measure the confidence relationship. Taking 0 as completely untrustworthy and 1 as completely trusted, the trust value floats within the range of [0,1 ]. Based on the idea of normal distribution, the default value of the initial state of authenticated trust can be set to be the middle value of 0.5 of the evaluation range. According to the trust requirement of the terminal entity of the Internet of things, comprehensive nodes are carried out on the trust structural elements and the trust characteristics, and the trust value characteristics in the rule are used as the reference for measuring the trust of the terminal entity of the Internet of things. For example, a distribution transformer monitoring terminal (TTU) time point may be considered reliable when the TTU trust fluctuation does not exceed a certain threshold (i.e., without abnormal fluctuation).
In an embodiment, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, based on a zero trust architecture, initial authentication is performed on an internet of things terminal entity when the internet of things terminal entity is started, and the internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain in an expanded form through recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set.
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, a node trust value is calculated: a trust threshold is introduced to compare or identify the trustworthiness of the node at that point. If trust values, trust fluctuations, and trust thresholds are denoted as T, β, and S, respectively, then the following inferences will be drawn: when beta < S and T is in a trusted form, the node is considered to be trusted at this point; when beta is larger than or equal to S, the trust form of the node at the time point is not necessarily trusted.
It can be appreciated that the confidence threshold is also considered a random process, and the present embodiment proposes a confidence threshold model: if it isFor all time ranges of 0.ltoreq.s.ltoreq.T and x.ltoreq.0, with P { S (S, T) - β (T-S) > x }. Ltoreq.g (x), the cumulative confidence threshold S (T) may be considered to obey the confidence threshold (t.t.) curve β εF, the boundary function is g εF, denoted S tt <g,β>. Illustratively, a trusted time point is further defined as a time point when the trust value is in a trusted form and the probability of unreliability of the time point is sufficiently low or the probability of trustworthiness is sufficiently high, then the node is considered trusted.
In an example, a trust change interval to be analyzed is selected, a trust start point i and a trust end point j are determined, an initial trust value and an end trust value are determined according to a time range, and a ratio of a difference value between the initial trust value and the end trust value to a difference value between the time intervals is defined as an instantaneous fluctuation rate of the period i to j according to a preset trust change algorithm. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an embodiment, determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set includes: carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold; determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold; and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In one example, as shown in fig. 3, a threshold boundary is determined based on the above three attribute sets (discrete interval evaluation set, trust value interval, and trust change frequency attribute set), and the threshold boundary is listed in the corresponding evaluation set, i.e., trust reliability status evaluation set.
Specifically, a lower trusted threshold or an upper untrusted threshold is determined: if a certain node N i (i=1, 2..n) has a cumulative trust value a (t) to ultra stv <f,α>Accumulated confidence threshold S (t) to the upper stt <g,β>Then within any time period (s, t](0.ltoreq.s.ltoreq.t) the upper bound of the probability of untrusted trust UT (s, t) is:the lower bound of the trusted trust probability T (s, T) is: />It will be appreciated that for (s, t](0.ltoreq.s.ltoreq.t) in this section s represents the preamble start time i, but differs from i in that s represents the start point excluding the instant i, so that s is defined as distinguishing from i.
Illustratively, trust metrics are performed on the terminal entities on the time axis, and the specific algorithm is as follows: calculate the time interval (0, t) N ) Cumulative trust value withinAnd time interval (0, t)]An accumulated confidence threshold withinWherein S is tn Indicating time t n A confidence threshold of =n×Δt (n=1, 2, 3.).
From the trust value model described in the above example, a trust value (s.t.v) curve α (t) and a boundary function f (x) are derived. From the confidence threshold model described in the above example, a confidence threshold (s.t.t.) curve β (t) and a boundary function g (x) are derived. From definition of the upper and lower threshold limits in determining the lower or upper threshold limits of confidence, it is derived that the threshold values are defined at any time interval (s, t ](s is more than or equal to 0 and less than or equal to t), the upper bound of the unreliable probability UT (s, t), namely the early warning probability isThe lower bound of the confidence probability T (s, T), i.e. the confidence probability is
Note that, the early warning probability indicates a worst case that the object timing may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished.
In an embodiment, comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes: comparing the early warning probability with a preset safety threshold; and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
Specifically, the early warning probability indicates a worst case where the object time point may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished. It should be noted that the confidence probability may not be compared, the opposite value of the early warning probability is the confidence probability, and the early warning probability and the confidence probability are compared to achieve the goal. If under certain conditions, confidence probabilities can be calculated to make the evaluation result positive.
In an embodiment, the method further comprises: determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold; adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold; and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
Illustratively, the preset security threshold is adjusted to obtain an updated security threshold such that the updated security threshold satisfies a balance between trust level and resource utilization. Specifically, the early warning probability is calculated according to the definition of the upper and lower threshold limits in the process of determining the lower or the upper threshold limitsConfidence probabilityWhen s=0, t=t N Early warning probability->Confidence probability
Illustratively, by comparing the early warning probability with a preset safety threshold f 0 A comparison is made to identify the reliability of the guest node. When the early warning probability is not greater than the preset safety threshold f 0 Nodes may be considered reliable when they are. A basic level of trust can be ensured.
In one example, the preset safety threshold f is adjusted 0 The optimal security threshold is chosen such that a balance is achieved between trust level and resource utilization. Based on a preset safety threshold f 0 Adjustment by dynamically modifying a preset safety threshold f 0 The general state of trust reliability of a trusted entity may be evaluated.
Specifically, the preset safety threshold f can be adjusted by clamping 0 Illustratively, the range of 0.05 will be gradually clipped based on the evaluation requirement, starting from a larger 0.25. The adjustment process is typically performed manually, with more angles depending on the actual needs of the user. The pinch force includes a process of tapering from a maximum value across the interval to a target minimum value, typically user-defined. The end of the threshold pinch is generally declared immediately to one of two levels, namely that the user reaches the intended goal, and the time cost after the pinch increases exponentially.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set are obtained; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary; and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the embodiment, the mathematical idea is associated with trust analysis, by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, the trust change fluctuation, threshold boundary and other concepts are introduced in the trust analysis, the trust condition of an entity is obtained, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the existing access equipment of the internet of things is solved.
In an embodiment, as shown in fig. 4, a second embodiment of the zero trust evaluation method based on the terminal device of the internet of things according to the present invention is provided based on the first embodiment, and the step S100 includes:
step S101: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
step S102: constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
step S103: selecting a target trust change interval from the trust value intervals;
step S104: and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, including: when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture; assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication; collecting data interaction and behavior information of the terminal entity of the Internet of things; and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set. And performing measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set, wherein the measurement analysis comprises the following steps: expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain; and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
The method comprises the steps that based on a zero trust architecture, initial authentication is carried out on an Internet of things terminal entity when the Internet of things terminal entity is started, and the Internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and (3) evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain with the expanded form by recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set shown in the table 1. Specifically, according to the definition of normal distribution, the switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, and as shown in table 1, the expanded Markov chain comprises complete reliability, high reliability, more reliability, default trust, less reliability, high unreliability and complete unreliability.
TABLE 1
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, determining the trust change frequency attribute set of the terminal entity of the internet of things according to a preset trust change algorithm and the target trust change interval includes: determining a trust starting point and a trust ending point of the target trust change interval; determining an initial trust value and an ending trust value according to the time range of the target trust change interval; determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm; and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
Illustratively, a trust change interval to be analyzed is selected, a trust origin i and a trust destination j are determined, and an initial trust value t is determined from a time horizon d [i]And ending trust value t d [j]Initial trust value t d [i]And ending trust value t d [j]The ratio of the difference of (c) to the difference of the time interval is defined as the instantaneous fluctuation rate of the period i to j, the instantaneous fluctuation rate being denoted by beta. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an example, the instantaneous fluctuation rate is determined based on a preset bernbaum algorithm according to the initial trust value, the ending trust value, and the trust starting point and the trust ending point, and specifically, the instantaneous fluctuation rate is calculated by using a Birnbaum method according to the following formula:
wherein dt is d [i]=t d [j]-t d [i]. According to the definition of instantaneous fluctuation, trust t is obtained after a trust change interval to be analyzed is selected d ,t d Representing the change in trust level of an entity over the i to j time period.
In another example, the set of trust change frequency attributes may include an instantaneous rate of fluctuation and an instantaneous rate of trust change. Specifically, determining an instantaneous trust change rate based on a derivative definition and the instantaneous volatility; constructing the transient fluctuation rate and transient trust change rate from the transient fluctuation rateAnd the trust change frequency attribute set of the terminal entity of the Internet of things. Illustratively, if it is desired to obtain a change t in the trust level of an entity at a certain point in time d' May be implemented using derivative definitions. T obtained at this time d' Representing the instantaneous trust change at time t. At this time, the higher the trust value is, the lower the abnormal fluctuation is, the smaller the influence of the history behavior on the current trust value is, and vice versa.
Here, t is d' Is the instantaneous fluctuation of β at i=0, and is called a derivative definition because this definition is a way to construct a trust change based on a preamble, where the instantaneous fluctuation is derived from the trust change. t is t d' Is a special case when i=0, that is, the variation of this point in time fluctuates. In actual application, determining whether t is adopted according to requirements d' The present embodiment is not limited thereto.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set is obtained; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval. In the embodiment, the mathematical idea is associated with trust analysis, the trust condition of an entity is obtained by constructing a Markov chain with multiple forms, introducing concepts such as fluctuation, threshold and the like in the trust analysis, the trust condition of the terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust condition of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the correctness of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low correctness of the dynamic authorization system of the existing internet of things access equipment is solved.
Referring to fig. 5, fig. 5 is a block diagram of a first embodiment of a zero trust evaluation device based on an internet of things terminal device according to the present invention.
As shown in fig. 5, the zero trust evaluation device based on the terminal device of the internet of things includes:
the analysis module 10 is configured to analyze, when an internet of things terminal entity is started, the internet of things terminal entity based on a zero trust architecture, so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
the determining boundary module 20 is configured to determine a threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module 30 is configured to determine an early warning probability of the terminal entity of the internet of things according to the threshold boundary;
and the comparison and evaluation module 40 is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
It should be noted that, in this embodiment, trust evaluation is performed by an internet of things terminal entity oriented to the electric power internet of things as an example. The internet of things terminal entities of the electric power internet of things include, but are not limited to, a distribution transformer monitoring terminal (TTU), a distribution switch monitoring terminal (FTU), and a data transmission terminal (DTU).
The method for evaluating the zero trust of the terminal equipment of the internet of things introduces a mathematical idea, associates the mathematical idea with a trust analysis technology, and comprehensively evaluates the terminal entity of the internet of things from different aspects.
Specifically, a zero trust evaluation metric of an internet of things terminal entity is determined. Defining default rules: the confidence values are consecutive within interval 0,1, and the embodiment uses consecutive confidence values to measure the confidence relationship. Taking 0 as completely untrustworthy and 1 as completely trusted, the trust value floats within the range of [0,1 ]. Based on the idea of normal distribution, the default value of the initial state of authenticated trust can be set to be the middle value of 0.5 of the evaluation range. According to the trust requirement of the terminal entity of the Internet of things, comprehensive nodes are carried out on the trust structural elements and the trust characteristics, and the trust value characteristics in the rule are used as the reference for measuring the trust of the terminal entity of the Internet of things. For example, a distribution transformer monitoring terminal (TTU) time point may be considered reliable when the TTU trust fluctuation does not exceed a certain threshold (i.e., without abnormal fluctuation).
In an embodiment, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, based on a zero trust architecture, initial authentication is performed on an internet of things terminal entity when the internet of things terminal entity is started, and the internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain in an expanded form through recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set.
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, a node trust value is calculated: a trust threshold is introduced to compare or identify the trustworthiness of the node at that point. If trust values, trust fluctuations, and trust thresholds are denoted as T, β, and S, respectively, then the following inferences will be drawn: when beta < S and T is in a trusted form, the node is considered to be trusted at this point; when beta is larger than or equal to S, the trust form of the node at the time point is not necessarily trusted.
It can be appreciated that the confidence threshold is also considered a random process, and the present embodiment proposes a confidence threshold model: if P { S (S, T) -beta (T-S) > x }. Ltoreq.g (x) is found for all time ranges 0.ltoreq.s.ltoreq.T and x.ltoreq.0, then the cumulative confidence threshold S (T) is considered to obey the confidence threshold (t.t.) curve beta.e.F, the boundary function isExpressed as S tt <g,β>. Illustratively, a trusted time point is further defined as a time point when the trust value is in a trusted form and the probability of unreliability of the time point is sufficiently low or the probability of trustworthiness is sufficiently high, then the node is considered trusted.
In an example, a trust change interval to be analyzed is selected, a trust start point i and a trust end point j are determined, an initial trust value and an end trust value are determined according to a time range, and a ratio of a difference value between the initial trust value and the end trust value to a difference value between the time intervals is defined as an instantaneous fluctuation rate of the period i to j according to a preset trust change algorithm. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an embodiment, determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set includes: carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold; determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold; and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In one example, as shown in fig. 3, a threshold boundary is determined based on the above three attribute sets (discrete interval evaluation set, trust value interval, and trust change frequency attribute set), and the threshold boundary is listed in the corresponding evaluation set, i.e., trust reliability status evaluation set.
Specifically, a lower trusted threshold or an upper untrusted threshold is determined: if a certain node N i (i=1, 2..n) has a cumulative trust value a (t) to ultra stv <f,α>Accumulated confidence threshold S (t) to the upper stt <g,β>Then within any time period (s, t](0.ltoreq.s.ltoreq.t) the upper bound of the probability of untrusted trust UT (s, t) is:the lower bound of the trusted trust probability T (s, T) is: />It will be appreciated that for (s, t](0.ltoreq.s.ltoreq.t) in this section s represents the preamble start time i, but differs from i in that s represents the start point excluding the instant i, so that s is defined as distinguishing from i.
Illustratively, trust metrics are performed on the terminal entities on the time axis, and the specific algorithm is as follows: calculate the time interval (0, t) N ) Cumulative trust value withinAnd time interval (0, t)]An accumulated confidence threshold withinWherein S istn represents time t n A confidence threshold of =n×Δt (n=1, 2, 3.). />
From the trust value model described in the above example, a trust value (s.t.v) curve α (t) and a boundary function f (x) are derived. From the confidence threshold model described in the above example, a confidence threshold (s.t.t.) curve β (t) and a boundary function g (x) are derived. From definition of the upper and lower threshold limits in determining the lower or upper threshold limits of confidence, it is derived that the threshold values are defined at any time interval (s, t ](s is more than or equal to 0 and less than or equal to t), the upper bound of the unreliable probability UT (s, t), namely the early warning probability isThe lower bound of the confidence probability T (s, T), i.e. the confidence probability is
Note that, the early warning probability indicates a worst case that the object timing may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished.
In an embodiment, comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes: comparing the early warning probability with a preset safety threshold; and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
Specifically, the early warning probability indicates a worst case where the object time point may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished. It should be noted that the confidence probability may not be compared, the opposite value of the early warning probability is the confidence probability, and the early warning probability and the confidence probability are compared to achieve the goal. If under certain conditions, confidence probabilities can be calculated to make the evaluation result positive.
In an embodiment, the method further comprises: determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold; adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold; and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
Illustratively, the preset security threshold is adjusted to obtain an updated security threshold such that the updated security threshold satisfies a balance between trust level and resource utilization. Specifically, the early warning probability is calculated according to the definition of the upper and lower threshold limits in the process of determining the lower or the upper threshold limitsConfidence probabilityWhen s=0, t=t N Early warning probability->Confidence probability
Illustratively, by comparing the early warning probability with a preset safety threshold f 0 A comparison is made to identify the reliability of the guest node. When the early warning probability is not greater than the preset safety threshold f 0 Nodes may be considered reliable when they are. A basic level of trust can be ensured.
In one example, the preset safety threshold f is adjusted 0 The optimal security threshold is chosen such that a balance is achieved between trust level and resource utilization. Based on a preset safety threshold f 0 Adjustment by dynamically modifying a preset safety threshold f 0 The general state of trust reliability of a trusted entity may be evaluated.
Specifically, the preset safety threshold f can be adjusted by clamping 0 Illustratively, the range of 0.05 will be gradually clipped based on the evaluation requirement, starting from a larger 0.25. The adjustment process is typically performed manually, with more angles depending on the actual needs of the user. The pinch force includes a process of tapering from a maximum value across the interval to a target minimum value, typically user-defined. In general The threshold clamping force is immediately declared to be over to one of two degrees, namely that the user reaches the expected target, and the time cost after clamping force is exponentially improved.
The zero trust evaluation device based on the terminal device of the internet of things in this embodiment includes: the analysis module 10 is configured to analyze, when an internet of things terminal entity is started, the internet of things terminal entity based on a zero trust architecture, so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set; the determining boundary module 20 is configured to determine a threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; the determining early warning module 30 is configured to determine an early warning probability of the terminal entity of the internet of things according to the threshold boundary; and the comparison and evaluation module 40 is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the embodiment, the mathematical idea is associated with trust analysis, by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, the trust change fluctuation, threshold boundary and other concepts are introduced in the trust analysis, the trust condition of an entity is obtained, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the existing access equipment of the internet of things is solved.
In addition, technical details not described in detail in the embodiment of the zero trust evaluation device based on the terminal device of the internet of things can be referred to, and the zero trust evaluation method applied to the terminal device of the internet of things as described above provided in any embodiment of the present invention is not described herein.
It should be understood that the foregoing is illustrative only and is not limiting, and that in specific applications, those skilled in the art may set the invention as desired, and the invention is not limited thereto.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
Furthermore, it should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. Read Only Memory)/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (10)
1. The zero trust evaluation method based on the terminal equipment of the Internet of things is characterized by comprising the following steps:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
2. The method for evaluating zero trust based on an internet of things terminal device according to claim 1, wherein when the internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, and the method comprises the following steps:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
Constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
selecting a target trust change interval from the trust value intervals;
and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
3. The method for evaluating zero trust based on an internet of things terminal device according to claim 2, wherein the analyzing the internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set when the internet of things terminal entity is started comprises:
when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture;
assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication;
collecting data interaction and behavior information of the terminal entity of the Internet of things;
and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set.
4. The method for evaluating zero trust based on terminal equipment of the internet of things according to claim 3, wherein the measuring and analyzing according to the data interaction and behavior information to obtain a discrete interval evaluation set comprises:
Expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain;
and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
5. The method for evaluating zero trust based on the terminal device of the internet of things according to claim 2, wherein the determining the trust change frequency attribute set of the terminal entity of the internet of things according to the preset trust change algorithm and the target trust change interval comprises:
determining a trust starting point and a trust ending point of the target trust change interval;
determining an initial trust value and an ending trust value according to the time range of the target trust change interval;
determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm;
and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
6. The method for evaluating zero trust based on an internet of things terminal device according to claim 1, wherein the determining the threshold boundary of the internet of things terminal entity according to the discrete interval evaluation set, the trust value interval, and the trust change frequency attribute set comprises:
Carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold;
determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold;
and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
7. The method for evaluating zero trust based on the terminal equipment of the internet of things according to claim 1, wherein the comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result, comprises:
comparing the early warning probability with a preset safety threshold;
and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
8. The method for evaluating zero trust based on an internet of things terminal device according to claim 6, wherein the method further comprises:
determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold;
adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold;
And comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
9. Zero trust evaluation device based on thing networking terminal equipment, characterized in that, the device includes:
the analysis module is used for analyzing the terminal entity of the Internet of things based on a zero trust architecture when the terminal entity of the Internet of things is started so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
the boundary determining module is used for determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module is used for determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and the comparison evaluation module is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
10. The zero trust evaluation device based on the terminal equipment of the Internet of things is characterized by comprising: the system comprises a memory, a processor and a zero trust evaluation program based on the internet of things terminal device, wherein the zero trust evaluation program based on the internet of things terminal device is stored on the memory and can run on the processor, and is configured to realize the zero trust evaluation method based on the internet of things terminal device according to any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310830252.6A CN116886261B (en) | 2023-07-07 | 2023-07-07 | Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310830252.6A CN116886261B (en) | 2023-07-07 | 2023-07-07 | Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116886261A true CN116886261A (en) | 2023-10-13 |
CN116886261B CN116886261B (en) | 2024-05-28 |
Family
ID=88263709
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310830252.6A Active CN116886261B (en) | 2023-07-07 | 2023-07-07 | Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116886261B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020015838A1 (en) * | 2018-07-20 | 2020-01-23 | Nokia Solutions And Networks Oy | Zero trust perimeterization for microservices |
CN111953679A (en) * | 2020-08-11 | 2020-11-17 | 中国人民解放军战略支援部队信息工程大学 | Intranet user behavior measurement method and network access control method based on zero trust |
CN114760118A (en) * | 2022-04-01 | 2022-07-15 | 广西壮族自治区数字证书认证中心有限公司 | Trust evaluation method with privacy protection in zero-trust architecture |
KR102542720B1 (en) * | 2022-10-27 | 2023-06-14 | 주식회사 이노티움 | System for providing internet of behavior based intelligent data security platform service for zero trust security |
-
2023
- 2023-07-07 CN CN202310830252.6A patent/CN116886261B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020015838A1 (en) * | 2018-07-20 | 2020-01-23 | Nokia Solutions And Networks Oy | Zero trust perimeterization for microservices |
CN111953679A (en) * | 2020-08-11 | 2020-11-17 | 中国人民解放军战略支援部队信息工程大学 | Intranet user behavior measurement method and network access control method based on zero trust |
CN114760118A (en) * | 2022-04-01 | 2022-07-15 | 广西壮族自治区数字证书认证中心有限公司 | Trust evaluation method with privacy protection in zero-trust architecture |
KR102542720B1 (en) * | 2022-10-27 | 2023-06-14 | 주식회사 이노티움 | System for providing internet of behavior based intelligent data security platform service for zero trust security |
Also Published As
Publication number | Publication date |
---|---|
CN116886261B (en) | 2024-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20160173495A1 (en) | System and method for providing authentication service for internet of things security | |
CN107508815B (en) | Early warning method and device based on website traffic analysis | |
US10547618B2 (en) | Method and apparatus for setting access privilege, server and storage medium | |
CN110162976B (en) | Risk assessment method and device and terminal | |
CN110602135B (en) | Network attack processing method and device and electronic equipment | |
CN109495513B (en) | Unsupervised encrypted malicious traffic detection method, unsupervised encrypted malicious traffic detection device, unsupervised encrypted malicious traffic detection equipment and unsupervised encrypted malicious traffic detection medium | |
CN113596001B (en) | DDoS attack detection method, device, equipment and computer readable storage medium | |
CN112016078A (en) | Method, device, server and storage medium for detecting forbidding of login equipment | |
US10032116B2 (en) | Identifying computer devices based on machine effective speed calibration | |
CN114910756A (en) | Insulation performance evaluation method and system for low-voltage bus duct | |
CN116886261B (en) | Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things | |
CN109976828B (en) | Method and device for configuring file | |
CN109257384B (en) | Application layer DDoS attack identification method based on access rhythm matrix | |
CN117040827A (en) | Abnormal account detection method and device, storage medium and electronic equipment | |
CN114499983B (en) | Tor flow detection method and device, terminal equipment and storage medium | |
JP5204802B2 (en) | Method and apparatus for tagging a social environment | |
CN114760087A (en) | DDoS attack detection method and system in software defined industrial internet | |
JP2010250833A5 (en) | ||
CN106612278B (en) | Data validity verification method and system | |
CN111814051A (en) | Resource type determination method and device | |
Kumari et al. | Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach | |
CN113868646B (en) | Intrusion detection method and device based on host | |
US20230026262A1 (en) | Wireless Channel Selection for Multipath Authentication of a User | |
CN111582673B (en) | Attack risk assessment method and device for power distribution automation system master station | |
CN116582369B (en) | Willingness authentication method for online subscription |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |