WO2021237898A1 - 一种基于信任评估的边缘节点计算结果可信判别方法 - Google Patents
一种基于信任评估的边缘节点计算结果可信判别方法 Download PDFInfo
- Publication number
- WO2021237898A1 WO2021237898A1 PCT/CN2020/102198 CN2020102198W WO2021237898A1 WO 2021237898 A1 WO2021237898 A1 WO 2021237898A1 CN 2020102198 W CN2020102198 W CN 2020102198W WO 2021237898 A1 WO2021237898 A1 WO 2021237898A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- trust
- edge
- edge node
- agent
- value
- Prior art date
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012545 processing Methods 0.000 claims abstract description 40
- 238000009776 industrial production Methods 0.000 claims abstract description 12
- 238000004364 calculation method Methods 0.000 claims description 203
- 238000003860 storage Methods 0.000 claims description 36
- 230000008569 process Effects 0.000 claims description 20
- 230000006399 behavior Effects 0.000 claims description 7
- 238000004891 communication Methods 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000012550 audit Methods 0.000 claims description 4
- 238000002955 isolation Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 238000012937 correction Methods 0.000 claims description 3
- 239000006185 dispersion Substances 0.000 claims description 3
- 230000002349 favourable effect Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims 1
- 230000007246 mechanism Effects 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012854 evaluation process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Definitions
- the invention belongs to the technical field of data processing, and relates to a method for judging the credibility of edge node calculation results based on trust evaluation.
- edge computing in industrial networks and the implementation of data processing and storage at the edge of the network can solve the problems of node request delay, cloud server storage and computing overload, and network transmission bandwidth pressure.
- Edge computing extends the service resources of cloud computing to the edge of the network, and solves the problems of poor cloud computing mobility, weak geographic information perception, and high latency.
- edge computing is applied to data analysis, it also brings new security and privacy challenges to edge nodes in industrial edge computing networks. While meeting the high real-time requirements in industrial networks, it is a challenge to ensure data integrity between the industrial cloud and edge nodes and correct calculation results for field devices. Because edge nodes directly access the Internet, and directly expose industrial field devices to the Internet, there are very large security risks, especially data security issues.
- the present invention designs a scheme based on trust evaluation to ensure that the edge node outputs a credible calculation result.
- the purpose of the present invention is to provide a method for judging the credibility of edge node calculation results based on trust evaluation.
- the present invention provides the following technical solutions:
- a method for judging the credibility of edge node calculation results based on trust evaluation includes the following steps:
- the edge node to be added sends the identity information ID Ai to the edge agent for registration, and the security administrator sets the error rate ER Ai of each edge node to allow calculation errors in the industrial production environment;
- CN ⁇ represents the total number of evidence collections needed for the edge agent to calculate the trust value in the ⁇ round, t ⁇ represents the time when the edge agent starts to calculate the trust value in the ⁇ round.
- the edge agent starts to evaluate the initial trust value of the edge node, and the edge agent randomly generates a set of to-be-calculated data And generate the result set of adjacent data pairwise calculation
- this scheme stipulates that the number of evidence collection required for initial trust value evaluation CN 0 is 3;
- the edge agent sends the to-be-calculated set to the edge node, and the edge node collects the calculation result after the calculation And calculation result hash value collection Send to the edge agent;
- the edge agent calculates the result set according to the edge node Calculate its corresponding hash value
- the edge agent processes the collected data as follows:
- Timeliness is the difference between the calculation efficiency of the edge node Ai and the edge agent; the calculation formula for the timeliness of the ⁇ th evidence collection is as follows:
- the edge agent When the edge agent evaluates the initial trust value, the edge agent sends the ⁇ -th to-be-calculated set time according to it Time to calculate the pending set Time to receive the calculation result of edge node Ai Calculate the computational efficiency of CN 0-order edge nodes And the computational efficiency of edge agents Substituting equation (3), the timeliness of CN 0 edge nodes Ai is calculated.
- the edge agent When the edge agent evaluates the initial trust value, it uses (1), (2) and (3) to process the evidence collected three times, and obtains 3 values of accuracy, completeness and timeliness of the edge node Ai to be added ;
- the direct trust value is a quantitative value of the edge node's ability to complete the requested task. It is based on the history of the interaction between the edge agent and the edge node; when the edge agent calculates the initial trust value of the edge node, the edge node is in a waiting state; the edge agent treats it separately.
- the direct trust factor of the edge node is vaguely evaluated, and the steps to calculate the direct trust value are as follows:
- edge node Ai When z 1- ⁇ is the largest, the edge node Ai is untrustworthy, and the edge agent does not calculate the average membership degree of accuracy, completeness and timeliness;
- the edge node Ai is credible, and the average value of the membership degree in the interval [ ⁇ c , 1] corresponding to the accuracy, completeness and timeliness of the edge agent calculation
- the denominator is the number of membership degrees of each factor in the interval [ ⁇ c , 1], and the numerator is the sum of the membership degrees of each factor in the interval [ ⁇ c , 1];
- the edge agent calculates the direct trust value of the edge node Ai based on the average membership degree of accuracy, completeness and timeliness and its weight Calculated as follows:
- the initial direct trust value at this time is the final trust value, and the final trust value of the edge node Ai before running
- the edge node trust is divided into three levels, namely untrustworthy, uncertain, and trustworthy;
- the unreliable threshold is ⁇ u
- the security manager sets the error rate of the edge node allowed by the industrial production environment, and the edge agent calculates the corresponding ⁇ u and ⁇ c according to the error rate;
- the edge agent calculates the trust mark of the edge node Ai to be run according to the judgment result, and the rules are as follows:
- the edge agent replaces the trust value of the trusted edge node with That is, the trusted edge node is reduced to an edge node with uncertain trust.
- the edge agent assigns the trust identifier TI Ai-0 of the initial trust value to it, and calculates the validity time of the initial trust identifier according to formula (5) Store initial trust related information locally;
- i is the number of online edge nodes
- CN 0 is the number of evidence collection during initial trust evaluation
- Ai l is the amount of data collected for each evidence
- ⁇ T is the time interval for trust update
- the unit of valid time is second; if the trust mark of the edge node expires, the edge agent will blacklist the edge node;
- the edge agent repeats the above evidence collection, evidence processing and trust evaluation steps to evaluate its initial trust value twice. If it is untrustworthy, report the security administrator to replace it, and calculate the initial trust value of the edge node to be added after the replacement.
- the initial trust related data of the edge node Ai includes the initial trust value evaluation start time t 0 , the node identity ID Ai , and the mean value of accuracy membership Means of integrity membership Mean Timely Membership Initial trust value Trust mark TI Ai-0 and effective time
- the edge agent sends the trust identifier to the field device. After the field device checks the trust identifier of the edge node to be operated, it sends data to the edge node whose trust identifier is greater than 0, and then the edge node is in the running state.
- the edge agent After the network is running for ⁇ T time, the edge agent initiates a trust update request to the field device, and the edge agent starts to collect the collected data of the field device, the calculation result of the edge node and its hash value and the feedback score of the field device, and record the response time and history of the edge node Direct trust value.
- the edge agent initiates a trust update request, each time the edge agent collects evidence, there are the following two situations:
- Case 1 The edge node directly returns the calculation result to the field device, and the field device sends the calculation result of the edge node and its hash value to the edge agent;
- Case 2 After the initial calculation of the edge node, the calculation result and its hash value are sent to the edge agent.
- the edge agent collects evidence and uploads the edge node calculation result, trust mark and signature to the industrial cloud, and the industrial cloud checks the edge node trust mark And after verifying the signature, the preliminary calculation result of the edge node is further processed, and then the industrial cloud sends the calculation result and signature to the edge agent, and the edge agent sends the calculation result to the field device after verifying the signature;
- the edge agent calculates the number of times of evidence collection CN ⁇ for the ⁇ th round of trust update according to the ⁇ -1th trust identifier; when the trust identifier is small, the number of evidence collections is less, and the edge agent can quickly update the trust value of the edge node; the network In the initial stage of operation, the number of evidence collection increases with the increase in the number of credibility. In order to update the trust value in time and reduce the amount of trust calculation, the number of evidence collection cannot be increased indefinitely.
- the maximum value of the number of evidence collection CN ⁇ is
- the field device sends a piece of data every ⁇ t, the edge agent and edge node Ai start processing after receiving the second collected data; the edge agent processes the adjacent two collected data and the calculation result is The calculation result of the edge node Ai processing the adjacent two collected data is Which evidence is collected for each evidence Each time evidence is collected, the field device needs to send (l+1) pieces of data, and the data sent by the field device form a set
- the edge agent starts the ⁇ th round of trust update, the edge agent collects CN ⁇ times of evidence in total, and the evidence of l data collected for the ⁇ th time includes the calculation result of the edge agent Calculation result of edge node Ai And its hash value
- the edge agent calculates the result set according to the edge node Ai Calculate its corresponding hash value
- the edge agent records the time when the field device sends the first data when the ⁇ is collected for the first time
- the edge agent calculates the time to complete the lth result
- edge agents need to use historical direct trust values to modify the direct trust values.
- Edge agents use sliding windows to store historical direct trust values to reduce the number of old direct trust values against new ones. The influence of direct trust value.
- Each edge node has a sliding storage window. The larger the window, the more storage and calculation overhead. A short sliding storage window can limit the amount of trust calculation and improve the efficiency of trust evaluation.
- the sliding storage window has u panes, and each pane retains a historical direct trust value, that is, the direct trust value before the ⁇ th round of trust update is stored in the sliding storage window; the direct trust value stored in the kth pane
- the window starts to move, moving one pane at a time; the new direct trust value is added to the window after the trust is updated, and the expired direct trust value is squeezed out of the window;
- the window stores the direct trust value from the ⁇ -u round to the ⁇ -1 round of trust update.
- the ⁇ round of direct trust value is stored in the sliding storage window.
- Medium when the trust flag of the edge node Ai is 0, the edge node is regarded as a malicious node, and the edge agent deletes its sliding storage window.
- the final trust value of the edge node where the edge agent updates the running state also needs to consider the feedback score of the field device to the edge node calculation result; the score rule of the field device to the edge node: if a security accident occurs, regardless of whether the trust update is in progress, the field device will feedback And the edge agent will blacklist the edge node corresponding to the feedback score; otherwise, the field device will feedback the score of the calculation result, and the bad evaluation Praise
- the field device feeds back the score of the calculation result to the edge agent.
- the edge agent collects CN ⁇ times, and collects l feedback scores each time.
- the feedback score collected by the edge agent for the ⁇ th time is Including the field device's score on the calculation results directly returned by v edge nodes to the field device and the field device's score on the (lv) calculation results sent by the edge node to the industrial cloud for processing and then returned to the field device; using elliptic curve
- the proxy signature makes the communication between the edge node and the industrial cloud believable. Regardless of whether the calculation result received by the field device comes from the edge node or the industrial cloud, the object of the field device feedback score is the edge node.
- the edge agent After the edge agent collects CN ⁇ times of evidence, it calculates the accuracy, completeness, and timeliness of the edge node Ai each time the evidence is collected in the ⁇ round of trust update;
- the edge agent calculates the accuracy of the edge node Ai according to formula (1);
- the edge agent When the edge agent performs the ⁇ th round of trust update, it uses equations (1), (2) and (3) to process the collected direct trust factors, and obtain the accuracy, completeness and timeliness values of the edge node Ai to be audited.
- CN ⁇ When the edge agent performs the ⁇ th round of trust update, it uses equations (1), (2) and (3) to process the collected direct trust factors, and obtain the accuracy, completeness and timeliness values of the edge node Ai to be audited.
- the weight factor of the historical direct trust value at different times needs to take into account the time factor, that is, the longer the trust value, the lower the proportion; the weight of the k-th pane in the sliding storage window:
- ⁇ is the attenuation coefficient, and the attenuation coefficient is 0.3; when the sliding storage window is not full, u takes the number of actual historical direct trust values;
- the edge agent calculates the weighted average historical trust value of the edge node Ai during the ⁇ round of trust update according to the historical direct trust value and its weight in the sliding storage window
- the edge agent repeats the initial trust value calculation step to evaluate the initial trust value of the edge node to be added;
- the edge agent calculates the reward and punishment factor of the edge node Ai during the ⁇ round of trust update; the total number of favorable comments collected by the edge agent according to the ⁇ evidence Difference from the minimum required number of correct calculation results Calculate the reward factor corresponding to the ⁇ th evidence collection And penalty factor in
- the reward factor corresponding to the ⁇ th evidence collection is The penalty factor is Otherwise, the reward factor corresponding to the ⁇ th evidence collection is The penalty factor is The degree of reward is small and the degree of punishment is large, reflecting the characteristics of slow increase and fast decrease of trust value;
- the edge agent calculates the final reward or punishment factor based on the reward and punishment factor in the ⁇ round of trust update
- the edge agent updates the trust value of the edge node according to the direct trust value, historical trust value, and feedback score. At this time, the edge node is in a state of pending review; the interval of each round of trust update is ⁇ T.
- the edge agent repeats the steps of calculating the direct trust value when evaluating the initial trust, and uses equation (4) to calculate the direct trust value of the trusted and uncertain edge node Ai in the ⁇ -th round of trust update. For edge nodes to be audited that are untrustworthy, the edge agent directly blacklists them.
