CN116886261A - Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things - Google Patents

Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things Download PDF

Info

Publication number
CN116886261A
CN116886261A CN202310830252.6A CN202310830252A CN116886261A CN 116886261 A CN116886261 A CN 116886261A CN 202310830252 A CN202310830252 A CN 202310830252A CN 116886261 A CN116886261 A CN 116886261A
Authority
CN
China
Prior art keywords
trust
internet
things
threshold
terminal entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310830252.6A
Other languages
Chinese (zh)
Other versions
CN116886261B (en
Inventor
董重重
张�成
蔡文嘉
何行
张佳雯
张芹
魏解
吴明珍
张蕾
吴悠
冉艳春
胡亚天
王兹玥
李治浩
赵聪
陈泽纯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Metering Center of State Grid Hubei Electric Power Co Ltd
Original Assignee
Metering Center of State Grid Hubei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Metering Center of State Grid Hubei Electric Power Co Ltd filed Critical Metering Center of State Grid Hubei Electric Power Co Ltd
Priority to CN202310830252.6A priority Critical patent/CN116886261B/en
Publication of CN116886261A publication Critical patent/CN116886261A/en
Application granted granted Critical
Publication of CN116886261B publication Critical patent/CN116886261B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to the technical field of Internet of things security and discloses a zero trust evaluation method, device and equipment based on Internet of things terminal equipment. When an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining early warning probability according to the threshold boundary; and comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to the comparison result. According to the invention, by constructing a discrete interval evaluation set and a trust value interval in a multi-form, introducing fluctuation, threshold boundaries and the like, evaluating comprehensively on multiple layers, evaluating the trust state of the terminal of the Internet of things through early warning and other angles, and providing more objective and accurate basis for dynamic authorization of a zero-trust network security architecture.

