WO2022001535A1 - Fog-based multi-dimensional multi-angle electricity consumption data aggregating system - Google Patents
Fog-based multi-dimensional multi-angle electricity consumption data aggregating system Download PDFInfo
- Publication number
- WO2022001535A1 WO2022001535A1 PCT/CN2021/096910 CN2021096910W WO2022001535A1 WO 2022001535 A1 WO2022001535 A1 WO 2022001535A1 CN 2021096910 W CN2021096910 W CN 2021096910W WO 2022001535 A1 WO2022001535 A1 WO 2022001535A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- control center
- data
- fog
- electricity
- identity
- Prior art date
Links
- 230000005611 electricity Effects 0.000 title claims abstract description 120
- 230000004931 aggregating effect Effects 0.000 title abstract description 4
- 230000002776 aggregation Effects 0.000 claims description 35
- 238000004220 aggregation Methods 0.000 claims description 35
- 238000012795 verification Methods 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 10
- 230000000717 retained effect Effects 0.000 claims description 4
- 230000006854 communication Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 9
- 230000008901 benefit Effects 0.000 description 6
- 238000013480 data collection Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000013075 data extraction Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000005265 energy consumption Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000006116 polymerization reaction Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Definitions
- the invention relates to the technical field of power information security, in particular to a fog-based aggregation system for multi-dimensional and multi-angle power consumption data.
- Electricity meters regularly measure and report power consumption in real time, a feature that helps utility providers better monitor, control and predict power consumption.
- Utility providers can analyze electricity consumption data to implement tiered tariffs and dynamically update their prices, while increasing or decreasing production based on demand to implement demand-side management.
- fine-grained electricity usage data can help analyze consumer energy consumption behavior, demand response optimization, and improve energy-saving recommendations.
- electricity meters offer some obvious benefits, accurate and fine-grained measurement of home energy consumption raises serious privacy concerns.
- fine-grained data on user electricity usage can reveal whether users are at home, the appliances they use in real time and their characteristics, and even their daily habits at home. Based on these real-time data reflecting user activities, malicious attackers can use to analyze users' private habits, thieves may break in when the house is empty, which can lead to serious consequences.
- privacy-preserving data aggregation can be a viable solution, where an aggregation unit periodically aggregates the electricity usage of a group of users in a geographic area, and utility providers can obtain an overview of the electricity usage data in the area. The sum, but nothing is known about the individual power usage in the area.
- the technical tools currently used to protect the privacy of fine-grained data aggregation include homomorphic encryption, differential privacy, and adding masks.
- some researchers have proposed multi-dimensional data aggregation schemes. For example, Lu et al.
- EPPA effective, privacy-preserving aggregation scheme
- Multi-subset-based multi-dimensional data aggregation scheme which sets the user's power consumption data as a multi-dimensional data set, divides users into multiple subsets according to power consumption, and adds a blind factor to confuse the real power consumption data. And use homomorphic encryption technology to encrypt the user's power consumption information.
- This scheme can calculate the number of users in each subset and the sum of electricity consumption per dimension of all users, but this scheme does not consider the problem of meter failure.
- the advantage of multi-dimensional aggregation is its classification of aggregated powered devices. Multi-dimensional data aggregation can complete the aggregation of two or more types of data, and classify the electricity consumption of different types of electrical appliances in the user's home and upload it to the control center.
- the control center After the control center obtains the data, it can analyze the data of the user's different electrical appliances to complete the function. Fine-grained analysis. Now with the development of smart grid and the application of new energy technologies, the requirements for finer granularity and security of users' electricity consumption data are getting higher and higher. In the current research, the fine-grained data collected by electricity meters is only accurate to the type of electrical appliance, without taking into account more Microscopic data, for example, air conditioners can be classified into energy efficiency grades 1/2/3 according to the Chinese inverter air conditioner energy efficiency standard GB21455-2013. Analyzing this fine-grained data can help prevent large-scale coordinated attacks by Internet of Things (IoT) botnets composed of high-powered devices.
- IoT Internet of Things
- Fog computing offers many advantages over cloud computing, such as low latency and fast response, strong location awareness, and enhanced reliability and security. These advantages have facilitated the emergence of fog-based smart grids, where the use of aggregation capabilities in fog nodes (FNs) prevents utility providers from obtaining a single ciphertext through a reliable communication network deployed in parallel with the transmission and distribution grid, and aggregated ciphertexts can be combined.
- the text is provided to the Control Center (CC), as shown in Figure 1.
- the aggregated data is only accurate to the type of electrical appliance, and does not take into account the more microscopic data.
- all users use the same super-increasing sequence. As long as the attacker obtains a set of super-increasing sequences, the power consumption data of all users can be recovered. would raise serious privacy concerns.
- the present invention aims to solve at least one of the technical problems existing in the prior art.
- the present invention proposes a fog-based multi-dimensional and multi-angle power consumption data aggregation system, including a control center and several fog nodes connected to the control center.
- the coverage of the control center is divided into several sub-areas. There is one fog node in the area, and each fog node is connected to several electricity meters within its coverage area;
- the control center generates a corresponding set of super-increasing sequences for each electric meter based on the homomorphic Paillier encryption method according to the types of electrical appliances within the coverage of each electric meter and its energy efficiency level information, and sends the super-increasing sequences to the corresponding electricity meter;
- Each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and encrypts the electricity consumption data using the super-increasing sequence to generate ciphertext, and encapsulates the ciphertext into an electricity consumption message and sends it to the corresponding fog node;
- Each fog node aggregates all received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into aggregated messages and sends them to the control center;
- the control center decrypts all the received aggregated data, and obtains electricity consumption data including the types of electrical appliances and their energy efficiency levels within the coverage area of the control center.
- the electricity consumption data collected is only accurate to the type of electrical appliances.
- more microscopic data can be counted.
- the third party can restore all user data as long as it obtains a set of super-increasing sequences, which significantly improves the security of power consumption data transmission.
- each electricity meter and fog node before the control center generates the super-incrementing sequence, each electricity meter and fog node submit an identity verification message to the control center, and the control center verifies the identity verification message.
- each meter and fog node submit an identity verification message to the control center, and the control center verifies the identity verification message, specifically including:
- the electricity meter generates a first random number, and generates a first digital signature according to the first random number, the virtual identity and the first key, and encapsulates the virtual identity, the first digital signature and the first random number into an authentication message and passes through the corresponding fog.
- the node sends the control center, wherein the virtual identity is allocated by the control center for identification of the electric meter; the first key is the private key allocated by the control center to the electric meter;
- the fog node generates a second random number, generates a second digital signature according to the identity label, the second random number and the first shared key, and encapsulates the identity label, the second digital signature and the second random number into a message and sends it to the control center, where , the identity label is allocated by the control center and used for identification of the fog node; the first shared key is allocated by the control center as a shared key between the corresponding fog node and the control center;
- the control center verifies the identity of the meter according to the virtual identity and the first digital signature, and verifies the identity of the fog node according to the second digital signature.
- each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and uses the super-incrementing sequence to encrypt the electricity consumption data to generate ciphertext, and encapsulates the ciphertext into an electricity consumption message.
- Send to the corresponding fog node including:
- the electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, generates a third random number, encrypts the collected electricity consumption data according to the third random number and the super-increasing sequence, and generates a ciphertext;
- the electricity meter generates a third digital signature according to the ciphertext, the second shared key and the current timestamp, wherein the second shared key is allocated by the control center as a shared key between the corresponding electricity meter and the fog node;
- the electricity meter selects a temporary identity, encapsulates the temporary identity, ciphertext, current time stamp and third digital signature into a electricity consumption message and sends it to the corresponding fog node, wherein the fog node assigns a set of temporary identities to the electricity meter each time;
- the fog node verifies the temporary identity, the current timestamp and the third digital signature, and if the verification is successful, the received data is retained.
- the temporary identity is deleted, and when all temporary identities are deleted, the corresponding fog node is requested to reassign a set of temporary identities.
- each fog node aggregates all received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into an aggregated message and sends it to the control center, specifically including:
- the fog node aggregates all received ciphertexts to obtain aggregated data
- the fog node generates a fourth digital signature according to the identity tag, aggregated data, first shared key and current timestamp;
- the fog node encapsulates the identity tag, aggregated data, current timestamp and fourth digital signature into an aggregated message and sends it to the control center;
- the control center verifies the current time stamp and the fourth digital signature, and if the verification is successful, the received data is retained.
- control center after each time the control center verifies the identity verification message, it reassigns a new virtual identity to each electric meter.
- FIG. 1 is a schematic diagram of a cloud-fog-based smart grid architecture provided by the prior art
- FIG. 2 is a schematic structural diagram of a fog-based multi-dimensional and multi-angle electricity data aggregation system provided by an embodiment of the present invention
- FIG. 3 is a schematic flowchart of initialization provided by an embodiment of the present invention.
- FIG. 4 is a schematic diagram of generating a super-incrementing sequence provided by an embodiment of the present invention.
- FIG. 5 is a schematic flowchart of data collection, data aggregation, and data extraction provided by an embodiment of the present invention
- FIG. 11 is an experimental comparison diagram provided by an embodiment of the present invention.
- Key generation given a security parameter k 1 by the control center (CC), at first select two large prime numbers p 1 , q 1 , set
- Control center decryption use the private key ( ⁇ , ⁇ ) to decrypt c to get
- Type of appliance For example, air conditioners, washing machines, and televisions are each called a category of appliances.
- Energy efficiency grades Electrical appliances have different energy efficiency grades. Among them, the energy efficiency grades of each electrical appliance have a unified standard. For example, air conditioners can be divided into energy efficiency grades 1/2/3 according to China's energy efficiency standard for inverter air conditioners GB21455-2013. Appliances such as air conditioners have three energy efficiency classes.
- an embodiment of the present invention provides a fog-based multi-dimensional and multi-angle electricity data aggregation system, including: control center, fog node and electricity meter three types of entities, the coverage of the control center It is divided into several sub-areas, each sub-area contains a fog node, and the coverage area of each fog node contains several electricity meters, specifically:
- the system can be divided into cloud layer, fog layer and user layer.
- the cloud layer includes a utility provider with a control center (CC), and the fog layer includes several fog nodes (FN) with communication, aggregation and computing functions.
- the layer is a number of user Home Local Area Networks (HANs) within the coverage area of a certain fog node (each HAN contains a meter (SM)).
- HANs Home Local Area Networks
- Control Center responsible for collecting, processing and analyzing real-time meter data, and issuing grid commands to fog nodes and meters to provide reliable services for the smart grid.
- Fog nodes store, process, and relay the flow of information between the control center and the meter, including grid commands, requests, and meter readings.
- Electricity meters can collect electricity consumption data in real time, and send their service requests and data statistics to the control center through fog nodes.
- the system mainly performs four operations: initialization, data collection, data aggregation and data extraction, as follows:
- the control center generates a set of super-increasing sequences for each electric meter based on the homomorphic Paillier encryption method according to the types of electrical appliances within the coverage area of each electric meter and its energy efficiency level information, and sends the super-increasing sequences to the corresponding electric meters.
- all meters and fog nodes submit identity verification to the control center information.
- the electricity meter SM i generates a random number R s and calculates the digital signature then send the message to the corresponding fog node FN j .
- the fog node FN j After the fog node FN j receives the message M 1 , it generates a random number R f and calculates the digital signature then send the message to the control center.
- the control center After the fog node FN j receives the message M 1 , it generates a random number R f and calculates the digital signature then send the message to the control center.
- the control center will Map to the user's real identity and electrical appliance type and its energy efficiency level, and calculate and verify V i and V j to determine whether the data has been maliciously modified. It should be noted that the full text uses the same hash operation by default.
- the control center After the verification is successful, the control center generates a new virtual identity for the meter SM i With each initialization, the control center generates a new virtual identity for each meter SM i for added security. As shown in Figure 3, the control center generates a set of data for the meter SM i that matches the user's electrical appliance type and its energy efficiency level. a 1 ⁇ 1,2,...,m 1 ⁇ ,a 2 ⁇ 1,2,...,m 2 ⁇ ,..., al ⁇ 1,2,...,m l ⁇ .
- Control Center Computing in is the real identity of the meter SM i.
- the control center sends the message M 3 : ⁇ a,b,c,d,V 0 ,V 1 ⁇ to the fog node FN j .
- the purpose of setting these parameters is to prevent fog nodes or electricity meters from directly obtaining each other's private parameters during the parameter transmission process, for example: meter awareness So the meter wants to get the parameters sent to the meter by the control center can be calculated The fog node does not know the parameters So it can't be unlocked. Among them, ⁇ is the exclusive or operator.
- k 1 , calculate the public key (N, g), and keep the private key ( ⁇ , ⁇ ).
- each type of electrical appliance has data of m i energy efficiency levels: m 1 ,m 2 ,...,m l may or may not be equal, and each type of energy efficiency level data ) is less than a constant d.
- the control center selects a set of large prime numbers Its length is
- ⁇ k 2 ,s ⁇ [1,m i ], is an increasing prime number, such as ⁇ i,s-1 ⁇ i,s (s 2,...,m i ); satisfy It should be noted that, because the data of all electrical appliance types and their energy efficiency levels in a family can add up to dozens of pieces at most, and only a few dozen prime numbers are needed for one initialization, and there are 6,057 prime numbers within 60,000, so this Embodiments are possible.
- control center calculates The generation process is shown in Figure 4.
- the fog node FN j After the fog node FN j receives M 3 , it first calculates and verifies V 0 , and then calculates after the verification is successful. and Fog node FN j generates a set of temporary identities and calculated and store temporary identity and, the shared key between the meter SM i and the fog node FN j shared key Assigned to Control Center. in, to express Encrypted virtual identity
- Fog node FN j sends a message Feed the meter SM i .
- the electricity meter SM i After the electricity meter SM i receives the message M 4 , it first calculates And verify V 1 , after successful calculation, Then verify V 2 , decrypt with kh i get and store the above information.
- SM i When every SM i is used up delete the temporary identity Next time choose one from the remaining temporary identities. When all temporary status After all are used up, SM i re-initiates a registration application to the control center, and then re-initializes the system to request the corresponding FN j to re-assign a set of temporary identities.
- the control center authenticates FN j with the parameter V j , which must be equal to Meanwhile, FN j and SM i use the response parameters V 0 and V 1 to verify the control center, respectively.
- a secure shared key is established between each SM i and FN j To prevent dishonest or fake meters from falsifying data.
- the various entities SM i , FN j and the control center
- Each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and encrypts the electricity consumption data with a super-increasing sequence to generate ciphertext, which is encapsulated into an electricity consumption message and sent to the corresponding fog node.
- the collected electricity consumption data is encrypted according to random numbers and super-increasing sequences to generate ciphertext
- the meter SM i calculates a signature t i is the current timestamp
- Meter SM i selects a temporary identity where x ⁇ [1,q], and send the message to the fog node FN j ;
- the fog node FN j checks and verifies the temporary identity of the meter SM i and locate the virtual identity of the meter Check timestamp t i , compute signature Comparing S i ' and S i , when they are equal, the fog node FN j receives and stores the message MS i .
- SM i When every SM i is used up delete the temporary identity Next time choose one from the remaining temporary identities.
- SM i re-initiates a registration application to the control center, and then re-initializes the system to request the corresponding FN j to re-assign a set of temporary identities.
- SM i is not allowed to use the same temporary identity twice when sending data And the temporary identity is only known by FN j , therefore, the attacker cannot guess whether the usage data of two consecutive sessions comes from the same SM i , and this scheme is beneficial to prevent eavesdroppers from eavesdropping on privacy.
- FN j checks whether the received data is the same as that sent by each smart meter SM i. If an attacker has tampered with c ji , when FN j verifies When inconsistencies are found, the message is judged to be false. Therefore, the attacker needs to tamper with S i at the same time to deceive FN j , but the attacker obtains Computationally infeasible. And if the attacker tampered with t i and Likewise, since the attacker obtains a temporary identity (where x ⁇ [1,q]) is computationally infeasible when FN j is verifying t i and When inconsistencies are found, the message is judged to be false.
- FN j authenticates each smart meter SM i with the timestamp t i and the signature S i , which can identify any replay attacks performed by the attacker.
- the attacker can obtain the ciphertext c ji .
- the attacker needs to use the private key ( ⁇ , ⁇ ) to decrypt c ji first to get and need to decrypt. Assuming the worst case, the private key ( ⁇ , ⁇ ) and are obtained by the attacker, since each sequence Even if the attacker obtains all the decryption keys of a certain user, he cannot decrypt the electricity usage privacy information of other users.
- Each fog node aggregates all the received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into aggregated messages and sends them to the control center.
- the specific details are as follows:
- Fog node FN j calculates the signature t j is the current timestamp
- the control center checks the timestamp t j and calculates the signature Sj ' and Sj are then compared, and if they are equal, the control center receives and stores the message MSj .
- control center uses timestamp t j and signature S j to authenticate each fog node FN j , which helps to detect any manipulation of the electricity aggregated data by the attacker during the communication process.
- the polymerization can also satisfy the data Paillier homomorphic encryption properties, and the above analysis Similarly, even if the attacker to FN j for all encryption The ciphertext cannot be decrypted.
- the control center can decrypt the data to obtain electricity consumption data including the type of electrical appliance and its equivalent level (that is, to obtain multi-dimensional and multi-angle electricity consumption data), if an attacker invades the control center, because the decryption parameters Only the control center knows, and the attacker cannot get the parameters directly from the control center So the aggregated ciphertext cannot be decrypted. In addition, even if the attacker obtains the final decryption result, since the data comes from multiple users, the attacker cannot identify a specific user, so the privacy of the user is guaranteed.
- the control center decrypts the aggregated data with the reserved private key ( ⁇ , ⁇ ), and obtains all the electricity consumption data including the type of electrical appliance and its energy efficiency level within its coverage area (that is, the multi-dimensional and multi-angle electricity consumption within its coverage area is obtained. data), the details are as follows:
- the electricity consumption data collected is only accurate to the type of electrical appliances.
- This system collects electricity consumption data including electrical appliance types and their energy efficiency levels, such as It realizes the collection of multi-dimensional and multi-angle electricity consumption data, improves the accuracy of electricity consumption data collection by the control center, and can count more microscopic data.
- the control center assigns a set of matching super-increasing sequences to each electric meter according to the electrical appliance type and energy efficiency level information of each user.
- the center has obtained multi-dimensional and multi-angle electricity consumption data in its responsible area. Compared with the electricity consumption data collected in the existing multi-dimensional data aggregation scheme, the electricity consumption data is only accurate to the type of electrical appliances. This system improves the accuracy of electricity consumption data collection. , more microscopic data can be counted, and it is convenient for utility suppliers to dynamically obtain the overall power consumption in real time to implement demand-side management.
- the control center of the system assigns a set of matching super-increasing sequences to each electric meter according to the electrical appliance type and energy efficiency level information of each user, which solves the problem in the current scheme. As long as the attacker obtains a set of super-increasing sequences, the data of all users can be recovered.
- the fog nodes Before the electricity meter collects the electricity consumption data, the fog nodes all perform identity authentication to the control center before aggregating the electricity consumption data, so as to prevent dishonest or false electricity meters from falsifying the data, resulting in inaccurate aggregation results.
- an embodiment of the present invention provides a set of simulation experiments comparisons between the present scheme and the EPPA and MMDAPP schemes, wherein the relevant content of the EPPA scheme can refer to the literature “R.Lu, X.Liang, X.Li , X.Lin and X.Shen,”EPPA:An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications,"in IEEE Transactions on Parallel and Distributed Systems,vol.23,no.9,pp.1621-1631, Sept.2012.”;
- the relevant content of the MMDAPP scheme please refer to the literature “X.Yang,S.Zhang and B.Wang,”Multi-data Aggregation Scheme Based on Multiple Subsets to Realize User Privacy Protection,"2018 12th IEEE International Conference on Anti-counterfeiting,Security,and Identification(ASID),Xiamen,China,pp.61-65,2018.”, the specific experimental results are as follows:
- Figure 6 shows the relationship between the calculation cost of the electricity meter and the number of electrical appliance types. Obviously, compared with the EPPA and MMDAPP schemes, the calculation overhead of the electricity meter in this scheme is significantly reduced. On the other hand, the relationship between the computational overhead of fog nodes and the number of users is shown in Figure 7. Compared with the EPPA and MMDAPP schemes, the slope of the computational overhead curve of the fog nodes in this scheme is lower.
- this scheme saves 448.65ms, 890.65ms, 1332.65ms, 1774.65ms, and 2216.65ms of computational overhead in turn compared with the EPPA and MMDAPP schemes.
- this scheme is undoubtedly more suitable for data aggregation in the smart grid.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Water Supply & Treatment (AREA)
- Medical Informatics (AREA)
- Bioethics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
A fog-based multi-dimensional multi-angle electricity consumption data aggregating system. According to types of electric appliances of each user and energy efficiency index information of the electric appliances, a control center allocates, to each electric meter, a set of super-increasing sequences matching the electric meter, the electric meter can acquire the user's electricity consumption information comprising the types of electric appliances and the energy efficiency indexes of the electric appliances, and the electricity consumption information is encrypted by means of the allocated super-increasing sequences and then sent to a fog node; and the fog node aggregates data and then sends same to the control center, and the control center obtains multi-dimensional multi-angle electricity consumption data of a region for which the control center is responsible. Compared with the current multi-dimensional data aggregating solution in which the acquired electricity consumption data is only precise to the type of electric appliances, the precision of electricity consumption data collected by the control center is improved, and more microscopic data can be calculated. Moreover, the problem of all the user data being recoverable as long as a third party obtains a set of super-increasing sequences is also solved, thereby improving the security.
Description
本发明涉及电力信息安全技术领域,特别涉及一种基于雾的多维度多角度用电数据的聚合系统。The invention relates to the technical field of power information security, in particular to a fog-based aggregation system for multi-dimensional and multi-angle power consumption data.
为了确保生产与需求之间的智能负载平衡,许多国家和地区都在积极部署电表。电表会定期测量并实时报告功耗,此功能有助于公用事业供应商更好地监测,控制和预测功耗。公用事业供应商可以分析用电消费数据来实施阶梯电价并动态更新其价格,同时根据需求增加或减少产量,以实施需求侧管理。此外,细粒度的用电量数据可以帮助分析消费者能源消耗行为,需求响应优化以及改进节能建议。尽管电表提供了一些明显的好处,但准确而细粒度的家庭能源消耗测量却引发了严重的隐私问题。就这一点而言,细粒度的用户用电数据可以显示用户是否在家、他们实时使用的电器及其特点,甚至是他们在家中的日常习惯。基于这些反映用户活动的实时数据,恶意攻击者可以用来分析用户的私人习惯,当房子里没人的时候小偷可能会闯入,这可能会导致严重的后果。To ensure intelligent load balancing between production and demand, many countries and regions are actively deploying electricity meters. Electricity meters regularly measure and report power consumption in real time, a feature that helps utility providers better monitor, control and predict power consumption. Utility providers can analyze electricity consumption data to implement tiered tariffs and dynamically update their prices, while increasing or decreasing production based on demand to implement demand-side management. In addition, fine-grained electricity usage data can help analyze consumer energy consumption behavior, demand response optimization, and improve energy-saving recommendations. While electricity meters offer some obvious benefits, accurate and fine-grained measurement of home energy consumption raises serious privacy concerns. In this regard, fine-grained data on user electricity usage can reveal whether users are at home, the appliances they use in real time and their characteristics, and even their daily habits at home. Based on these real-time data reflecting user activities, malicious attackers can use to analyze users' private habits, thieves may break in when the house is empty, which can lead to serious consequences.
由于电表的使用对于智能电网中更好的供需管理至关重要,如何在用电量数据的可用性和保密性之间取得平衡也是一个至关重要的学术问题。为了解决这个问题,可以将保护隐私的数据聚合作为一种可行的解决方案,其中聚合单元会定期聚合地理区域中一组用户的用电量,公用事业供应商可以获得区域中电能使用情况数据的总和,但对该区域中的单个电能使用情况一无所知。当前用于保护细粒度数据聚合隐私用到的技术工具有同态加密、差分隐私、添加掩码等。近几年来又有一些研究人员提出了多维数据聚合方案,例如:Lu等人提出了一种有效的、保护隐私的聚合方案(EPPA),该方案采用超递增序列构造多维度数据,采用同态Paillier加密技术对结构化数据进行加密,该方案使智能电表可以在一个报告消息中报告多种电器类型的数据,该方案还支持实体之间的相互通信,本地网关直接对密文进行数据聚合,无需解密,控制中心可以获得原始数据的聚合结果。但是,由于所有用户都用相同的密文,只要获得密钥和一组超递增序列,就可以恢复所有用户的功耗数据,安全系数较低。Yang等人提出了一种基 于多子集的多维数据聚合方案,将用户的功耗数据设置为多维数据集,根据功耗将用户划分为多个子集,添加盲因子以混淆真实功耗数据,并采用同态加密技术对用户的功耗信息进行加密。该方案可以计算出每个子集的用户数量和所有用户每维数据的用电量总和,但是该方案未考虑电表故障问题。多维聚合的优势在于其对受电设备进行聚合的分类。多维数据聚合可以完成两种或多种类型数据的聚合,并将用户家中不同类型电器的用电量分类并上传到控制中心,控制中心获取数据后,可以分析用户不同电器的数据从而完成了功耗细粒度分析。现在随着智能电网的发展和新能源技术的应用,对用户用电数据细粒度和安全要求也越来越高,当前研究中电表采集数据的细粒度只精确到电器类型,而没有考虑到更微观的数据,例如,空调可以按照中国变频空调能效标准GB21455-2013分为能效等级1/2/3级。分析这些细粒度数据能帮助防止由高功率设备组成的物联网(IOT)僵尸网络发起的大规模协同攻击。Since the use of electricity meters is critical for better supply and demand management in smart grids, how to strike a balance between the availability and confidentiality of electricity consumption data is also a crucial academic issue. To address this problem, privacy-preserving data aggregation can be a viable solution, where an aggregation unit periodically aggregates the electricity usage of a group of users in a geographic area, and utility providers can obtain an overview of the electricity usage data in the area. The sum, but nothing is known about the individual power usage in the area. The technical tools currently used to protect the privacy of fine-grained data aggregation include homomorphic encryption, differential privacy, and adding masks. In recent years, some researchers have proposed multi-dimensional data aggregation schemes. For example, Lu et al. proposed an effective, privacy-preserving aggregation scheme (EPPA), which uses super-increasing sequences to construct multi-dimensional data and uses homomorphism. Paillier encryption technology encrypts structured data, this scheme enables smart meters to report data of multiple electrical appliance types in one report message, this scheme also supports mutual communication between entities, and the local gateway directly aggregates the ciphertext data, Without decryption, the control center can obtain the aggregated results of the original data. However, since all users use the same ciphertext, as long as the key and a set of super-increasing sequences are obtained, the power consumption data of all users can be recovered, and the security factor is low. Yang et al. proposed a multi-subset-based multi-dimensional data aggregation scheme, which sets the user's power consumption data as a multi-dimensional data set, divides users into multiple subsets according to power consumption, and adds a blind factor to confuse the real power consumption data. And use homomorphic encryption technology to encrypt the user's power consumption information. This scheme can calculate the number of users in each subset and the sum of electricity consumption per dimension of all users, but this scheme does not consider the problem of meter failure. The advantage of multi-dimensional aggregation is its classification of aggregated powered devices. Multi-dimensional data aggregation can complete the aggregation of two or more types of data, and classify the electricity consumption of different types of electrical appliances in the user's home and upload it to the control center. After the control center obtains the data, it can analyze the data of the user's different electrical appliances to complete the function. Fine-grained analysis. Now with the development of smart grid and the application of new energy technologies, the requirements for finer granularity and security of users' electricity consumption data are getting higher and higher. In the current research, the fine-grained data collected by electricity meters is only accurate to the type of electrical appliance, without taking into account more Microscopic data, for example, air conditioners can be classified into energy efficiency grades 1/2/3 according to the Chinese inverter air conditioner energy efficiency standard GB21455-2013. Analyzing this fine-grained data can help prevent large-scale coordinated attacks by Internet of Things (IoT) botnets composed of high-powered devices.
与此同时,由于用户在大数据时代对网络性能和服务质量有更高的期望,在面对大量的从用户那里收集的报告和查询时,当前传统云计算在计算能力和存储方面都面临明显的不足,已经不能满足日益增长的隐私保护和通信带宽的要求。与云计算相比,雾计算具有许多优势,例如低延迟和响应速度快,位置感知能力强以及可靠性和安全性的增强。这些优势促进了基于雾的智能电网的出现,通过与输配电网平行部署的可靠通信网络,使用雾节点(FN)中的聚合功能防止公用事业供应商获得单个密文,并且可将聚合的密文提供给控制中心(CC),如附图1所示。At the same time, since users have higher expectations for network performance and service quality in the era of big data, when faced with a large number of reports and queries collected from users, the current traditional cloud computing faces obvious challenges in terms of computing power and storage. Insufficient, has been unable to meet the growing requirements of privacy protection and communication bandwidth. Fog computing offers many advantages over cloud computing, such as low latency and fast response, strong location awareness, and enhanced reliability and security. These advantages have facilitated the emergence of fog-based smart grids, where the use of aggregation capabilities in fog nodes (FNs) prevents utility providers from obtaining a single ciphertext through a reliable communication network deployed in parallel with the transmission and distribution grid, and aggregated ciphertexts can be combined. The text is provided to the Control Center (CC), as shown in Figure 1.
因此,在现有的方案中,所聚合的数据只精确到电器类型,而没有考虑到更微观的数据。而且,在现有的基于的多维数据聚合的方法中,例如EPPA方案,所有用户都用相同的超递增序列,只要攻击者获得一组超递增序列,就可以恢复所有用户的功耗数据,这将引发了严重的隐私问题。Therefore, in the existing scheme, the aggregated data is only accurate to the type of electrical appliance, and does not take into account the more microscopic data. Moreover, in the existing methods based on multi-dimensional data aggregation, such as the EPPA scheme, all users use the same super-increasing sequence. As long as the attacker obtains a set of super-increasing sequences, the power consumption data of all users can be recovered. would raise serious privacy concerns.
发明内容SUMMARY OF THE INVENTION
本发明旨在至少解决现有技术中存在的技术问题之一。为此,本发明提出一种基于雾的多维度多角度用电数据的聚合系统,包括控制中心、与控制中心通信连接的若干个雾节点,控制中心的覆盖范围分为若干个子区域,每个子区域内含有一个雾节点,每个雾节点与其覆盖范围内的若干个电表通信连接;The present invention aims to solve at least one of the technical problems existing in the prior art. To this end, the present invention proposes a fog-based multi-dimensional and multi-angle power consumption data aggregation system, including a control center and several fog nodes connected to the control center. The coverage of the control center is divided into several sub-areas. There is one fog node in the area, and each fog node is connected to several electricity meters within its coverage area;
控制中心分别根据每个电表的覆盖范围内的电器类型及其能效等级信息,基于同态Paillier加密方法 分别为每个电表生成对应的一组超递增序列,将所述超递增序列发送至对应的电表;The control center generates a corresponding set of super-increasing sequences for each electric meter based on the homomorphic Paillier encryption method according to the types of electrical appliances within the coverage of each electric meter and its energy efficiency level information, and sends the super-increasing sequences to the corresponding electricity meter;
每个电表采集包含电器类型及其能效等级的用电数据,并使用所述超递增序列加密用电数据生成密文,将密文封装成用电消息后发送至对应的雾节点;Each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and encrypts the electricity consumption data using the super-increasing sequence to generate ciphertext, and encapsulates the ciphertext into an electricity consumption message and sends it to the corresponding fog node;
每个雾节点将接收到的所有密文进行聚合得到聚合数据,将所述聚合数据封装成聚合消息发送至控制中心;Each fog node aggregates all received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into aggregated messages and sends them to the control center;
控制中心解密接收到的所有所述聚合数据,得到控制中心覆盖范围内的包含电器类型及其能效等级的用电数据。The control center decrypts all the received aggregated data, and obtains electricity consumption data including the types of electrical appliances and their energy efficiency levels within the coverage area of the control center.
根据本发明的实施例,至少具有以下有益效果:According to the embodiments of the present invention, at least the following beneficial effects are obtained:
相较于现有多维数据聚合方案采集的用电数据只精确到电器的类型,本系统采集了包含电器类型及其能效等级的用电数据,实现了多维度多角度用电数据的采集,提高了控制中心收集用电数据的精度,可以统计更微观的数据。同时,也解决了目前第三方只要获得一组超递增序列,就可以恢复所有用户数据的问题,显著的提高了用电数据传输的安全性。Compared with the existing multi-dimensional data aggregation scheme, the electricity consumption data collected is only accurate to the type of electrical appliances. In order to improve the accuracy of the power consumption data collected by the control center, more microscopic data can be counted. At the same time, it also solves the problem that the third party can restore all user data as long as it obtains a set of super-increasing sequences, which significantly improves the security of power consumption data transmission.
根据本发明的一些实施例,控制中心生成超递增序列之前,每个电表与雾节点均向控制中心提交身份验证消息,控制中心对身份验证消息进行验证。According to some embodiments of the present invention, before the control center generates the super-incrementing sequence, each electricity meter and fog node submit an identity verification message to the control center, and the control center verifies the identity verification message.
根据本发明的一些实施例,所述每个电表与雾节点均向控制中心提交身份验证消息,控制中心对身份验证消息进行验证,具体包括:According to some embodiments of the present invention, each meter and fog node submit an identity verification message to the control center, and the control center verifies the identity verification message, specifically including:
电表生成第一随机数,并根据第一随机数、虚拟身份和第一密钥生成第一数字签名,将虚拟身份、第一数字签名和第一随机数封装成身份验证消息后通过对应的雾节点发送控制中心,其中,虚拟身份为控制中心分配,用于电表的身份识别;第一密钥为控制中心分配给电表的私钥;The electricity meter generates a first random number, and generates a first digital signature according to the first random number, the virtual identity and the first key, and encapsulates the virtual identity, the first digital signature and the first random number into an authentication message and passes through the corresponding fog. The node sends the control center, wherein the virtual identity is allocated by the control center for identification of the electric meter; the first key is the private key allocated by the control center to the electric meter;
雾节点生成第二随机数,根据身份标签、第二随机数和第一共享密钥生成第二数字签名,将身份标签、第二数字签名和第二随机数封装成消息后发送控制中心,其中,身份标签为控制中心分配,用于雾节点的身份识别;第一共享密钥为控制中心分配,作为对应的雾节点和控制中心之间的共享密钥;The fog node generates a second random number, generates a second digital signature according to the identity label, the second random number and the first shared key, and encapsulates the identity label, the second digital signature and the second random number into a message and sends it to the control center, where , the identity label is allocated by the control center and used for identification of the fog node; the first shared key is allocated by the control center as a shared key between the corresponding fog node and the control center;
控制中心根据虚拟身份和第一数字签名对电表的身份进行验证,根据第二数字签名对雾节点的身份 进行验证。The control center verifies the identity of the meter according to the virtual identity and the first digital signature, and verifies the identity of the fog node according to the second digital signature.
根据本发明的一些实施例,所述每个电表采集包含电器类型及其能效等级的用电数据,并使用所述超递增序列加密用电数据生成密文,将密文封装成用电消息后发送至对应的雾节点,具体包括:According to some embodiments of the present invention, each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and uses the super-incrementing sequence to encrypt the electricity consumption data to generate ciphertext, and encapsulates the ciphertext into an electricity consumption message. Send to the corresponding fog node, including:
电表采集包含电器类型及其能效等级的用电数据,并生成第三随机数,根据第三随机数和所述超递增序列对采集的用电数据进行加密,生成密文;The electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, generates a third random number, encrypts the collected electricity consumption data according to the third random number and the super-increasing sequence, and generates a ciphertext;
电表根据密文、第二共享密钥和当前时间戳,生成第三数字签名,其中,第二共享密钥为控制中心分配,作为对应的电表与雾节点之间的共享密钥;The electricity meter generates a third digital signature according to the ciphertext, the second shared key and the current timestamp, wherein the second shared key is allocated by the control center as a shared key between the corresponding electricity meter and the fog node;
电表选择一个临时身份,将临时身份、密文、当前时间戳和第三数字签名封装成用电消息后发送至对应的雾节点,其中,雾节点每次为电表分配一组临时身份;The electricity meter selects a temporary identity, encapsulates the temporary identity, ciphertext, current time stamp and third digital signature into a electricity consumption message and sends it to the corresponding fog node, wherein the fog node assigns a set of temporary identities to the electricity meter each time;
雾节点对临时身份、当前时间戳和第三数字签名进行验证,若验证成功,则保留接收的数据。The fog node verifies the temporary identity, the current timestamp and the third digital signature, and if the verification is successful, the received data is retained.
根据本发明的一些实施例,电表每使用一个临时身份后,删除该临时身份,当所有临时身份均删除后,请求对应的雾节点重新分配一组临时身份。According to some embodiments of the present invention, after each temporary identity is used by the electricity meter, the temporary identity is deleted, and when all temporary identities are deleted, the corresponding fog node is requested to reassign a set of temporary identities.
根据本发明的一些实施例,所述每个雾节点将接收到的所有密文进行聚合得到聚合数据,将所述聚合数据封装成聚合消息发送至控制中心,具体包括:According to some embodiments of the present invention, each fog node aggregates all received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into an aggregated message and sends it to the control center, specifically including:
雾节点将接收到的所有密文进行聚合得到聚合数据;The fog node aggregates all received ciphertexts to obtain aggregated data;
雾节点根据身份标签、聚合数据、第一共享密钥和当前时间戳,生成第四数字签名;The fog node generates a fourth digital signature according to the identity tag, aggregated data, first shared key and current timestamp;
雾节点将身份标签、聚合数据、当前时间戳和第四数字签名封装成聚合消息后发送至控制中心;The fog node encapsulates the identity tag, aggregated data, current timestamp and fourth digital signature into an aggregated message and sends it to the control center;
控制中心对当前时间戳和第四数字签名进行验证,若验证成功,则保留接收的数据。The control center verifies the current time stamp and the fourth digital signature, and if the verification is successful, the received data is retained.
根据本发明的一些实施例,控制中心每次对身份验证消息进行验证之后,重新为每个电表分配一个新的虚拟身份。According to some embodiments of the present invention, after each time the control center verifies the identity verification message, it reassigns a new virtual identity to each electric meter.
本发明的附加方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the present invention will be set forth, in part, from the following description, and in part will be apparent from the following description, or may be learned by practice of the invention.
本发明的上述和/或附加的方面和优点从结合下面附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from the following description of embodiments taken in conjunction with the accompanying drawings, wherein:
图1为现有技术提供的基于云-雾的智能电网架构示意图;1 is a schematic diagram of a cloud-fog-based smart grid architecture provided by the prior art;
图2为本发明实施例提供的基于雾的多维度多角度用电数据的聚合系统的结构示意图;2 is a schematic structural diagram of a fog-based multi-dimensional and multi-angle electricity data aggregation system provided by an embodiment of the present invention;
图3为本发明实施例提供的初始化的流程示意图;3 is a schematic flowchart of initialization provided by an embodiment of the present invention;
图4为本发明实施例提供的超递增序列的生成示意图;4 is a schematic diagram of generating a super-incrementing sequence provided by an embodiment of the present invention;
图5为本发明实施例提供的数据收集、数据聚合以及数据提取的流程示意图;5 is a schematic flowchart of data collection, data aggregation, and data extraction provided by an embodiment of the present invention;
图6为本发明实施例提供的实验对比图;6 is an experimental comparison diagram provided by an embodiment of the present invention;
图7为本发明实施例提供的实验对比图;7 is an experimental comparison diagram provided by an embodiment of the present invention;
图8为本发明实施例提供的实验对比图;8 is an experimental comparison diagram provided by an embodiment of the present invention;
图9为本发明实施例提供的实验对比图;9 is an experimental comparison diagram provided by an embodiment of the present invention;
图10为本发明实施例提供的实验对比图;10 is an experimental comparison diagram provided by an embodiment of the present invention;
图11为本发明实施例提供的实验对比图。FIG. 11 is an experimental comparison diagram provided by an embodiment of the present invention.
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能理解为对本发明的限制。The following describes in detail the embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary, only used to explain the present invention, and should not be construed as a limitation of the present invention.
首先对本发明中的部分术语进行简要说明;First, some terms in the present invention are briefly explained;
(1)同态Paillier加密技术;(1) Homomorphic Paillier encryption technology;
密钥生成:控制中心(CC)给定一个安全参数k
1,最开始选择两个大素数p
1,q
1,设|p
1|=|q
1|=k
1计算N=p
1q
1和λ=lcm(p
1-1,q
1-1)。定义一个函数
然后选择一个生成元
再计算μ=(L(g
λmod N
2))
-1mod N。最后发布公钥pK=(N,g)给所有电表,保留私钥SK=(λ,μ)。
Key generation: given a security parameter k 1 by the control center (CC), at first select two large prime numbers p 1 , q 1 , set |p 1 |=|q 1 |=k 1 to calculate N=p 1 q 1 and λ=lcm(p 1 -1, q 1 -1). define a function Then choose a generator Calculate μ=(L(g λ mod N 2 )) -1 mod N again. Finally, the public key pK=(N, g) is released to all electricity meters, and the private key SK=(λ, μ) is reserved.
电表加密:电表获取电表数据
选择一个随机数
然后密文可以计算为c=g
m·
其中
为正整数集合。
Meter encryption: the meter obtains the meter data pick a random number Then the ciphertext can be calculated as c=g m · in is a set of positive integers.
控制中心解密:使用私钥(λ,μ)解密c得到
Control center decryption: use the private key (λ, μ) to decrypt c to get
(2)电器类型及其能效等级:(2) Types of electrical appliances and their energy efficiency grades:
电器类型:例如,空调、洗衣机和电视机各称为一类电器。Type of appliance: For example, air conditioners, washing machines, and televisions are each called a category of appliances.
能效等级:电器具有不同的能效等级,其中,每个电器的能效等级是有统一标准的,例如,空调可以按照中国变频空调能效标准GB21455-2013分为能效等级1/2/3级等,则空调这类电器具有三个能效等级。Energy efficiency grades: Electrical appliances have different energy efficiency grades. Among them, the energy efficiency grades of each electrical appliance have a unified standard. For example, air conditioners can be divided into energy efficiency grades 1/2/3 according to China's energy efficiency standard for inverter air conditioners GB21455-2013. Appliances such as air conditioners have three energy efficiency classes.
需要说明的是,每个电表所覆盖的用户内的电器类型及其能效等级信息已被对应的电表和控制中心得知,例如,一个家庭的空调、电视机等电器的信息,和空调、电视机的能效等级的信息,已被对应的电表和控制中心得知。这是属于信息采集的范围,本文并未涉及。It should be noted that the type of electrical appliances in the user covered by each electricity meter and their energy efficiency level information have been known by the corresponding electricity meter and control center. The information of the energy efficiency level of the machine has been known by the corresponding electricity meter and control center. This is within the scope of information collection and is not covered in this article.
参照图2至图5,本发明的一个实施例,提供了一种基于雾的多维度多角度用电数据的聚合系统,包括:控制中心、雾节点和电表三类实体,控制中心的覆盖范围分为若干个子区域,每个子区域内含有一个雾节点,每个雾节点的覆盖范围内含有若干个电表,具体的:2 to 5, an embodiment of the present invention provides a fog-based multi-dimensional and multi-angle electricity data aggregation system, including: control center, fog node and electricity meter three types of entities, the coverage of the control center It is divided into several sub-areas, each sub-area contains a fog node, and the coverage area of each fog node contains several electricity meters, specifically:
本系统可分为云层、雾层和用户层,其中,云层包含一个具有控制中心(CC)的公用事业供应商,雾层包含若干个具有通信、聚合和计算功能的雾节点(FN),用户层为某一个雾节点覆盖区域内的很多个用户家庭局域网(HANs)(每个HAN含一个电表(SM))。系统如图2所示:The system can be divided into cloud layer, fog layer and user layer. The cloud layer includes a utility provider with a control center (CC), and the fog layer includes several fog nodes (FN) with communication, aggregation and computing functions. The layer is a number of user Home Local Area Networks (HANs) within the coverage area of a certain fog node (each HAN contains a meter (SM)). The system is shown in Figure 2:
控制中心:负责收集、处理和分析实时电表的数据,并向雾节点和电表下达网格命令,为智能电网提供可靠的服务。Control Center: Responsible for collecting, processing and analyzing real-time meter data, and issuing grid commands to fog nodes and meters to provide reliable services for the smart grid.
雾节点:雾节点存储、处理和中继控制中心与电表之间的信息流,包括网格命令、请求和电表读数。Fog Nodes: Fog nodes store, process, and relay the flow of information between the control center and the meter, including grid commands, requests, and meter readings.
电表:电表可以实时收集用电量数据,并通过雾节点将其服务请求和数据统计发送到控制中心。Electricity meters: Electricity meters can collect electricity consumption data in real time, and send their service requests and data statistics to the control center through fog nodes.
本系统主要进行初始化、数据收集、数据聚合以及数据提取这四个操作,具体如下:The system mainly performs four operations: initialization, data collection, data aggregation and data extraction, as follows:
第一、初始化;First, initialization;
控制中心分别根据每个电表的覆盖范围内的电器类型及其能效等级信息,基于同态Paillier加密方法 分别为每个电表生成一组超递增序列,将超递增序列发送至对应的电表。The control center generates a set of super-increasing sequences for each electric meter based on the homomorphic Paillier encryption method according to the types of electrical appliances within the coverage area of each electric meter and its energy efficiency level information, and sends the super-increasing sequences to the corresponding electric meters.
为了防止不诚实或虚假的电表伪造数据,从而导致不准确的聚合结果,作为一种优选的可实施方式,在控制中心生成超递增序列之前,所有的电表和雾节点均向控制中心提交身份验证消息。In order to prevent dishonest or fake meters from falsifying data, resulting in inaccurate aggregated results, as a preferred implementation, before the control center generates a super-increasing sequence, all meters and fog nodes submit identity verification to the control center information.
初始化的具体细节为:The specific details of initialization are:
(1)电表SM
i生成随机数R
s,并计算数字签名
然后发送消息
至对应的雾节点FN
j。其中,
为控制中心在初始化操作之前为电表SM
i分配的一个虚拟身份,控制中心通过该虚拟身份
识别电表SM
i;
为控制中心在初始化操作之前为电表SM
i分配的一个私钥;||为连接符,h()表示长度为160位的单向哈希函数。
(1) The electricity meter SM i generates a random number R s and calculates the digital signature then send the message to the corresponding fog node FN j . in, A virtual identity assigned by the control center to the meter SM i before the initialization operation, through which the control center passes Identify the meter SM i ; It is a private key assigned to the meter SM i by the control center before the initialization operation; || is the connector, and h() represents a one-way hash function with a length of 160 bits.
(2)雾节点FN
j收到消息M
1后,生成随机数R
f,并计算数字签名
然后发送消息
给控制中心。其中,
为控制中心在初始化操作之前为雾节点FN
j分配的一个身份标签,控制中心通过该身份标签
识别雾节点FN
j;
为控制中心初始化操作之前分配,为雾节点FN
j和控制中心之间的共享密钥。
(2) After the fog node FN j receives the message M 1 , it generates a random number R f and calculates the digital signature then send the message to the control center. in, An identity label assigned by the control center to the fog node FN j before the initialization operation, the control center passes the identity label Identify the fog node FN j ; It is allocated before the initialization operation for the control center, and is the shared key between the fog node FN j and the control center.
(3)控制中心将
映射到用户的真实身份和电器类型及其能效等级,并计算和验证V
i和V
j,以判断数据是否被恶意修改。需要说明的是,全文默认使用同一种哈希运算。
(3) The control center will Map to the user's real identity and electrical appliance type and its energy efficiency level, and calculate and verify V i and V j to determine whether the data has been maliciously modified. It should be noted that the full text uses the same hash operation by default.
(4)验证成功后,控制中心为电表SM
i生成一个新的虚拟身份
每一次初始化,控制中心都为每个电表SM
i生成一个新的虚拟身份,以增加安全性。如图3所示,控制中心为电表SM
i生成一组与该用户的电器类型及其能效等级相匹配的
a
1∈{1,2,…,m
1},a
2∈{1,2,…,m
2},…,a
l∈{1,2,…,m
l}。
(4) After the verification is successful, the control center generates a new virtual identity for the meter SM i With each initialization, the control center generates a new virtual identity for each meter SM i for added security. As shown in Figure 3, the control center generates a set of data for the meter SM i that matches the user's electrical appliance type and its energy efficiency level. a 1 ∈{1,2,…,m 1 },a 2 ∈{1,2,…,m 2 },…, al ∈{1,2,…,m l }.
控制中心计算
其中,
为电表SM
i的真实身份。控制中心将消息M
3:{a,b,c,d,V
0,V
1}发给雾节点FN
j。
Control Center Computing in, is the real identity of the meter SM i. The control center sends the message M 3 : {a,b,c,d,V 0 ,V 1 } to the fog node FN j .
设置这些参数的目的是为了在传输参数过程中,防止雾节点或电表直接获得对方的私密参数,例如:
电表知晓
所以电表想获得控制中心发送给该电表的参数
就可以计算
而雾节点并不知道参数
所以无法解开。其中,⊕为异或运算符。
The purpose of setting these parameters is to prevent fog nodes or electricity meters from directly obtaining each other's private parameters during the parameter transmission process, for example: meter awareness So the meter wants to get the parameters sent to the meter by the control center can be calculated The fog node does not know the parameters So it can't be unlocked. Among them, ⊕ is the exclusive or operator.
其中,控制中心为每一个电表SM
i生成一组对应的超递增序列的详细过程如下:
The detailed process of generating a set of corresponding super-increasing sequences for each meter SM i by the control center is as follows:
首先,控制中心利用同态Pailier加密方法给定两个安全参数k
1,k
2,运行Paillier中的参数生成Gen(k
2),获取密钥(g,μ,λ,p
1,q
1,N=p
1·q
1),使|p
1|=|q
1|=k
1,计算公钥(N,g),保留私钥(λ,μ)。假设一个FN
j管理的电表的最大数量不超过一个常数n,一共l个类型的电器,每一个类型的电器有m
i种能效等级的数据:
m
1,m
2,…,m
l之间可能相等也可能不相等,且每种类型的每种能效等级数据
)的值小于一个常数d。假设P为FN
j的覆盖范围内使用每一类型每一能效等级电器的家庭个数总和(例如:使用D
1,1电器的家庭有20个,使用D
1,2电器的家庭有15个,…,使用
电器的家庭有25个,则P=20+15+…+25)。
First, the control center uses the homomorphic Paillier encryption method to give two security parameters k 1 , k 2 , runs the parameters in Paillier to generate Gen(k 2 ), and obtains the keys (g, μ, λ, p 1 , q 1 , N=p 1 ·q 1 ), let |p 1 |=|q 1 |=k 1 , calculate the public key (N, g), and keep the private key (λ, μ). Assuming that the maximum number of meters managed by an FN j does not exceed a constant n, there are l types of electrical appliances, and each type of electrical appliance has data of m i energy efficiency levels: m 1 ,m 2 ,...,m l may or may not be equal, and each type of energy efficiency level data ) is less than a constant d. Assuming that P is the sum of the number of households using each type of appliances of each energy efficiency level within the coverage area of FN j (for example: 20 households using D 1,1 appliances, 15 households using D 1,2 appliances, …,use There are 25 households with electrical appliances, then P=20+15+…+25).
然后,控制中心选择一组大素数
其长度为|α
i,s|≥k
2,s∈[1,m
i],
为递增大素数,如α
i,s-1<α
i,s(s=2,…,m
i);
满足
需要说明的是,因为一个家庭全部的电器类型及其能效等级的数据加起来最多为几十个,而一次的初始化只需要用到几十个素数,而60000以内的素数有6057个,所以本实施例是可行的。
Then, the control center selects a set of large prime numbers Its length is |α i,s |≥k 2 ,s∈[1,m i ], is an increasing prime number, such as α i,s-1 <α i,s (s=2,...,m i ); satisfy It should be noted that, because the data of all electrical appliance types and their energy efficiency levels in a family can add up to dozens of pieces at most, and only a few dozen prime numbers are needed for one initialization, and there are 6,057 prime numbers within 60,000, so this Embodiments are possible.
最后,控制中心计算
生成过程如图4所示。
Finally, the control center calculates The generation process is shown in Figure 4.
(5)雾节点FN
j收到M
3后,先计算和验证V
0,验证成功后计算
和
雾节点FN
j生成一组临时身份
并计算得到
和
储存临时身份
和,电表SM
i与雾节点FN
j之间的共享密钥
共享密钥
为控制中心分配。其中,
表示用
加密虚拟身份
(5) After the fog node FN j receives M 3 , it first calculates and verifies V 0 , and then calculates after the verification is successful. and Fog node FN j generates a set of temporary identities and calculated and store temporary identity and, the shared key between the meter SM i and the fog node FN j shared key Assigned to Control Center. in, to express Encrypted virtual identity
雾节点FN
j发送消息
给电表SM
i。
Fog node FN j sends a message Feed the meter SM i .
(6)电表SM
i收到消息M
4后,先计算
并验证V
1,成功后计算得到
然后验证V
2,用kh
i解密
得到
并储存以上信息。
(6) After the electricity meter SM i receives the message M 4 , it first calculates And verify V 1 , after successful calculation, Then verify V 2 , decrypt with kh i get and store the above information.
当SM
i每使用完一个
就删除掉该临时身份
下一次再从剩余的临时身份选择一个。当所有的临时身份
都用完了之后,SM
i重新向控制中心发起注册申请,再重新进行系统初始化,请求对应的FN
j重新分配一组临时身份。
When every SM i is used up delete the temporary identity Next time choose one from the remaining temporary identities. when all temporary status After all are used up, SM i re-initiates a registration application to the control center, and then re-initializes the system to request the corresponding FN j to re-assign a set of temporary identities.
在上述(1)至(6)的过程中,控制中心通过验证请求消息M
2中的虚拟身份
和签名V
i来认证SM
i,其中只有合法的SM
i才能生成有效的哈希值输出V
i。控制中心使用参数V
j对FN
j进行身份验证,该参数必须等于
同时,FN
j和SM
i分别使用响应参数V
0和V
1对控制中心进行验证。另外,每一个SM
i和FN
j之间都建立一个安全的共享密钥
以防止不诚实或虚假的电表伪造数据。其中,假设各个实体(SM
i、FN
j和控制中心)不会向任何人泄露它们的密钥。在这方面,只有知道密钥
的合法FN
j才能计算出
和
类似地,只有拥有密钥
的真正的电表SM
i才能计算出
In the process to (6) above (1), the control center of the message M 2 by the virtual identity verification request V i and signature to authenticate the SM i, which only legitimate SM i to produce valid hash value of the output V i. The control center authenticates FN j with the parameter V j , which must be equal to Meanwhile, FN j and SM i use the response parameters V 0 and V 1 to verify the control center, respectively. In addition, a secure shared key is established between each SM i and FN j To prevent dishonest or fake meters from falsifying data. Therein, it is assumed that the various entities (SM i , FN j and the control center) will not disclose their keys to anyone. In this regard, only knowing the key The legal FN j can be calculated and Similarly, only have the key The real meter SM i can calculate
第二、数据收集;Second, data collection;
每个电表采集包含电器类型及其能效等级的用电数据,并使用超递增序列加密用电数据生成密文,将密文封装成用电消息后发送至对应的雾节点。具体细节如下:Each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and encrypts the electricity consumption data with a super-increasing sequence to generate ciphertext, which is encapsulated into an electricity consumption message and sent to the corresponding fog node. The specific details are as follows:
(1)电表SM
i定期(例如15分钟)采集包含电器类型及其能效等级的用电数据m
i1,m
i2,…,m
il,其中每一个数据m
ih≤d(h=1,2,…,l),生成随机数
根据随机数和超递增序列对采集的用电数据进行加密,生成密文
(1) SM i meter periodically (e.g., 15 minutes) acquired power data m i1, m i2 type comprising a collector and energy efficiency rating, ..., m il, wherein each data m ih ≤d (h = 1,2, ...,l), generate random numbers The collected electricity consumption data is encrypted according to random numbers and super-increasing sequences to generate ciphertext
(2)电表SM
i计算一个签名
t
i是当前时间戳;
(2) The meter SM i calculates a signature t i is the current timestamp;
(3)电表SM
i选择一个临时身份
其中x∈[1,q],并发送消息
到雾节点FN
j;
(3) Meter SM i selects a temporary identity where x∈[1,q], and send the message to the fog node FN j ;
(4)雾节点FN
j检查验证电表SM
i的临时身份
并定位到该电表的虚拟身份
检查时间戳t
i,计算签名
比较S
i′和S
i,相等时,雾节点FN
j接收并存储消息MS
i。
(4) The fog node FN j checks and verifies the temporary identity of the meter SM i and locate the virtual identity of the meter Check timestamp t i , compute signature Comparing S i ' and S i , when they are equal, the fog node FN j receives and stores the message MS i .
当SM
i每使用完一个
就删除掉该临时身份
下一次再从剩余的临时身份选择一个。当所有的临时身份
都用完了之后,SM
i重新向控制中心发起注册申请,再重新进行系统初始化,请求对应的FN
j重新分配一组临时身份。SM
i在发送数据时不允许两次使用相同的临时身份
且临时身份只有FN
j知道,因此,攻击者无法猜测连续两个会话的使用数据是否来自同一个SM
i,该方案有利于防止窃听者窃听隐私。
When every SM i is used up delete the temporary identity Next time choose one from the remaining temporary identities. when all temporary status After all are used up, SM i re-initiates a registration application to the control center, and then re-initializes the system to request the corresponding FN j to re-assign a set of temporary identities. SM i is not allowed to use the same temporary identity twice when sending data And the temporary identity is only known by FN j , therefore, the attacker cannot guess whether the usage data of two consecutive sessions comes from the same SM i , and this scheme is beneficial to prevent eavesdroppers from eavesdropping on privacy.
在本操作中,FN
j检查接收到的数据是否与每个智能电表SM
i发送的数据相同。如果攻击者篡改了c
ji,当FN
j验证
时会发现不一致,从而判定消息为假。因此攻击者需要同时篡改S
i以达到骗过FN
j的目的,但攻击者获得
在计算上是不可行的。而如果攻击者篡改了t
i和
同样地,由于攻击者获得临时身份
(其中x∈[1,q])在计算上是不可行的,当FN
j在验证t
i和
时会发现不一致,从而判定消息为假。因此,即使攻击者篡改了消息MS
i,也始终无法骗过FN
j。而且FN
j使用时间戳t
i和签名S
i对每个智能电表SM
i进行身份验证,可以识别攻击者执行的任何重放攻击。
In this operation, FN j checks whether the received data is the same as that sent by each smart meter SM i. If an attacker has tampered with c ji , when FN j verifies When inconsistencies are found, the message is judged to be false. Therefore, the attacker needs to tamper with S i at the same time to deceive FN j , but the attacker obtains Computationally infeasible. And if the attacker tampered with t i and Likewise, since the attacker obtains a temporary identity (where x∈[1,q]) is computationally infeasible when FN j is verifying t i and When inconsistencies are found, the message is judged to be false. Therefore, even if the attacker tampered with the message MS i , he could never fool FN j . And FN j authenticates each smart meter SM i with the timestamp t i and the signature S i , which can identify any replay attacks performed by the attacker.
由于SM
i的使用数据m
ih是通过开放信道加密并发送给FN
j的,因此攻击者可以获得密文c
ji。为了从满足同态Paillier加密属性的
中获得m
ih(其中a
i∈{1,2,…,m
i},i∈[1,l]),攻击者需要使用私钥(λ,μ)先解密c
ji得到
而
需要
来解密。假设最糟糕的情况,即私钥(λ,μ)和
都被攻击者获得,由于每一个序列
都不一样,即使攻击者获得关于某一用户的全部解密密钥,也不能由此解密其他用户的用电隐私信息。
Since the usage data m ih of SM i is encrypted and sent to FN j through an open channel, the attacker can obtain the ciphertext c ji . In order to satisfy the properties of homomorphic Paillier encryption from Obtain m ih (where a i ∈ {1,2,…,m i },i∈[1,l]), the attacker needs to use the private key (λ,μ) to decrypt c ji first to get and need to decrypt. Assuming the worst case, the private key (λ, μ) and are obtained by the attacker, since each sequence Even if the attacker obtains all the decryption keys of a certain user, he cannot decrypt the electricity usage privacy information of other users.
第三、数据聚合;Third, data aggregation;
每个雾节点将接收到的所有密文进行聚合得到聚合数据,将聚合数据封装成聚合消息发送至控制中心。具体细节如下:Each fog node aggregates all the received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into aggregated messages and sends them to the control center. The specific details are as follows:
(1)当雾节点FN
j接收到其覆盖范围内的所有电表发送的消息后,聚合每个密文得到聚合数据C
j,其中A
i,s(i=1,2,…,l;s=1,2,…,m
i)为使用第i类型第s种能效等级电器的家庭集合(比如A
1,1是使用第1类型第1种能效等级电器的家庭集合):
(1) After the fog node FN j receives the messages sent by all the electricity meters within its coverage, it aggregates each ciphertext to obtain aggregated data C j , where A i,s (i=1,2,...,l;s =1,2,...,m i ) is the collection of households using the appliances of the ith type and the sth energy efficiency class (for example, A 1,1 is the collection of households using the appliances of the 1st type and the 1st energy efficiency class):
(2)雾节点FN
j计算签名
t
j是当前时间戳;
(2) Fog node FN j calculates the signature t j is the current timestamp;
(3)雾节点FN
j发送
给控制中心;
(3) The fog node FN j sends to the control center;
(4)控制中心检查时间戳t
j,计算签名
然后比较S
j′和S
j,如果它们相等,控制中心接收并存储消息MS
j。
(4) The control center checks the timestamp t j and calculates the signature Sj ' and Sj are then compared, and if they are equal, the control center receives and stores the message MSj .
与上述分析同理,控制中心使用时间戳t
j和签名S
j对每个雾节点FN
j进行身份验证,有助于检测通信过程中攻击者对用电聚合数据的任何操作。
In the same way as the above analysis, the control center uses timestamp t j and signature S j to authenticate each fog node FN j , which helps to detect any manipulation of the electricity aggregated data by the attacker during the communication process.
如果攻击者入侵FN
j的数据库,由于FN
j只聚合数据而不进行解密,聚合后的数据也满足同态Paillier加密的性质,与上述分析同理,即使攻击者入侵FN
j以获取全部加密密文,也无法对密文解密。
If the attacker to FN j database, since the FN j decrypts only data without the polymerization, the polymerization can also satisfy the data Paillier homomorphic encryption properties, and the above analysis Similarly, even if the attacker to FN j for all encryption The ciphertext cannot be decrypted.
控制中心可以解密数据以获得包含电器类型及其等效等级的用电数据(即获得多维度多角度的用电数据),如果攻击者入侵控制中心,因为解密参数
只有控制中心知道,而攻击者不能直接从控制中心获得参数
所以聚合密文不能被解密。此外,即使攻击者得到最后解 密结果,由于数据来自多个用户,攻击者无法识别特定的用户,从而用户的隐私性得到了保证。
The control center can decrypt the data to obtain electricity consumption data including the type of electrical appliance and its equivalent level (that is, to obtain multi-dimensional and multi-angle electricity consumption data), if an attacker invades the control center, because the decryption parameters Only the control center knows, and the attacker cannot get the parameters directly from the control center So the aggregated ciphertext cannot be decrypted. In addition, even if the attacker obtains the final decryption result, since the data comes from multiple users, the attacker cannot identify a specific user, so the privacy of the user is guaranteed.
第四、数据提取;Fourth, data extraction;
控制中心用保留的私钥(λ,μ)解密聚合数据,得到其覆盖范围内所有的包含电器类型及其能效等级的用电数据(即得到了其覆盖范围内的多维度多角度的用电数据),具体细节如下:The control center decrypts the aggregated data with the reserved private key (λ, μ), and obtains all the electricity consumption data including the type of electrical appliance and its energy efficiency level within its coverage area (that is, the multi-dimensional and multi-angle electricity consumption within its coverage area is obtained. data), the details are as follows:
(1)根据聚合数据C
j:
(1) According to the aggregated data C j :
(2)控制中心解密密文:(2) The control center decrypts the ciphertext:
令
所以C=g
D·R
NmodN
2依然可以被控制中心用私钥(λ,μ)解密获得D:
make So C=g D · R N modN 2 can still be decrypted by the control center with the private key (λ, μ) to obtain D:
进一步,由于上述的每种类型的每种能效等级数据都小于d:Further, since each energy efficiency level data of each type mentioned above is less than d:
由此可得:Therefore:
其中,
以此类推,可以得到所有电器类型及其等效等级的用电数据
in, By analogy, the electricity consumption data of all electrical appliance types and their equivalent grades can be obtained
相较于现有多维数据聚合方案采集的用电数据只精确到电器的类型,本系统采集了包含电器类型及其能效等级的用电数据,如
实现了多维度多角度用电数据的采集,提高了控制中心收集用电数据的精度,可以统计更微观的数据。
Compared with the existing multi-dimensional data aggregation solutions, the electricity consumption data collected is only accurate to the type of electrical appliances. This system collects electricity consumption data including electrical appliance types and their energy efficiency levels, such as It realizes the collection of multi-dimensional and multi-angle electricity consumption data, improves the accuracy of electricity consumption data collection by the control center, and can count more microscopic data.
本发明实施例提供的一种基于雾的多维度多角度用电数据的聚合系统,具有以下有益效果:A fog-based multi-dimensional and multi-angle electricity data aggregation system provided by the embodiment of the present invention has the following beneficial effects:
(1)控制中心根据每个用户的电器类型及其能效等级信息,为每个电表分配一组相匹配的超递增序列,电表能够采集用户的包含电器类型及其能效等级的用电信息,控制中心得到了其负责区域内的多维度和多角度的用电数据,相较于现有多维数据聚合方案中采集的用电数据只精确到电器的类型,本系统提高了采集用电数据的精度,可以统计更微观的数据,能够便于公用事业供应商实时地动态获取总体用电量,以实施需求侧管理。(1) The control center assigns a set of matching super-increasing sequences to each electric meter according to the electrical appliance type and energy efficiency level information of each user. The center has obtained multi-dimensional and multi-angle electricity consumption data in its responsible area. Compared with the electricity consumption data collected in the existing multi-dimensional data aggregation scheme, the electricity consumption data is only accurate to the type of electrical appliances. This system improves the accuracy of electricity consumption data collection. , more microscopic data can be counted, and it is convenient for utility suppliers to dynamically obtain the overall power consumption in real time to implement demand-side management.
(2)相比现有的多维数据聚合方案,本系统的控制中心根据每个用户的电器类型及其能效等级信息,为每个电表分配一组相匹配的超递增序列,解决了目前方案中攻击方只要获得一组超递增序列,就可以恢复所有用户的数据的问题。(2) Compared with the existing multi-dimensional data aggregation scheme, the control center of the system assigns a set of matching super-increasing sequences to each electric meter according to the electrical appliance type and energy efficiency level information of each user, which solves the problem in the current scheme. As long as the attacker obtains a set of super-increasing sequences, the data of all users can be recovered.
(3)电表在采集用电数据之前,雾节点在聚合用电数据之前,均向控制中心进行身份认证,以防止不诚实或虚假的电表伪造数据,从而导致不准确的聚合结果。(3) Before the electricity meter collects the electricity consumption data, the fog nodes all perform identity authentication to the control center before aggregating the electricity consumption data, so as to prevent dishonest or false electricity meters from falsifying the data, resulting in inaccurate aggregation results.
(4)本系统中没有关于用户的用电数据被披露,安全性得到保障。(4) In this system, no electricity consumption data about the user is disclosed, and the security is guaranteed.
(5)由于本系统不需要第三方(TTP)参与,所以不需要执行如EPPA方案中的双线性配对等复杂操作,减少了操作复杂度,提高了通信效率。(5) Since the system does not require the participation of a third party (TTP), it does not need to perform complex operations such as bilinear pairing in the EPPA scheme, which reduces operational complexity and improves communication efficiency.
参照图6至图11,本发明的一个实施例,提供一组本方案和EPPA和MMDAPP方案的仿真实验对比,其中EPPA方案的相关内容可参考文献“R.Lu,X.Liang,X.Li,X.Lin and X.Shen,"EPPA:An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications,"in IEEE Transactions on Parallel and Distributed Systems,vol.23,no.9,pp.1621-1631,Sept.2012.”;MMDAPP方案的相关内容可参考文献“X.Yang,S.Zhang and B.Wang,"Multi-data Aggregation Scheme Based on Multiple Subsets to Realize User Privacy Protection,"2018 12th IEEE International Conference on Anti-counterfeiting,Security,and Identification(ASID),Xiamen,China,pp.61-65,2018.”,具体实验结果如下:Referring to FIGS. 6 to 11, an embodiment of the present invention provides a set of simulation experiments comparisons between the present scheme and the EPPA and MMDAPP schemes, wherein the relevant content of the EPPA scheme can refer to the literature "R.Lu, X.Liang, X.Li , X.Lin and X.Shen,"EPPA:An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications,"in IEEE Transactions on Parallel and Distributed Systems,vol.23,no.9,pp.1621-1631, Sept.2012."; For the relevant content of the MMDAPP scheme, please refer to the literature "X.Yang,S.Zhang and B.Wang,"Multi-data Aggregation Scheme Based on Multiple Subsets to Realize User Privacy Protection,"2018 12th IEEE International Conference on Anti-counterfeiting,Security,and Identification(ASID),Xiamen,China,pp.61-65,2018.”, the specific experimental results are as follows:
设数据共有10种电器类型,图6展示了电表的计算开销与电器类型的数量的关系。显然,与EPPA和MMDAPP方案相比,本方案中电表的计算开销显著降低。另一方面,雾节点的计算开销与用户数量的关系如图7所示,与EPPA和MMDAPP方案相比,本方案中雾节点的计算开销曲线的斜率较低。当 用户的数量n=200,400,600,800,1000时,本方案相比EPPA和MMDAPP方案依次节省了448.65ms、890.65ms、1332.65ms、1774.65ms、2216.65ms的计算开销。通常情况下,如果计算开销过高,计算能力和频率的限制会导致数据延迟和其他故障。因此,与EPPA和MMDAPP方案相比,本方案无疑更适合智能电网中的数据聚合。Assuming that there are 10 types of electrical appliances in the data, Figure 6 shows the relationship between the calculation cost of the electricity meter and the number of electrical appliance types. Obviously, compared with the EPPA and MMDAPP schemes, the calculation overhead of the electricity meter in this scheme is significantly reduced. On the other hand, the relationship between the computational overhead of fog nodes and the number of users is shown in Figure 7. Compared with the EPPA and MMDAPP schemes, the slope of the computational overhead curve of the fog nodes in this scheme is lower. When the number of users is n=200, 400, 600, 800, and 1000, this scheme saves 448.65ms, 890.65ms, 1332.65ms, 1774.65ms, and 2216.65ms of computational overhead in turn compared with the EPPA and MMDAPP schemes. Typically, if the computational overhead is too high, limitations in computing power and frequency can cause data delays and other failures. Therefore, compared with the EPPA and MMDAPP schemes, this scheme is undoubtedly more suitable for data aggregation in the smart grid.
设数据共有10种电器类型,而前五种电器类型中每种电器类型的等效等级数都是3,后五种电器类型中每种电器类型的等效等级都是5。本方案与EPPA和MMDAPP方案中数据细粒度的对比如图8所示。显然,EPPA和MMDAPP方案中得到的数据只能精确到多种电器类型,而本方案中得到的数据不仅可以精确到多种电器类型,还可以精确到每一电器类型的多种等效等级。因此本方案所得到的数据更详细且更具有分析价值。Suppose there are 10 types of electrical appliances in the data, and the number of equivalent grades for each of the first five electrical appliance types is 3, and the equivalent grade of each electrical appliance type in the last five electrical appliance types is 5. Figure 8 shows a comparison of the fine-grained data between this scheme and the EPPA and MMDAPP schemes. Obviously, the data obtained in the EPPA and MMDAPP schemes can only be accurate to a variety of electrical appliance types, while the data obtained in this scheme can not only be accurate to a variety of electrical appliance types, but also accurate to multiple equivalent levels of each electrical appliance type. Therefore, the data obtained by this program are more detailed and have more analytical value.
假设用户数量n=1,电器类型的个数为10,电表和雾节点之间、雾节点和控制中心之间的通信开销分别如图9和图10所示。从图9和图10可以清楚地看出本方案在电表与雾节点之间通信开销和雾节点与控制中心之间的通信开销均小于EPPA和MMDAPP方案,且通信开销的大小与电器类型的个数无关。Assuming that the number of users is n=1, and the number of electrical appliance types is 10, the communication overhead between the electricity meter and the fog node, and between the fog node and the control center is shown in Figure 9 and Figure 10, respectively. It can be clearly seen from Figure 9 and Figure 10 that the communication overhead between the electricity meter and the fog node and the communication overhead between the fog node and the control center in this scheme are smaller than those of the EPPA and MMDAPP schemes, and the size of the communication overhead is different from the type of electrical appliance. Number doesn't matter.
假设用户电表的数量为n=200,400,600,800,1000时,在电表和雾节点通信期间,本方案相比EPPA和MMDAPP方案依次节省了6400字节、12800字节、19200字节、25600字节、32000字节的带宽。电表和雾节点之间的通信总开销如图11所示。Assuming that the number of user electricity meters is n=200, 400, 600, 800, 1000, during the communication between electricity meters and fog nodes, this scheme saves 6400 bytes, 12800 bytes, 19200 bytes, 25600 bytes, and 32000 words in turn compared with EPPA and MMDAPP schemes. section bandwidth. The total communication overhead between the meter and the fog node is shown in Figure 11.
从图11可以看出,与EPPA和MMDAPP方案相比,本方案的通信开销要更低一点。更重要的是,相比EPPA和MMDAPP方案,本方案得到的数据不仅可以精确到多种电器类型,还可以精确到每一电器类型的多种等效等级。综上所述,本方案有效地降低了通信成本,提高了通信效率。As can be seen from Figure 11, compared with the EPPA and MMDAPP schemes, the communication overhead of this scheme is lower. More importantly, compared with the EPPA and MMDAPP schemes, the data obtained by this scheme can not only be accurate to a variety of electrical appliance types, but also accurate to multiple equivalent levels of each electrical appliance type. To sum up, the solution effectively reduces the communication cost and improves the communication efficiency.
尽管已经示出和描述了本发明的实施例,本领域的普通技术人员可以理解:在不脱离本发明的原理和宗旨的情况下可以对这些实施例进行多种变化、修改、替换和变型,本发明的范围由权利要求及其等同物限定。Although embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, The scope of the invention is defined by the claims and their equivalents.
Claims (7)
- 一种基于雾的多维度多角度用电数据的聚合系统,其特征在于:包括控制中心、与控制中心通信连接的若干个雾节点,控制中心的覆盖范围分为若干个子区域,每个子区域内含有一个雾节点,每个雾节点与其覆盖范围内的若干个电表通信连接;A fog-based multi-dimensional and multi-angle electricity data aggregation system, characterized in that it includes a control center and several fog nodes that communicate with the control center, and the coverage of the control center is divided into several sub-areas. Contains a fog node, each fog node is connected to several electricity meters within its coverage area;控制中心分别根据每个电表的覆盖范围内的电器类型及其能效等级信息,基于同态Paillier加密方法分别为每个电表生成对应的一组超递增序列,将所述超递增序列发送至对应的电表;The control center generates a corresponding set of super-increasing sequences for each electric meter based on the homomorphic Paillier encryption method according to the types of electrical appliances within the coverage area of each electric meter and its energy efficiency level information, and sends the super-increasing sequences to the corresponding electricity meter;每个电表采集包含电器类型及其能效等级的用电数据,并使用所述超递增序列加密用电数据生成密文,将密文封装成用电消息后发送至对应的雾节点;Each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and encrypts the electricity consumption data using the super-increasing sequence to generate ciphertext, and encapsulates the ciphertext into an electricity consumption message and sends it to the corresponding fog node;每个雾节点将接收到的所有密文进行聚合得到聚合数据,将所述聚合数据封装成聚合消息发送至控制中心;Each fog node aggregates all received ciphertexts to obtain aggregated data, and encapsulates the aggregated data into aggregated messages and sends them to the control center;控制中心解密接收到的所有所述聚合数据,得到控制中心覆盖范围内的包含电器类型及其能效等级的用电数据。The control center decrypts all the received aggregated data, and obtains electricity consumption data including the types of electrical appliances and their energy efficiency levels within the coverage area of the control center.
- 根据权利要求1所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,控制中心生成超递增序列之前,每个电表与雾节点均向控制中心提交身份验证消息,控制中心对身份验证消息进行验证。The fog-based multi-dimensional and multi-angle electricity data aggregation system according to claim 1, characterized in that, before the control center generates the super-increasing sequence, each electricity meter and the fog node submit an identity verification message to the control center, The Control Center verifies the authentication message.
- 根据权利要求2所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,所述每个电表与雾节点均向控制中心提交身份验证消息,控制中心对身份验证消息进行验证,具体包括:The fog-based multi-dimensional and multi-angle electricity data aggregation system according to claim 2, wherein each electricity meter and fog node submit an identity verification message to the control center, and the control center verifies the identity verification message. Validate, which includes:电表生成第一随机数,并根据第一随机数、虚拟身份和第一密钥生成第一数字签名,将虚拟身份、第一数字签名和第一随机数封装成身份验证消息后通过对应的雾节点发送控制中心,其中,虚拟身份为控制中心分配,用于电表的身份识别;第一密钥为控制中心分配给电表的私钥;The electricity meter generates a first random number, and generates a first digital signature according to the first random number, the virtual identity and the first key, and encapsulates the virtual identity, the first digital signature and the first random number into an authentication message and passes through the corresponding fog. The node sends the control center, wherein the virtual identity is allocated by the control center for identification of the electric meter; the first key is the private key allocated by the control center to the electric meter;雾节点生成第二随机数,根据身份标签、第二随机数和第一共享密钥生成第二数字签名,将身份标签、第二数字签名和第二随机数封装成消息后发送控制中心,其中,身份标签为控制中心分配,用于雾节点的身份识别;第一共享密钥为控制中心分配,作为对应的雾节点和控制中心之间的共享密钥;The fog node generates a second random number, generates a second digital signature according to the identity label, the second random number and the first shared key, and encapsulates the identity label, the second digital signature and the second random number into a message and sends it to the control center, where , the identity label is allocated by the control center and used for identification of the fog node; the first shared key is allocated by the control center as a shared key between the corresponding fog node and the control center;控制中心根据虚拟身份和第一数字签名对电表的身份进行验证,根据第二数字签名对雾节点的身份进行验证。The control center verifies the identity of the electric meter according to the virtual identity and the first digital signature, and verifies the identity of the fog node according to the second digital signature.
- 根据权利要求3所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,所述每个电表采集包含电器类型及其能效等级的用电数据,并使用所述超递增序列加密用电数据生成密文,将密文封装成用电消息后发送至对应的雾节点,具体包括:The fog-based multi-dimensional and multi-angle electricity consumption data aggregation system according to claim 3, wherein each electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, and uses the ultra The power consumption data is encrypted in an incremental sequence to generate ciphertext, and the ciphertext is encapsulated into a power consumption message and sent to the corresponding fog node, including:电表采集包含电器类型及其能效等级的用电数据,并生成第三随机数,根据第三随机数和所述超递增序列对采集的用电数据进行加密,生成密文;The electricity meter collects electricity consumption data including the type of electrical appliance and its energy efficiency level, generates a third random number, encrypts the collected electricity consumption data according to the third random number and the super-increasing sequence, and generates a ciphertext;电表根据密文、第二共享密钥和当前时间戳,生成第三数字签名,其中,第二共享密钥为控制中心分配,作为对应的电表与雾节点之间的共享密钥;The electricity meter generates a third digital signature according to the ciphertext, the second shared key and the current timestamp, wherein the second shared key is allocated by the control center as a shared key between the corresponding electricity meter and the fog node;电表选择一个临时身份,将临时身份、密文、当前时间戳和第三数字签名封装成用电消息后发送至对应的雾节点,其中,雾节点每次为电表分配一组临时身份;The electricity meter selects a temporary identity, encapsulates the temporary identity, ciphertext, current time stamp and third digital signature into a electricity consumption message and sends it to the corresponding fog node, wherein the fog node assigns a set of temporary identities to the electricity meter each time;雾节点对临时身份、当前时间戳和第三数字签名进行验证,若验证成功,则保留接收的数据。The fog node verifies the temporary identity, the current timestamp and the third digital signature, and if the verification is successful, the received data is retained.
- 根据权利要求4所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,电表每使用一个临时身份后,删除该临时身份,当所有临时身份均删除后,请求对应的雾节点重新分配一组临时身份。A fog-based aggregation system for multi-dimensional and multi-angle electricity consumption data according to claim 4, characterized in that, after each temporary identity is used by the electricity meter, the temporary identity is deleted, and when all temporary identities are deleted, the corresponding temporary identity is requested. The fog nodes reassign a set of ephemeral identities.
- 根据权利要求3所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,所述每个雾节点将接收到的所有密文进行聚合得到聚合数据,将所述聚合数据封装成聚合消息发送至控制中心,具体包括:The fog-based multi-dimensional and multi-angle electricity data aggregation system according to claim 3, wherein each fog node aggregates all received ciphertexts to obtain aggregated data, and the aggregated The data is encapsulated into aggregated messages and sent to the control center, including:雾节点将接收到的所有密文进行聚合得到聚合数据;The fog node aggregates all received ciphertexts to obtain aggregated data;雾节点根据身份标签、聚合数据、第一共享密钥和当前时间戳,生成第四数字签名;The fog node generates a fourth digital signature according to the identity tag, aggregated data, first shared key and current timestamp;雾节点将身份标签、聚合数据、当前时间戳和第四数字签名封装成聚合消息后发送至控制中心;The fog node encapsulates the identity tag, aggregated data, current timestamp and fourth digital signature into an aggregated message and sends it to the control center;控制中心对当前时间戳和第四数字签名进行验证,若验证成功,则保留接收的数据。The control center verifies the current time stamp and the fourth digital signature, and if the verification is successful, the received data is retained.
- 根据权利要求3所述的一种基于雾的多维度多角度用电数据的聚合系统,其特征在于,控制中心 每次对身份验证消息进行验证之后,重新为每个电表分配一个新的虚拟身份。The fog-based multi-dimensional and multi-angle electricity data aggregation system according to claim 3, wherein the control center re-assigns a new virtual identity to each electricity meter after each verification of the identity verification message. .
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010598535.9A CN111800400B (en) | 2020-06-28 | 2020-06-28 | Multi-dimensional multi-angle electricity data aggregation system based on fog |
| CN202010598535.9 | 2020-06-28 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2022001535A1 true WO2022001535A1 (en) | 2022-01-06 |
Family
ID=72803949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2021/096910 WO2022001535A1 (en) | 2020-06-28 | 2021-05-28 | Fog-based multi-dimensional multi-angle electricity consumption data aggregating system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111800400B (en) |
| WO (1) | WO2022001535A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001657A (en) * | 2022-02-25 | 2022-09-02 | 华东师范大学 | Fault-tolerant privacy protection data aggregation method supporting dynamic addition and deletion of members |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800400B (en) * | 2020-06-28 | 2022-11-08 | 长沙理工大学 | Multi-dimensional multi-angle electricity data aggregation system based on fog |
| US20220190641A1 (en) * | 2020-12-15 | 2022-06-16 | Landis+Gyr Innovations, Inc. | Adaptive metering in a smart grid |
| CN113141355B (en) * | 2021-04-13 | 2022-02-08 | 长沙理工大学 | Electricity consumption encrypted data anomaly detection method and system based on full homomorphism |
| CN113691380B (en) * | 2021-10-26 | 2022-01-18 | 西南石油大学 | Multidimensional private data aggregation method in smart power grid |
| CN114124376B (en) * | 2021-11-23 | 2023-05-23 | 中国标准化研究院 | Data processing method and system based on network data acquisition |
| CN114662642A (en) * | 2022-05-25 | 2022-06-24 | 天津奥美自动化系统有限公司 | Valve control method and system based on Internet of things |
| CN116956358B (en) * | 2023-06-26 | 2024-03-22 | 广东技术师范大学 | Smart grid signature and verification method based on grid encryption |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944263A (en) * | 2014-04-15 | 2014-07-23 | 北京国电通网络技术有限公司 | Power grid control method and system with various load devices |
| CN105376182A (en) * | 2015-11-30 | 2016-03-02 | 国网吉林省电力有限公司信息通信公司 | Power grid resource management and allocation method and system |
| US20190317818A1 (en) * | 2018-04-17 | 2019-10-17 | Cognizant Technology Solutions India Pvt. Ltd. | System and method for efficiently and securely managing a network using fog computing |
| CN110677849A (en) * | 2018-07-02 | 2020-01-10 | 中兴通讯股份有限公司 | Privacy protection method, device, equipment and storage medium of communication terminal |
| CN111294366A (en) * | 2020-05-13 | 2020-06-16 | 西南石油大学 | Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid |
| CN111800400A (en) * | 2020-06-28 | 2020-10-20 | 长沙理工大学 | Multi-dimensional multi-angle electricity data aggregation system based on fog |
-
2020
- 2020-06-28 CN CN202010598535.9A patent/CN111800400B/en active Active
-
2021
- 2021-05-28 WO PCT/CN2021/096910 patent/WO2022001535A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944263A (en) * | 2014-04-15 | 2014-07-23 | 北京国电通网络技术有限公司 | Power grid control method and system with various load devices |
| CN105376182A (en) * | 2015-11-30 | 2016-03-02 | 国网吉林省电力有限公司信息通信公司 | Power grid resource management and allocation method and system |
| US20190317818A1 (en) * | 2018-04-17 | 2019-10-17 | Cognizant Technology Solutions India Pvt. Ltd. | System and method for efficiently and securely managing a network using fog computing |
| CN110677849A (en) * | 2018-07-02 | 2020-01-10 | 中兴通讯股份有限公司 | Privacy protection method, device, equipment and storage medium of communication terminal |
| CN111294366A (en) * | 2020-05-13 | 2020-06-16 | 西南石油大学 | Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid |
| CN111800400A (en) * | 2020-06-28 | 2020-10-20 | 长沙理工大学 | Multi-dimensional multi-angle electricity data aggregation system based on fog |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001657A (en) * | 2022-02-25 | 2022-09-02 | 华东师范大学 | Fault-tolerant privacy protection data aggregation method supporting dynamic addition and deletion of members |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111800400A (en) | 2020-10-20 |
| CN111800400B (en) | 2022-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022001535A1 (en) | Fog-based multi-dimensional multi-angle electricity consumption data aggregating system | |
| CN111294366B (en) | Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid | |
| Gu et al. | Secure data query framework for cloud and fog computing | |
| Okay et al. | A secure data aggregation protocol for fog computing based smart grids | |
| Fouda et al. | A lightweight message authentication scheme for smart grid communications | |
| CN110536259A (en) | A kind of lightweight secret protection data multilevel polymerization calculated based on mist | |
| AI et al. | Privacy-preserving Of Electricity Data Based On Group Signature And Homomorphic Encryption | |
| CN105812128B (en) | A kind of anti-malicious data of intelligent grid excavates the data aggregation method of attack | |
| CN110460570B (en) | Smart power grid data encryption method and decryption method with forward security | |
| CN113452690B (en) | Power grid data transmission method, device, system and medium | |
| CN115766263B (en) | Multidimensional electric power data privacy protection aggregation method and system based on cloud and fog calculation | |
| CN112468445A (en) | AMI lightweight data privacy protection method for power Internet of things | |
| CN112291191A (en) | Lightweight privacy protection multidimensional data aggregation method based on edge calculation | |
| Bao et al. | Bbnp: a blockchain-based novel paradigm for fair and secure smart grid communications | |
| Ali et al. | ALPHA: An Anonymous Orthogonal Code-Based Privacy Preserving Scheme for Industrial Cyber–Physical Systems | |
| CN104636672A (en) | Security data reporting method and security data reporting system on basis of Hash trees and anonymity technologies | |
| CN115085940A (en) | Private data aggregation method and system for smart power grid | |
| CN110311792B (en) | Electric quantity data and privacy protection method in smart power grid | |
| CN112532389A (en) | Smart power grid lightweight privacy protection data aggregation method based on block chain | |
| Han et al. | IP 2 DM for V2G networks in smart grid | |
| Vijayanand et al. | Bit masking based secure data aggregation technique for Advanced Metering Infrastructure in Smart Grid system | |
| CN111786978A (en) | Electric power data aggregation acquisition method and device, computer equipment and storage medium | |
| Guan et al. | Protecting user privacy based on secret sharing with fault tolerance for big data in smart grid | |
| Tang et al. | An Efficient Scheme to Secure Data Provenance in Home Area Networks | |
| Uludag et al. | Practical and secure machine-to-machine data collection protocol in smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 21832852 Country of ref document: EP Kind code of ref document: A1 |