- the edge agent Before calculating the final trust value, the edge agent needs to use the weighted average historical direct trust value to correct the direct trust value; with After weighting and summarizing, the direct trust value of the edge node Ai after the correction of the ⁇ -th round of trust update is obtained
- ⁇ is used to weigh the proportion of current trust and historical trust, and ⁇ is defined as follows:
- the edge agent calculates the final trust value of the edge node to be audited according to the reward or punishment factor calculated by formula (9);
- the final trust value of the edge node Ai during the ⁇ round of trust update is 0; otherwise, the final trust value of the edge node Ai during the ⁇ round of trust update is the revised direct trust value of the edge node Ai Add a reward or punishment factor.
- the edge agent compares the final trust value of the edge node to be audited with the trust threshold (trust threshold) in the trust level table of Table 2, and then calculates the trust mark of the edge node Ai based on the judgment result and the final trust value.
- trust threshold the trust threshold in the trust level table of Table 2
- the edge agent calculates its trust identifier TI Ai- ⁇ according to formula (13), and calculates the validity time of the trust identifier according to formula (14) Then store its trust related information locally according to the data structure in Table 6;
- CN ⁇ is the number of times of evidence collection for the ⁇ -th round of trust update
- l is the amount of data collected for each evidence
- Is the average computing efficiency of the edge node Ai ⁇ t is the time interval for the field device to send data
- ⁇ T is the time interval for trust update
- the unit of valid time is seconds; if the trust mark of the edge node expires, the edge agent will blacklist the edge node;
- the trust mark remains unchanged; the edge agent checks its trust mark, and if the trust mark is equal for less than three consecutive times, the edge agent allows the edge node to run; otherwise, the edge agent will Be included in the blacklist, and then the edge node will be isolated;
- edge agent For edge nodes whose trust level is untrustworthy, the edge agent directly blacklists them, and then the edge nodes are in isolation; the edge agent broadcasts the identity information of the edge nodes in the blacklist and their trust identifier 0, and reports The security administrator replaces it; after the security administrator replaces the isolated edge node with the edge node to be added, the edge agent repeats the initial trust value calculation step to evaluate the initial trust value of the edge node to be added.
- the trust-related data of the edge node Ai includes the start time t ⁇ of the ⁇ - th round of trust update, the node identity ID Ai , and the mean value of accuracy membership Means of integrity membership Mean Timely Membership Revised direct trust value Reward or punishment factor Final trust value Trust mark TI Ai- ⁇ and effective time
- the edge agent sends the trust mark to the field device, and the field device decides whether to send data according to the trust mark of the edge node, and sends data to the edge node whose trust mark is greater than that, and does not send data to the edge node whose trust mark is 0;
- the edge agent repeats the steps of evidence collection, evidence processing, and trust update, and so on.
- the present invention ensures the credible safety mechanism of the calculation results output by the industrial edge node, prevents the industrial edge node from outputting wrong data and resists the false data attack of the malicious edge node, and ensures the credibility that the industrial cloud input has not been tampered with. Calculation results, and enable field devices to receive correct calculation results instead of malicious or meaningless messages, thereby improving the efficiency and safety of industrial production.
- Figure 1 is an industrial edge computing framework with a trust mechanism
- Figure 2 is a flow chart of trust evaluation
- Figure 3 is a sequence diagram of the trust evaluation process
- Figure 4 shows the framework and flow chart of trust assessment
- Figure 5 is a sequence diagram of the evidence collection process during the initial trust assessment
- Figure 6 is a flowchart of the first case of evidence collection during trust update
- Figure 7 is a flowchart of the second case of evidence collection during trust update
- Figure 8 is a sequence diagram of the evidence collection process in the ⁇ -th round of trust update
- Figure 9 shows the sliding storage window.
- the field device transmits the collected data to the edge node on the edge side, the edge node processes the data from the field device, and then the edge node returns the calculation result to the field device or sends the preliminary calculation result to the industry
- the cloud platform will return to the field device after further calculation.
- the faulty edge nodes can be identified and the tampering, impersonation, replay and other attacks of malicious nodes can be resisted, that is, to ensure that the field devices receive the trusted calculation results.
- An edge computing framework with trust evaluation function is proposed. The trust evaluation of edge nodes is completed by the edge agent at the edge of the network. The response time of trust computing at the edge of the network is shorter, the execution efficiency is higher, and the network pressure is less, as shown in Figure 1. Show.
- a trust evaluation method to ensure the credibility of the edge node calculation results is proposed. This method is based on the objective analysis of the edge node calculation results by the edge agent, and combines the fuzzy evaluation method and the entropy weight method.
- the edge agent determines which edge nodes can receive computing tasks and send messages by comparing the trust value of the edge node with the trust threshold value, thereby reducing the output of untrusted data on the edge side.
- the trust threshold in the trust evaluation method is determined by the error rate allowed by the edge node set by the security administrator.
- this solution uses an elliptic curve agent
- the signature scheme is to sign the preliminary calculation result of the trusted edge node and send it to the industrial cloud for further processing and then return it to the field device.
- This scheme defines trust as the evaluation of the credibility of the edge node calculation results by the edge agent, and the trust value of the edge node is a quantitative form of the long-term behavior of the edge node.
- Trust evaluation includes four units: evidence collection, evidence processing, initial trust evaluation, and trust update. The overall framework and process of trust assessment are shown in Figure 4.
- the evidence includes three dimensions of information.
- the first is to directly evaluate the three effective factors of the edge node's calculation results, which are the accuracy, completeness and timeliness of the edge node's calculation results, which are used to calculate the direct trust value of the edge node;
- the second is Historical trust value, the edge agent will correct the direct trust value after the weighted average of the historical trust value in the sliding window;
- the third is the feedback score of the field equipment to the edge node calculation result, and the edge agent will get a penalty or reward factor based on the feedback score.
- the trust evaluation process is divided into the calculation of the initial trust value before the network operation and the update of the trust value after the network operation.
- the edge node has the following five states:
- the edge node to be added has no trust value, and the edge node calculates the to-be-calculated data from the edge agent at this time;
- the edge agent calculates the initial trust value of the edge node. At this time, the edge node is in a waiting state, waiting for the edge node of the field device to send data;
- the edge agent sends the trust identification of the edge node to be operated to the field device, the trusted edge node calculates the data from the field device, and the edge is in the running state at this time;
- the edge agent After the network runs for a period of time, the edge agent initiates a trust update to the field device. When the edge agent collects and processes the evidence data and performs a trust update, the edge node is in a pending audit state, and the field device stops sending data to the edge node to be audited until the field device receives the trust mark;
- the edge agent After the edge agent updates the trust value, it assigns a trust identifier to the edge node to be audited, and sends the trust identifier to the field device.
- the field device sends data to the edge node with a trust identifier greater than zero, and the edge node is in operation at this time; the field device does not send data to the edge node with a trust identifier of zero, and the edge node is blacklisted by the edge agent at this time and is in an isolated state .
- the edge node to be added sends the identity information ID Ai to the edge agent for registration, and the security administrator sets the error rate ER Ai of each edge node to allow calculation errors in the industrial production environment;
- CN ⁇ represents the total number of evidence collections needed for the edge agent to calculate the trust value in the ⁇ round, t ⁇ represents the time when the edge agent starts to calculate the trust value in the ⁇ round.
- the edge agent starts to evaluate the initial trust value of the edge node, and the edge agent randomly generates a set of to-be-calculated data And generate the result set of adjacent data pairwise calculation
- this scheme stipulates that the number of evidence collection required for initial trust value evaluation CN 0 is 3;
- the edge agent sends the to-be-calculated set to the edge node, and the edge node collects the calculation result after the calculation And calculation result hash value collection Send to the edge agent;
- the edge agent calculates the result set according to the edge node Calculate its corresponding hash value
- the edge agent evaluates the initial trust value the evidence collection process is shown in Figure 5.
- the edge agent evaluates whether the calculation result is credible according to the accuracy, completeness, and timeliness of the calculation result of the edge node. These three parameters are effective factors for evaluating the calculation result of the edge node. These factors can be regarded as trustworthy of the edge node. Evidence, use these evidence to make an objective evaluation of the edge node calculation results. These three data trust evidences are the core dimensions for finding the trust relationship between data items and trustees.
- the edge agent calculates the accuracy, completeness, and timeliness of the edge node Ai according to the return result of the edge node Ai to be added.
- the edge agent processes the collected data as follows:
- Timeliness is the difference between the calculation efficiency of the edge node Ai and the edge agent; the calculation formula for the timeliness of the ⁇ th evidence collection is as follows:
- the edge agent When the edge agent evaluates the initial trust value, the edge agent sends the ⁇ -th to-be-calculated set time according to it Time to calculate the pending set Time to receive the calculation result of edge node Ai Calculate the computational efficiency of CN 0-order edge nodes And the computational efficiency of edge agents Substituting equation (3), the timeliness of CN 0 edge nodes Ai is calculated.
- the edge agent When the edge agent evaluates the initial trust value, it uses (1), (2) and (3) to process the evidence collected three times, and obtains 3 values for the accuracy, completeness and timeliness of the edge node Ai to be added. ,As shown in Table 1.
- the direct trust value is a quantitative value of the edge node's ability to complete the requested task. It is based on the history of interaction between the edge agent and the edge node. When the edge agent calculates the initial trust value of the edge node, the edge node is in a waiting state. The edge agent performs fuzzy evaluation on the direct trust factors of the running edge nodes, and the steps of calculating the direct trust value are as follows:
- edge node Ai When z 1- ⁇ is the largest, the edge node Ai is untrustworthy, and the edge agent does not calculate the average membership degree of accuracy, completeness and timeliness;
- the edge node Ai is credible, and the average value of the membership degree in the interval [ ⁇ c , 1] corresponding to the accuracy, completeness and timeliness of the edge agent calculation
- the denominator is the number of membership degrees of each factor in the interval [ ⁇ c , 1], and the numerator is the sum of the membership degrees of each factor in the interval [ ⁇ c , 1];
- the edge agent calculates the direct trust value of the edge node Ai based on the average membership degree of accuracy, completeness and timeliness and its weight Calculated as follows:
- the initial direct trust value at this time is the final trust value, and the final trust value of the edge node Ai before running
- Table 2 is a table of edge node trust levels. The trust is divided into three levels, namely untrustworthy, uncertain, and trustworthy.
- Trust level Trust description Trust value range 1 Untrustworthy [0, ⁇ u ) 2 uncertain [ ⁇ u , ⁇ c ) 3 Credible [ ⁇ c , 1]
- the unreliable threshold is ⁇ u
- the security manager sets the allowable error rate of the edge node in the industrial production environment, and the edge agent calculates the corresponding ⁇ u and ⁇ c according to the error rate, as shown in Table 3.
- the edge agent calculates the trust mark of the edge node Ai to be run according to the judgment result, and the rules are as follows:
- the edge agent replaces the trust value of the trusted edge node with That is, the trusted edge node is reduced to an edge node with uncertain trust.
- the edge agent assigns the trust identifier TI Ai-0 of the initial trust value to it, and calculates the validity time of the initial trust identifier according to formula (5) Store the initial trust related information locally according to the data structure in Table 4;
- i is the number of online edge nodes
- CN 0 is the number of evidence collection during initial trust evaluation
- Ai l is the amount of data collected for each evidence
- TT is the time interval for trust update
- the unit of valid time is seconds; if the trust mark of the edge node expires, the edge agent will blacklist the edge node;
- the edge agent repeats the above evidence collection, evidence processing and trust evaluation steps to evaluate its initial trust value twice. If it is untrustworthy, report the security administrator to replace it, and calculate the initial trust value of the edge node to be added after the replacement.
- the edge agent sends the trust identifier to the field device. After the field device checks the trust identifier of the edge node to be operated, it sends data to the edge node whose trust identifier is greater than 0, and then the edge node is in the running state.
- the edge agent After the network is running for ⁇ T time, the edge agent initiates a trust update request to the field device, and the edge agent starts to collect the collected data of the field device, the calculation result of the edge node and its hash value and the feedback score of the field device, and record the response time and history of the edge node Direct trust value.
- the edge agent initiates a trust update request, each time the edge agent collects evidence, there are the following two situations:
- Case 1 The edge node directly returns the calculation result to the field device, and the field device sends the calculation result of the edge node and its hash value to the edge agent, as shown in Figure 6;
- Case 2 After the initial calculation of the edge node, the calculation result and its hash value are sent to the edge agent.
- the edge agent collects evidence and uploads the edge node calculation result, trust mark and signature to the industrial cloud, and the industrial cloud checks the edge node trust mark And after verifying the signature, the preliminary calculation result of the edge node is further processed, and then the industrial cloud sends the calculation result and signature to the edge agent, and the edge agent sends the calculation result to the field device after verifying the signature, as shown in Figure 7.
- the edge agent calculates the number of times of evidence collection CN ⁇ for the ⁇ th round of trust update according to the ⁇ -1th trust identifier; when the trust identifier is small, the number of evidence collections is less, and the edge agent can quickly update the trust value of the edge node; the network In the initial stage of operation, the number of evidence collection increases with the increase in the number of credibility. In order to update the trust value in time and reduce the amount of trust calculation, the number of evidence collection cannot be increased indefinitely.
- the maximum value of the number of evidence collection CN ⁇ is
- the field device sends a piece of data every ⁇ t, the edge agent and edge node Ai start processing after receiving the second collected data; the edge agent processes the adjacent two collected data and the calculation result is The calculation result of the edge node Ai processing the adjacent two collected data is Which evidence is collected for each evidence Each time evidence is collected, the field device needs to send (l+1) pieces of data, and the data sent by the field device form a set
- the edge agent starts the ⁇ th round of trust update, the edge agent collects CN ⁇ times of evidence in total, and the evidence of l data collected for the ⁇ th time includes the calculation result of the edge agent Calculation result of edge node Ai And its hash value
- the edge agent calculates the result set according to the edge node Ai Calculate its corresponding hash value
- the edge agent records the time when the field device sends the first data when the ⁇ is collected for the first time
- the edge agent calculates the time to complete the lth result
- the evidence collection process in the ⁇ round of trust update is shown in Figure 8.
- the edge agent Since trust changes dynamically over time, in order to avoid malicious behavior, the edge agent needs to modify the direct trust value with the historical direct trust value, which can make the direct trust value more accurate. Therefore, the edge agent uses a sliding window to store the historical direct trust value to reduce the influence of the old direct trust value on the new direct trust value.
- Each edge node has a sliding storage window. The larger the window, the more storage and calculation overhead. Therefore, a short sliding storage window can effectively limit the amount of trust calculation and improve the efficiency of trust evaluation.
- the sliding storage window has u panes, and each pane retains a historical direct trust value, that is, the direct trust value before the ⁇ th round of trust update is stored in the sliding storage window; the kth pane stores The direct trust value of When each pane has a direct trust value, the window starts to move, moving one pane at a time; the new direct trust value is added to the window after the trust is updated, and the expired direct trust value is squeezed out of the window; In the ⁇ round of trust update, the window stores the direct trust value from the ⁇ -u round to the ⁇ -1 round of trust update. After the ⁇ round of trust update is completed, the ⁇ round of direct trust value is stored in the sliding storage window. Medium; when the trust flag of the edge node Ai is 0, the edge node is regarded as a malicious node, and the edge agent deletes its sliding storage window.
- the final trust value of the edge node where the edge agent updates the running state also needs to consider the feedback score of the field device to the edge node calculation result; the score rule of the field device to the edge node: if a security accident occurs, regardless of whether the trust update is in progress, the field device will feedback And the edge agent will blacklist the edge node corresponding to the feedback score; otherwise, the field device will feedback the score of the calculation result, and the bad evaluation Praise
- the field device feeds back the score of the calculation result to the edge agent.
- the edge agent collects CN ⁇ times, and collects l feedback scores each time.
- the feedback score collected by the edge agent for the ⁇ th time is Including the field device's score on the calculation results directly returned by v edge nodes to the field device and the field device's score on the (lv) calculation results sent by the edge node to the industrial cloud for processing and then returned to the field device; using elliptic curve
- the proxy signature makes the communication between the edge node and the industrial cloud believable. Regardless of whether the calculation result received by the field device comes from the edge node or the industrial cloud, the object of the field device feedback score is the edge node.
- the edge agent After the edge agent collects CN ⁇ times of evidence, it calculates the accuracy, completeness, and timeliness of the edge node Ai each time the evidence is collected in the ⁇ round of trust update;
- the edge agent calculates the accuracy of the edge node Ai according to formula (1);
- the edge agent When the edge agent performs the ⁇ th round of trust update, it uses equations (1), (2) and (3) to process the collected direct trust factors, and obtain the accuracy, completeness and timeliness values of the edge node Ai to be audited.
- CN ⁇ as shown in Table 5.
- the weighting factor of the historical direct trust value at different times needs to take into account the time factor, that is, the longer the trust value, the lower the proportion.
- ⁇ is the attenuation coefficient, and the attenuation coefficient is 0.3; when the sliding storage window is not full, u takes the number of actual historical direct trust values;
- the edge agent calculates the weighted average historical trust value of the edge node Ai during the ⁇ round of trust update according to the historical direct trust value and its weight in the sliding storage window
- the edge agent repeats the initial trust value calculation step to evaluate the initial trust value of the edge node to be added;
- the edge agent calculates the reward and punishment factor of the edge node Ai during the ⁇ round of trust update; the total number of favorable comments collected by the edge agent according to the ⁇ evidence Difference from the minimum required number of correct calculation results Calculate the reward factor corresponding to the ⁇ th evidence collection And penalty factor in
- the reward factor corresponding to the ⁇ th evidence collection is The penalty factor is Otherwise, the reward factor corresponding to the ⁇ th evidence collection is The penalty factor is The degree of reward is small and the degree of punishment is large, reflecting the characteristics of slow increase and fast decrease of trust value;
- the edge agent calculates the final reward or punishment factor based on the reward and punishment factor in the ⁇ round of trust update
- the edge agent updates the trust value of the edge node according to the direct trust value, historical trust value, and feedback score. At this time, the edge node is in a pending audit state. Because internal attacks occur at a specific time, the trust evaluation mechanism does not require too frequent trust updates, and frequent trust updates will take up more transmission and computing resources.
- the trust update interval for each round is ⁇ T.
- the edge agent repeats the steps of calculating the direct trust value when evaluating the initial trust, and uses equation (4) to calculate the direct trust value of the trusted and uncertain edge node Ai in the ⁇ -th round of trust update. For edge nodes to be audited that are untrustworthy, the edge agent directly blacklists them.
- the edge agent Before calculating the final trust value, the edge agent needs to use the weighted average historical direct trust value to correct the direct trust value; with After weighting and summarizing, the direct trust value of the edge node Ai after the correction of the ⁇ -th round of trust update is obtained
- ⁇ is used to weigh the proportion of current trust and historical trust, and ⁇ is defined as follows:
- the edge agent calculates the final trust value of the edge node to be audited according to the reward or punishment factor calculated by formula (9);
- the final trust value of the edge node Ai during the ⁇ round of trust update is 0; otherwise, the final trust value of the edge node Ai during the ⁇ round of trust update is the revised direct trust value of the edge node Ai Add a reward or punishment factor.
- the edge agent compares the final trust value of the edge node to be audited with the trust threshold (trust threshold) in the trust level table of Table 2, and then calculates the trust mark of the edge node Ai based on the judgment result and the final trust value.
- trust threshold the trust threshold in the trust level table of Table 2
- the edge agent calculates its trust identifier TI Ai- ⁇ according to formula (13), and calculates the validity time of the trust identifier according to formula (14) Then store its trust related information locally according to the data structure in Table 6;
- CN ⁇ is the number of times of evidence collection for the ⁇ -th round of trust update
- l is the amount of data collected for each evidence
- Is the average computing efficiency of the edge node Ai ⁇ t is the time interval for field devices to send data
- ⁇ T is the time interval for trust update
- the unit of valid time is seconds; if the trust mark of the edge node expires, the edge agent will blacklist the edge node.
- the trust mark remains unchanged; the edge agent checks its trust mark, and if the trust mark is equal for less than three consecutive times, the edge agent allows the edge node to run; otherwise, the edge agent will Be included in the blacklist, and then the edge node will be isolated;
- edge agent For edge nodes whose trust level is untrustworthy, the edge agent directly blacklists them, and then the edge nodes are in isolation; the edge agent broadcasts the identity information of the edge nodes in the blacklist and their trust identifier 0, and reports The security administrator replaces it; after the security administrator replaces the isolated edge node with the edge node to be added, the edge agent repeats the initial trust value calculation step to evaluate the initial trust value of the edge node to be added.
- the edge agent sends the trust mark to the field device, and the field device decides whether to send data according to the trust mark of the edge node, and sends data to the edge node whose trust mark is greater than that, and does not send data to the edge node whose trust mark is 0;
- the edge agent repeats the steps of evidence collection, evidence processing, and trust update, and so on, as shown in Figure 3.
- edge nodes A1, A2, A3 there are three edge nodes A1, A2, A3 to be added in the industrial network, and the three edge nodes send their own identity information to the edge agent for registration.
- the security administrator sets the allowable error rates of the three edge nodes to be 10%, 15%, and 20%, respectively.
- the trust thresholds of the edge nodes A1, A2, and A3 are shown in Table 8.
- the edge agent Before the network runs, at t 0 , the edge agent sends three to-be-calculated data sets with a data volume of 10 to the edge nodes A1, A2, and A3 respectively. After the edge proxy evidence is processed, the evaluation results of the edge nodes A1, A2, and A3 are shown in Table 9. Table 10 shows the initial trust value, trust identifier and validity time of the edge nodes A1, A2, and A3.
- the edge agent reduces the A1 trust to uncertainty.
- the initial trust value of A1 is greater than 0.9.
- the edge agent evaluates the initial trust value of the edge node A3′ to be added after the replacement.
- the initial trust value of the edge node A3′ is 0.65, which is greater than 0.51.
- the edge agent After the network runs for 10s, the edge agent initiates a trust update request to the field device, and the field device sends the collected data to the edge node and the edge agent at the same time.
- the edge agent starts the first round of trust update, and the number of times that the evidence of edge nodes A1, A2, A3' needs to be collected is 3 times, and the amount of data collected each time is 10.
- Tens after the first round of trust update the second round of trust update is performed. After 2 rounds of trust update, the final trust value of each round of trust update of edge nodes A1, A2, A3' is shown in Table 11.
- the edge agent regards A1 as a malicious node; the edge agent broadcasts the identity information of A1 and its trust identifier 0, and reports the security administrator to replace it. After the security administrator replaces A1 with A1′, the edge agent evaluates its initial trust value, and after the edge agent evaluates the initial trust value of A1′, it updates the final trust value of A2 and A3′. The evaluation results are as shown in the table when the update reaches the fourth round. 12 shown.
- the field device scored A2 as -1 so the edge agent regards A2 as a malicious node; the edge agent broadcasts the identity information of A2 and its trust identifier 0, and reports the security administrator to replace it.
- the edge agent After the security administrator replaces A2 with A2', the edge agent first evaluates its initial trust value. After evaluating the initial trust value of A2', the edge agent updates the final trust values of A1' and A3'.
- the results of the fifth round of trust update are shown in Table 13.
- the historical direct trust value of A2' stored in the sliding window in the edge agent is shown in Table 15.
- the weights corresponding to the first to fifth panes are 0.30, 0.40, 0.54, 0.74, 1.00, and the sum of the weights is 2.98.
- the weighted average historical direct trust value of the edge agent is obtained
- the historical direct trust value of A3' stored in the sliding window in the edge agent is shown in Table 16.
- the weights corresponding to each pane are 0.06, 0.09, 0.12, 0.16, 0.22, 0.30, 0.40, 0.54, 0.74, 1.00, and the sum of the weights is 3.63.
- the weighted average historical direct trust value of the edge agent is obtained
- Table 17 The final trust related information of edge nodes A1', A2', and A3'
- the validity period of the trust mark of the edge node A1' has expired, but its trust value has not been updated.
- the edge agent regards A1' as a malicious node or a faulty node, blacklists it, and broadcasts its identity and Trust ID 0, report to the security administrator for replacement.
- the edge node is a malicious or faulty node, and there are the following four situations:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
本发明涉及一种基于信任评估的边缘节点计算结果可信判别方法,属于数据处理技术领域。本发明确保工业边缘节点输出的计算结果可信的安全机制,防止工业边缘节点输出错误数据和抵御恶意边缘节点的虚假数据攻击,保证工业云输入未被篡改的可信计算结果,以及使得现场设备接收到正确的计算结果,而不是恶意或无意义的消息,从而提高工业生产的效率和安全性。
Description
本发明属于数据处理技术领域,涉及一种基于信任评估的边缘节点计算结果可信判别方法。
工业网络中引入边缘计算,在网络边缘中执行数据处理和存储,能够解决节点请求延时,云服务器存储和计算负担过重、网络传输带宽压力过大等问题。边缘计算将云计算的服务资源扩展到了网络边缘,解决了云计算移动性差、地理信息感知弱、时延高等问题。然而,边缘计算在应用于数据分析的同时也给工业边缘计算网络中的边缘节点带来了新的安全和隐私挑战。在满足工业网络中高实时性要求的同时,确保工业云和边缘节点之间的数据完整性、以及现场设备收到正确计算结果是一项挑战。由于边缘节点向外直接接入了互联网络,进而将工业现场设备直接暴露于互联网络中,存在非常大的安全隐患,特别是数据的安全问题。
目前,国内外关于确保工业边缘节点与工业云之间通信信息可信的研究较少,大部分都研究的是信息在传输过程中未被篡改,但无法确保边缘节点计算结果可信,即边缘节点输出的计算结果正确。为了解决这一问题,本发明设计了一种基于信任评估的确保边缘节点输出可信计算结果的方案。
发明内容
有鉴于此,本发明的目的在于提供一种基于信任评估的边缘节点计算结果可信判别方法。
为达到上述目的,本发明提供如下技术方案:
一种基于信任评估的边缘节点计算结果可信判别方法,该方法包括以下步骤:
S1网络运行前
待加入的边缘节点将身份信息ID
Ai发送至边缘代理进行注册,安全管理员设定各边缘节点在工业生产环境中允许计算出错的错误率ER
Ai;边缘代理用ε标记证据是第几次收集的证据(ε=1,2,...,CN
τ),用τ标记信任相关信息是第几轮计算的信任值(τ∈N),评估初始信任值时τ=0,更新信任值时τ≥1;CN
τ表示边缘代理第τ轮计算信任值时需要证据收集的总次数,t
τ表示边缘代理开始第τ轮计算信任值的时间。边缘代理验证边缘节点的身份后,开始评估边缘节点的初始信任值;
S11证据收集
S12证据处理
边缘代理对收集到的数据处理如下:
(1)准确性为正确计算结果个数占总数据个数的比重;第ε次证据收集的准确性计算公式如下:
(2)完整性为完整数据个数占总数据个数的比重;第ε次证据收集的完整性计算公式如下:
(3)及时性为边缘节点Ai与边缘代理的计算效率之差;第ε次证据收集的及时性计算公式如下:
边缘代理评估初始信任值时,边缘代理根据其发送第ε次待算集合的时间
计算完待算集合的时间
接收边缘节点Ai计算结果的时间
计算CN
0次边缘节点的计算效率
和边缘代理的计算效率
代入(3)式,计算得到CN
0个边缘节点Ai的及时性。
边缘代理评估初始信任值时,利用(1)式、(2)式和(3)式处理3次收集的证据,得到待加入的边缘节点Ai准确性、完整性和及时性的值各3个;
S13初始信任评估
1)计算初始信任值
直接信任值是边缘节点完成请求任务能力的量化值,它基于边缘代理与边缘节点之间的交互记录历史;边缘代理计算边缘节点初始信任值时,边缘节点处于待运行状态;边缘代理分别对待运行的边缘节点的直接信任因素进行模糊评价,计算直接信任值步骤如下:
(a)确定因素集
评价集V={V
1,V
2,V
3},V
1为不可信、V
2为不确定、V
3为可信;规定V
1、V
2、V
3对应的隶属度的大小分别为:当0≤μ
un<β
u时,为不可信;当β
u≤μ
in<β
c时,为不确定;当β
c≤μ
cr≤1时,为可信;β
u,β
c为不可信和可信的阈值;边缘代理计算准确性、完整性和及时性的隶属度,计算公式如下:
①第ε次证据收集的准确性的隶属度计算公式为:
②第ε次证据收集的完整性的隶属度计算公式为:
(b)计算第τ轮信任计算时准确性、完整性和及时性对应的隶属度属于V
1,V
2,V
3的比重,分别为{r
11-τ,r
12-τ,r
13-τ},{r
21-τ,r
22-τ,r
23-τ},{r
31-τ,r
32-τ,r
33-τ},例如
为CN
τ个准确性隶属度中在不可信隶属度范围内的个数;边缘代理得到评判矩阵
(c)利用熵权法计算准确性、完整性和及时性对应的权重,计算步骤如下:
③计算准确性、完整性和及时性对应的权重:
为避免某因素离散程度过小可能出现权重为零的情况,准确性、完整性和及时性对应的权重范围分别为α
1∈[0.5,0.8]、α
2∈[0.01,0.2]、α
3∈[0.2,0.4],满足α
1>α
3>α
2;当熵权法得到的权重不在规定范围内时,取其对应范围的最大值或最小值,实际权重为
A
τ={α′
1-τ,α′
2-τ,α′
3-τ};
(d)计算评判结果Z
Ai-τ=A
τ*R
τ={z
1-τ,z
2-τ,z
3-τ},存在以下三种情况;
①当z
1-τ最大时,边缘节点Ai不可信,边缘代理不计算准确性、完整性和及时性的平均隶属度;
②当z
2-τ最大时,边缘节点Ai信任不确定,边缘代理计算准确性、完整性和及时性对应的在区间[β
u,β
c)内的隶属度的均值为
其中分母为各因素隶属度在区间[β
u,β
c)内的个数,分子为各因素隶属度在区间[β
u,β
c)内的隶属度之和;
③当z
3-τ最大时,边缘节点Ai可信,边缘代理计算准确性、完整性和及时性对应的在区间[β
c,1]内的隶属度的均值为
其中分母为各因素隶属度在区间[β
c,1]内的个数,分子为各因素隶属度在区间[β
c,1]内的隶属度之和;
2)计算信任标识
边缘节点信任分为三级,分别为不可信、不确定、可信;
不可信的阈值为β
u,可信的阈值为β
c,满足0<β
u<β
c≤1,且β
c=[1+10(ER
Ai)
2]
-1,β
u=β
c-0.2,其中ER
Ai为工业生产环境允许边缘节点Ai偶尔因失误造成计算出错的错误率,0≤ER
Ai<30%;β
u、β
c越大,表示系统对错误计算结果越敏感。安全管理者设定工业生产环境允许边缘节点的错误率,边缘代理根据错误率计算对应的β
u、β
c;
边缘代理根据评判结果计算待运行的边缘节点Ai的信任标识,规则如下:
式中,i为在线边缘节点个数,CN
0为初始信任评估时证据收集次数,
为边缘节点Ai的平均计算效率
l为每次证据收集的数据量,ΔT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单;
(c)对于信任等级为不可信,即z
1-τ最大的边缘节点,为避免评估错误,边缘代理重复上述证据收集、证据处理和信任评估步骤评估其初始信任值2次,若2次仍为不可信,则报告安全管理员将其更换,并计算更换后的待加入的边缘节点的初始信任值。
边缘代理将信任标识发送给现场设备,现场设备检查待运行的边缘节点的信任标识后,给信任标识大于0的边缘节点发送数据,之后边缘节点处于运行状态。
S2网络运行后
S21证据收集
网络运行ΔT时间后,边缘代理向现场设备发起更新信任请求,边缘代理开始收集现场设备的采集数据、边缘节点的计算结果及其哈希值和现场设备的反馈评分,记录边缘节点响应时间和历史直接信任值。边缘代理发起信任更新请求后,边缘代理每次证据收集有以下两种情况:
情况一:边缘节点直接返回计算结果给现场设备,现场设备将边缘节点的计算结果及其哈希值发送给边缘代理;
情况二:边缘节点初步计算后,将计算结果及其哈希值发送给边缘代理,边缘代理收集证据并将边缘节点计算结果、信任标识及其签名后上传工业云,工业云检查边缘节点信任标识和验证签名后进一步处理边缘节点的初步计算结果,然后工业云将计算结果及签名发送给边缘代理,边缘代理验证签名后将计算结果发送给现场设备;
边缘代理收集以上这两种情况下的证据数据,收集l个证据数据为一次证据收集;每轮信任更新需要证据收集CN
τ次,此时边缘节点处于运行状态;边缘代理用ε记录证据收集次数(ε=1,2,...,CN
τ);第τ轮信任更新时,边缘代理需要收集完CN
τ次证据后,进行证据处理和信任更新操作;每轮信任更新间隔时间为ΔT;规定第τ轮信任更新所需证据的收集次数CN
τ的计算公式如下:
边缘代理根据第τ-1次的信任标识计算第τ轮信任更新所需证据的收集次数CN
τ;当信任标识较小时,证据收集次数较少,边缘代理可快速更新边缘节点的信任值;网络运行初期,证据收集次数随可信次数的增加而增多,为能及时更新信任值和减少信任计算量,证据收集次数不能无限增大,证据收集次数CN
τ的最大值为
1)直接信任因素收集
现场设备将采集的数据
同时发送给边缘代理和边缘节点Ai,现场设备每隔Δt发送一个数据,边缘代理和边缘节点Ai接收到第2个采集数据后开始处理;边缘代理处理相邻两次采集数据的计算结果为
边缘节点Ai处理相邻两次采集数据的计算结果为
为每次证据收集的第几个证据
每次证据收集,现场设备需要发送(l+1)个 数据,现场设备发送的数据组成集合
t
τ时,边缘代理开始第τ轮信任更新,边缘代理累计收集CN
τ次证据,第ε次收集l个数据的证据包括边缘代理的计算结果
边缘节点Ai的计算结果
及其哈希值
边缘代理根据边缘节点Ai计算结果集合
计算其对应的哈希值
边缘代理记录第ε次收集证据时现场设备发送第一个数据的时间
边缘代理计算完成第l个结果的时间
边缘节点Ai计算完成第l个结果的时间
2)历史直接信任值收集
由于信任随时间动态变化,为避免出现恶意行为,边缘代理需要用历史直接信任值对直接信任值进行修正,边缘代理使用滑动窗口来存储历史直接信任值,以减少老旧直接信任值对新的直接信任值的影响。每个边缘节点分别有一个滑动存储窗口。窗口越大,则存储和计算开销就越多,短小的滑动存储窗口能够限制信任计算量,提高信任评估效率。
滑动存储窗口有u个窗格,每个窗格保留一个历史直接信任值,即将第τ轮信任更新之前的直接信任值存储在滑动存储窗口中;第k个窗格存储的直接信任值为
当每个窗格都有一个直接信任值时,窗口才开始移动,每次移动一个窗格;新的直接信任值在信任更新后加入到窗口中,而过期的直接信任值被挤出窗口;第τ轮信任更新时,窗口内存储着第τ-u轮到第τ-1轮信任更新时的直接信任值,第τ轮信任更新完之后再把第τ轮直接信任值存入滑动存储窗口中;当边缘节点Ai的信任标识为0时,边缘节点被视为恶意节点,边缘代理将其滑动存储窗口删除。
3)反馈评分收集
边缘代理更新运行状态的边缘节点的最终信任值还需要考虑现场设备对边缘节点计算结果的反馈评分;现场设备对边缘节点的评分规则:若发生安全事故则不管是否在信任更新,现场设备都反馈
并且边缘代理会将反馈评分对应的边缘节点列入黑名单;否则,现场设备反馈对计算结果的评分,差评
好评
现场设备向边缘代理反馈对计算结果的评分,第τ轮信任更新时边缘代理收集CN
τ次,每次收集l个反馈评分,边缘代理第ε次收集的反馈评分为
其中包括现场设备对v个边缘节点直接向现场设备返回的计算结果的评分和现场设备对(l-v)个由边缘节点发给工业云处理后再返回给现 场设备的计算结果的评分;采用椭圆曲线代理签名,使得边缘节点与工业云的通信可信,无论现场设备收到的计算结果来自边缘节点还是工业云,现场设备反馈评分的对象都是边缘节点。
S22证据处理
1)直接信任因素处理
边缘代理收集CN
τ次证据后,分别计算第τ轮信任更新时每次证据收集的边缘节点Ai的准确性、完整性、及时性;
(a)边缘代理根据(1)式计算边缘节点Ai的准确性;
(b)边缘代理根据(2)式计算边缘节点Ai的完整性;
(c)边缘代理根据第ε次证据收集时现场设备发送第一个数据的时间
边缘代理计算完成第l个结果的时间
边缘节点Ai计算完成第l个结果的时间
计算边缘节点的计算效率
和边缘代理的计算效率
将
代入(3)式计算边缘节点Ai的及时性;
边缘代理进行第τ轮信任更新时,利用(1)式、(2)式和(3)式处理收集的直接信任因素,得到待审核的边缘节点Ai准确性、完整性和及时性的值各CN
τ个;
2)历史信任值处理
不同时间的历史直接信任值的权重因子需要考虑到时间的因素,即时间越久的信任值,所占的比重越低;在滑动存储窗口中的第k个窗格的权重:
式中ρ为衰减系数,衰减系数为0.3;当滑动存储窗口未存满时,u取实际历史直接信任值的个数;
3)反馈评分处理
对于反馈评分为-1的边缘节点,安全管理员将其更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤,评估待加入边缘节点的初始信任值;
现场设备好的反馈会增加边缘节点Ai的信任值,而不好的反馈会快速降低边缘节点Ai的信任值;当存在来自现场设备的安全事故反馈时,
表现为惩罚因子,
没有安全事故反馈时,
表示奖励,
表示惩罚,
表示既不奖励也不惩罚。
S23信任更新
边缘代理根据直接信任值、历史信任值和反馈评分对边缘节点的信任值进行更新,此时边缘节点处于待审核状态;每轮信任更新间隔时间为ΔT。
1)计算直接信任值
边缘代理重复评估初始信任时计算直接信任值的步骤,利用(4)式计算第τ轮信任更新时评判结果为可信和不确定的待审核边缘节点Ai的直接信任值
对于评判结果为不可信的待审核边缘节点,则边缘代理直接将其列入黑名单。
2)修正直接信任值
式中,δ用来权衡当前信任和历史信任所占比重,δ定义如下:
式中:0<δ
1<δ
2<1,规定δ
1=0.3,δ
2=0.7,δ
1取值较小,防止边缘节点较快积累自身信任,δ
2取值较大,体现对边缘节点恶意行为的惩罚。
3)更新最终信任值
边缘代理依据(9)式计算得到的奖励或惩罚因子,计算待审核边缘节点的最终信任值;
当存在某反馈评分为-1时,第τ轮信任更新时边缘节点Ai的最终信任值为0;否则第τ轮信任更新时边缘节点Ai的最终信任值为边缘节点Ai修正后的直接信任值加上奖励或惩罚因子。
4)计算信任标识
信任更新后边缘代理将待审核边缘节点的最终信任值与表2信任等级表中的信任阈值(信任临界值)比较,然后根据评判结果和最终信任值计算边缘节点Ai的信任标识,规则如下:
第τ轮信任更新时边缘节点Ai的信任标识的具体计算公式如下:
式中CN
τ为第τ轮信任更新所需证据的收集次数,l为每次证据收集的数据量,
为边缘节点Ai的平均计算效率
Δt为现场设备发送数据的时间间隔,ΔT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单;
(b)对于信任等级为不确定的边缘节点,其信任标识不变;边缘代理检查其信任标识,若信任标识连续相等次数少于三次,边缘代理允许该边缘节点运行;否则,边缘代理将其列入黑名单,之后边缘节点处于隔离状态;
(c)对于信任等级为不可信的边缘节点,则边缘代理直接将其列入黑名单,之后边缘节点处于隔离状态;边缘代理广播黑名单中边缘节点的身份信息及其信任标识0,并报告安全管理员将其更换;安全管理员将隔离边缘节点更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤评估待加入边缘节点的初始信任值。
边缘节点Ai的信任相关数据包括第τ轮信任更新开始时间t
τ、节点身份标识ID
Ai、准确性隶属度均值
完整性隶属度均值
及时性隶属度均值
修正后的直接信任值
奖励或惩罚因子
最终信任值
信任标识TI
Ai-τ和有效时间
边缘代理将信任标识发送给现场设备,现场设备根据边缘节点的信任标识决定是否发送数据,给信任标识大于的边缘节点发送数据,而不给信任标识为0的边缘节点发送数据;
经过ΔT时间后,边缘代理重复执行证据收集、证据处理和信任更新步骤,如此循环。
本发明的有益效果在于:本发明确保工业边缘节点输出的计算结果可信的安全机制,防止工业边缘节点输出错误数据和抵御恶意边缘节点的虚假数据攻击,保证工业云输入未被篡改的可信计算结果,以及使得现场设备接收到正确的计算结果,而不是恶意或无意义的消息,从而提高工业生产的效率和安全性。
本发明的其他优点、目标和特征在某种程度上将在随后的说明书中进行阐述,并且在某种程度上,基于对下文的考察研究对本领域技术人员而言将是显而易见的,或者可以从本发明的实践中得到教导。本发明的目标和其他优点可以通过下面的说明书来实现和获得。
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作优选的详细描述,其中:
图1为具有信任机制的工业边缘计算框架;
图2为信任评估流程图;
图3为信任评估过程时序图;
图4为信任评估框架和流程图;
图5为初始信任评估时证据收集的过程时序图;
图6为信任更新时证据收集的第一种情况的流程图;
图7为信任更新时证据收集的第二种情况的流程图;
图8为第τ轮信任更新时证据收集的过程时序图;
图9为滑动存储窗口。
以下通过特定的具体实例说明本发明的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本发明的其他优点与功效。本发明还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本发明的精神下进行各种修饰或改变。需要说明的是,以下实施例中所提供的图示仅以示意方式说明本发明的基本构想,在不冲突的情况下,以下实施例及实施例中的特征可以相互组合。
在工业边缘计算环境中,现场设备将采集到的数据传输到边缘侧的边缘节点,边缘节点处理来自现场设备的数据,然后边缘节点将计算结果返回给现场设备,或者将初步计算结果发送到工业云平台进一步计算后再返回给现场设备。为了确保边缘节点的计算结果正确以及传输过程中结果未被伪造或篡改,可以识别故障边缘节点以及抵御恶意节点的篡改、冒充、重放等攻击,即保证现场设备收到可信计算结果,本文提出了具有信任评估功能的边缘计算框架,边缘节点的信任评估由网络边缘的边缘代理完成,在网络边缘处理信任计算的响应时间更短,执行效率更高,网络压力更小,如图1所示。
假设现场设备采集的数据是可信的,现场设备与边缘节点之间通信是可信的,现场设备与边缘代理之间通信是可信的,现场设备反馈诚实。在具有信任评估功能的工业边缘计算框架中,提出确保边缘节点计算结果可信的信任评估方法,该方法由边缘代理根据对边缘节点的计算结果的客观分析,并结合模糊评价法及熵权法完成对边缘节点的信任评估。边缘代理通过比较边缘节点的信任值与信任阈值,决定哪些边缘节点可以接收计算任务和发送消息,由此可以减少边缘侧输出不可信数据。该信任评估方法中的信任阈值由安全管理员设定的边缘节点允许的错误率确定。
网络运行后,若边缘节点的计算结果需要进一步计算,为了确保边缘节点、边缘代理和工业云平台之间交互的信息未被篡改,使得现场设备收到可信计算结果,本方案采用椭圆曲线代理签名方案,将可信边缘节点的初步计算结果签名后发送到工业云进一步处理后再返回给现场设备。
本方案具体的信任评估流程如图2、图3所示。
本方案将信任定义为边缘代理对边缘节点计算结果可信的评估,边缘节点的信任值是边缘节点长期行为表现的一种定量形式。信任评估包括四个单元:证据收集、证据处理、初始信任评估、信任更新。信任评估的总体框架和流程如图4所示。
证据包括三个维度的信息,一是直接评估边缘节点计算结果的三个有效因素,分别为边缘节点计算结果的准确性、完整性和及时性,用于计算边缘节点的直接信任值;二是历史信任值,边缘代理将在滑动窗口内的历史信任值加权平均后,修正直接信任值;三是现场设备对边缘节点计算结果的反馈评分,边缘代理根据反馈评分得到惩罚或奖励因子,用于计算边缘节点的最终信任值。信任评估过程分为网络运行前初始信任值的计算和网络运行后信任值的更新。信任评估过程中边缘节点有以下五种状态:
(1)待加入:待加入的边缘节点没有信任值,此时边缘节点计算来自边缘代理的待算数据;
(2)待运行:边缘代理计算边缘节点的初始信任值,此时边缘节点处于待运行状态,等待现场设备发送数据的边缘节点;
(3)运行:边缘代理将待运行的边缘节点的信任标识发送给现场设备,可信边缘节点计算来自现场设备的数据,此时边缘处于运行状态;
(4)待审核:网络运行一段时间后,边缘代理向现场设备发起信任更新。边缘代理收集并处理证据数据后进行信任更新时,边缘节点处于待审核状态,现场设备停止向待审核边缘节点发送数据,直到现场设备收到信任标识;
(5)运行/隔离:边缘代理更新完信任值后,给待审核的边缘节点分配信任标识,并将信任标识发送给现场设备。现场设备给信任标识大于零的边缘节点发送数据,此时边缘节点处于运行状态;现场设备不给信任标识为零的边缘节点发送数据,此时边缘节点被边缘代理列入黑名单,处于隔离状态。
1.1信任评估流程
1.1.1网络运行前
待加入的边缘节点将身份信息ID
Ai发送至边缘代理进行注册,安全管理员设定各边缘节点在工业生产环境中允许计算出错的错误率ER
Ai;边缘代理用ε标记证据是第几次收集的证据(ε=1,2,...,CN
τ),用τ标记信任相关信息是第几轮计算的信任值(τ∈N),评估初始信任值时τ=0,更新信任值时τ≥1;CN
τ表示边缘代理第τ轮计算信任值时需要证据收集的总次数,t
τ表示边缘代理开始第τ轮计算信任值的时间。边缘代理验证边缘节点的身份后,开始评估边缘节点的初始信任值。
1证据收集
2证据处理
边缘代理根据边缘节点计算结果的准确性、完整性、及时性来评估计算结果是否可信,这三个参数为评估边缘节点计算结果的有效因素,可以把这些因素看作是边缘节点值得信任的证据,用这些证据对边缘节点计算结果做出客观评价。这三个数据信任证据是查找数据项与信任者之间信任关系的核心维度。
在网络运行前边缘代理根据待加入的边缘节点Ai的返回结果计算出边缘节点Ai的准确性、完整性、及时性。边缘代理对收集到的数据处理如下:
(1)准确性为正确计算结果个数占总数据个数的比重;第ε次证据收集的准确性计算公式如下:
(2)完整性为完整数据个数占总数据个数的比重;第ε次证据收集的完整性计算公式如下:
(3)及时性为边缘节点Ai与边缘代理的计算效率之差;第ε次证据收集的及时性计算公式如下:
边缘代理评估初始信任值时,边缘代理根据其发送第ε次待算集合的时间
计算完待算集合的时间
接收边缘节点Ai计算结果的时间
计算CN
0次边缘节点的计算效率
和边缘代理的计算效率
代入(3)式,计算得到CN
0个边缘节点Ai的及时性。
边缘代理评估初始信任值时,利用(1)式、(2)式和(3)式处理3次收集的证据,得到待加入的边缘节点Ai准确性、完整性和及时性的值各3个,如表1所示。
表1边缘节点Ai的直接信任因素
3初始信任评估
1)计算初始信任值
直接信任值是边缘节点完成请求任务能力的量化值,它基于边缘代理与边缘节点之间的交互记录历史。边缘代理计算边缘节点初始信任值时,边缘节点处于待运行状态。边缘代理分别对待运行的边缘节点的直接信任因素进行模糊评价,计算直接信任值步骤如下:
(a)确定因素集
评价集V={V
1,V
2,V
3},V
1为不可信、V
2为不确定、V
3为可信;规定V
1、V
2、V
3对应的隶属度的大小分别为:当0≤μ
un<β
u时,为不可信;当β
u≤μ
in<β
c时,为不确定;当β
c≤μ
cr≤1时,为可信;β
u,β
c为不可信和可信的阈值;边缘代理计算准确性、完整性和及时性的隶属度,计算公式如下:
①第ε次证据收集的准确性的隶属度计算公式为:
②第ε次证据收集的完整性的隶属度计算公式为:
(b)计算第τ轮信任计算时准确性、完整性和及时性对应的隶属度属于V
1,V
2,V
3的比重,分别为{r
11-τ,r
12-τ,r
13-τ},{r
21-τ,r
22-τ,r
23-τ},{r
31-τ,r
32-τ,r
33-τ},例如
为CN
τ个准确性隶属度中在不可信隶属度范围内的个数;边缘代理得到评判矩阵
(c)利用熵权法计算准确性、完整性和及时性对应的权重,计算步骤如下:
③计算准确性、完整性和及时性对应的权重:
为避免某因素离散程度过小可能出现权重为零的情况,准确性、完整性和及时性对应的权重范围分别为α
1∈[0.5,0.8]、α
2∈[0.01,0.2]、α
3∈[0.2,0.4],满足α
1>α
3>α
2;当熵权法得到的权重不在规定范围内时,取其对应范围的最大值或最小值,实际权重为
A
τ={α′
1-τ,α′
2-τ,α′
3-τ};
(d)计算评判结果Z
Ai-τ=A
τ*Rτ={z
1-τ,z
2-τ,z
3-τ},存在以下三种情况;
①当z
1-τ最大时,边缘节点Ai不可信,边缘代理不计算准确性、完整性和及时性的平均隶属度;
②当z
2-τ最大时,边缘节点Ai信任不确定,边缘代理计算准确性、完整性和及时性对应的在区间[β
u,β
c)内的隶属度的均值为
其中分母为各因素隶属度在区间[β
u,β
c)内的个数,分子为各因素隶属度在区间[β
u,β
c)内的隶属度之和;
③当z
3-τ最大时,边缘节点Ai可信,边缘代理计算准确性、完整性和及时性对应的在区间[β
c,1]内的隶属度的均值为
其中分母为各因素隶属度在区间[β
c,1]内的个数,分子为各因素隶属度在区间[β
c,1]内的隶属度之和;
2)计算信任标识
表2为边缘节点信任等级表,信任分为三级,分别为不可信、不确定、可信。
表2信任等级表
信任等级 | 信任描述 | 信任值范围 |
1 | 不可信 | [0,β u) |
2 | 不确定 | [β u,β c) |
3 | 可信 | [β c,1] |
不可信的阈值为β
u,可信的阈值为β
c,满足0<β
u<β
c≤1,且β
c=[1+10(ER
Ai)
2]
-1,β
u=β
c-0.2,其中ER
Ai为工业生产环境允许边缘节点Ai偶尔因失误造成计算出错的错误率,0≤ER
Ai<30%;β
u、β
c越大,表示系统对错误计算结果越敏感。安全管理者设定工业生产环境允许边缘节点的错误率,边缘代理根据错误率计算对应的β
u、β
c,例如表3所示。
表3 β
u、β
c取值表(举例)
错误率ER Ai | β u | β c |
0 | 0.80 | 1.00 |
10% | 0.70 | 0.90 |
20% | 0.51 | 0.71 |
边缘代理根据评判结果计算待运行的边缘节点Ai的信任标识,规则如下:
式中,i为在线边缘节点个数,CN
0为初始信任评估时证据收集次数,
为边缘节点Ai的平均计算效率
l为每次证据收集的数据量,TT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单;
表4边缘节点Ai初始信任相关数据
(c)对于信任等级为不可信,即z
1-τ最大的边缘节点,为了避免评估错误,边缘代理重复上述证据收集、证据处理和信任评估步骤评估其初始信任值2次,若2次仍为不可信,则报告安全管理员将其更换,并计算更换后的待加入的边缘节点的初始信任值。
边缘代理将信任标识发送给现场设备,现场设备检查待运行的边缘节点的信任标识后,给信任标识大于0的边缘节点发送数据,之后边缘节点处于运行状态。
1.1.2网络运行后
1证据收集
网络运行ΔT时间后,边缘代理向现场设备发起更新信任请求,边缘代理开始收集现场设备的采集数据、边缘节点的计算结果及其哈希值和现场设备的反馈评分,记录边缘节点响应时间和历史直接信任值。边缘代理发起信任更新请求后,边缘代理每次证据收集有以下两种情况:
情况一:边缘节点直接返回计算结果给现场设备,现场设备将边缘节点的计算结果及其哈希值发送给边缘代理,如图6所示;
情况二:边缘节点初步计算后,将计算结果及其哈希值发送给边缘代理,边缘代理收集证据并将边缘节点计算结果、信任标识及其签名后上传工业云,工业云检查边缘节点信任标 识和验证签名后进一步处理边缘节点的初步计算结果,然后工业云将计算结果及签名发送给边缘代理,边缘代理验证签名后将计算结果发送给现场设备,如图7所示。
边缘代理收集以上这两种情况下的证据数据,收集l个证据数据为一次证据收集;每轮信任更新需要证据收集CN
τ次,此时边缘节点处于运行状态;边缘代理用ε记录证据收集次数(ε=1,2,...,CN
τ);第τ轮信任更新时,边缘代理需要收集完CN
τ次证据后,进行证据处理和信任更新操作;每轮信任更新间隔时间为ΔT;规定第τ轮信任更新所需证据的收集次数CN
τ的计算公式如下:
边缘代理根据第τ-1次的信任标识计算第τ轮信任更新所需证据的收集次数CN
τ;当信任标识较小时,证据收集次数较少,边缘代理可快速更新边缘节点的信任值;网络运行初期,证据收集次数随可信次数的增加而增多,为能及时更新信任值和减少信任计算量,证据收集次数不能无限增大,证据收集次数CN
τ的最大值为
1)直接信任因素收集
现场设备将采集的数据
同时发送给边缘代理和边缘节点Ai,现场设备每隔Δt发送一个数据,边缘代理和边缘节点Ai接收到第2个采集数据后开始处理;边缘代理处理相邻两次采集数据的计算结果为
边缘节点Ai处理相邻两次采集数据的计算结果为
为每次证据收集的第几个证据
每次证据收集,现场设备需要发送(l+1)个数据,现场设备发送的数据组成集合
t
τ时,边缘代理开始第τ轮信任更新,边缘代理累计收集CN
τ次证据,第ε次收集l个数据的证据包括边缘代理的计算结果
边缘节点Ai的计算结果
及其哈希值
边缘代理根据边缘节点Ai计算结果集合
计算其对应的哈希值
边缘代理记录第ε次收集证据时现场设备发送第一个数据的时间
边缘代理计算完成第l个结果的时间
边缘节点Ai计算完成第l个结果的时间
第τ轮信任更新时证据收集过程如图8所示。
2)历史直接信任值收集
由于信任随时间动态变化,为了避免出现恶意行为,边缘代理需要用历史直接信任值对直接信任值进行修正,可使得直接信任值更加精确。因此边缘代理使用滑动窗口来存储历史直接信任值,以减少老旧直接信任值对新的直接信任值的影响。每个边缘节点分别有一个滑 动存储窗口。窗口越大,则存储和计算开销就越多,因此短小的滑动存储窗口可以有效地限制信任计算量,提高信任评估效率。
如图9所示,滑动存储窗口有u个窗格,每个窗格保留一个历史直接信任值,即将第τ轮信任更新之前的直接信任值存储在滑动存储窗口中;第k个窗格存储的直接信任值为
当每个窗格都有一个直接信任值时,窗口才开始移动,每次移动一个窗格;新的直接信任值在信任更新后加入到窗口中,而过期的直接信任值被挤出窗口;第τ轮信任更新时,窗口内存储着第τ-u轮到第τ-1轮信任更新时的直接信任值,第τ轮信任更新完之后再把第τ轮直接信任值存入滑动存储窗口中;当边缘节点Ai的信任标识为0时,边缘节点被视为恶意节点,边缘代理将其滑动存储窗口删除。
3)反馈评分收集
边缘代理更新运行状态的边缘节点的最终信任值还需要考虑现场设备对边缘节点计算结果的反馈评分;现场设备对边缘节点的评分规则:若发生安全事故则不管是否在信任更新,现场设备都反馈
并且边缘代理会将反馈评分对应的边缘节点列入黑名单;否则,现场设备反馈对计算结果的评分,差评
好评
现场设备向边缘代理反馈对计算结果的评分,第τ轮信任更新时边缘代理收集CN
τ次,每次收集l个反馈评分,边缘代理第ε次收集的反馈评分为
其中包括现场设备对v个边缘节点直接向现场设备返回的计算结果的评分和现场设备对(l-v)个由边缘节点发给工业云处理后再返回给现场设备的计算结果的评分;采用椭圆曲线代理签名,使得边缘节点与工业云的通信可信,无论现场设备收到的计算结果来自边缘节点还是工业云,现场设备反馈评分的对象都是边缘节点。
2证据处理
1)直接信任因素处理
边缘代理收集CN
τ次证据后,分别计算第τ轮信任更新时每次证据收集的边缘节点Ai的准确性、完整性、及时性;
(a)边缘代理根据(1)式计算边缘节点Ai的准确性;
(b)边缘代理根据(2)式计算边缘节点Ai的完整性;
(c)边缘代理根据第ε次证据收集时现场设备发送第一个数据的时间
边缘代理计算完成第l个结果的时间
边缘节点Ai计算完成第l个结果的时间
计算边缘节点 的计算效率
和边缘代理的计算效率
将
代入(3)式计算边缘节点Ai的及时性;
边缘代理进行第τ轮信任更新时,利用(1)式、(2)式和(3)式处理收集的直接信任因素,得到待审核的边缘节点Ai准确性、完整性和及时性的值各CN
τ个,如表5所示。
表5边缘节点Ai的CN
τ次直接信任因素
2)历史信任值处理
因为最新的信任值的影响比之前的信任值大,所以,不同时间的历史直接信任值的权重因子需要考虑到时间的因素,即时间越久的信任值,所占的比重越低。在滑动存储窗口中的第k个窗格的权重:
式中ρ为衰减系数,衰减系数为0.3;当滑动存储窗口未存满时,u取实际历史直接信任值的个数;
3)反馈评分处理
对于反馈评分为-1的边缘节点,安全管理员将其更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤,评估待加入边缘节点的初始信任值;
现场设备好的反馈会增加边缘节点Ai的信任值,而不好的反馈会快速降低边缘节点Ai的信任值;当存在来自现场设备的安全事故反馈时,
表现为惩罚因子,
没有安全事故反馈时,
表示奖励,
表示惩罚,
表示既不奖励也不惩罚。
3信任更新
边缘代理根据直接信任值、历史信任值和反馈评分对边缘节点的信任值进行更新,此时边缘节点处于待审核状态。因为内部攻击发生在特定时间,所以信任评价机制并不需要太频繁的信任更新,而且频繁的信任更新会占用更多的传输和计算资源。每轮信任更新间隔时间为ΔT。
1)计算直接信任值
边缘代理重复评估初始信任时计算直接信任值的步骤,利用(4)式计算第τ轮信任更新时评判结果为可信和不确定的待审核边缘节点Ai的直接信任值
对于评判结果为不可信的待审核边缘节点,则边缘代理直接将其列入黑名单。
2)修正直接信任值
式中,δ用来权衡当前信任和历史信任所占比重,δ定义如下:
式中:0<δ
1<δ
2<1,规定δ
1=0.3,δ
2=0.7,δ
1取值较小,防止边缘节点较快积累自身信 任,δ
2取值较大,体现对边缘节点恶意行为的惩罚。
3)更新最终信任值
边缘代理依据(9)式计算得到的奖励或惩罚因子,计算待审核边缘节点的最终信任值;
当存在某反馈评分为-1时,第τ轮信任更新时边缘节点Ai的最终信任值为0;否则第τ轮信任更新时边缘节点Ai的最终信任值为边缘节点Ai修正后的直接信任值加上奖励或惩罚因子。
4)计算信任标识
信任更新后边缘代理将待审核边缘节点的最终信任值与表2信任等级表中的信任阈值(信任临界值)比较,然后根据评判结果和最终信任值计算边缘节点Ai的信任标识,规则如下:
第τ轮信任更新时边缘节点Ai的信任标识的具体计算公式如下:
式中CN
τ为第τ轮信任更新所需证据的收集次数,l为每次证据收集的数据量,
为边缘节点Ai的平均计算效率
Δt为现场设备发送数据的时间间隔,ΔT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单。
表6边缘节点Ai的信任相关数据
(b)对于信任等级为不确定的边缘节点,其信任标识不变;边缘代理检查其信任标识,若信任标识连续相等次数少于三次,边缘代理允许该边缘节点运行;否则,边缘代理将其列入黑名单,之后边缘节点处于隔离状态;
(c)对于信任等级为不可信的边缘节点,则边缘代理直接将其列入黑名单,之后边缘节点处于隔离状态;边缘代理广播黑名单中边缘节点的身份信息及其信任标识0,并报告安全管理员将其更换;安全管理员将隔离边缘节点更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤评估待加入边缘节点的初始信任值。
边缘代理将信任标识发送给现场设备,现场设备根据边缘节点的信任标识决定是否发送数据,给信任标识大于的边缘节点发送数据,而不给信任标识为0的边缘节点发送数据;
经过ΔT时间后,边缘代理重复执行证据收集、证据处理和信任更新步骤,如此循环,如图3所示。
1.2实例
网络运行前,本方案设定参数如表7所示。
表7参数取值表
如图1中,工业网络中3个待加入的边缘节点A1、A2、A3,3个边缘节点分别向边缘代理发送自己的身份信息进行注册。安全管理员设定3个边缘节点允许的错误率分别为10%、15%、20%,边缘节点A1、A2、A3的信任阈值如表8所示。
表8边缘节点A1、A2、A3的信任阈值表
网络运行前,t
0时边缘代理分别向边缘节点A1、A2、A3发送3次数据量为10的待算数据集合。边缘代理证据处理后,对边缘节点A1、A2、A3的评判结果如表9所示。边缘节点A1、A2、A3的初始信任值、信任标识及其有效时间,如表10所示。
表9边缘节点A1、A2、A3的3次证据处理及评判结果
表10边缘节点A1、A2、A3的初始信任相关信息
注:边缘代理将A1信任降为不确定。
A1的初始信任值大于0.9,为避免恶意节点骗取信任,边缘代理将A1的信任值替换为0.8,并将信任标识TI
A1-0=1发送给现场设备;A2的信任等级为不确定,边缘代理给其分配信任标识TI
A2-0=1,并将信任标识发送给现场设备;A3的评判结果为不可信,随后,边缘代理重复证据收集、证据处理和初始信任评估步骤2次,评判结果均为不可信,因此A3为恶意或故障边缘节点,广播A3的身份信息及其信任标识TI
A3-0=0,并报告安全管理员更换。
边缘代理评估更换后的待加入边缘节点A3′的初始信任值,边缘节点A3′的初始信任值为0.65,大于0.51,信任等级为不确定,边缘代理给其分配信任标识TI
A3′-0=1,并将信任标 识发送给现场设备,现场设备收到信任标识后,向边缘节点发送数据。
网络运行10s后,边缘代理向现场设备发起信任更新请求,现场设备将采集到的数据同时发送给边缘节点和边缘代理。边缘代理开始第一轮信任更新,边缘节点A1、A2、A3′的证据需要收集的次数都为3次,每次收集的数据量为10。第一轮信任更新10s后,进行第二轮信任更新。信任更新2轮后,边缘节点A1、A2、A3′每轮信任更新的最终信任值如表11所示。
表11 A1、A2、A3′更新后的最终信任相关信息
由于A1的连续三次信任标识相等,因此边缘代理将A1视为恶意节点;边缘代理广播A1身份信息及其信任标识0,并报告安全管理员更换。安全管理员将A1更换为A1′后,边缘代理评估其初始信任值,边缘代理评估A1′的初始信任值后,更新A2、A3′的最终信任值,更新到第4轮时评估结果如表12所示。
表12 A1、A2、A3′更新后的最终信任相关信息
注:A2的计算结果使工业生产出现安全事故。
第四轮信任更新期间,现场设备对A2的评分为-1,因此边缘代理将A2视为恶意节点;边缘代理广播A2身份信息及其信任标识0,并报告安全管理员更换。安全管理员将A2更换为A2′后,边缘代理先评估其初始信任值。边缘代理评估A2′的初始信任值后,更新A1′、A3′的最终信任值,第五轮信任更新结果如表13所示。
表13第五轮信任更新后边缘节点A1′、A2′、A3′的最终信任相关信息
当信任更新进行到第10轮时,边缘代理中存储在滑动窗口的A1′的历史直接信任值如表14所示。第五轮信任更新后,A1′的直接信任值未更新。
表14边缘节点A1′的滑动存储窗口
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
0.96 | 0.99 | 0.96 |
此时,边缘代理中存储在滑动窗口的A2′的历史直接信任值如表15所示。第1个到第5个窗格对应的权重分别为0.30、0.40、0.54、0.74、1.00,权重之和为2.98。边缘代理加权平均历史直接信任值得到
表15边缘节点A2′的滑动存储窗口
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
0.91 | 0.87 | 0.83 | 0.89 | 0.93 |
此时,边缘代理中存储在滑动窗口的A3′的历史直接信任值如表16所示。每个窗格对应的权重分别为0.06、0.09、0.12、0.16、0.22、0.30、0.40、0.54、0.74、1.00,权重之和为3.63。边缘代理加权平均历史直接信任值得到
表16边缘节点A3′的滑动存储窗口
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
0.65 | 0.85 | 0.88 | 0.81 | 0.91 | 0.87 | 0.83 | 0.89 | 0.93 | 0.85 |
第10轮信任更新的结果如表17所示。
表17边缘节点A1′、A2′、A3′的最终信任相关信息
第5轮信任更新后,边缘节点A1′的信任标识的有效期已过,但其信任值仍未更新,边缘代理视A1′为恶意节点或故障节点,将其列入黑名单,广播其身份和信任标识0,报告安全 管理员更换。
综上所述,边缘节点为恶意或故障节点,有以下四种情况:
(1)边缘节点的评判结果为不信任;
(2)边缘节点的连续三次信任标识相等;
(3)现场设备反馈安全事故;
(4)边缘节点的信任标识过期。
最后说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本技术方案的宗旨和范围,其均应涵盖在本发明的权利要求范围当中。
Claims (1)
- 一种基于信任评估的边缘节点计算结果可信判别方法,其特征在于:该方法包括以下步骤:S1网络运行前待加入的边缘节点将身份信息ID Ai发送至边缘代理进行注册,安全管理员设定各边缘节点在工业生产环境中允许计算出错的错误率ER Ai;边缘代理用ε标记证据是第几次收集的证据(ε=1,2,...,CN τ),用τ标记信任相关信息是第几轮计算的信任值(τ∈N),评估初始信任值时τ=0,更新信任值时τ≥1;CN τ表示边缘代理第τ轮计算信任值时需要证据收集的总次数,t τ表示边缘代理开始第τ轮计算信任值的时间;边缘代理验证边缘节点的身份后,开始评估边缘节点的初始信任值;S11证据收集S12证据处理边缘代理对收集到的数据处理如下:(1)准确性为正确计算结果个数占总数据个数的比重;第ε次证据收集的准确性计算公式如下:(2)完整性为完整数据个数占总数据个数的比重;第ε次证据收集的完整性计算公式如下:(3)及时性为边缘节点Ai与边缘代理的计算效率之差;第ε次证据收集的及时性计算公式如下:边缘代理评估初始信任值时,边缘代理根据其发送第ε次待算集合的时间 计算完待算集合的时间 接收边缘节点Ai计算结果的时间 计算CN 0次边缘节点的计算效率 和边缘代理的计算效率 代入(3)式,计算得到CN 0个边缘节点Ai的及时性;边缘代理评估初始信任值时,利用(1)式、(2)式和(3)式处理3次收集的证据,得到待加入的边缘节点Ai准确性、完整性和及时性的值各3个;S13初始信任评估1)计算初始信任值直接信任值是边缘节点完成请求任务能力的量化值,它基于边缘代理与边缘节点之间的交互记录历史;边缘代理计算边缘节点初始信任值时,边缘节点处于待运行状态;边缘代理分别对待运行的边缘节点的直接信任因素进行模糊评价,计算直接信任值步骤如下:(a)确定因素集 评价集V={V 1,V 2,V 3},V 1为不可信、V 2为不确定、V 3为可信;规定V 1、V 2、V 3对应的隶属度的大小分别为:当0≤μ un<β u时,为不可信;当β u≤μ in<β c时,为不确定;当β c≤μ cr≤1时,为可信;β u,β c为不可信和可信的阈值;边缘代理计算准确性、完整性和及时性的隶属度,计算公式如下:①第ε次证据收集的准确性的隶属度计算公式为:②第ε次证据收集的完整性的隶属度计算公式为:(b)计算第τ轮信任计算时准确性、完整性和及时性对应的隶属度属于V 1,V 2,V 3的比重,分别为{r 11-τ,r 12-τ,r 13-τ},{r 21-τ,r 22-τ,r 23-τ},{r 31-τ,r 32-τ,r 33-τ},例如 为CN τ个准确性隶属度中在不可信隶属度范围内的个数;边缘代理得到评判矩阵(c)利用熵权法计算准确性、完整性和及时性对应的权重,计算步骤如下:③计算准确性、完整性和及时性对应的权重: 为避免某因素离散程度过小可能出现权重为零的情况,准确性、完整性和及时性对应的权重范围分别为α 1∈[0.5,0.8]、α 2∈[0.01,0.2]、α 3∈[0.2,0.4],满足α 1>α 3>α 2;当熵权法得到的权重不在规定范围内时,取其对应范围的最大值或最小值,实际权重为 A τ={α′ 1-τ,α′ 2-τ,α′ 3-τ};(d)计算评判结果Z Ai-τ=A τ*R τ={z 1-τ,z 2-τ,z 3-τ},存在以下三种情况;①当z 1-τ最大时,边缘节点Ai不可信,边缘代理不计算准确性、完整性和及时性的平均隶属度;②当z 2-τ最大时,边缘节点Ai信任不确定,边缘代理计算准确性、完整性和及时性对应的在区间[β u,β c)内的隶属度的均值为 其中分母为各因素隶属度在区间[β u,β c)内的个数,分子为各因素隶属度在区间[β u,β c)内的隶属度之和;③当z 3-τ最大时,边缘节点Ai可信,边缘代理计算准确性、完整性和及时性对应的在区间[β c,1]内的隶属度的均值为 其中分母为各因素隶属度在区间[β c,1]内的个数,分子为各因素隶属度在区间[β c,1]内的隶属度之和;2)计算信任标识边缘节点信任分为三级,分别为不可信、不确定、可信;不可信的阈值为β u,可信的阈值为β c,满足0<β u<β c≤1,且β c=[1+10(ER Ai) 2] -1,β u=β c-0.2,其中ER Ai为工业生产环境允许边缘节点Ai偶尔因失误造成计算出错的错误率,0≤ER Ai<30%;β u、β c越大,表示系统对错误计算结果越敏感;安全管理者设定工业生产环境允许边缘节点的错误率,边缘代理根据错误率计算对应的β u、β c;边缘代理根据评判结果计算待运行的边缘节点Ai的信任标识,规则如下:式中,i为在线边缘节点个数,CN 0为初始信任评估时证据收集次数, 为边缘节点Ai的平均计算效率 l为每次证据收集的数据量,ΔT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单;(c)对于信任等级为不可信,即z 1-τ最大的边缘节点,为避免评估错误,边缘代理重复上述证据收集、证据处理和信任评估步骤评估其初始信任值2次,若2次仍为不可信,则报告安全管理员将其更换,并计算更换后的待加入的边缘节点的初始信任值;边缘代理将信任标识发送给现场设备,现场设备检查待运行的边缘节点的信任标识后,给信任标识大于0的边缘节点发送数据,之后边缘节点处于运行状态;S2网络运行后S21证据收集网络运行ΔT时间后,边缘代理向现场设备发起更新信任请求,边缘代理开始收集现场设备的采集数据、边缘节点的计算结果及其哈希值和现场设备的反馈评分,记录边缘节点响应时间和历史直接信任值;边缘代理发起信任更新请求后,边缘代理每次证据收集有以下两种情况:情况一:边缘节点直接返回计算结果给现场设备,现场设备将边缘节点的计算结果及其哈希值发送给边缘代理;情况二:边缘节点初步计算后,将计算结果及其哈希值发送给边缘代理,边缘代理收集证据并将边缘节点计算结果、信任标识及其签名后上传工业云,工业云检查边缘节点信任标识和验证签名后进一步处理边缘节点的初步计算结果,然后工业云将计算结果及签名发送给边缘代理,边缘代理验证签名后将计算结果发送给现场设备;边缘代理收集以上这两种情况下的证据数据,收集l个证据数据为一次证据收集;每轮信任更新需要证据收集CN τ次,此时边缘节点处于运行状态;边缘代理用ε记录证据收集次数(ε=1,2,...,CN τ);第τ轮信任更新时,边缘代理需要收集完CN τ次证据后,进行证据处理和信任更新操作;每轮信任更新间隔时间为ΔT;规定第τ轮信任更新所需证据的收集次数CN τ的计算公式如下:边缘代理根据第τ-1次的信任标识计算第τ轮信任更新所需证据的收集次数CN τ;当信任标识较小时,证据收集次数较少,边缘代理可快速更新边缘节点的信任值;网络运行初期,证据收集次数随可信次数的增加而增多,为能及时更新信任值和减少信任计算量,证据收集次数不能无限增大,证据收集次数CN τ的最大值为1)直接信任因素收集现场设备将采集的数据 同时发送给边缘代理和边缘节点Ai,现场设备每隔Δt发送一个数据,边缘代理和边缘节点Ai接收到第2个采集数据后开始处理;边缘代理处理相邻两次采集数据的计算结果为 边缘节点Ai处理相邻两次采集数据的计算结果为 θ为每次证据收集的第几个证据(θ=1,2,...,l);每次证据收集,现场设备需要发送(l+1)个数据,现场设备发送的数据组成集合t τ时,边缘代理开始第τ轮信任更新,边缘代理累计收集CN τ次证据,第ε次收集l个数据的证据包括边缘代理的计算结果 边缘节点Ai的计算结果 及其哈希值 边缘代理根据边缘节点Ai计算结果集合 计算其对应的哈希值 边缘代理记录第ε次收集证据时现场设备发送第一个数据的时间 边缘代理计算完成第l个结果的时间 边缘节点Ai计算完成第l个结果的时间2)历史直接信任值收集由于信任随时间动态变化,为避免出现恶意行为,边缘代理需要用历史直接信任值对直接信任值进行修正,边缘代理使用滑动窗口来存储历史直接信任值,以减少老旧直接信任值对新的直接信任值的影响;每个边缘节点分别有一个滑动存储窗口;窗口越大,则存储和计算开销就越多,短小的滑动存储窗口能够限制信任计算量,提高信任评估效率;滑动存储窗口有u个窗格,每个窗格保留一个历史直接信任值,即将第τ轮信任更新之前的直接信任值存储在滑动存储窗口中;第k个窗格存储的直接信任值为 当每个窗格都有一个直接信任值时,窗口才开始移动,每次移动一个窗格;新的直接信任值在信任更新后加入到窗口中,而过期的直接信任值被挤出窗口;第τ轮信任更新时,窗口内存储着第τ-u轮到第τ-1轮信任更新时的直接信任值,第τ轮信任更新完之后再把第τ轮直接信任值存入滑动存储窗口中;当边缘节点Ai的信任标识为0时,边缘节点被视为恶意节点,边 缘代理将其滑动存储窗口删除;3)反馈评分收集边缘代理更新运行状态的边缘节点的最终信任值还需要考虑现场设备对边缘节点计算结果的反馈评分;现场设备对边缘节点的评分规则:若发生安全事故则不管是否在信任更新,现场设备都反馈 并且边缘代理会将反馈评分对应的边缘节点列入黑名单;否则,现场设备反馈对计算结果的评分,差评 好评现场设备向边缘代理反馈对计算结果的评分,第τ轮信任更新时边缘代理收集CN τ次,每次收集l个反馈评分,边缘代理第ε次收集的反馈评分为 其中包括现场设备对v个边缘节点直接向现场设备返回的计算结果的评分和现场设备对(l-v)个由边缘节点发给工业云处理后再返回给现场设备的计算结果的评分;采用椭圆曲线代理签名,使得边缘节点与工业云的通信可信,无论现场设备收到的计算结果来自边缘节点还是工业云,现场设备反馈评分的对象都是边缘节点;S22证据处理1)直接信任因素处理边缘代理收集CN τ次证据后,分别计算第τ轮信任更新时每次证据收集的边缘节点Ai的准确性、完整性、及时性;(a)边缘代理根据(1)式计算边缘节点Ai的准确性;(b)边缘代理根据(2)式计算边缘节点Ai的完整性;(c)边缘代理根据第ε次证据收集时现场设备发送第一个数据的时间 边缘代理计算完成第l个结果的时间 边缘节点Ai计算完成第l个结果的时间 计算边缘节点的计算效率 和边缘代理的计算效率 将 代入(3)式计算边缘节点Ai的及时性;边缘代理进行第τ轮信任更新时,利用(1)式、(2)式和(3)式处理收集的直接信任因素,得到待审核的边缘节点Ai准确性、完整性和及时性的值各CN τ个;2)历史信任值处理不同时间的历史直接信任值的权重因子需要考虑到时间的因素,即时间越久的信任值,所占的比重越低;在滑动存储窗口中的第k个窗格的权重:式中ρ为衰减系数,衰减系数为0.3;当滑动存储窗口未存满时,u取实际历史直接信任值的个数;3)反馈评分处理对于反馈评分为-1的边缘节点,安全管理员将其更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤,评估待加入边缘节点的初始信任值;现场设备好的反馈会增加边缘节点Ai的信任值,而不好的反馈会快速降低边缘节点Ai的信任值;当存在来自现场设备的安全事故反馈时, 表现为惩罚因子, 没有安全事故反馈时, 表示奖励, 表示惩罚, 表示既不奖励也不惩罚;S23信任更新边缘代理根据直接信任值、历史信任值和反馈评分对边缘节点的信任值进行更新,此时边缘节点处于待审核状态;每轮信任更新间隔时间为ΔT;1)计算直接信任值边缘代理重复评估初始信任时计算直接信任值的步骤,利用(4)式计算第τ轮信任更新时评判结果为可信和不确定的待审核边缘节点Ai的直接信任值 对于评判结果为不可信的待审核边缘节点,则边缘代理直接将其列入黑名单;2)修正直接信任值式中,δ用来权衡当前信任和历史信任所占比重,δ定义如下:式中:0<δ 1<δ 2<1,规定δ 1=0.3,δ 2=0.7,δ 1取值较小,防止边缘节点较快积累自身信任,δ 2取值较大,体现对边缘节点恶意行为的惩罚;3)更新最终信任值边缘代理依据(9)式计算得到的奖励或惩罚因子,计算待审核边缘节点的最终信任值;当存在某反馈评分为-1时,第τ轮信任更新时边缘节点Ai的最终信任值为0;否则第τ轮信任更新时边缘节点Ai的最终信任值为边缘节点Ai修正后的直接信任值加上奖励或惩罚因子;4)计算信任标识信任更新后边缘代理将待审核边缘节点的最终信任值与表2信任等级表中的信任阈值(信任临界值)比较,然后根据评判结果和最终信任值计算边缘节点Ai的信任标识,规则如下:第τ轮信任更新时边缘节点Ai的信任标识的具体计算公式如下:式中CN τ为第τ轮信任更新所需证据的收集次数,l为每次证据收集的数据量, 为边缘节点Ai的平均计算效率 Δt为现场设备发送数据的时间间隔,ΔT为信任更新的时间间隔,有效时间的单位为秒;若边缘节点的信任标识过期,边缘代理将该边缘节点列入黑名单;(b)对于信任等级为不确定的边缘节点,其信任标识不变;边缘代理检查其信任标识,若信任标识连续相等次数少于三次,边缘代理允许该边缘节点运行;否则,边缘代理将其列入黑名单,之后边缘节点处于隔离状态;(c)对于信任等级为不可信的边缘节点,则边缘代理直接将其列入黑名单,之后边缘节点处于隔离状态;边缘代理广播黑名单中边缘节点的身份信息及其信任标识0,并报告安全管理员将其更换;安全管理员将隔离边缘节点更换为待加入边缘节点后,边缘代理重复初始信任值计算步骤单独评估待加入边缘节点的初始信任值;边缘节点Ai的信任相关数据包括第τ轮信任更新开始时间t τ、节点身份标识ID Ai、准确性隶属度均值 完整性隶属度均值 及时性隶属度均值 修正后的直接信任值 奖励或惩罚因子 最终信任值 信任标识TI Ai-τ和有效时间边缘代理将信任标识发送给现场设备,现场设备根据边缘节点的信任标识决定是否发送数据,给信任标识大于的边缘节点发送数据,而不给信任标识为0的边缘节点发送数据;经过ΔT时间后,边缘代理重复执行证据收集、证据处理和信任更新步骤,如此循环。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/418,250 US11956372B2 (en) | 2020-05-28 | 2020-07-15 | Judgment method for edge node computing result trustworthiness based on trust evaluation |
KR1020217040188A KR102593836B1 (ko) | 2020-05-28 | 2020-07-15 | 신임평가에 기반하는 에지노드 계산결과의 신뢰성 판별방법 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010469593.1 | 2020-05-28 | ||
CN202010469593.1A CN111641637B (zh) | 2020-05-28 | 2020-05-28 | 一种基于信任评估的边缘节点计算结果可信判别方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021237898A1 true WO2021237898A1 (zh) | 2021-12-02 |
Family
ID=72332205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/102198 WO2021237898A1 (zh) | 2020-05-28 | 2020-07-15 | 一种基于信任评估的边缘节点计算结果可信判别方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11956372B2 (zh) |
KR (1) | KR102593836B1 (zh) |
CN (1) | CN111641637B (zh) |
WO (1) | WO2021237898A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114553458A (zh) * | 2021-12-16 | 2022-05-27 | 国网河北省电力有限公司信息通信分公司 | 一种电力物联网环境下的可信群体的构建与动态维护方法 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112631777B (zh) * | 2020-12-26 | 2023-12-15 | 扬州大学 | 基于区块链和边缘计算的搜索和资源分配方法 |
CN114691021A (zh) * | 2020-12-31 | 2022-07-01 | 伊姆西Ip控股有限责任公司 | 用于存储监测对象的指标值的方法、设备和计算机程序 |
CN116781518B (zh) * | 2023-08-23 | 2023-10-24 | 北京光函数科技有限公司 | 一种联邦多臂老虎机学习方法及系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048308A1 (en) * | 2015-08-13 | 2017-02-16 | Saad Bin Qaisar | System and Apparatus for Network Conscious Edge to Cloud Sensing, Analytics, Actuation and Virtualization |
US20190141536A1 (en) * | 2018-12-28 | 2019-05-09 | Alexander Bachmutsky | Multi-domain trust establishment in edge cloud architectures |
CN109918894A (zh) * | 2019-03-01 | 2019-06-21 | 中南大学 | 边缘计算网络视频处理中基于声誉的信任评估方法 |
EP3522056A1 (en) * | 2018-02-06 | 2019-08-07 | Nokia Technologies Oy | Distributed computing system for anonymized computation |
CN110399728A (zh) * | 2019-07-09 | 2019-11-01 | 北京邮电大学 | 一种边缘计算节点信任评估方法、装置、设备及存储介质 |
CN110536303A (zh) * | 2019-08-01 | 2019-12-03 | 华侨大学 | 一种基于边缘移动节点的传感云信任评估方法和系统 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7284042B2 (en) * | 2001-08-14 | 2007-10-16 | Endforce, Inc. | Device plug-in system for configuring network device over a public network |
CN101835158B (zh) * | 2010-04-12 | 2013-10-23 | 北京航空航天大学 | 基于节点行为与d-s证据理论的传感器网络信任评估方法 |
CN102333307B (zh) * | 2011-09-28 | 2013-01-09 | 北京航空航天大学 | 一种基于主观信念的无线传感器网络信任评估方法 |
US20130097056A1 (en) * | 2011-10-13 | 2013-04-18 | Xerox Corporation | Methods and systems for recommending services based on an electronic social media trust model |
WO2015022336A1 (en) * | 2013-08-12 | 2015-02-19 | Philip Morris Products S.A. | Systems and methods for crowd-verification of biological networks |
US10904082B1 (en) * | 2015-09-09 | 2021-01-26 | Amazon Technologies, Inc. | Velocity prediction for network devices |
KR101837289B1 (ko) * | 2016-05-10 | 2018-03-12 | 한국과학기술원 | IoT 환경에서의 신뢰도 분석 방법 및 시스템 |
US10326766B2 (en) * | 2017-07-13 | 2019-06-18 | Dell Products, Lp | Method and apparatus for optimizing mobile edge computing for nomadic computing capabilities as a service |
JP6499729B2 (ja) * | 2017-07-19 | 2019-04-10 | ファナック株式会社 | アプリケーション販売管理サーバシステム |
CN109408734B (zh) * | 2018-09-28 | 2021-07-27 | 嘉兴学院 | 一种融合信息熵相似度与动态信任的协同过滤推荐方法 |
CN109474463B (zh) * | 2018-11-05 | 2022-02-15 | 广东工业大学 | IoT边缘设备信任评估方法、装置、系统及代理服务器 |
US10798157B2 (en) * | 2018-12-28 | 2020-10-06 | Intel Corporation | Technologies for transparent function as a service arbitration for edge systems |
CN109951333A (zh) * | 2019-03-19 | 2019-06-28 | 中南大学 | 边缘计算网络视频处理中基于主观逻辑的信任评估装置 |
US11785482B1 (en) * | 2019-11-26 | 2023-10-10 | ZaiNar, Inc. | Method for identifying and diagnosing failures in pairwise time synchronization and frequency calibration in a mesh network |
US11888858B2 (en) * | 2020-04-17 | 2024-01-30 | Intel Corporation | Calculus for trust in edge computing and named function networks |
WO2022108427A1 (ko) * | 2020-11-20 | 2022-05-27 | 한국과학기술원 | 5g 기반 iot 환경을 위한 지능형 트러스트 인에이블러 시스템 |
US11722472B2 (en) * | 2020-12-31 | 2023-08-08 | EMC IP Holding Company LLC | Method for protecting edge device trust score |
US11640329B2 (en) * | 2021-04-01 | 2023-05-02 | Bmc Software, Inc. | Using an event graph schema for root cause identification and event classification in system monitoring |
-
2020
- 2020-05-28 CN CN202010469593.1A patent/CN111641637B/zh active Active
- 2020-07-15 WO PCT/CN2020/102198 patent/WO2021237898A1/zh active Application Filing
- 2020-07-15 US US17/418,250 patent/US11956372B2/en active Active
- 2020-07-15 KR KR1020217040188A patent/KR102593836B1/ko active IP Right Grant
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048308A1 (en) * | 2015-08-13 | 2017-02-16 | Saad Bin Qaisar | System and Apparatus for Network Conscious Edge to Cloud Sensing, Analytics, Actuation and Virtualization |
EP3522056A1 (en) * | 2018-02-06 | 2019-08-07 | Nokia Technologies Oy | Distributed computing system for anonymized computation |
US20190141536A1 (en) * | 2018-12-28 | 2019-05-09 | Alexander Bachmutsky | Multi-domain trust establishment in edge cloud architectures |
CN109918894A (zh) * | 2019-03-01 | 2019-06-21 | 中南大学 | 边缘计算网络视频处理中基于声誉的信任评估方法 |
CN110399728A (zh) * | 2019-07-09 | 2019-11-01 | 北京邮电大学 | 一种边缘计算节点信任评估方法、装置、设备及存储介质 |
CN110536303A (zh) * | 2019-08-01 | 2019-12-03 | 华侨大学 | 一种基于边缘移动节点的传感云信任评估方法和系统 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114553458A (zh) * | 2021-12-16 | 2022-05-27 | 国网河北省电力有限公司信息通信分公司 | 一种电力物联网环境下的可信群体的构建与动态维护方法 |
Also Published As
Publication number | Publication date |
---|---|
CN111641637B (zh) | 2021-05-11 |
US11956372B2 (en) | 2024-04-09 |
KR20220016862A (ko) | 2022-02-10 |
CN111641637A (zh) | 2020-09-08 |
KR102593836B1 (ko) | 2023-10-25 |
US20220321355A1 (en) | 2022-10-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021237898A1 (zh) | 一种基于信任评估的边缘节点计算结果可信判别方法 | |
CN109495502B (zh) | 一种工控网络安全健康指数评估方法和装置 | |
US8874763B2 (en) | Methods, devices and computer program products for actionable alerting of malevolent network addresses based on generalized traffic anomaly analysis of IP address aggregates | |
WO2020000924A1 (zh) | 一种车联网中聚合两种信任评估的消息可靠性评估方法 | |
CN112422556B (zh) | 一种物联网终端信任模型构建方法及系统 | |
CN106657144B (zh) | 一种基于增强学习的动态保护路径规划方法 | |
CN112929845A (zh) | 一种基于区块链的车联网节点信任评估方法及系统 | |
Zhao et al. | TrustBlock: An adaptive trust evaluation of SDN network nodes based on double-layer blockchain | |
Oluoch | A distributed reputation scheme for situation awareness in vehicular ad hoc networks (VANETs) | |
CN105005874A (zh) | 网格员考核方法和系统 | |
Wang et al. | A dynamic trust model in internet of things | |
CN113676498B (zh) | 基于分布式网络技术存取第三方信息的预言机管理系统 | |
Xie et al. | Trust model based on feedback evaluation in cloud manufacturing environment | |
CN117763555A (zh) | 一种基于区块链的配电网数据安全防护和评估方法 | |
CN104392373A (zh) | 云计算环境中基于关键历史行为的交互决策方法 | |
Xie et al. | Blockchain-based trust evaluation mechanism for internet of vehicles nodes | |
Yu et al. | Blockchain-based Crowd-sensing Trust Management Mechanism for Crowd Evacuation | |
Hu et al. | Intrusion detection methods in communication-based train control systems based on relative entropy and trust evaluation | |
Guesmi et al. | FFED: a novel strategy based on fast entropy to detect attacks against trust computing in cloud | |
Li et al. | TD-SAS: A trust-aware and decentralized speed advisory system for energy-efficient autonomous vehicle platoons | |
KR20220169584A (ko) | 사물인터넷 최적화 노드 선별 및 악성 노드 제거 방법 | |
CN111861122A (zh) | 一种基于传播属性相似性的社交网络信息可信度评估方法 | |
Baohua et al. | Identifying local trust value with neural network in p2p environment | |
Ramkissoon et al. | Veracity: a fake news detection architecture for MANET messaging | |
Wang et al. | Risk situation assessment model based on interdomain interaction in cloud computing environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20937386 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20937386 Country of ref document: EP Kind code of ref document: A1 |