Description

Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things
Technical Field
The invention relates to the technical field of security of the Internet of things, in particular to a zero trust evaluation method, device and equipment based on terminal equipment of the Internet of things.
Background
The concept of zero trust was originally sourced from the yesso Li Ge forum established in 2004, which formally emerged in 2010, indicating that all network traffic was not trusted and that secure control was required for any request for any resource. With the continuous evolution of zero trust, by continuously perfecting the theory and implementation of zero trust, the zero trust has gradually evolved into a security solution based on identity, which can contain many scenes.
However, with the advance of the digital age, the concept and method of data security also need to be correspondingly changed, and the main direction is to complete the static-dynamic change. In the zero trust architecture, the dynamic authorization system is a main means for solving the problem of data security access in the digital era, so ensuring the correctness of dynamic authorization has become a problem to be solved urgently.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a zero trust evaluation method, device and equipment based on internet of things terminal equipment, and aims to solve the technical problem that the accuracy of a dynamic authorization system of the existing internet of things access equipment is low.
In order to achieve the above purpose, the present invention provides a zero trust evaluation method based on an internet of things terminal device, the method comprising:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In some embodiments, when the terminal entity of the internet of things is started, the terminal entity of the internet of things is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including:
When an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
selecting a target trust change interval from the trust value intervals;
and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In some embodiments, when the terminal entity of the internet of things starts, the analyzing the terminal entity of the internet of things based on the zero trust architecture to obtain the discrete interval evaluation set includes:
when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture;
assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication;
collecting data interaction and behavior information of the terminal entity of the Internet of things;
and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set.
In some embodiments, the performing measurement analysis based on the data interactions and behavior information to obtain a discrete interval assessment set includes:
Expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain;
and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
In some embodiments, the determining the trust change frequency attribute set of the terminal entity of the internet of things according to the preset trust change algorithm and the target trust change interval includes:
determining a trust starting point and a trust ending point of the target trust change interval;
determining an initial trust value and an ending trust value according to the time range of the target trust change interval;
determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm;
and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In some embodiments, the determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval, and the trust change frequency attribute set includes:
carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold;
Determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold;
and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In some embodiments, the comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes:
comparing the early warning probability with a preset safety threshold;
and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
In some embodiments, the method further comprises:
determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold;
adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold;
and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In addition, in order to achieve the above purpose, the invention also provides a zero trust evaluation device based on the terminal equipment of the internet of things, which comprises:
the analysis module is used for analyzing the terminal entity of the Internet of things based on a zero trust architecture when the terminal entity of the Internet of things is started so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
The boundary determining module is used for determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module is used for determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and the comparison evaluation module is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
In addition, in order to achieve the above purpose, the present invention further provides a zero trust evaluation device based on an internet of things terminal device, where the zero trust evaluation device based on the internet of things terminal device includes: the system comprises a memory, a processor and a zero trust evaluation program which is stored in the memory and can run on the processor and is based on the internet of things terminal equipment, wherein the zero trust evaluation program based on the internet of things terminal equipment is configured to realize the zero trust evaluation method based on the internet of things terminal equipment.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set are obtained; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary; and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the invention, the mathematical idea is associated with trust analysis, the trust condition of an entity is obtained by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, introducing the concepts of trust variation fluctuation, threshold value boundary and the like in the trust analysis, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the Internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the traditional access equipment of the Internet of things is solved.
Drawings
Fig. 1 is a schematic structural diagram of a zero trust evaluation device based on an internet of things terminal device in a hardware operation environment according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a first embodiment of a zero trust evaluation method based on an internet of things terminal device according to the present invention;
fig. 3 is a schematic flow chart of evaluating trust variation trend in the zero trust evaluation method based on the terminal equipment of the internet of things;
fig. 4 is a schematic flow chart of a second embodiment of the zero trust evaluation method based on the terminal equipment of the internet of things;
fig. 5 is a block diagram of a first embodiment of a zero trust evaluation device based on an internet of things terminal device.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the present invention are merely used to explain the relative positional relationship, movement, etc. between the components in a particular posture (as shown in the drawings), and if the particular posture is changed, the directional indicator is changed accordingly.
Furthermore, the description of "first," "second," etc. in this disclosure is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a zero trust evaluation device based on an internet of things terminal device in a hardware operation environment according to an embodiment of the present invention.
As shown in fig. 1, the zero trust evaluation device based on the terminal device of the internet of things may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface, such as a Wireless-Fidelity (Wi-Fi) interface. The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM Memory) or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the zero trust evaluation device based on the internet of things terminal device, and may include more or fewer components than shown, or may combine certain components, or may be a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a zero trust evaluation program based on the terminal device of the internet of things may be included in the memory 1005 as one storage medium.
In the zero trust evaluation device based on the terminal device of the internet of things shown in fig. 1, the network interface 1004 is mainly used for performing data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the zero trust evaluation device based on the internet of things terminal device can be arranged in the zero trust evaluation device based on the internet of things terminal device, and the zero trust evaluation device based on the internet of things terminal device invokes the zero trust evaluation program based on the internet of things terminal device stored in the memory 1005 through the processor 1001 and executes the zero trust evaluation method based on the internet of things terminal device provided by the embodiment of the invention.
The internet of things is an intelligent network which is finally constructed and covers everything by utilizing equipment such as radio frequency identification, two-dimensional codes, infrared sensors, GPS and the like, realizing interconnection of the equipment in a wireless data communication mode and the like, accessing the internet in a certain mode. The electric power internet of things is a concrete expression form and application of the internet of things in the electric power industry, terminal equipment of the internet of things in the electric power internet of things is usually deployed in a plurality of power grid links such as transmission, distribution, use and the like, and the intelligent terminals or the equipment usually exist in an unattended or safe uncontrollable environment, so that an attacker can easily directly contact the equipment to implement physical destruction, or clone the equipment to forge the equipment, or attack such as information theft, software tampering, remote control and the like in a plurality of modes such as short range or long range.
The number of the current Internet of things terminal equipment is greatly increased, and particularly in the electric Internet of things widely applied to the current Internet of things terminal equipment, a large number of potential safety hazards exist while the large-scale Internet of things equipment brings convenience to people, wherein the trusted identity authentication of the Internet of things equipment is the basis for solving the related safety problem, a dynamic authorization system in a zero-trust architecture can be adopted when the trusted identity authentication is carried out on the Internet of things equipment at present, but the correctness of the dynamic authorization system in the zero-trust architecture is low, and the potential safety hazard exists.
In view of this, the embodiment of the invention provides a zero trust evaluation method, a zero trust evaluation device and zero trust evaluation equipment based on terminal equipment of the internet of things.
Referring to fig. 2, fig. 2 is a flowchart of a first embodiment of a zero trust evaluation method based on an internet of things terminal device according to the present invention.
As shown in fig. 2, the zero trust evaluation method based on the terminal device of the internet of things includes:
step S100: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
step S200: determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
Step S300: determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
step S400: and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
It should be noted that, in this embodiment, trust evaluation is performed by an internet of things terminal entity oriented to the electric power internet of things as an example. The internet of things terminal entities of the electric power internet of things include, but are not limited to, a distribution transformer monitoring terminal (TTU), a distribution switch monitoring terminal (FTU), and a data transmission terminal (DTU).
The method for evaluating the zero trust of the terminal equipment of the internet of things introduces a mathematical idea, associates the mathematical idea with a trust analysis technology, and comprehensively evaluates the terminal entity of the internet of things from different aspects.
Specifically, a zero trust evaluation metric of an internet of things terminal entity is determined. Defining default rules: the confidence values are consecutive within interval 0,1, and the embodiment uses consecutive confidence values to measure the confidence relationship. Taking 0 as completely untrustworthy and 1 as completely trusted, the trust value floats within the range of [0,1 ]. Based on the idea of normal distribution, the default value of the initial state of authenticated trust can be set to be the middle value of 0.5 of the evaluation range. According to the trust requirement of the terminal entity of the Internet of things, comprehensive nodes are carried out on the trust structural elements and the trust characteristics, and the trust value characteristics in the rule are used as the reference for measuring the trust of the terminal entity of the Internet of things. For example, a distribution transformer monitoring terminal (TTU) time point may be considered reliable when the TTU trust fluctuation does not exceed a certain threshold (i.e., without abnormal fluctuation).
In an embodiment, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, based on a zero trust architecture, initial authentication is performed on an internet of things terminal entity when the internet of things terminal entity is started, and the internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain in an expanded form through recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set.
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, a node trust value is calculated: a trust threshold is introduced to compare or identify the trustworthiness of the node at that point. If trust values, trust fluctuations, and trust thresholds are denoted as T, β, and S, respectively, then the following inferences will be drawn: when beta < S and T is in a trusted form, the node is considered to be trusted at this point; when beta is larger than or equal to S, the trust form of the node at the time point is not necessarily trusted.
It can be appreciated that the confidence threshold is also considered a random process, and the present embodiment proposes a confidence threshold model: if it isFor all time ranges of 0.ltoreq.s.ltoreq.T and x.ltoreq.0, with P { S (S, T) - β (T-S) > x }. Ltoreq.g (x), the cumulative confidence threshold S (T) may be considered to obey the confidence threshold (t.t.) curve β εF, the boundary function is g εF, denoted S tt <g,β>. Illustratively, a trusted time point is further defined as a time point when the trust value is in a trusted form and the probability of unreliability of the time point is sufficiently low or the probability of trustworthiness is sufficiently high, then the node is considered trusted.
In an example, a trust change interval to be analyzed is selected, a trust start point i and a trust end point j are determined, an initial trust value and an end trust value are determined according to a time range, and a ratio of a difference value between the initial trust value and the end trust value to a difference value between the time intervals is defined as an instantaneous fluctuation rate of the period i to j according to a preset trust change algorithm. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an embodiment, determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set includes: carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold; determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold; and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In one example, as shown in fig. 3, a threshold boundary is determined based on the above three attribute sets (discrete interval evaluation set, trust value interval, and trust change frequency attribute set), and the threshold boundary is listed in the corresponding evaluation set, i.e., trust reliability status evaluation set.
Specifically, a lower trusted threshold or an upper untrusted threshold is determined: if a certain node N i (i=1, 2..n) has a cumulative trust value a (t) to ultra stv <f,α>Accumulated confidence threshold S (t) to the upper stt <g,β>Then within any time period (s, t](0.ltoreq.s.ltoreq.t) the upper bound of the probability of untrusted trust UT (s, t) is:the lower bound of the trusted trust probability T (s, T) is: />It will be appreciated that for (s, t](0.ltoreq.s.ltoreq.t) in this section s represents the preamble start time i, but differs from i in that s represents the start point excluding the instant i, so that s is defined as distinguishing from i.
Illustratively, trust metrics are performed on the terminal entities on the time axis, and the specific algorithm is as follows: calculate the time interval (0, t) N ) Cumulative trust value withinAnd time interval (0, t)]An accumulated confidence threshold withinWherein S is tn Indicating time t n A confidence threshold of =n×Δt (n=1, 2, 3.).
From the trust value model described in the above example, a trust value (s.t.v) curve α (t) and a boundary function f (x) are derived. From the confidence threshold model described in the above example, a confidence threshold (s.t.t.) curve β (t) and a boundary function g (x) are derived. From definition of the upper and lower threshold limits in determining the lower or upper threshold limits of confidence, it is derived that the threshold values are defined at any time interval (s, t ](s is more than or equal to 0 and less than or equal to t), the upper bound of the unreliable probability UT (s, t), namely the early warning probability isThe lower bound of the confidence probability T (s, T), i.e. the confidence probability is
Note that, the early warning probability indicates a worst case that the object timing may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished.
In an embodiment, comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes: comparing the early warning probability with a preset safety threshold; and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
Specifically, the early warning probability indicates a worst case where the object time point may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished. It should be noted that the confidence probability may not be compared, the opposite value of the early warning probability is the confidence probability, and the early warning probability and the confidence probability are compared to achieve the goal. If under certain conditions, confidence probabilities can be calculated to make the evaluation result positive.
In an embodiment, the method further comprises: determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold; adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold; and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
Illustratively, the preset security threshold is adjusted to obtain an updated security threshold such that the updated security threshold satisfies a balance between trust level and resource utilization. Specifically, the early warning probability is calculated according to the definition of the upper and lower threshold limits in the process of determining the lower or the upper threshold limitsConfidence probabilityWhen s=0, t=t N Early warning probability->Confidence probability
Illustratively, by comparing the early warning probability with a preset safety threshold f 0 A comparison is made to identify the reliability of the guest node. When the early warning probability is not greater than the preset safety threshold f 0 Nodes may be considered reliable when they are. A basic level of trust can be ensured.
In one example, the preset safety threshold f is adjusted 0 The optimal security threshold is chosen such that a balance is achieved between trust level and resource utilization. Based on a preset safety threshold f 0 Adjustment by dynamically modifying a preset safety threshold f 0 The general state of trust reliability of a trusted entity may be evaluated.
Specifically, the preset safety threshold f can be adjusted by clamping 0 Illustratively, the range of 0.05 will be gradually clipped based on the evaluation requirement, starting from a larger 0.25. The adjustment process is typically performed manually, with more angles depending on the actual needs of the user. The pinch force includes a process of tapering from a maximum value across the interval to a target minimum value, typically user-defined. The end of the threshold pinch is generally declared immediately to one of two levels, namely that the user reaches the intended goal, and the time cost after the pinch increases exponentially.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set are obtained; determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary; and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the embodiment, the mathematical idea is associated with trust analysis, by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, the trust change fluctuation, threshold boundary and other concepts are introduced in the trust analysis, the trust condition of an entity is obtained, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the existing access equipment of the internet of things is solved.
In an embodiment, as shown in fig. 4, a second embodiment of the zero trust evaluation method based on the terminal device of the internet of things according to the present invention is provided based on the first embodiment, and the step S100 includes:
step S101: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
step S102: constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
step S103: selecting a target trust change interval from the trust value intervals;
step S104: and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, including: when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture; assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication; collecting data interaction and behavior information of the terminal entity of the Internet of things; and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set. And performing measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set, wherein the measurement analysis comprises the following steps: expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain; and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
The method comprises the steps that based on a zero trust architecture, initial authentication is carried out on an Internet of things terminal entity when the Internet of things terminal entity is started, and the Internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and (3) evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain with the expanded form by recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set shown in the table 1. Specifically, according to the definition of normal distribution, the switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, and as shown in table 1, the expanded Markov chain comprises complete reliability, high reliability, more reliability, default trust, less reliability, high unreliability and complete unreliability.
TABLE 1
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, determining the trust change frequency attribute set of the terminal entity of the internet of things according to a preset trust change algorithm and the target trust change interval includes: determining a trust starting point and a trust ending point of the target trust change interval; determining an initial trust value and an ending trust value according to the time range of the target trust change interval; determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm; and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
Illustratively, a trust change interval to be analyzed is selected, a trust origin i and a trust destination j are determined, and an initial trust value t is determined from a time horizon d [i]And ending trust value t d [j]Initial trust value t d [i]And ending trust value t d [j]The ratio of the difference of (c) to the difference of the time interval is defined as the instantaneous fluctuation rate of the period i to j, the instantaneous fluctuation rate being denoted by beta. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an example, the instantaneous fluctuation rate is determined based on a preset bernbaum algorithm according to the initial trust value, the ending trust value, and the trust starting point and the trust ending point, and specifically, the instantaneous fluctuation rate is calculated by using a Birnbaum method according to the following formula:
wherein dt is d [i]=t d [j]-t d [i]. According to the definition of instantaneous fluctuation, trust t is obtained after a trust change interval to be analyzed is selected d ,t d Representing the change in trust level of an entity over the i to j time period.
In another example, the set of trust change frequency attributes may include an instantaneous rate of fluctuation and an instantaneous rate of trust change. Specifically, determining an instantaneous trust change rate based on a derivative definition and the instantaneous volatility; constructing the transient fluctuation rate and transient trust change rate from the transient fluctuation rateAnd the trust change frequency attribute set of the terminal entity of the Internet of things. Illustratively, if it is desired to obtain a change t in the trust level of an entity at a certain point in time d' May be implemented using derivative definitions. T obtained at this time d' Representing the instantaneous trust change at time t. At this time, the higher the trust value is, the lower the abnormal fluctuation is, the smaller the influence of the history behavior on the current trust value is, and vice versa.
Here, t is d' Is the instantaneous fluctuation of β at i=0, and is called a derivative definition because this definition is a way to construct a trust change based on a preamble, where the instantaneous fluctuation is derived from the trust change. t is t d' Is a special case when i=0, that is, the variation of this point in time fluctuates. In actual application, determining whether t is adopted according to requirements d' The present embodiment is not limited thereto.
According to the method, when the terminal entity of the Internet of things is started, the terminal entity of the Internet of things is analyzed based on a zero trust architecture, so that a discrete interval evaluation set is obtained; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval. In the embodiment, the mathematical idea is associated with trust analysis, the trust condition of an entity is obtained by constructing a Markov chain with multiple forms, introducing concepts such as fluctuation, threshold and the like in the trust analysis, the trust condition of the terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust condition of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the correctness of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low correctness of the dynamic authorization system of the existing internet of things access equipment is solved.
Referring to fig. 5, fig. 5 is a block diagram of a first embodiment of a zero trust evaluation device based on an internet of things terminal device according to the present invention.
As shown in fig. 5, the zero trust evaluation device based on the terminal device of the internet of things includes:
the analysis module 10 is configured to analyze, when an internet of things terminal entity is started, the internet of things terminal entity based on a zero trust architecture, so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
the determining boundary module 20 is configured to determine a threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module 30 is configured to determine an early warning probability of the terminal entity of the internet of things according to the threshold boundary;
and the comparison and evaluation module 40 is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
It should be noted that, in this embodiment, trust evaluation is performed by an internet of things terminal entity oriented to the electric power internet of things as an example. The internet of things terminal entities of the electric power internet of things include, but are not limited to, a distribution transformer monitoring terminal (TTU), a distribution switch monitoring terminal (FTU), and a data transmission terminal (DTU).
The method for evaluating the zero trust of the terminal equipment of the internet of things introduces a mathematical idea, associates the mathematical idea with a trust analysis technology, and comprehensively evaluates the terminal entity of the internet of things from different aspects.
Specifically, a zero trust evaluation metric of an internet of things terminal entity is determined. Defining default rules: the confidence values are consecutive within interval 0,1, and the embodiment uses consecutive confidence values to measure the confidence relationship. Taking 0 as completely untrustworthy and 1 as completely trusted, the trust value floats within the range of [0,1 ]. Based on the idea of normal distribution, the default value of the initial state of authenticated trust can be set to be the middle value of 0.5 of the evaluation range. According to the trust requirement of the terminal entity of the Internet of things, comprehensive nodes are carried out on the trust structural elements and the trust characteristics, and the trust value characteristics in the rule are used as the reference for measuring the trust of the terminal entity of the Internet of things. For example, a distribution transformer monitoring terminal (TTU) time point may be considered reliable when the TTU trust fluctuation does not exceed a certain threshold (i.e., without abnormal fluctuation).
In an embodiment, when an internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, including: when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set; constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals; selecting a target trust change interval from the trust value intervals; and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
In an example, based on a zero trust architecture, initial authentication is performed on an internet of things terminal entity when the internet of things terminal entity is started, and the internet of things terminal entity which completes the initial authentication is assigned a default trust value of 0.5; and evaluating the trust state of the terminal entity of the Internet of things by using the Markov chain in an expanded form through recording the data interaction and behavior information of the terminal entity of the Internet of things, so as to obtain a discrete interval evaluation set.
In one example, ranges of trust values are constructed from a normal distribution to obtain different trust value intervals: according to the definition of normal distribution, a switch form Markov chain is expanded, different definitions are given to different trust value intervals by the expanded Markov chain and the normal distribution two-stage theory, a trust value of 1 in the expanded Markov chain indicates complete reliability, a trust value is located at [0.75,1 ] to indicate extremely reliability, a trust value is located at [0.5, 0.75) to indicate relatively reliability, a trust value is located at [0.25, 0.5) to indicate relatively unreliability, a trust value is located at [0,0.25) to indicate extremely unreliability, and a trust value of 0 to indicate complete unreliability. And constructing a most basic trust value model in the embodiment according to the different trust value intervals.
It should be noted that the trust value model is generally based on the existence of a trust interval, and the trust interval defined in this embodiment is based on a normal distribution preliminary analysis. The range of the interval covered by the actual trust value model may be an exponential mode or a statistical model such as a power function, and may be specifically determined according to the actual requirement, which is not limited in this embodiment.
In an example, a node trust value is calculated: a trust threshold is introduced to compare or identify the trustworthiness of the node at that point. If trust values, trust fluctuations, and trust thresholds are denoted as T, β, and S, respectively, then the following inferences will be drawn: when beta < S and T is in a trusted form, the node is considered to be trusted at this point; when beta is larger than or equal to S, the trust form of the node at the time point is not necessarily trusted.
It can be appreciated that the confidence threshold is also considered a random process, and the present embodiment proposes a confidence threshold model: if P { S (S, T) -beta (T-S) > x }. Ltoreq.g (x) is found for all time ranges 0.ltoreq.s.ltoreq.T and x.ltoreq.0, then the cumulative confidence threshold S (T) is considered to obey the confidence threshold (t.t.) curve beta.e.F, the boundary function isExpressed as S tt <g,β>. Illustratively, a trusted time point is further defined as a time point when the trust value is in a trusted form and the probability of unreliability of the time point is sufficiently low or the probability of trustworthiness is sufficiently high, then the node is considered trusted.
In an example, a trust change interval to be analyzed is selected, a trust start point i and a trust end point j are determined, an initial trust value and an end trust value are determined according to a time range, and a ratio of a difference value between the initial trust value and the end trust value to a difference value between the time intervals is defined as an instantaneous fluctuation rate of the period i to j according to a preset trust change algorithm. And constructing the trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
In an embodiment, determining the threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set includes: carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold; determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold; and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
In one example, as shown in fig. 3, a threshold boundary is determined based on the above three attribute sets (discrete interval evaluation set, trust value interval, and trust change frequency attribute set), and the threshold boundary is listed in the corresponding evaluation set, i.e., trust reliability status evaluation set.
Specifically, a lower trusted threshold or an upper untrusted threshold is determined: if a certain node N i (i=1, 2..n) has a cumulative trust value a (t) to ultra stv <f,α>Accumulated confidence threshold S (t) to the upper stt <g,β>Then within any time period (s, t](0.ltoreq.s.ltoreq.t) the upper bound of the probability of untrusted trust UT (s, t) is:the lower bound of the trusted trust probability T (s, T) is: />It will be appreciated that for (s, t](0.ltoreq.s.ltoreq.t) in this section s represents the preamble start time i, but differs from i in that s represents the start point excluding the instant i, so that s is defined as distinguishing from i.
Illustratively, trust metrics are performed on the terminal entities on the time axis, and the specific algorithm is as follows: calculate the time interval (0, t) N ) Cumulative trust value withinAnd time interval (0, t)]An accumulated confidence threshold withinWherein S istn represents time t n A confidence threshold of =n×Δt (n=1, 2, 3.). />
From the trust value model described in the above example, a trust value (s.t.v) curve α (t) and a boundary function f (x) are derived. From the confidence threshold model described in the above example, a confidence threshold (s.t.t.) curve β (t) and a boundary function g (x) are derived. From definition of the upper and lower threshold limits in determining the lower or upper threshold limits of confidence, it is derived that the threshold values are defined at any time interval (s, t ](s is more than or equal to 0 and less than or equal to t), the upper bound of the unreliable probability UT (s, t), namely the early warning probability isThe lower bound of the confidence probability T (s, T), i.e. the confidence probability is
Note that, the early warning probability indicates a worst case that the object timing may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished.
In an embodiment, comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result includes: comparing the early warning probability with a preset safety threshold; and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
Specifically, the early warning probability indicates a worst case where the object time point may be malicious. By comparing the early warning probabilities, abnormal time points and normal time points can be distinguished. It should be noted that the confidence probability may not be compared, the opposite value of the early warning probability is the confidence probability, and the early warning probability and the confidence probability are compared to achieve the goal. If under certain conditions, confidence probabilities can be calculated to make the evaluation result positive.
In an embodiment, the method further comprises: determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold; adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold; and comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
Illustratively, the preset security threshold is adjusted to obtain an updated security threshold such that the updated security threshold satisfies a balance between trust level and resource utilization. Specifically, the early warning probability is calculated according to the definition of the upper and lower threshold limits in the process of determining the lower or the upper threshold limitsConfidence probabilityWhen s=0, t=t N Early warning probability->Confidence probability
Illustratively, by comparing the early warning probability with a preset safety threshold f 0 A comparison is made to identify the reliability of the guest node. When the early warning probability is not greater than the preset safety threshold f 0 Nodes may be considered reliable when they are. A basic level of trust can be ensured.
In one example, the preset safety threshold f is adjusted 0 The optimal security threshold is chosen such that a balance is achieved between trust level and resource utilization. Based on a preset safety threshold f 0 Adjustment by dynamically modifying a preset safety threshold f 0 The general state of trust reliability of a trusted entity may be evaluated.
Specifically, the preset safety threshold f can be adjusted by clamping 0 Illustratively, the range of 0.05 will be gradually clipped based on the evaluation requirement, starting from a larger 0.25. The adjustment process is typically performed manually, with more angles depending on the actual needs of the user. The pinch force includes a process of tapering from a maximum value across the interval to a target minimum value, typically user-defined. In general The threshold clamping force is immediately declared to be over to one of two degrees, namely that the user reaches the expected target, and the time cost after clamping force is exponentially improved.
The zero trust evaluation device based on the terminal device of the internet of things in this embodiment includes: the analysis module 10 is configured to analyze, when an internet of things terminal entity is started, the internet of things terminal entity based on a zero trust architecture, so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set; the determining boundary module 20 is configured to determine a threshold boundary of the terminal entity of the internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set; the determining early warning module 30 is configured to determine an early warning probability of the terminal entity of the internet of things according to the threshold boundary; and the comparison and evaluation module 40 is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result. In the embodiment, the mathematical idea is associated with trust analysis, by constructing a discrete interval evaluation set and a trust value interval of a multi-element form, the trust change fluctuation, threshold boundary and other concepts are introduced in the trust analysis, the trust condition of an entity is obtained, the trust condition of a terminal entity is comprehensively evaluated from three layers of completeness, accuracy and objectivity, the trust state of the terminal equipment of the internet of things is respectively evaluated from the data angle through early warning and other angles, more objective and accurate basis can be provided for dynamic authorization of a zero trust network security architecture, the accuracy of a dynamic authorization system in the zero trust architecture is improved, and the technical problem of low accuracy of the dynamic authorization system of the existing access equipment of the internet of things is solved.
In addition, technical details not described in detail in the embodiment of the zero trust evaluation device based on the terminal device of the internet of things can be referred to, and the zero trust evaluation method applied to the terminal device of the internet of things as described above provided in any embodiment of the present invention is not described herein.
It should be understood that the foregoing is illustrative only and is not limiting, and that in specific applications, those skilled in the art may set the invention as desired, and the invention is not limited thereto.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
Furthermore, it should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. Read Only Memory)/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. The zero trust evaluation method based on the terminal equipment of the Internet of things is characterized by comprising the following steps:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and comparing the early warning probability with a preset safety threshold, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
2. The method for evaluating zero trust based on an internet of things terminal device according to claim 1, wherein when the internet of things terminal entity is started, the internet of things terminal entity is analyzed based on a zero trust architecture to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set, and the method comprises the following steps:
when an Internet of things terminal entity is started, analyzing the Internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set;
Constructing a variation range of trust values according to normal distribution so as to obtain different trust value intervals;
selecting a target trust change interval from the trust value intervals;
and determining the trust change frequency attribute set of the terminal entity of the Internet of things according to a preset trust change algorithm and the target trust change interval.
3. The method for evaluating zero trust based on an internet of things terminal device according to claim 2, wherein the analyzing the internet of things terminal entity based on a zero trust architecture to obtain a discrete interval evaluation set when the internet of things terminal entity is started comprises:
when an Internet of things terminal entity is started, carrying out initial authentication on the Internet of things terminal entity based on a zero trust architecture;
assigning a default trust value to the terminal entity of the Internet of things passing the initial authentication;
collecting data interaction and behavior information of the terminal entity of the Internet of things;
and carrying out measurement analysis according to the data interaction and behavior information to obtain a discrete interval evaluation set.
4. The method for evaluating zero trust based on terminal equipment of the internet of things according to claim 3, wherein the measuring and analyzing according to the data interaction and behavior information to obtain a discrete interval evaluation set comprises:
Expanding the switch form Markov chain according to normal distribution to obtain an expanded form Markov chain;
and evaluating the trust state of the terminal entity of the Internet of things based on the Markov chain of the extended form and the data interaction and behavior information so as to obtain a discrete interval evaluation set.
5. The method for evaluating zero trust based on the terminal device of the internet of things according to claim 2, wherein the determining the trust change frequency attribute set of the terminal entity of the internet of things according to the preset trust change algorithm and the target trust change interval comprises:
determining a trust starting point and a trust ending point of the target trust change interval;
determining an initial trust value and an ending trust value according to the time range of the target trust change interval;
determining an instantaneous fluctuation rate according to the initial trust value, the ending trust value, the trust starting point and the trust ending point based on a preset Berbaum algorithm;
and constructing a trust change frequency attribute set of the terminal entity of the Internet of things according to the instantaneous fluctuation rate.
6. The method for evaluating zero trust based on an internet of things terminal device according to claim 1, wherein the determining the threshold boundary of the internet of things terminal entity according to the discrete interval evaluation set, the trust value interval, and the trust change frequency attribute set comprises:
Carrying out trust measurement on the terminal entity of the Internet of things on a time axis according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set to obtain an accumulated trust value and an accumulated trust threshold;
determining a lower credible threshold and an upper credible threshold according to the accumulated trust value and the accumulated credible threshold;
and taking the lower trusted threshold and the upper untrusted threshold as threshold boundaries.
7. The method for evaluating zero trust based on the terminal equipment of the internet of things according to claim 1, wherein the comparing the early warning probability with a preset safety threshold value, and determining the trust reliability of the terminal entity of the internet of things according to the comparison result, comprises:
comparing the early warning probability with a preset safety threshold;
and when the early warning probability is smaller than or equal to the preset safety threshold, determining that the terminal entity of the Internet of things is considered to be reliable.
8. The method for evaluating zero trust based on an internet of things terminal device according to claim 6, wherein the method further comprises:
determining the early warning probability of the terminal entity of the Internet of things according to the upper bound of the unreliable threshold;
adjusting the preset safety threshold according to the early warning probability to obtain an updated safety threshold;
And comparing the early warning probability with the updated safety threshold value, and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
9. Zero trust evaluation device based on thing networking terminal equipment, characterized in that, the device includes:
the analysis module is used for analyzing the terminal entity of the Internet of things based on a zero trust architecture when the terminal entity of the Internet of things is started so as to obtain a discrete interval evaluation set, a trust value interval and a trust change frequency attribute set;
the boundary determining module is used for determining a threshold boundary of the terminal entity of the Internet of things according to the discrete interval evaluation set, the trust value interval and the trust change frequency attribute set;
the determining early warning module is used for determining the early warning probability of the terminal entity of the Internet of things according to the threshold boundary;
and the comparison evaluation module is used for comparing the early warning probability with a preset safety threshold value and determining the trust reliability of the terminal entity of the Internet of things according to a comparison result.
10. The zero trust evaluation device based on the terminal equipment of the Internet of things is characterized by comprising: the system comprises a memory, a processor and a zero trust evaluation program based on the internet of things terminal device, wherein the zero trust evaluation program based on the internet of things terminal device is stored on the memory and can run on the processor, and is configured to realize the zero trust evaluation method based on the internet of things terminal device according to any one of claims 1 to 8.
CN202310830252.6A 2023-07-07 2023-07-07 Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things Active CN116886261B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310830252.6A CN116886261B (en) 2023-07-07 2023-07-07 Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310830252.6A CN116886261B (en) 2023-07-07 2023-07-07 Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things

Publications (2)

Publication Number Publication Date
CN116886261A true CN116886261A (en) 2023-10-13
CN116886261B CN116886261B (en) 2024-05-28

Family

ID=88263709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310830252.6A Active CN116886261B (en) 2023-07-07 2023-07-07 Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things

Country Status (1)

Country Link
CN (1) CN116886261B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020015838A1 (en) * 2018-07-20 2020-01-23 Nokia Solutions And Networks Oy Zero trust perimeterization for microservices
CN111953679A (en) * 2020-08-11 2020-11-17 中国人民解放军战略支援部队信息工程大学 Intranet user behavior measurement method and network access control method based on zero trust
CN114760118A (en) * 2022-04-01 2022-07-15 广西壮族自治区数字证书认证中心有限公司 Trust evaluation method with privacy protection in zero-trust architecture
KR102542720B1 (en) * 2022-10-27 2023-06-14 주식회사 이노티움 System for providing internet of behavior based intelligent data security platform service for zero trust security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020015838A1 (en) * 2018-07-20 2020-01-23 Nokia Solutions And Networks Oy Zero trust perimeterization for microservices
CN111953679A (en) * 2020-08-11 2020-11-17 中国人民解放军战略支援部队信息工程大学 Intranet user behavior measurement method and network access control method based on zero trust
CN114760118A (en) * 2022-04-01 2022-07-15 广西壮族自治区数字证书认证中心有限公司 Trust evaluation method with privacy protection in zero-trust architecture
KR102542720B1 (en) * 2022-10-27 2023-06-14 주식회사 이노티움 System for providing internet of behavior based intelligent data security platform service for zero trust security

Also Published As

Publication number Publication date
CN116886261B (en) 2024-05-28

Similar Documents

Publication Publication Date Title
US20160173495A1 (en) System and method for providing authentication service for internet of things security
CN107508815B (en) Early warning method and device based on website traffic analysis
US10547618B2 (en) Method and apparatus for setting access privilege, server and storage medium
CN110162976B (en) Risk assessment method and device and terminal
CN110602135B (en) Network attack processing method and device and electronic equipment
CN109495513B (en) Unsupervised encrypted malicious traffic detection method, unsupervised encrypted malicious traffic detection device, unsupervised encrypted malicious traffic detection equipment and unsupervised encrypted malicious traffic detection medium
CN113596001B (en) DDoS attack detection method, device, equipment and computer readable storage medium
CN112016078A (en) Method, device, server and storage medium for detecting forbidding of login equipment
US10032116B2 (en) Identifying computer devices based on machine effective speed calibration
CN114910756A (en) Insulation performance evaluation method and system for low-voltage bus duct
CN116886261B (en) Zero trust evaluation method, device and equipment based on terminal equipment of Internet of things
CN109976828B (en) Method and device for configuring file
CN109257384B (en) Application layer DDoS attack identification method based on access rhythm matrix
CN117040827A (en) Abnormal account detection method and device, storage medium and electronic equipment
CN114499983B (en) Tor flow detection method and device, terminal equipment and storage medium
JP5204802B2 (en) Method and apparatus for tagging a social environment
CN114760087A (en) DDoS attack detection method and system in software defined industrial internet
JP2010250833A5 (en)
CN106612278B (en) Data validity verification method and system
CN111814051A (en) Resource type determination method and device
Kumari et al. Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach
CN113868646B (en) Intrusion detection method and device based on host
US20230026262A1 (en) Wireless Channel Selection for Multipath Authentication of a User
CN111582673B (en) Attack risk assessment method and device for power distribution automation system master station
CN116582369B (en) Willingness authentication method for online subscription

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant