KR102239683B1 - Ami device, integrity verification system and method thereof - Google Patents

Abstract

Disclosed are an AMI device, an AMI device integrity verification system, and an integrity verification method. The AMI (Advanced Metering Infrastructure) device for power meter reading capable of verifying the integrity of the present invention includes at least one chip and a central processing unit that controls the at least one chip, and the central processing unit includes information of the chip. An integrity hash value is generated based on the hardware information of the AMI device, and transaction data by encrypting the integrity hash value is transmitted.

Description

AMI device and AMI device integrity verification system and integrity verification method {AMI DEVICE, INTEGRITY VERIFICATION SYSTEM AND METHOD THEREOF}

The present invention is an AMI device, an integrity verification system for an AMI device, and an integrity verification method, and more specifically, an Advanced Metering Infrastructure (AMI) device for remotely measuring the amount of electricity, and to prepare for forgery and falsification of the AMI device and a failure situation. It relates to a system and method for verifying the integrity of an AMI device using a blockchain.

AMI (Advanced Metering Infrastructure) is a generic term for a device and system that digitizes an existing analog meter reader and connects it to a communication network to measure and analyze the amount of electricity in power generation and power reception in real time. These AMIs are key technologies for building intelligent power grids such as EMS (Energy Management System), ESS (Energy Storage System), VPP (Virtual Power Plant), and P2P power transaction.

Actual power energy is distributed to end customers through the power system. The power system collectively refers to a system composed of a power generation facility that produces electric power, a transmission line, a transmission line, a transmission line such as a substation, a distribution line, and a power reception facility for consuming the transmitted electric power in a general home or factory.

The amount of power of the system points of the power system (for example, power plants, step-up substations, primary and secondary step-down substations, transformers, power receiving stations, etc.) can be converted into digital information through an AMI device. Digital information of the converted power can be propagated through a communication network. That is, a path of physical power and a path of digital information of power may be different paths. If the power measurement through the AMI device is not accurate, the actual amount of power generation and consumption and power information on the network are inconsistent, which may cause a problem of lowering the reliability of the intelligent power grid.

Recently, data integrity has emerged as an important issue to ensure such reliability. Each industry is paying attention to blockchain among several technologies to ensure data integrity. Blockchain is often regarded as a technology specialized for the transmission of digital information, but blockchain is characterized by the system as a whole guaranteeing data integrity against forgery and alteration of data registered in the blockchain system.

For this reason, efforts have been made to apply blockchain to each industrial system. However, in the system to which the conventional block chain was applied, only the upper system was applied with the block chain. If the entire system is not organically connected through the blockchain, the data integrity of the part where the blockchain is not applied is not guaranteed.

In the case of the conventional intelligent power grid applied with a block chain, only the upper system is applied with the block chain. The reliability of data is very important to the intelligent power grid. In the case of applying a partial block chain rather than the entire system as in the prior art, there is a problem that the block chain cannot guarantee the data integrity of the AMI part to which the block chain is not applied.

KR 10-1527353 (2015. 06. 09.)

The present invention is to solve the above-described problem, and it is an object of the present invention to block-chain hardware information to ensure hardware integrity for firmware, chip and circuit modification, failure, and the like.

In addition, its purpose is to ensure the integrity of the entire AMI device system by configuring the AMI device in a blockchain system.

In addition, it aims to prevent possible physical failure and forgery of power information by converting normal power measurement information into a block chain.

An AMI (Advanced Metering Infrastructure) device for power meter reading capable of integrity verification according to an embodiment of the present invention includes one or more chips and a central processing unit that controls the one or more chips, and the central processing unit includes the An integrity hash value may be generated based on hardware information of the AMI device including chip information, and transaction data obtained by encrypting the integrity hash value may be transmitted.

In addition, the hardware information may further include one or more of firmware information and circuit check information of the AMI device.

In addition, the central processing unit may encrypt the integrity hash value using a private key of the AMI device and a public key of a verification node connected to the AMI device through a network.

In addition, the firmware information may include one or more of version information of the firmware, one or more parameter values, and representative values for one or more functions.

In addition, the chip information may include a physical unclonable function (PUF) value of the chip.

In addition, the central processing unit generates a forged and modulated hash value using a firmware hash value generated based on the firmware information and a chip hash value generated based on the information of the chip, and stores the forged and modulated hash value and the circuit check information. The integrity hash value may be generated by using the based fault diagnosis hash value.

In addition, the transaction data may be generated by encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value, and encrypting the signature value with the public key of the verification node.

In addition, the AMI device includes a sensor measuring the amount of power, a switch selectively passing a power signal or a reference signal measured by the sensor, and converting the power signal or the reference signal passed by the switch into a digital signal and the central processing unit It may include an analog to digital converter (ADC) to be transmitted to and a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal.

In addition, the AMI device operates in a normal mode in which the switch passes the power signal or a verification mode in which the switch passes the reference signal, and the verification mode is the central processing unit corresponding to the integrity verification request of the verification node. It can operate according to the control signal of.

The AMI device integrity verification system for verifying the integrity of an AMI (Advanced Metering Infrastructure) device for blockchain-based power meter reading according to an embodiment of the present invention includes at least one AMI device including a central processing unit and a network with the AMI device. And a plurality of blockchain nodes connected to and requesting integrity verification of the AMI device, and the central processing unit of the AMI device provides integrity based on at least one of firmware information, chip information, and circuit check information of the AMI device. A hash value may be generated, and the integrity hash value may be encrypted using the private key of the AMI device and the public key of the blockchain node, and transmitted as transaction data to the blockchain node.

In addition, the blockchain node converts the transaction data into the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and compares it with a reference hash value of the AMI device stored in advance. As a result of encrypting data using the private key of the blockchain node, transaction data is generated, and the resulting transaction data may be transmitted to a block generation node among the blockchain nodes.

In addition, at least one of the block generation nodes generates a block with a block generation rule according to a consensus algorithm, and propagates the block to the block chain node, and each of the block chain nodes is a result of matching the result data, Communication with the AMI device may be maintained, and communication with the AMI device may be stopped if the result is a mismatch.

A method of verifying the integrity of an AMI (Advanced Metering Infrastructure) device for power meter reading using a block chain according to an embodiment of the present invention includes an integrity hash value based on hardware information including information on the chip of the AMI device. A first step of generating, a second step of encrypting the integrity hash value with the private key of the AMI device and the public key of the verification node of the blockchain, and a communication protocol based on the integrity hash value encrypted in the second step. A third step of generating and transmitting the transaction data according to the verification node, a fourth step of decrypting the transaction data with the private key of the verification node and the public key of the AMI device and converting it into the integrity hash value, of the AMI device In the fifth step of encrypting the result data compared with the reference hash value with the private key of the verification node, and the resultant transaction data according to the communication protocol based on the result data encrypted in the fifth step, one or more of the blockchain It may include a sixth step of transmitting to the block generation node.

In addition, it includes a seventh step of generating a block with a block generation rule according to a consensus algorithm, and propagating the generated block to one or more nodes of the block chain, and if the result data is a match result value, each of the block chains The node may further include step 8-1 of maintaining communication with the AMI device, or step 8-2 of stopping communication with the AMI device when each of the blockchain nodes stops the communication with the AMI device if the result data is inconsistent result value. .

In addition, the hardware information further includes firmware information and circuit check information of the AMI device, and the first step is a firmware hash value based on the firmware information, a chip hash value based on the chip information, and the circuit check Step 1-1 of generating a fault diagnosis hash value based on information, step 1-2 of generating a forged and modulated hash value using the firmware hash value and the chip hash value, and the forged and modulated hash value and the fault diagnosis hash A 1-3 step of generating the integrity hash value by using the value may be included.

In addition, the third step includes steps 3-1 of encrypting the integrity hash value with the private key of the AMI device and converting it to a signature value, and generating the transaction data by encrypting the signature value with the public key of the verification node. It may include steps 3-2.

In addition, the chip information may include a physical unclonable function (PUF) value of the chip.

The AMI device, the AMI device integrity verification system, and the integrity verification method according to an embodiment of the present invention may ensure hardware integrity for firmware, chip and circuit modification, failure, etc. by converting hardware information into a block chain.

In addition, the integrity of the entire AMI device system can be guaranteed by configuring the AMI device in the blockchain system.

In addition, it is possible to prevent possible physical failure and forgery of power information by converting normal power measurement information into a block chain.

1 is a diagram showing an AMI device installed on a customer side according to an embodiment of the present invention.
2 is a block diagram showing the configuration of an AMI device according to an embodiment of the present invention.
3 is a block diagram showing a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention.
4 is a diagram illustrating a procedure for verifying integrity of an AMI device according to an embodiment of the present invention.
5 is a diagram illustrating a voltage signal to be passed according to a mode change of a switch according to an embodiment of the present invention.
6 is a diagram showing a hash tree structure for generating an integrity hash value according to an embodiment of the present invention.
7 is a diagram illustrating a procedure for verifying integrity of a blockchain node according to an embodiment of the present invention.
8 is a diagram showing a structure of a modulated hash tree according to an embodiment of the present invention.
9 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention.
10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention.
11 is a flowchart illustrating an encryption step using an asymmetric key according to an embodiment of the present invention.
12 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those of ordinary skill in the art can easily implement the present invention. However, the present invention may be implemented in various different forms and is not limited to the embodiments described herein. Further, in the drawings, parts not related to the description are omitted in order to clearly describe the embodiments of the present invention.

The terms used in this specification are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions may include plural expressions unless the context clearly indicates otherwise.

In the present specification, terms such as "include", "have", or "include" are intended to designate the presence of features, numbers, steps, actions, components, parts, or a combination thereof described in the specification. It may be understood that the presence or addition of other features or numbers, steps, actions, components, parts, or combinations thereof, or further other features, is not preliminarily excluded.

In addition, the constituent units shown in the embodiments of the present invention are independently illustrated to represent different characteristic functions, and does not mean that each constituent unit is formed of separate hardware or a single software constituent unit. That is, each constituent unit is described as being listed as a respective constituent unit for convenience of description, and at least two constituent units of each constituent unit are combined to form one constituent unit, or one constituent unit may be divided into a plurality of constituent units to perform a function. Integrated embodiments and separate embodiments of each of these components are also included in the scope of the present invention unless departing from the essence of the present invention.

In addition, the following embodiments are provided to more clearly describe to those with average knowledge in the art, and the shapes and sizes of elements in the drawings may be exaggerated for clearer explanation.

Hereinafter, a preferred embodiment according to the present invention will be described with reference to the accompanying drawings.

1 is a diagram showing an AMI device installed on a customer side according to an embodiment of the present invention. The AMI device 100 shown in FIG. 1 is a device installed at a point connected from a power provider line to a customer and measures the amount of power consumed by the customer. The case of FIG. 1 is a general case, and may be installed on the power generation provider side rather than the customer side to measure the amount of power generation. Hereinafter, it will be described as an AMI device installed on the customer side according to an embodiment. Usually, the AMI device 100 is used as an important means for implementing and operating a DR (Demand Response) system based on mutual recognition of the electricity supplier and the consumer as it enables bidirectional communication with the power supplier, and is used as an important means for implementing and operating various types of distributed power supply. It is one of the components that can be used for future intelligent power grid operation, such as information linkage with systems and power distribution systems.

The AMI (Advanced Metering Infrastructure) is an evolved form of a one-way remote meter reading system (AMR, Advanced Meter Reading).It is a two-way data communication between a power producer and a power consumer to actively save energy through a demand response between a consumer and an electric energy provider. It is an infrastructure system that induces and integrates energy on the consumer side.

2 is a block diagram showing the configuration of an AMI device according to an embodiment of the present invention. Referring to FIG. 2, the AMI device 100 according to an embodiment of the present invention may include one or more chips and a central processing unit 123. The chip may include a sensor 110, a switch 121, an analog to digital converter (ADC) 122, a central processing unit 123, a reference circuit 130, and a communication module 140.

As shown in FIG. 1, the sensor 110 may measure the power consumption of the customer and convert it into a power signal. The power signal may be an analog signal or a digital signal, and may be transmitted to the switch 121. The switch 121 may selectively pass the power signal or the reference signal. The ADC (Analog to Digital Converter) 122 may convert a power signal or a reference signal passed by the switch 121 into a digital signal and transmit it to the central processing unit 123. The central processing unit 123 may control selective passage of the power signal or the reference signal of the switch 121 and may generate transaction data to verify the integrity of the AMI device 100. The central processing unit 123 may transmit the generated transaction data to the communication module 140, and the communication module 140 connected to the network may transmit the transaction data to a blockchain node (see FIG. 3). Blockchain nodes will be described later in FIG. 3. In addition, the communication module 140 may receive an external control signal transmitted from the network and transmit it to the central processing unit 123.

Here, the switch 121, the ADC 122, and the central processing unit 123 may be provided as individual elements or may be integrated into the control unit 120 to be provided as a single microcontroller unit (MCU).

The AMI device 100 may operate in a normal mode or a verification mode. The normal mode is a mode for measuring the amount of power consumed by the customer, and the switch 121 may pass the power signal and send it to the ADC 122. The verification mode is a mode for verifying the integrity of the AMI device 100, and the switch 121 may block the passage of the power signal from the sensor 110 and pass the reference signal of the reference circuit 130. The normal mode or the verification mode may be converted to a control signal of the central processing unit 123.

3 is a block diagram showing a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention. Referring to FIG. 3, the AMI device integrity verification system according to an embodiment of the present invention may include a blockchain system composed of a client including the AMI device 100 and a plurality of nodes connected through a network. The plurality of nodes may be a block chain node, and each of the block chain nodes may have a distributed ledger including a record of the amount of power measured by the plurality of AMI devices 100, respectively. In addition, each of the block chain nodes may be divided into a verification node 200, a block generation node 300, and a general node 400 according to the function of the block chain system. However, the verification node 200 on the block chain , The block generation node 300 and the general node 400 are not fixed and their roles may be exchanged or overlapped.

The AMI device 100 may be connected to the blockchain node through the communication module 140. The AMI device 100 shown in FIG. 3 is connected to the verification node 200, but is not limited thereto. Preferably, the AMI device 100 may be included as a node on the blockchain system, and a plurality of AMI devices 100 are also the blockchain nodes, including a verification node 200, a block generation node 300, and a general node 400. ) And can be connected to each other.

The verification node 200 may request integrity verification for the AMI device 100 and verify data in response to the request. The block generation node 300 may generate a new block (ledger) that can be organically connected to existing blocks by bundling transaction data verified and signed by the verification node 200 in a predetermined unit. The generated block is propagated to the general node 400, and the general node 400 may connect the generated node with an existing block.

4 is a diagram illustrating a procedure for verifying integrity of an AMI device according to an embodiment of the present invention. Referring to FIG. 4, the integrity verification of the AMI device 100 may start according to a device integrity verification request from the verification node 200 shown in FIG. 3. When the AMI device 100 receives an integrity verification request from the verification node 200, the central processing unit 123 may operate in the verification mode. The central processing unit 123 may generate an integrity hash value based on one or more of the firmware information 151 of the AMI device 100, the chip information 152, and the circuit check information 153.

The firmware information 151 is a status information parameter that can be checked when a parameter that may be artificially manipulated for a specific purpose from the outside is changed or the installation status is changed, and is information obtained by the firmware to generate a hash tree. I can. For example, firmware version information, device specific management number, device IP/port information, node (server) IP/port information, ADC sensor correction value (offset value), threshold comparison value of self-check function for failure determination , Fault code list, and MCU log record of external debugging equipment.

The chip information 152 may be a PUF (Physical Unclonable Function) value of a chip constituting the AMI device 100. The PUF value refers to a random digital value that is difficult to predict, implemented inside a chip by using the process deviation generated in the semiconductor manufacturing process. The PUF value cannot be duplicated because an unpredictable value is output by hardware. In general, the same circuit has the same mask layout, and even though the same process goes through the same process, there are differences in device characteristics such as transistors, capacitors, resistors, etc. or circuit characteristics such as gate delay time due to the process deviation occurring due to the characteristics of the semiconductor manufacturing process. Occurs. Due to this difference, each chip has a different bit value, and the determined value outputs the same value every time it is generated, unlike the random number generator, so it is used as information specific to the chip. Since the generated value is a value generated inside the chip, it is possible to generate data on its own without external manipulation, so there is an advantage of fundamentally blocking outflow to the outside of the chip. Also, it is difficult to read the PUF value for physical security attacks.

The circuit check information 153 may be information on the presence or absence of an abnormality in the voltage signal of the sensor 110, the filter, the signal flow leading to the ADC 122 and the central processing unit 123. The circuit inspection may be for self-disruption or self-diagnosis of the occurrence of a failure in the relevant part due to poor management or aging, etc., or artificially manipulating the meter reading value by additionally installing several passive elements in the filter part. To this end, the reference circuit 130 may generate a fixed or predetermined variable voltage signal, that is, a reference signal. The reference circuit 130 may transmit a reference signal to the switch 121, and the switch 121 may pass the reference signal. In this case, the central processing unit 123 transmits a control signal so that the switch 121 operates in the verification mode, and accordingly, the switch 121 operates in the verification mode to pass the reference signal.

5 is a diagram illustrating a voltage signal to be passed according to a mode change of a switch according to an embodiment of the present invention. 5, when the switch 121 is in the normal mode, the commercial voltage is measured, and when the switch 121 is switched to the verification mode due to the control signal of the central processing unit 123, the commercial voltage signal is blocked, and the reference circuit It can be seen that the reference signal of 130 is passed.

The central processing unit 123 may measure a result value of the reference signal passing through the switch 121 and compare it with a recorded value measured as the reference signal in a factory state. In addition, if the result of comparison between the result value and the recorded value is within the error range, the central processing unit 123 may determine whether a failure is normal and include it in the circuit check information if it is out of the error range due to an error. In addition, the central processing unit 123 may determine an abnormal type according to the distortion type of the measured waveform and include it in the circuit check information.

6 is a diagram showing a hash tree structure for generating an integrity hash value according to an embodiment of the present invention. 4 and 6, the central processing unit 123 may generate a hash tree 166 structure composed of a plurality of hash values. The hash tree structure is a structure in which a hash value is finally generated by generating each hash value based on one or more basis information. In an embodiment of the present invention, the basis information may be firmware information 151, chip information 152, and circuit check information 153, and each of these information is hash-converted in stages to obtain a final firmware hash value 161. , A chip hash value 162 and a fault diagnosis hash value 163 may be generated. In addition, for the generated firmware hash value 161, the chip hash value 162, and the fault diagnosis hash value 163, a final hash value, that is, an integrity hash value 165 may be generated in a hash tree structure. The central processing unit 123 may generate the firmware hash value 161, the chip hash value 162, and the fault diagnosis hash value 163 simultaneously or separately in a predetermined order.

According to an embodiment, the basis information of the firmware information 151 is a device unique ID value, firmware version information, and IP/port information, and the basis information of the chip information 152 is a central processing unit PUF and ADC PUF, and circuit check information. The basis information of (153) may be a fault code. As mentioned above, each of the basis information may further include other information. The central processing unit 123 may generate a firmware hash value 161, a chip hash value 162, and a fault diagnosis hash value 163 in a hash tree structure according to each of the basic information. As shown in FIG. 6, the central processing unit 123 may generate a corresponding hash value by hash-converting the device unique ID value 151a, the firmware version information 151b, and the IP/port information 151c, respectively. . That is, the central processing unit 123 uses 0x6660AA0D...(161a) as the device unique ID value 151a, 0x0CB21B56...(161b) as the firmware version information 151b, and 0x3FB8AFE3 as the IP/port information 151c. ...(161c) can be created. Here, the length of the hash value is not limited, and for convenience of explanation, the first 8 digits are indicated and the last digits are omitted. As the hash conversion function, the SHA-256 function or the like may be used, and a hash value of 256 bits, that is, 64 digits in hexadecimal, may be generated.

The central processing unit 123 may generate 0x33533960... (161d) hash values based on the generated 0x6660AA0D... (161a) and 0x0CB21B56... (161b). Further, the central processing unit 123 may generate 0x26146AD2... (161e) based on the generated 0x33533960... (161d) and 0x3FB8AFE3... (161c). The generated 0x26146AD2... (161e) is a final hash value generated based on the firmware information 151 and may correspond to the firmware hash value 161 of FIG. 4.

In the same way, the central processing unit 123 performs hash conversion based on the chip information 152, that is, the central processing unit PUF value 152a and the ADC PUF value 152b, and performs 0x50F561B1...(162a) and 0x912E0459.. .(162b) can be created. And the central processing unit 123 can generate 0x853E1B15...(162c) by hash conversion based on the generated 0x50F561B1...(162a) and 0x912E0459...(162b), and the corresponding 0x853E1B15...(162c) ) May be the chip hash value 162. In addition, the central processing unit 123 may generate 0xC3448CC4... (163a) by hash conversion based on the fault code value 153a, and the generated 0xC3448CC4... (163a) is the final fault diagnosis hash value 163 ) Can be.

The central processing unit 123 is based on the generated firmware hash values (161, 0x26146AD2...(161e)) and chip hash values (162, 0x853E1B15...(162c)). (164a)) can be created. Subsequently, the central processing unit 123 generates integrity hash values 165, 0xEE6F43F5 based on the generated forged hash values 164, 0x17376195...(164a)) and fault diagnosis hash values 163, 0xC3448CC4...(163a)). ...(165a)) can be created. In this way, each hash value is generated from the base information and compressed in stages to generate one hash value, and the hash tree structure 166a generated by the central processing unit 123 is the finally generated integrity hash value. (165, 0xEE6F43F5... (165a)) may be information on a process generated to include firmware information 151, chip information 152, and circuit check information 153.

The central processing unit 123 may generate transaction data by encrypting the generated integrity hash value 165 with the private key of the AMI device 100 and the public key of the verification node 200. The private key and public key can be made up of a pair. In addition, each AMI device 100 and the verification node 200 may receive a pair of private keys and public keys.

The private key can be generated as a random random value having a size of 256 bits through a pseudo-random number generator. For example, the private key expressed in hexadecimal may be in the form of '1E99423A4ED2...6AEDD'. The private key generated in this pair is input to the elliptic curve algorithm to generate a corresponding public key. When a private key and public key pair are generated, they are assigned to the AMI device 100 and the verification node 200, and the public key can be shared with all participants (nodes) participating in the system.

The private key of the AMI device 100 may be inserted into the firmware of the AMI device 100 at the time of shipment from the factory, or may be mounted on a security module in the form of hardware. At the time of shipment, a lock for the chip into which the corresponding private key is input may be set, and the private key of the AMI device 100 may be protected from external leakage through the lock.

To describe the encryption process in more detail, the central processing unit 123 may digitally sign the integrity hash value 165 using the AMI device private key 171a. The digitally signed data may be encrypted once more using the verification node public key 172b. In addition, it is possible to generate transaction data 181 for transmitting the corresponding data by using a communication protocol mutually promised on the network.

The communication module 140 may transmit the transaction data 181 to the verification node 200 requesting verification.

7 is a diagram illustrating a procedure for verifying integrity of a blockchain node according to an embodiment of the present invention. Referring to FIG. 7, a transaction transmitted by the AMI device 100 may be received by the verification node 200 illustrated in FIG. 3. The verification node 200 may decrypt the transmitted transaction data 181 with the verification node private key 172a. In addition, the verification node 200 may verify that the decrypted data is data transmitted from the AMI device 100 by verifying an electronic signature using the AMI device public key 171b. Data decrypted with the verification node private key 172a and the AMI device public key 171b may be an integrity hash value 165.

The verification node 200 may compare the decrypted integrity hash value 165 with the pure integrity hash value (hereinafter, referred to as reference hash value 167) of the AMI device 100 registered in advance at the time of shipment. In order to record the comparison result data on the blockchain distributed ledger, the verification node 200 can sign the result of encrypting the compared result value with the verification node private key 172a, and a communication protocol mutually promised on the network. The result transaction data 182 for transmitting the corresponding result data may be generated by using. The verification node 200 may transmit the generated result transaction data 182 to one or more block generation nodes 300 shown in FIG. 3. Each block generation node 300 may generate a block 220 according to a block generation rule according to a consensus algorithm after further transmission of a non-inclusive transaction 183 for a different purpose transmitted from another node for a predetermined period of time.

Here, the consensus algorithm is Proof of Work (PoW), Equilibrium Proof of Work (ePoW), Dual Proof of Work (DPoW), Proof of Stake (PoS), and Right. Boros Proof of Stake (OPoS, Ouroboros Proof of Stake), Lease Proof of Stake (LPoS), Delegated Proof of Stake (DPoS), Dual Delegated Proof of Stake (DDPoS), Hyper-DPoS, Proof of Formulation (PoF), Proof of Forkability (PoF), Proof of Activity (PoA), Proof of Trading (PoT, Proof of Trading) ), Proof of Burn (PoB), Proof of Brain (PoB), Proof of Importance (PoI), Proof of Believability (PoB), Proof of Flow (PoF) ), Proof of Authority (PoA), Proof of Storage (PoS), Proof of Space, Proof of Elapsed Time (PoET) and Practical Byzantine Disability (PBFT) Practical Byzantine Fault Tolerance) can be used.

The generated block 220 may be propagated to one or more general nodes 400 constituting the block chain node network shown in FIG. 3. Each general node 400 that has received the block 220 may form a previously recorded block and a chain structure, and when the chain structure is formed, the corresponding information may be recorded in the blockchain system. At this time, each general node 400 may query the propagated result data. The general node 400 may define the AMI device 100 as a trusted device and maintain a connection if the result of the inquiry data is a matched result value. If the data as a result of the inquiry are inconsistent results, the AMI device 100 can be defined as an untrusted device and the connection with the AMI device 100 can be stopped, and the contents of the result data can be transmitted to the management system or an alarm is issued. Can give. The management system may remotely or directly access the AMI device 100 to analyze the hash tree and determine the cause to take action.

8 is a diagram showing a structure of a modulated hash tree according to an embodiment of the present invention. Referring to FIG. 8, the final hash value (root hash value) of the hash tree 166a may change the entire final hash value even if one hash value is changed. An example shown in FIG. 8 is a case where the central processing unit PUF values 152a and 0xAC048B64 shown in FIG. 6 are changed to 0xAC048B65 (152c) for some reason. In this case, the final hash value transmitted to the verification node 200 according to the hash tree structure, that is, the integrity hash value (165, 0xEE6F43F5??) of FIG. 6 is changed to 0x4BA1AAD1... (165b) as shown in FIG. Can be transmitted. The verification node 200 generates inconsistent result data as result transaction data 182 through comparison of the transmitted integrity hash value 165b with the reference hash value 167 and transmits it to the block generation node 300, and blocks The generating node 300 may propagate the block 220 including the discrepancy result data to the plurality of general nodes 400. The plurality of general nodes 400 may define the AMI device 100 as an untrusted device and stop the connection, since the data as a result of the inquiry are inconsistent result values. Thereafter, the management system may analyze the transmitted hash tree 166b to determine the cause.

The transaction data 181 transmitted from the AMI device 100 to the verification node 200 may include a final hash value (integrity hash value 165) and a hash tree, which is a process in which a final hash value is generated. The management system can analyze the hash tree 166b of the final hash value that has been determined to be inconsistent and the hash tree 166a of the reference hash value 167, stepwise compared from above. By tracking the mismatched hash value from the top, you can analyze the reason and type of the change in the final hash value (0x4BA1AAD1...(165b)). In the case shown in Fig. 8, the management system has an integrity hash value (165b, 0x4BA1AAD1...), a forgery hash value (164b, 0x562EC6AE...), a chip hash value (162e, 0x702AE534...), a central processing unit PUF hash. Values (162d, 0xA086ABE6...) and central processing unit PUF values (152c, 0xAC048B65) can be tracked, and the central processing unit 123 can recognize that a forged situation has occurred, and can respond to this.

The AMI device and the AMI device integrity system according to an embodiment of the present invention compare a hash value generated based on each basic information of an AMI and a final hash value of each hash value with a reference hash value (pure integrity hash value). Since the match is checked, the factory integrity of the AMI device can be guaranteed. In addition, by compressing, transmitting, and comparing each of the basis information using each hash tree, it is possible to reduce the computational load of the AMI device and the verification node. In addition, since the hash conversion cannot be reversed, security concerns due to the leakage of the hash value can be eliminated. Since each of the base information includes firmware information, chip information, and circuit check information, not only the integrity of the software level but also the hardware The integrity of the stage can also be guaranteed at the same time.

In addition, since the database is managed through the blockchain, the integrity of the data can be guaranteed by the consensus algorithm of the participants constituting the blockchain.

Therefore, the AMI device and the AMI device integrity system according to an embodiment of the present invention can guarantee integrity from the software and hardware layers of the AMI to the layer that verifies the integrity by receiving from the AMI device and the database layer that manages data, It may be suitable for intelligent power grids where reliability is key.

Hereinafter, a method of verifying the integrity of an AMI device according to an embodiment of the present invention will be described. Since the AMI device integrity verification method is similar to the AMI device integrity verification system, it will be briefly mentioned.

9 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention. Referring to FIG. 9, a method of verifying the integrity of an AMI (Advanced Metering Infrastructure) device for power meter reading using a block chain is to generate an integrity hash value based on hardware information including information on the chip of the AMI device. Step (S910), encrypting the integrity hash value with the private key of the AMI device and the public key of the verification node of the blockchain (S920), generating transaction data according to the communication protocol based on the encrypted integrity hash value Transmitting the transaction data to the verification node (S930), decrypting the transaction data with the private key of the verification node and the public key of the AMI device and converting it into the integrity hash value (S940), a reference hash value of the AMI device Encrypting the result data compared to the verification node with a private key (S950), and generating result transaction data according to a communication protocol based on the encrypted result data and transmitting it to one or more block generation nodes of the blockchain. (S960) may be included.

10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention. Referring to FIG. 10, in step S910, generating a firmware hash value based on firmware information (S911), generating a chip hash value based on chip information (S912), and fault diagnosis based on circuit check information It may include a step of generating a hash value (S913), and the steps S911, S912 and S913 may be executed simultaneously or separately.

The chip information 152 may include a PUF value of the chip.

In addition, the steps of generating a forged hash value using the firmware hash value and the chip hash value (S914), and the step of generating the integrity hash value using the forged hash value and the fault diagnosis hash value (S915) It may contain more.

11 is a flowchart illustrating an encryption step using an asymmetric key according to an embodiment of the present invention. Referring to FIG. 11, encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value (S931), and generating the transaction data by encrypting the signature value with the public key of the verification node (S932). ) Can be included.

12 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention. Referring to FIG. 12, in the AMI device integrity verification method according to an embodiment of the present invention, generating a block using a block generation rule according to a consensus algorithm, and propagating the generated block to one or more nodes of the block chain ( S970).

In the step of checking the result data (S980), if the result data is a match result value, each of the blockchain nodes maintains communication with the AMI device (S991), or if the result data is a mismatch result value, each of the The blockchain node may further include a step of stopping communication with the AMI device (S992).

Various embodiments described herein may be implemented by hardware, middleware, microcode, software, and/or a combination thereof. For example, various embodiments include one or more application specific semiconductors (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs). ), processors, controllers, microcontrollers, microprocessors, other electronic units designed to perform the functions presented herein, or a combination thereof.

Also, for example, various embodiments may be embodied or encoded on a computer-readable medium containing instructions. Instructions embodied or encoded on a computer-readable medium may cause a programmable processor or other processor to perform a method, eg, when the instructions are executed. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. The storage medium may be any available medium that can be accessed by a computer. For example, such a computer-readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage medium, magnetic disk storage medium or other magnetic storage device, or instructions or data accessible by the computer to the desired program code. It may include any other medium that can be used to transport or store in the form of structures.

Such hardware, software, firmware, and the like may be implemented within the same device or within separate devices to support the various operations and functions described herein. Additionally, components, units, modules, components, and the like described as "units" in the present invention may be implemented together or separately as interoperable logic devices. The description of different features for modules, units, etc. is intended to highlight different functional embodiments, and does not necessarily imply that they must be realized by separate hardware or software components. Rather, functionality associated with one or more modules or units may be performed by separate hardware or software components or may be integrated within common or separate hardware or software components.

Although the operations are shown in the figures in a specific order, it should not be understood that these operations are performed in the specific order shown, or in a sequential order, or that all illustrated operations need to be performed to achieve the desired result. . In any environment, multitasking and parallel processing can be advantageous. Moreover, the division of various components in the above-described embodiments should not be understood as requiring such division in all embodiments, and the described components are generally integrated together into a single software product or packaged into multiple software products. It should be understood that you can.

The present invention has been described with reference to the embodiments shown in the drawings, but these are merely exemplary, and those of ordinary skill in the art will appreciate that various modifications and equivalent other embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention should be determined by the technical spirit of the appended claims.

100: AMI device 110: sensor
121: switch 122: ADC
123: central processing unit 130: reference circuit
140: communication module 200: verification node
300: block generation node 400: general node

Claims (17)

As an AMI (Advanced Metering Infrastructure) device for power meter reading that can verify the integrity of the hardware,
One or more chips;
A central processing unit for controlling the one or more chips, the central processing unit generating an integrity hash value based on hardware information of the AMI device including information of the chip and transmitting transaction data by encrypting the integrity hash value;
A sensor that measures the amount of power;
A switch selectively passing a power signal or a reference signal measured by the sensor;
An ADC (Analog to Digital Converter) converting the power signal or the reference signal passed by the switch into a digital signal and transmitting it to the central processing unit; And
And a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal,
The AMI device operates in a normal mode in which the switch passes the power signal or a verification mode in which the switch passes the reference signal, and the verification mode is the control of the central processing unit in response to an integrity verification request of a verification node. Operates according to the signal,
The integrity verification for the hardware includes firmware, integrity verification for modification or failure of the chip and circuit.
The method of claim 1,
The hardware information,
The AMI device further comprising at least one of firmware information and circuit check information of the AMI device.
The method of claim 1,
The central processing unit,
The AMI device encrypts the integrity hash value using a private key of the AMI device and a public key of a verification node connected to the AMI device through a network.
The method of claim 2,
The firmware information,
The AMI device comprising at least one of version information of the firmware, one or more parameter values, and representative values for one or more functions.
The method of claim 1,
The information of the chip,
The AMI device containing the PUF (Physical Unclonable Function) value of the chip.
delete The method of claim 3,
The transaction data,
The AMI device is generated by encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value, and encrypting the signature value with the public key of the verification node.
delete delete As an integrity verification system for hardware of AMI devices that verifies the integrity of AMI (Advanced Metering Infrastructure) devices for blockchain-based power meter reading,
At least one AMI device including a central processing unit; And
Including a plurality of blockchain nodes, each of which is connected to one or more of the one or more AMI devices through a network,
The central processing unit of the AMI device generates an integrity hash value based on one or more of firmware information, chip information, and circuit check information of the AMI device, and determines the integrity hash value to the private key of the AMI device and the AMI Encrypted using the public key of the blockchain node that requested the integrity verification of the device, and transmitted as transaction data to the blockchain node,
The AMI device,
A sensor that measures the amount of power;
A switch selectively passing a power signal or a reference signal measured by the sensor;
An ADC (Analog to Digital Converter) converting the power signal or the reference signal passed by the switch into a digital signal and transmitting it to the central processing unit; And
Further comprising a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal,
The AMI device operates in a normal mode in which the switch passes the power signal or a verification mode in which the switch passes the reference signal, and the verification mode is the control of the central processing unit in response to an integrity verification request of a verification node. Operates according to the signal,
The integrity verification for the hardware includes firmware, integrity verification for modification or failure of the chip and circuit.
The method of claim 10,
The blockchain node,
The transaction data is converted to the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and the result data is compared with the reference hash value of the AMI device stored in advance. An AMI device integrity verification system that generates transaction data as a result of encryption using a private key, and transmits the resulting transaction data to a block generation node among the blockchain nodes.
The method of claim 11,
At least one of the block generation nodes,
A block is created with a block generation rule according to a consensus algorithm, and the block is propagated to the blockchain node,
Each of the blockchain nodes maintains communication with the AMI device if the result data matches the result value, and stops communication with the AMI device if the result data is inconsistent.
As a method of verifying the integrity of the hardware of an AMI (Advanced Metering Infrastructure) device for power meter reading using a blockchain,
A first step of generating an integrity hash value based on hardware information including information on a chip of the AMI device;
A second step of encrypting the integrity hash value with a private key of the AMI device and a public key of a verification node of the block chain;
A third step of generating transaction data according to a communication protocol based on the integrity hash value encrypted in the second step and transmitting it to the verification node;
A fourth step of decrypting the transaction data with the private key of the verification node and the public key of the AMI device and converting the data into the integrity hash value;
A fifth step of encrypting the result data compared with the reference hash value of the AMI device with the private key of the verification node; And
A sixth step of generating result transaction data according to a communication protocol based on the result data encrypted in the fifth step and transmitting it to one or more block generation nodes of the blockchain,
The hardware information further includes firmware information and circuit check information of the AMI device,
The first step,
A step 1-1 of generating a firmware hash value based on the firmware information, a chip hash value based on the information of the chip, and a fault diagnosis hash value based on the circuit check information;
A 1-2 step of generating a forged hash value using the firmware hash value and the chip hash value; And
A 1-3 step of generating the integrity hash value using the forgery-modulated hash value and the fault diagnosis hash value,
The integrity verification for the hardware includes firmware, integrity verification for modification or failure of the chip and circuit.
The method of claim 13,
A seventh step of generating a block with a block generation rule according to a consensus algorithm, and propagating the generated block to one or more nodes of the block chain,
Step 8-1 of each of the blockchain nodes maintaining communication with the AMI device if the result data is a match result value; or
If the result data is inconsistent result value, each of the blockchain nodes further comprises a step 8-2 of stopping the communication with the AMI device AMI device integrity verification method.
delete The method of claim 13,
The third step,
A 3-1 step of encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value; And
And a 3-2 step of generating the transaction data by encrypting the signature value with the public key of the verification node.
The method of claim 13,
The information of the chip,
AMI device integrity verification method including the PUF (Physical Unclonable Function) value of the chip.

Images