KR102054256B1 - Ami device, integrity verification system and method thereof - Google Patents

Abstract

Disclosed are an advanced metering infrastructure (AMI) device, and an integrity verification system and integrity verification method of an AMI device. According to the present invention, the AMI device for power meter reading capable of integrity verification comprises at least one chip and a central processing unit for controlling the at least one chip. The central processing unit generates an integrity hash value based on hardware information of the AMI device including information on the chip and transmits transaction data encrypted with the integrity hash value.

Description

AMI device and AMI device integrity verification system and integrity verification method {AMI DEVICE, INTEGRITY VERIFICATION SYSTEM AND METHOD THEREOF}

The present invention is an AMI device, an integrity verification system and integrity verification method of the AMI device, and more specifically, to prepare for the forgery and failure situation of the AMI (Advanced Metering Infrastructure) device and the AMI device for remotely reading the power amount The present invention relates to a system and method for verifying the integrity of an AMI device using a blockchain.

AMI (Advanced Metering Infrastructure) is a generic term for devices and systems that digitize existing analog meters and connect them to a communication network to measure and analyze the amount of power generated at the power generation and receiving terminals in real time. These AMIs are key technologies for building an intelligent power grid, including Energy Management System (EMS), Energy Storage System (ESS), Virtual Power Plant (VPP), and P2P power transactions.

Actual power energy is distributed to end customers through the power system. The power system collectively refers to a system consisting of a power generation facility for producing power, a transmission line substation, a distribution line such as a distribution line, and a power receiving facility for consuming a power distributed in a general home or factory.

The amount of power of the system points of the power system (eg, power plants, boost substations, primary and secondary step-down substations, transformers, power stages, etc.) may be converted into digital information through the AMI device. The digital information of the converted power may be propagated through the communication network. That is, the path of physical power and the path of digital information of power may be different paths. If the power measurement through the AMI device is not accurate, the actual power generation and power consumption and the power information on the network are inconsistent, which may cause a problem of lowering the reliability of the intelligent power grid.

Recently, data integrity has emerged as an important issue to guarantee such reliability. Each industry focuses on blockchain among several technologies to ensure data integrity. Although blockchain is often regarded as a technology specialized for the transmission of digital information, the blockchain is characterized by the entire system ensuring data integrity against forgery and corruption of data registered in the blockchain system.

For this reason, efforts have been made to apply blockchain to each industrial system. However, in the conventional blockchain system, only the upper system has been applied to the blockchain. If the entire system is not organically connected through the blockchain, the data integrity of the part where the blockchain is not applied is not guaranteed.

Conventionally, even in an intelligent power grid to which a blockchain is applied, only a higher system is applying a blockchain. In an intelligent grid, data reliability is very important. Application of a partial blockchain rather than the entire system as in the prior art causes a problem that the blockchain cannot guarantee the data integrity of the AMI portion to which the blockchain is not applied.

KR 10-1527353 (2015. 06. 09.)

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and its object is to ensure hardware integrity for firmware, chip and circuit modification and failure by blockchaining hardware information.

In addition, the purpose is to configure the AMI device in the blockchain system to ensure the integrity of the entire AMI device system.

It is also an object of the present invention to prevent physical failure and forgery of power information that can occur by blockchaining normal power measurement information.

According to an embodiment of the present invention, an AMI (Advanced Metering Infrastructure) device for inspecting an amount of power capable of verifying integrity may include at least one chip and a central processing unit to control the at least one chip. An integrity hash value may be generated based on hardware information of the AMI device including the chip information, and transaction data encrypted with the integrity hash value may be transmitted.

The hardware information may further include one or more of firmware information and circuit check information of the AMI device.

The central processing unit may encrypt the integrity hash value using a private key of the AMI device and a public key of a verification node connected to a network with the AMI device.

The firmware information may include one or more of the version information of the firmware, one or more parameter values, and representative values for one or more functions.

In addition, the chip information may include a PUF (Physical Unclonable Function) value of the chip.

The CPU may generate a forged hash value using a firmware hash value generated based on the firmware information and a chip hash value generated based on the information of the chip, and may generate the forged hash value and the circuit check information. The integrity hash value may be generated using the fault diagnosis hash value generated as a basis.

The transaction data may be generated by encrypting the integrity hash value with a private key of the AMI device, converting the integrity hash value into a signature value, and encrypting the signature value with a public key of the verification node.

The AMI device may further include a sensor for measuring an amount of power, a switch for selectively passing a power signal or a reference signal measured by the sensor, and converting the power signal or the reference signal passed by the switch into a digital signal and converting the digital signal into a digital signal. And a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal.

The AMI device may operate in a normal mode in which the switch passes the power signal or in a verification mode in which the switch passes the reference signal, and the verification mode corresponds to the central processing unit corresponding to the integrity verification request of the verification node. It can operate according to the control signal of.

An AMI device integrity verification system for verifying the integrity of an advanced metering infrastructure (AMI) device for blockchain-based power meter reading according to an embodiment of the present invention includes one or more of the AMI device and a network with the AMI device including a central processing unit. A plurality of blockchain nodes connected to each other and requesting integrity verification of the AMI device, wherein the central processing unit of the AMI device has integrity based on one or more of firmware information, chip information, and circuit inspection information of the AMI device; A hash value may be generated, and the integrity hash value may be encrypted using a private key of the AMI device and a public key of the blockchain node, and transmitted as transaction data to the blockchain node.

The blockchain node converts the transaction data into the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and compares the transaction data with a reference hash value of the previously stored AMI device. Transaction data may be generated as a result of encrypting data using the private key of the blockchain node, and the resulting transaction data may be transmitted to a block generation node among the blockchain nodes.

Further, at least one block generation node generates a block with a block generation rule according to a consensus algorithm, propagates the block to the blockchain node, and each blockchain node is a result value of which the result data matches. Communication with the AMI device may be maintained, and communication with the AMI device may be stopped if there is a mismatch.

According to an embodiment of the present invention, a method of verifying the integrity of an advanced metering infrastructure (AMI) device for metering power using a blockchain may include an integrity hash value based on hardware information including chip information of the AMI device. A first step of generating, encrypting the integrity hash value with a private key of the AMI device and a public key of a verification node of the blockchain; and generating a communication protocol based on the integrity hash value encrypted in the second step. A third step of generating transaction data according to the verification node, a fourth step of decrypting the transaction data into a private key of the verification node and a public key of the AMI device, and converting the transaction data into the integrity hash value; A fifth step of encrypting the result data compared with the reference hash value with the private key of the verification node It is possible to generate a transaction result data in accordance with the communication protocol on the basis of the result of the encrypted data in the fifth step a sixth step of transmitting the at least one block generated node of the chain block.

And a seventh step of generating a block with a block generation rule according to a consensus algorithm, and propagating the generated block to one or more nodes of the blockchain, and if the result data is a matched result, each blockchain. The node may further include step 8-1 of maintaining communication with the AMI device or step 8-2 of each blockchain node suspending communication with the AMI device if the result data is an inconsistent result. .

The hardware information may further include firmware information and circuit check information of the AMI device, and the first step may include a firmware hash value based on the firmware information, a chip hash value based on the information of the chip, and the circuit check information. Step 1-1 of generating a troubleshooting hash value based on the information; steps 1-2 of generating a forgery hash value using the firmware hash value and the chip hash value; and the forgery hash value and the troubleshooting hash. And generating the integrity hash value using the value.

The third step may further include a third step of encrypting the integrity hash value with a private key of the AMI device and converting the integrity hash value into a signature value, and generating the transaction data by encrypting the signature value with a public key of the verification node. It may include step 3-2.

In addition, the chip information may include a PUF (Physical Unclonable Function) value of the chip.

The AMI device, the AMI device integrity verification system, and the integrity verification method according to an embodiment of the present invention can block hardware information to ensure hardware integrity for firmware, chip and circuit modification and failure.

In addition, the AMI device can be configured in the blockchain system to ensure the integrity of the entire AMI device system.

In addition, it is possible to block normal power measurement information to prevent physical failure and forgery of power information that may occur.

1 is a view showing an AMI device installed on the consumer side according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of an AMI device according to an embodiment of the present invention.
3 is a block diagram illustrating a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention.
4 is a diagram illustrating an integrity verification processing procedure of an AMI device according to an embodiment of the present invention.
5 is a view showing a voltage signal to pass through the mode change of the switch according to an embodiment of the present invention.
6 is a diagram illustrating a hash structure for generating an integrity hash value according to an embodiment of the present invention.
7 is a diagram illustrating an integrity verification processing procedure of a blockchain node according to an embodiment of the present invention.
8 is a diagram illustrating a modulated hashite structure according to an embodiment of the present invention.
9 is a flowchart of a method for verifying AMI device integrity according to an embodiment of the present invention.
10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention.
11 is a flowchart illustrating a process of encrypting using an asymmetric key according to an embodiment of the present invention.
12 is a flowchart of a method for verifying AMI device integrity according to an embodiment of the present invention.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the embodiments of the present invention.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the present invention. Singular expressions may include plural expressions unless the context clearly indicates otherwise.

As used herein, the terms "comprise", "have" or "include" are intended to indicate that there is a feature, number, step, action, component, part, or combination thereof described on the specification. Or other features or numbers, steps, operations, components, parts or combinations thereof may be understood as not precluding the possibility of addition or possibility in advance.

In addition, the components shown in the embodiments of the present invention are shown independently to represent different characteristic functions, and do not mean that each component is made of separate hardware or one software unit. That is, each component is described by listing each component for convenience of description, and at least two of the components may be combined to form one component, or one component may be divided into a plurality of components to perform a function. The integrated and separated embodiments of each of these components are also included within the scope of the present invention without departing from the spirit of the invention.

In addition, the following embodiments are provided to more clearly explain to those skilled in the art, the shape and size of the elements in the drawings may be exaggerated for more clear description.

Hereinafter, exemplary embodiments of the present invention will be described with reference to the accompanying drawings.

1 is a view showing an AMI device installed on the consumer side according to an embodiment of the present invention. The AMI device 100 shown in FIG. 1 is an apparatus that is installed at a point connected to a consumer side in a power provider line and measures an amount of power consumed by the consumer side. 1 is a general case, and may be installed on the generator side instead of the consumer side to measure the amount of power generated. Hereinafter, the description will be made as an AMI device installed on the consumer side according to an embodiment. In general, the AMI device 100 is bi-directional communication with the power supplier is used as an important means for implementing and operating a mutual recognition-based demand response (DR) system of the electricity supplier and the consumer, and various types of distributed power supply It is one of the components that can be used for future intelligent power grid operation such as information linkage with the system and distribution system.

The AMI (Advanced Metering Infrastructure) is an advanced form of unidirectional remote metering system (AMR), which actively saves energy through demand response between consumers and electric energy suppliers through bidirectional data communication between power producers and consumers. It is an infrastructure system that guides and integrates and manages consumer-side energy.

2 is a block diagram illustrating a configuration of an AMI device according to an embodiment of the present invention. 2, an AMI device 100 according to an embodiment of the present invention may include one or more chips and a central processing unit 123. The chip may include a sensor 110, a switch 121, an analog to digital converter (ADC) 122, a central processing unit 123, a reference circuit 130, and a communication module 140.

As illustrated in FIG. 1, the sensor 110 may measure the power consumption of the consumer and convert the power consumption into a power signal. The power signal may be an analog signal or a digital signal and may be transmitted to the switch 121. The switch 121 may selectively pass the power signal or the reference signal. The analog-to-digital converter (ADC) 122 may convert the power signal or the reference signal passed by the switch 121 into a digital signal and transmit the digital signal to the central processing unit 123. The CPU 123 may control the selective passage of the power signal or the reference signal of the switch 121, and may generate transaction data for verifying the integrity of the AMI device 100. The central processing unit 123 may transmit the generated transaction data to the communication module 140, and the communication module 140 connected to the network may transmit the transaction data to the blockchain node (see FIG. 3). The blockchain node will be described later with reference to FIG. 3. In addition, the communication module 140 may receive an external control signal transmitted from the network and transmit it to the central processing unit 123.

Here, the switch 121, the ADC 122, and the central processing unit 123 may be provided as individual elements or may be integrated into the control unit 120 and provided as one micro controller unit (MCU).

The AMI device 100 may operate in a normal mode or a verify mode. The normal mode is a mode for reading the amount of power consumed by the consumer, and the switch 121 may pass the power signal to the ADC 122. The verification mode is a mode for verifying the integrity of the AMI device 100. The switch 121 may prevent the power signal of the sensor 110 from passing and pass the reference signal of the reference circuit 130. The normal mode or the verification mode may be converted into a control signal of the central processing unit 123.

3 is a block diagram illustrating a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention. Referring to FIG. 3, an AMI device integrity verification system according to an embodiment of the present invention may include a blockchain system including a plurality of nodes connected to a network by a client including the AMI device 100. The plurality of nodes may be blockchain nodes, and each of the blockchain nodes may have a distributed ledger including a power amount record measured by each of the plurality of AMI devices 100. In addition, each blockchain node may be divided into a verification node 200, a block generation node 300, and a general node 400 according to a function on the blockchain system, but the verification node 200 on the blockchain. The block generation node 300 and the general node 400 are not fixed and their roles may be exchanged or duplicated.

The AMI device 100 may be connected to the blockchain node through the communication module 140. The AMI device 100 shown in FIG. 3 is connected to the verification node 200 but is not limited thereto. Preferably, the AMI device 100 may be included as a node on the blockchain system, and the plurality of AMI devices 100 may also be a verification node 200, a block generation node 300, and a general node 400 as the blockchain node. ) Can be connected to each other.

The verification node 200 may request integrity verification for the AMI device 100 and verify data in response to the request. The block generation node 300 may generate a new block (ledger) that can be organically connected with existing blocks by binding the transaction data verified and signed by the verification node 200 in a predetermined unit. The generated block is propagated to the general node 400 and the general node 400 may connect the generated node with an existing block.

4 is a diagram illustrating an integrity verification processing procedure of an AMI device according to an embodiment of the present invention. Referring to FIG. 4, the integrity verification of the AMI device 100 may start according to the device integrity verification request of the verification node 200 illustrated in FIG. 3. When the AMI device 100 receives the integrity verification request from the verification node 200, the CPU 123 may operate in the verification mode. The CPU 123 may generate an integrity hash value based on one or more of firmware information 151 of the AMI device 100, chip information 152, and circuit check information 153.

The firmware information 151 is a status information parameter that can be checked when a parameter that may be manipulated externally for a specific purpose is changed or an installation state is changed. The firmware information 151 may be information that is obtained for generating a hash from the firmware. Can be. For example, firmware version information, device specific management number, device IP / port information, node / server IP / port information, ADC sensor correction value (offset value), threshold comparison value of self-check function for fault determination , Fault code list, MCU log records of external debugging equipment.

The information 152 of the chip may be a Physical Unclonable Function (PUF) value of the chip constituting the AMI device 100. The PUF value refers to a random digital value that is difficult to predict in a chip by using process deviations generated in a semiconductor manufacturing process. PUF values cannot be duplicated because hardware-predictable values are output. In general, the same circuit and the same mask layout, even in the same process, due to the process deviation occurs due to the characteristics of the semiconductor manufacturing process, the difference in many parts such as device characteristics such as transistors, capacitors, resistors, or circuit characteristics such as gate delay time Occurs. Due to this difference, each chip has a different bit value, and unlike the random number generator, the determined value outputs the same value every time it is used as chip-specific information. Since the generated value is generated inside the chip, it is possible to generate data on its own without any external manipulation, and thus has an advantage of fundamentally preventing leakage to the outside of the chip. It is also difficult to read the PUF value for physical security attacks.

The circuit check information 153 may be information on whether there is an abnormality in the voltage signal of the sensor 110, the filter, the signal flow leading to the ADC 122, and the central processing unit 123. The circuit inspection may be for self-diagnosing the occurrence of a failure of the corresponding part due to artificial disturbance from the outside or by installing several passive elements in the filter unit to artificially manipulate the value to be read, or inadequate management and deterioration. To this end, the reference circuit 130 may generate a fixed or predetermined variable voltage signal, that is, a reference signal. The reference circuit 130 may transmit a reference signal to the switch 121, and the switch 121 may pass the reference signal. In this case, the CPU 123 may transmit a control signal to operate the switch 121 in the verify mode, and thus the switch 121 may operate in the verify mode to pass the reference signal.

5 is a view showing a voltage signal to pass through the mode change of the switch according to an embodiment of the present invention. Referring to FIG. 5, when the switch 121 is in the normal mode, the commercial voltage is measured, and when the switch 121 is switched to the verify mode due to the control signal of the central processing unit 123, the commercial voltage signal is blocked and the reference circuit is performed. It can be seen that the reference signal of 130 passes.

The CPU 123 may measure a result value of the reference signal passing through the switch 121 and compare the result with the recording value measured as the reference signal in the factory state. If the result of comparison between the result value and the recorded value is within the error range, the central processing unit 123 may determine whether the failure is normal and include it in the circuit inspection information if the error is out of the error range. In addition, the central processing unit 123 may determine the type of abnormality according to the distortion type of the measured waveform and include it in the circuit inspection information.

6 is a diagram illustrating a hash structure for generating an integrity hash value according to an embodiment of the present invention. 4 and 6, the central processing unit 123 may generate a hash 166 structure composed of a plurality of hash values. The hash structure is a structure that finally generates one hash value by generating hash values based on one or more pieces of basis information. In one embodiment of the present invention, the basis information may be firmware information 151, chip information 152, and circuit check information 153, and the final firmware hash value 161 may be hash-converted step by step, respectively. The chip hash value 162 and the troubleshooting hash value 163 may be generated. In addition, the generated hash hash value 161, the chip hash value 162, and the fault diagnosis hash value 163 may generate the final hash value, that is, the integrity hash value 165, using the hash structure. The central processing unit 123 may generate the firmware hash value 161, the chip hash value 162, and the failure diagnosis hash value 163 simultaneously or separately according to a predetermined order.

According to an embodiment, the basis information of the firmware information 151 is a device unique ID value, firmware version information, and IP / port information, and the basis information of the chip information 152 is a central processing unit PUF and an ADC PUF, and circuit check information. The basis information of 153 may be a fault code. As mentioned above, each of the basis information may further include other information. The CPU 123 may generate the firmware hash value 161, the chip hash value 162, and the failure diagnosis hash value 163 in the hash structure according to the basis information. As illustrated in FIG. 6, the CPU 123 may hash convert the device unique ID value 151a, the firmware version information 151b, and the IP / port information 151c, respectively, to generate a corresponding hash value. . That is, the central processing unit 123 sets 0x6660AA0D ... 161a as the device unique ID value 151a, 0x0CB21B56 ... (161b) as the firmware version information 151b, and 0x3FB8AFE3 as the IP / port information 151c. May generate ... 161c. Here, the hash value length is not particularly limited, and for convenience of description, the first 8 digits are indicated and the trailing digit is omitted. As the hash conversion function, a SHA-256 function may be used, and a 64-bit hash value may be generated in 256 bits, that is, in hexadecimal.

The CPU 123 may generate a hash value of 0x33533960 ... (161d) based on the generated 0x6660AA0D ... (161a) and 0x0CB21B56 ... (161b). The CPU 123 may generate 0x26146AD2 ... 161e based on the generated 0x33533960 ... (161d) and 0x3FB8AFE3 ... (161c). The generated 0x26146AD2... 161e is a final hash value generated based on the firmware information 151 and may correspond to the firmware hash value 161 of FIG. 4.

Similarly, the central processing unit 123 performs hash conversion on the basis of the information 152 of the chip, that is, the central processing unit PUF value 152a and the ADC PUF value 152b, respectively, to 0x50F561B1 ... (162a) and 0x912E0459 .. 162b may be generated. The CPU 123 may generate 0x853E1B15 ... (162c) by hash conversion based on the generated 0x50F561B1 ... (162a) and 0x912E0459 ... (162b), and the corresponding 0x853E1B15 ... (162c). ) May be the chip hash value 162. In addition, the central processing unit 123 may generate 0xC3448CC4 ... (163a) by hash converting based on the fault code value 153a, and the generated 0xC3448CC4 ... (163a) is a final troubleshooting hash value (163). May be).

The central processing unit 123 generates a forgery hash value 164, 0x17376195 ... based on the generated firmware hash value 161, 0x26146AD2 ... (161e), and the chip hash value 162, 0x853E1B15 ... (162c). 164a). Subsequently, the central processing unit 123 generates the integrity hash values 165 and 0xEE6F43F5 based on the generated forgery hash values 164 and 0x17376195 ... (164a) and the fault diagnosis hash values 163 and 0xC3448CC4 ... (163a). ... 165a). In this way, each hash value is generated from the base information and compressed one by one to generate one hash value, and the hash matrix structure 166a generated by the central processing unit 123 is the integrity hash value finally generated. (165, 0xEE6F43F5 ... (165a)) may be information about a process generated to include firmware information 151, chip information 152, and circuit check information 153.

The central processing unit 123 may generate the transaction data by encrypting the generated integrity hash value 165 with the private key of the AMI device 100 and the public key of the verification node 200. The private key and the public key may consist of one pair. Each AMI device 100 and verification node 200 may be given a pair of private and public keys.

The private key may be generated as a random random value of 256 bits through the pseudo random number generator. For example, the private key expressed in hexadecimal can be in the form of '1E99423A4ED2 ... 6AEDD'. The private key generated in pairs may be input to an elliptic curve algorithm to generate a public key corresponding thereto. When the private key and the public key pair are generated, they are assigned to the AMI device 100 and the verification node 200, and the public key can be shared to all participants (nodes) participating in the system.

The private key of the AMI device 100 may be inserted into the firmware of the AMI device 100 at the time of factory shipment or mounted on a security module in a hardware form. When shipped, a lock on a chip into which the corresponding private key is input may be set, and the private key of the AMI device 100 may be protected from external leakage through the lock.

In more detail, the central processing unit 123 may digitally sign the integrity hash value 165 using the AMI device private key 171a. The digitally signed data may be encrypted once more using the verification node public key 172b. In addition, transaction data 181 for transmitting the corresponding data may be generated using a communication protocol mutually agreed on the network.

The communication module 140 may transmit the transaction data 181 to the verification node 200 requesting verification.

7 is a diagram illustrating an integrity verification processing procedure of a blockchain node according to an embodiment of the present invention. Referring to FIG. 7, the verification node 200 illustrated in FIG. 3 may receive a transaction transmitted by the AMI device 100. The verification node 200 may decrypt the transmitted transaction data 181 with the verification node private key 172a. The verification node 200 may verify the electronic signature using the AMI device public key 171b to confirm that the decrypted data is the data transmitted by the AMI device 100. The data decrypted by the verification node private key 172a and the AMI device public key 171b may be an integrity hash value 165.

The verification node 200 may compare the decrypted integrity hash value 165 with a pure integrity hash value (hereinafter, referred to as a reference hash value 167) of the AMI device 100 registered at the factory. In order to record the comparison result data in the blockchain distributed ledger, the verification node 200 can sign the result of encrypting the comparison result with the verification node private key 172a, and mutually agreed communication protocol on the network. The result transaction data 182 for transmitting the result data can be generated using the. The verification node 200 may transmit the generated transaction data 182 to one or more block generation nodes 300 illustrated in FIG. 3. Each block generation node 300 may further generate a block 220 according to a block generation rule according to a consensus algorithm after further receiving a transaction 183 of another purpose not received from another node for a predetermined time.

Here, the consensus algorithms are Proof of Work (PoW), Equilibrium Proof of Work (ePoW), Dual Proof of Work (DPoW), Proof of Stake (PoS) Ouroboros Proof of Stake (OPoS), Leased Proof of Stake (LPoS), Delegated Proof of Stake (DPoS), Dual Delegated Proof of Stake (DDPoS), Hyper-DPoS, Proof of Formulation, Proof of Forkability, Proof of Activity, ProTof Proof of Trading ), Proof of Burn (PoB), Proof of Brain (PoB), Proof of Importance (PoI), Proof of Believability (PoB), Proof of Flow (PoF) ), Proof of Authority (PoA), Proof of Storage (PoS), Proof of Space, Proof of Elapsed Time (PoET) and Rack tikeol can use one of Byzantine fault tolerance (PBFT, Practical Byzantine Fault Tolerance).

The generated block 220 may propagate to one or more general nodes 400 constituting the blockchain node network shown in FIG. 3. Each general node 400 propagating the block 220 may form a chain structure with a previously recorded block, and when the chain structure is formed, recording of corresponding information may be completed in the blockchain system. At this time, each general node 400 may query the propagated result data. The general node 400 may define the AMI device 100 as a trusted device and maintain the connection if the search result data is a matched result value. If the result of the inquiry is a mismatched result, the AMI device 100 may be defined as an untrusted device and the connection with the AMI device 100 may be stopped, and the contents of the result data may be transmitted to the management system or an alarm may be sent. Can give The management system may access the AMI device 100 remotely or directly, analyze the data, determine the cause, and take action.

8 is a diagram illustrating a modulated hashite structure according to an embodiment of the present invention. Referring to FIG. 8, the final hash value (root hash value) of the hash 166a may be changed by the entire hash value even with one change of the hash value. An example shown in FIG. 8 is a case where the central processing unit PUF values 152a and 0xAC048B64 shown in FIG. 6 are changed to 0xAC048B65 152c for some reason. In this case, the final hash value transmitted to the verification node 200 according to the hash structure, that is, the integrity hash values 165 and 0xEE6F43F5? Of FIG. 6 is changed to 0x4BA1AAD1 ... (165b) as shown in FIG. 8 and transmitted. Can be. The verification node 200 generates inconsistent result data as the result transaction data 182 through the comparison of the transmitted integrity hash value 165b with the reference hash value 167, and transmits the result to the block generation node 300. The generating node 300 may propagate the block 220 including the mismatch result data to the plurality of general nodes 400. Since the plurality of general nodes 400 query result data are inconsistent result values, the general node 400 may define the corresponding AMI device 100 as an untrusted device and stop the connection. The management system can then analyze the transmitted hash 166b to determine the cause.

The transaction data 181 transmitted from the AMI device 100 to the verification node 200 may include a hash data which is a process of generating a final hash value as well as a final hash value (integrity hash value 165). The management system can analyze the hash hash 166b of the final hash value that has been determined to be inconsistency and the hash 166a of the reference hash value 167 by comparing them from the top step by step. You can track inconsistent hash values from the top and analyze why and the type of the final hash values (0x4BA1AAD1 ... (165b)) has changed. In the case shown in Figure 8, the management system is the integrity hash value (165b, 0x4BA1AAD1 ...), the forgery hash value (164b, 0x562EC6AE ...), chip hash value (162e, 0x702AE534 ...), central processing unit PUF hash Value 162d, 0xA086ABE6 ..., central processing unit PUF values 152c, 0xAC048B65, and it can be recognized that a forged situation has occurred in the central processing unit 123 and can respond to it.

According to an embodiment of the present invention, an AMI device and an AMI device integrity system compare a hash value generated based on respective basis information of an AMI with a final hash value of each hash value with reference hash values (pure integrity hash values). By checking the match, the factory initial integrity of the AMI device can be guaranteed. In addition, the basis information may be compressed, transmitted, and compared using each hash tree, thereby reducing the computational load of the AMI device and the verification node. In addition, since the hash conversion cannot be reversed, security concerns due to the leakage of the hash value can be eliminated, and each basis information includes firmware information, chip information, and circuit check information. The integrity of the stage can also be guaranteed at the same time.

In addition, since the database is managed through the blockchain, the integrity of the data can be guaranteed by the consensus algorithm of the participants of the blockchain.

Therefore, the AMI device and the AMI device integrity system according to an embodiment of the present invention can ensure the integrity from the software and hardware layer of the AMI to the layer received from the AMI device to verify the integrity and the database layer to manage data, It may be appropriate for intelligent power grids where reliability is key.

Hereinafter, an AMI device integrity verification method according to an embodiment of the present invention will be described. Since the AMI device integrity verification method is similar to the AMI device integrity verification system, it will be briefly described.

9 is a flowchart of a method for verifying AMI device integrity according to an embodiment of the present invention. Referring to FIG. 9, a method of verifying an integrity of an advanced metering infrastructure (AMI) device for metering power using a blockchain includes generating an integrity hash value based on hardware information including information of a chip of the AMI device. In step S910, encrypting the integrity hash value with a private key of the AMI device and a public key of a verification node of the blockchain, in step S920, generating transaction data according to a communication protocol based on the encrypted integrity hash value. Transmitting to the verification node (S930), decrypting the transaction data with the private key of the verification node and the public key of the AMI device, and converting the transaction data into the integrity hash value (S940), and the reference hash value of the AMI device. Encrypting the result data with the private key of the verification node (S950) and encrypting the result data. Based on the site to create a transaction result data in accordance with the communication protocol it may include a step (S960) of transmitting the at least one block generated node of the chain block.

10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention. Referring to FIG. 10, in step S910, a firmware hash value is generated based on firmware information (S911), a chip hash value is generated based on chip information (S912), and a fault diagnosis is performed based on circuit check information. The method may include generating a hash value (S913), and the steps S911, S912, and S913 may be executed simultaneously or separately.

The information 152 of the chip may include a PUF value of the chip.

In addition, the step of generating a forgery hash value using the firmware hash value and the chip hash value (S914) and the step of generating the integrity hash value using the forgery hash value and the failure diagnosis hash value (S915) It may further include.

11 is a flowchart illustrating a process of encrypting using an asymmetric key according to an embodiment of the present invention. Referring to FIG. 11, encrypting the integrity hash value with a private key of the AMI device and converting the integrity hash value into a signature value (S931) and generating the transaction data by encrypting the signature value with a public key of the verification node (S932). ) May be included.

12 is a flowchart of a method for verifying AMI device integrity according to an embodiment of the present invention. Referring to FIG. 12, the AMI device integrity verification method according to an embodiment of the present invention may include generating a block by a block generation rule according to a consensus algorithm and propagating the generated block to one or more nodes of the blockchain ( S970).

If the result data is a matching result value in the step of checking the result data (S980), each blockchain node maintains communication with the AMI device (S991) or if the result data is a mismatch result value, the respective The blockchain node may further include a step (S992) of stopping communication with the AMI device.

Various embodiments described herein can be implemented by hardware, middleware, microcode, software, and / or combinations thereof. For example, various embodiments may include one or more application specific semiconductors (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs). ), Processors, controllers, microcontrollers, microprocessors, other electronic units designed to perform the functions presented herein, or a combination thereof.

Also, for example, various embodiments may be embedded in or encoded on a computer-readable medium containing instructions. Instructions embedded in or encoded on a computer-readable medium may cause a programmable processor or other processor to perform a method, such as when the instructions are executed. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. The storage medium may be any available medium that can be accessed by a computer. For example, such computer-readable media may include RAM, ROM, EEPROM, CD-ROM, or other optical disk storage media, magnetic disk storage media or other magnetic storage device, or instructions or data accessible by a computer to a desired program code. It can include any other medium that can be used to carry or store in the form of structures.

Such hardware, software, firmware, etc. may be implemented within the same device or within separate devices to support the various operations and functions described herein. In addition, the components, units, modules, components, etc., described herein as "parts" may be implemented separately or separately as discrete but interoperable logic devices. The depiction of different features for modules, units, etc. is intended to highlight different functional embodiments and does not necessarily mean that they must be realized by individual hardware or software components. Rather, functionality associated with one or more modules or units may be performed by separate hardware or software components or integrated into common or separate hardware or software components.

Although the operations are shown in the drawings in a specific order, it should not be understood that these operations are performed in the specific order shown, or sequential order, to achieve the desired result, or that all illustrated actions need to be performed. . In some circumstances, multitasking and parallel processing may be advantageous. Moreover, the division of various components in the above-described embodiments should not be understood as requiring such division in all embodiments, and the described components are generally integrated together into a single software product or packaged into multiple software products. It should be understood that it can.

Although the present invention has been described with reference to the embodiments illustrated in the drawings, this is merely exemplary, and it will be understood by those skilled in the art that various modifications and equivalent other embodiments are possible. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

100: AMI device 110: sensor
121: switch 122: ADC
123: central processing unit 130: reference circuit
140: communication module 200: verification node
300: block generation node 400: general node

Claims (17)

Advanced Metering Infrastructure (AMI) device for meter reading with integrity verification.
One or more chips; And
A central processing unit for controlling the one or more chips,
The CPU may generate an integrity hash value based on hardware information of the AMI device including information of the chip, firmware information of the AMI device, and circuit check information, and transmit transaction data that encrypts the integrity hash value. ,
Generate a forgery hash value using a firmware hash value generated based on the firmware information and a chip hash value generated based on the chip information;
And generating the integrity hash value using the fault diagnosis hash value generated based on the forgery hash value and the circuit check information.
delete The method of claim 1,
The central processing unit,
And encrypting the integrity hash value using a private key of the AMI device and a public key of a verification node networked with the AMI device.
The method of claim 1,
The firmware information,
And at least one of version information of the firmware, at least one parameter value, and at least one representative value for at least one function.
The method of claim 1,
The information of the chip,
AMI device comprising a Physical Unclonable Function (PUF) value of the chip.
delete The method of claim 3,
The transaction data,
Encrypting the integrity hash value with a private key of the AMI device, converting the integrity hash value into a signature value, and encrypting and generating the signature value with the public key of the verification node.
The method of claim 1,
A sensor measuring an amount of power;
A switch for selectively passing a power signal or a reference signal measured by the sensor;
An analog-to-digital converter (ADC) for converting the power signal or the reference signal passed by the switch into a digital signal and transmitting the digital signal to the central processing unit; And
And a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal.
The method of claim 8,
The AMI device,
Operate in a normal mode in which the switch passes the power signal or in a verify mode in which the switch passes the reference signal,
The verification mode is an AMI device that operates according to the control signal of the central processing unit corresponding to the request for verifying the integrity of the verification node.
An AMI device integrity verification system that verifies the integrity of AMI (Advanced Metering Infrastructure) devices for blockchain-based power meter reading.
At least one AMI device including a central processing unit; And
A plurality of blockchain nodes, each blockchain node being connected to a network with one or more of one or more of the AMI devices;
The central processing unit of the AMI device generates an integrity hash value based on firmware information of the AMI device, chip information, and circuit inspection information, and generates the integrity hash value from the private key of the AMI device and the AMI device. Encrypts the public key of the blockchain node that has requested integrity verification and transmits the transaction data to the blockchain node,
Generate a forgery hash value using a firmware hash value generated based on the firmware information and a chip hash value generated based on the chip information;
And generating the integrity hash value by using the fault diagnosis hash value generated based on the forgery hash value and the circuit check information.
The method of claim 10,
The blockchain node,
The transaction data is converted into the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and the result data is compared with a reference hash value of the AMI device previously stored. AMI device integrity verification system for generating transaction data as a result of encryption using a private key and transmitting the resulting transaction data to a block generation node among the blockchain nodes.
The method of claim 11,
One or more block generation nodes,
Generate a block with a block generation rule according to a consensus algorithm, propagate the block to the blockchain node,
Wherein each blockchain node maintains communication with the AMI device if the result data is a matched result, and stops communicating with the AMI device if it is a mismatched result.
As a method of verifying the integrity of an advanced metering infrastructure (AMI) device for meter reading using a blockchain,
Generating an integrity hash value based on hardware information including chip information of the AMI device, firmware information of the AMI device, and circuit check information;
Encrypting the integrity hash value with a private key of the AMI device and a public key of a verification node of the blockchain;
A third step of generating transaction data according to a communication protocol based on the integrity hash value encrypted in the second step and transmitting the transaction data to the verification node;
A fourth step of decrypting the transaction data with the private key of the verification node and the public key of the AMI device and converting the transaction data into the integrity hash value;
A fifth step of encrypting data obtained by comparing the reference hash value of the AMI device with a private key of the verification node; And
A sixth step of generating result transaction data according to a communication protocol based on the result data encrypted in the fifth step and transmitting the result transaction data to one or more block generation nodes of the block chain;
The first step of generating the integrity hash value,
Generating a forgery hash value using a firmware hash value generated based on the firmware information and a chip hash value generated based on the information of the chip;
And generating the integrity hash value by using the fault diagnosis hash value generated based on the forgery hash value and the circuit check information.
The method of claim 13,
Generating a block with a block generation rule according to a consensus algorithm, and propagating the generated block to one or more nodes of the blockchain,
Step 8-1 of each blockchain node maintaining communication with the AMI device if the result data is a match result; or
If the result data is a mismatch result value, each blockchain node further comprises step 8-2 of stopping communication with the AMI device.
The method of claim 13,
The hardware information further includes firmware information and circuit check information of the AMI device.
The first step,
Generating a fault diagnosis hash value based on the firmware hash value based on the firmware information, the chip hash value based on the information of the chip, and the circuit check information;
Generating a forgery hash value using the firmware hash value and the chip hash value; And
And generating the integrity hash value by using the forgery hash value and the failure diagnosis hash value.
The method of claim 13,
The third step,
A step 3-1 of encrypting the integrity hash value with a private key of the AMI device and converting the integrity hash value into a signature value; And
And encrypting the signature value with a public key of the verification node to generate the transaction data.
The method of claim 13,
The information of the chip,
AMI device integrity verification method comprising a PUF (Physical Unclonable Function) value of the chip.

Images