电力物联网可信树形批量认证机制

doi:10.11930/j.issn.1004-9649.202101024

中国电力 ›› 2022, Vol. 55 ›› Issue (5): 149-157.DOI: 10.11930/j.issn.1004-9649.202101024

电力物联网可信树形批量认证机制

赵保华^1,2,3, 王志皓^2,3, 陈连栋⁴, 任春卉^2,3, 余发江⁵, 徐庆⁵

1. 北京工业大学计算机学院，北京 100124;
2. 国网智能电网研究院有限公司，北京 102209;
3. 电力系统人工智能国家电网公司联合实验室（国网智能电网研究院有限公司），北京 102209;
4. 国网河北省电力有限公司信息通信分公司，河北石家庄 050021;
5. 武汉大学国家网络安全学院，湖北武汉 430072

收稿日期:2021-01-05 修回日期:2021-12-01 出版日期:2022-05-28 发布日期:2022-05-18
作者简介:赵保华（1984—），男，博士，工程师，从事信息安全研究，E-mail：zbh1984_1@126.com;任春卉（1993—），女，通信作者，硕士，工程师，从事计算机技术研究，E-mail：ren1198997229@163.com
基金资助:
国家电网有限公司科技项目（基于可信计算的物联基础软硬件安全防护关键技术应用研究，5700-202013190 A-0-0-00）

A Trusted Batch Authentication Mechanism Based on Tree for Power Internet of Things

ZHAO Baohua^1,2,3, WANG Zhihao^2,3, CHEN Liandong⁴, REN Chunhui^2,3, YU Fajiang⁵, XU Qing⁵

1. School of Computer Science，Beijing University of Technology, Beijing 100124，China;
2. State Grid Smart Grid Research Institute Co., Ltd.，Beijing 102209，China;
3. Artificial Intelligence on Electric Power System State Grid Corporation Joint Laboratory (State Grid Smart Grid Research Institute Co.,Ltd.), Beijing 102209，China;
4. State Grid Hebei Information & Telecommunication Branch, Shijiazhuang 050021, China;
5. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China

Received:2021-01-05 Revised:2021-12-01 Online:2022-05-28 Published:2022-05-18
Supported by:
This work is supported by the Science and Technology Project of SGCC (Research on the Application of Key Technologies for the Security of Basic Software and Hardware of the Internet of Things Based on Trusted Computing, No.5700-202013190A-0-0-00)

摘要/Abstract

摘要： 电力物联网设备需要进行可信度量，然而现有数据处理架构存在云端压力过大的问题，现有可信度量架构也存在效率低下、消耗过大等问题。提出一种适用于云边协同电力物联网环境的基于树形结构的可信批量认证机制。该机制采用云边端协同的边缘计算架构缓解云平台压力，设备采用一种轻量级可信架构进行可信度量，获取度量信息；非平衡哈希树存储结构在设备认证时传递的认证信息较少并在一定程度上保障了隐私；采用稀疏哈希树多值证明方式生成认证信息，实现设备的批量认证。进行了安全威胁分析、原型实现和性能分析，实验表明该机制在树形结构的构造耗时上优于默克尔哈希树，在设备的可信认证耗时上优于IMA线性结构，在批量认证时，能大大减少认证信息的大小。

关键词: 电力物联网, 云边协同, 可信度量, 非平衡哈希树, 批量认证

Abstract: Devices in power Internet of things need to be trusted measurement. However, the existing data processing architecture has problems such as excessive pressure in cloud platform, and the existing trusted measurement architecture also has problems such as low efficiency and excessive consumption. This paper proposed a trusted batch authentication mechanism based on unbalanced hash tree, which is suitable for power Internet of things based on cloud-edge collaborative. The edge computing architecture of cloud-edge collaboration is adopted to lighten the load of cloud platform. The device adopts a lightweight trusted architecture for trusted measurement to obtain measurement information. The structure of unbalanced hash tree generates less verification information during device verification and protects privacy. The sparse Merkel tree multiproofs method is used to generate the verification information to implement the batch authentication of devices. In this paper, the security threat analysis, prototype implementation and performance analysis are carried out. The experimental results show that this mechanism is better than Merkel hash tree in building the tree, and better than IMA linear structure in trusted authentication of devices. And in batch verification, it can greatly reduce the size of verification information.

Key words: power Internet of things, cloud-edge collaboration, trusted measurement, unbalanced hash tree, batch authentication

赵保华, 王志皓, 陈连栋, 任春卉, 余发江, 徐庆. 电力物联网可信树形批量认证机制[J]. 中国电力, 2022, 55(5): 149-157.

ZHAO Baohua, WANG Zhihao, CHEN Liandong, REN Chunhui, YU Fajiang, XU Qing. A Trusted Batch Authentication Mechanism Based on Tree for Power Internet of Things[J]. Electric Power, 2022, 55(5): 149-157.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202101024

https://www.electricpower.com.cn/CN/Y2022/V55/I5/149

参考文献

[1] ZHEN Y, ZENG L K, CHEN X, et al. Study of architecture of power Internet of Things[C]//IET International Conference on Communication Technology and Application (ICCTA 2011). Beijing, China. IET, 2011.
[2] BEDI G, VENAYAGAMOORTHY G K, SINGH R, et al. Review of Internet of Things (IoT) in electric power and energy systems[J]. IEEE Internet of Things Journal, 2018, 5(2): 847–870.
[3] 翟少磊, 李博, 张林山, 等. 电力物联网信息化控制中一种高效的认知通信方法[J]. 中国电力, 2016, 49(8): 130–134
ZHAI Shaolei, LI Bo, ZHANG Linshan, et al. An efficient cognitive radio communication algorithm for electric power IOT information control[J]. Electric Power, 2016, 49(8): 130–134
[4] 李苏秀, 刘林, 王雪, 等. 泛在电力物联网商业模式理论体系与设计架构[J]. 中国电力, 2019, 52(9): 1–9
LI Suxiu, LIU Lin, WANG Xue, et al. Theoretical framework and architecture design of e-IoT business model[J]. Electric Power, 2019, 52(9): 1–9
[5] DING C T, ZHOU A, LIU Y X, et al. A cloud-edge collaboration framework for cognitive service[J]. IEEE Transactions on Cloud Computing, 7008, PP(99): 1.
[6] WANG T, ZHANG G X, LIU A F, et al. A secure IoT service architecture with an efficient balance dynamics based on cloud and edge computing[J]. IEEE Internet of Things Journal, 2019, 6(3): 4831–4843.
[7] SHEN S H, HAN Y W, WANG X F, et al. Computation offloading with multiple agents in edge-computing–supported IoT[J]. ACM Transactions on Sensor Networks, 2020, 16(1): 1–27.
[8] 袁性忠, 张鹭, 罗迪, 等. 基于边缘计算的能量自治区域调度策略[J]. 智慧电力, 2021, 49(8): 46–54
YUAN Xingzhong, ZHANG Lu, LUO Di, et al. Energy autonomous region scheduling strategy based on edge computing[J]. Smart Power, 2021, 49(8): 46–54
[9] WANG Q J, SHAO S J, GUO S Y, et al. Task allocation mechanism of power Internet of Things based on cooperative edge computing[J]. IEEE Access, 2020, 8: 158488–158501.
[10] RATHEE G, SANDHU R, SAINI H, et al. A trust computed framework for IoT devices and fog computing environment[J]. Wireless Networks, 2020, 26(4): 2339–2351.
[11] NUNES I D O, ELDEFRAWY K, RATTANAVIPANON N, et al. VRASED: a verified hardware/software co-design for remote attestation[C]// USENIX Security. 2019.
[12] TAN H L, TSUDIK G, JHA S. MTRA: Multi-tier randomized remote attestation in IoT networks[J]. Computers & Security, 2019, 81: 78–93.
[13] 孔垂跃, 陈羽, 赵乾名. 基于MQTT协议的配电物联网云边通信映射研究[J]. 电力系统保护与控制, 2021, 49(8): 168–176
KONG Chuiyue, CHEN Yu, ZHAO Qianming. Research on cloud-side communication mapping of the distribution Internet of Things based on MQTT protocol[J]. Power System Protection and Control, 2021, 49(8): 168–176
[14] CHEN B B, DONG X S, BAI G D, et al. Secure and efficient software-based attestation for industrial control devices with ARM processors[C]//Proceedings of the 33 rd Annual Computer Security Applications Conference. Orlando FL USA. New York, NY, USA: ACM, 2017.
[15] SAILER R, ZHANG X, JAEGER T, et al. Design and implementation of a TCG-based integrity measurement architecture[C]// Proceedings of the 13 th USENIX Security Symposium, August 9–13, 2004, San Diego, CA, USA. USENIX Association, 2004.
[16] JAEGER T, SAILER R, SHANKAR U. PRIMA: policy-reduced integrity measurement architecture[C]//Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies - SACMAT '06. Lake Tahoe, California, USA. New York: ACM Press, 2006.
[17] 徐梓耀, 贺也平, 邓灵莉. 一种保护隐私的高效远程验证机制[J]. 软件学报, 2011, 22(2): 339–352
XU Ziyao, HE Yeping, DENG Lingli. Efficient remote attestation mechanism with privacy protection[J]. Journal of Software, 2011, 22(2): 339–352
[18] 翁晓康, 张平, 王炜, 等. 基于非平衡哈希树的平台完整性远程验证机制[J]. 计算机应用, 2014, 34(2): 433–437
WENG Xiaokang, ZHANG Ping, WANG Wei, et al. Remote attestation mechanism for platform integrity based on unbalanced-Hash tree[J]. Journal of Computer Applications, 2014, 34(2): 433–437
[19] 司羽飞, 谭阳红, 汪沨, 等. 面向电力物联网的云边协同结构模型[J]. 中国电机工程学报, 2020, 40(24): 7973–7979,8234
SI Yufei, TAN Yanghong, WANG Feng, et al. Cloud-edge collaborative structure model for power Internet of Things[J]. Proceedings of the CSEE, 2020, 40(24): 7973–7979,8234
[20] DU X X, ZHOU Z B, ZHANG Y Q. Energy-efficient data aggregation through the collaboration of cloud and edge computing in Internet of thing's networks[J]. Procedia Computer Science, 2020, 174: 269–275.
[21] 陈璐, 孙亚杰, 张立强, 等. 物联网环境下基于DICE的设备度量方案[J]. 信息网络安全, 2020, 20(4): 21–30.
CHEN Lu, SUN Yajie, ZHANG Liqiang, et al. A scheme of measurement for terminal equipment based on DICE in IoT[J]. Netinfo Security, 2020, 20(4): 21–30.
[22] “DICE. ”[EB/OL][2020-12-23]. https://trustedcomputing group.org/work-groups/dice-architectures/
[23] Understanding sparse Merkle multiproofs | Weald Technology [EB/OL]. (2019-03-01)[2020-12-23]. https://www.wealdtech.com/articles/understanding-sparse-merkle-multiproofs/
[24] RAMABAJA L, AVDULLAHU A. Compact merkle multiproofs[M]. 2020

电力物联网可信树形批量认证机制

A Trusted Batch Authentication Mechanism Based on Tree for Power Internet of Things

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈伟铭, 陈金玉, 范元亮, 吴涵, 李泽文, 王光达, 李怡然. 基于智能融合终端云边协同的智能台区实用化设计及应用[J]. 中国电力, 2024, 57(4): 190-199.
[2]	吴赞红. 面向强干扰电力物联网的低功耗数据回传方法[J]. 中国电力, 2024, 57(11): 191-198.
[3]	张超, 赵冬梅, 季宇, 张颖. 基于改进深度Q网络的虚拟电厂实时优化调度[J]. 中国电力, 2024, 57(1): 91-100.
[4]	赵建立, 向佳霓, 汤卓凡, 漆磊, 艾芊, 王帝, 殷爽睿. 虚拟电厂在上海的实践探索与前景分析[J]. 中国电力, 2023, 56(2): 1-13.
[5]	翟峰, 冯云, 程凯, 蔡绍堂, 于丽莹, 杨挺. 基于信息熵的多源电力物联终端设备信任度评价方法[J]. 中国电力, 2022, 55(5): 158-165.
[6]	赵丙镇, 王栋, 钱雪, 李军. 基于区块链的电力物联网信任网关设计与实现[J]. 中国电力, 2021, 54(7): 192-197.
[7]	佘蕊, 张宁池, 王艳茹, 郭丹丹, 马文洁, 刘卉, 张洁. 面向电力物联网的5G通信认知无线电NOMA系统研究[J]. 中国电力, 2021, 54(5): 35-45.
[8]	刘世栋, 卜宪德, 刘川, 田峰. 基于计算卸载的电力物联网能效优化研究[J]. 中国电力, 2021, 54(5): 28-34,45.
[9]	熊轲, 张锐晨, 王蕊, 钟桂东, 张煜. 5G助力电力物联网：网络架构与关键技术[J]. 中国电力, 2021, 54(3): 99-108.
[10]	刘铭, 刘念, 韩晓艺, 彭林宁, 付华, 陈一悰. 一种基于射频指纹的电力物联网设备身份识别方法[J]. 中国电力, 2021, 54(3): 80-88.
[11]	林洁瑜, 崔维平. 基于双链区块链的电力数据资产交易系统架构[J]. 中国电力, 2021, 54(11): 164-170,180.
[12]	李苏秀, 刘林, 王雪, 代红才, 赵留军. 泛在电力物联网商业模式理论体系与设计架构[J]. 中国电力, 2019, 52(9): 1-9.
[13]	王哲, 赵宏大, 朱铭霞, 周霞, 解相朋, 谢宏福, 臧必鹏. 电力无线专网在泛在电力物联网中的应用[J]. 中国电力, 2019, 52(12): 27-38.
[14]	陈家璘, 贺易, 李磊, 周正, 孙俊, 张洁. 泛在电力物联网传输网优化关键技术研究[J]. 中国电力, 2019, 52(12): 20-26,38.
[15]	王申华, 何湘威, 方小方, 陈冰松, 郭创新. 基于泛在电力物联网多源信息的电网动态风险评估系统[J]. 中国电力, 2019, 52(12): 10-19.

模态框（Modal）标题

电力物联网可信树形批量认证机制

A Trusted Batch Authentication Mechanism Based on Tree for Power Internet of Things

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics