面向边缘计算的电力终端轻量级认证协议

doi:10.11930/j.issn.1004-9649.202204082

中国电力 ›› 2023, Vol. 56 ›› Issue (4): 88-94.DOI: 10.11930/j.issn.1004-9649.202204082

• 面向数字配电网的边缘计算与控制技术 • 上一篇下一篇

面向边缘计算的电力终端轻量级认证协议

杨晋祥¹, 彭勇刚¹, 蔡田田², 习伟², 邓清唐²

1. 浙江大学电气工程学院, 浙江杭州 310027;
2. 南方电网数字电网研究院有限公司, 广东广州 510640

收稿日期:2021-04-19 修回日期:2023-03-13 出版日期:2023-04-28 发布日期:2023-04-26
作者简介:杨晋祥(1997-),男,硕士研究生,从事配电网终端安全接入研究,E-mail:yjxmail@zju.edu.cn;彭勇刚(1978-),男,通信作者,博士,教授,从事分布式发电、智能电网等研究,E-mail:pengyg@zju.edu.cn
基金资助:
国家重点研发计划资助项目（2020YFB0906000）。

Power Terminal Lightweight Authentication Protocol for Edge Computing

YANG Jinxiang¹, PENG Yonggang¹, CAI Tiantian², XI Wei², DENG Qingtang²

1. College of Electrical Engineering, Zhejiang University, Hangzhou 310027, China;
2. Digital Grid Research Institute, CSG, Guangzhou 510640, China

Received:2021-04-19 Revised:2023-03-13 Online:2023-04-28 Published:2023-04-26
Supported by:
This work is supported by the National Key Research and Development Program of China (No.2020YFB0906000).

摘要/Abstract

摘要： 边缘计算有效缓解了云平台的计算压力，降低网络带宽消耗，但也带来了新的安全问题，传统的认证机制不再适用于“云边端”网络架构，对此提出一种轻量级云边协同的双向身份认证协议，针对海量资源受限的电力终端，仅基于哈希与异或操作实现认证，减轻终端计算压力与带宽传输压力。利用安全协议与应用自动化验证工具（automated validation of internet security protocols and applications，AVISPA）以及安全特性分析验证协议的安全性，分析和仿真结果表明：所提协议可以抵抗重放攻击和仿冒攻击等，与同类型协议相比，具有更小的计算和通信开销。

关键词: 边缘计算, 电力终端, 双向认证, 轻量级

Abstract: Edge computing effectively relieves the computing pressure of cloud platform and reduces the consumption of network transmission bandwidth, but it brings new security problems as well, the traditional authentication mechanism no longer applies to “cloud-edge-end” network architecture. We proposed a lightweight two-way authentication protocol based on cloud-edge collaboration. In view of the limited resources of massive power terminal, the protocol is only based on a Hash and XOR operation to achieve certification, so it reduces the pressure of terminal calculation and transmission bandwidth. Its security was successfully verified by AVISPA tool together with informal analysis. The analysis and simulation results show that the protocol can resist replay attack, impersonation attack and so on. In addition, the comparison with similar protocols shows that the protocol has less computation and communication overhead.

Key words: edge computing, electrical terminal, mutual authentication, lightweight

杨晋祥, 彭勇刚, 蔡田田, 习伟, 邓清唐. 面向边缘计算的电力终端轻量级认证协议[J]. 中国电力, 2023, 56(4): 88-94.

YANG Jinxiang, PENG Yonggang, CAI Tiantian, XI Wei, DENG Qingtang. Power Terminal Lightweight Authentication Protocol for Edge Computing[J]. Electric Power, 2023, 56(4): 88-94.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202204082

https://www.electricpower.com.cn/CN/Y2023/V56/I4/88

参考文献

[1] IBRAHIM M. Octopus: an edge-fog mutual authentication scheme[J]. Int J Netw Secur, 2016, 18: 1089–1101.
[2] 房卫东, 张武雄, 潘涛, 等. 一种分层无线传感网的匿名双因素用户认证协议[J]. 工程科学与技术, 2020, 52(3): 168–177
FANG Weidong, ZHANG Wuxiong, PAN Tao, et al. An anonymous two-factor user authentication protocol for hierarchical wireless sensor network[J]. Advanced Engineering Sciences, 2020, 52(3): 168–177
[3] WANG J, WU L B, CHOO K K R, et al. Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure[J]. IEEE Transactions on Industrial Informatics, 2020, 16(3): 1984–1992.
[4] JIA X Y, HE D B, KUMAR N, et al. A provably secure and efficient identity-based anonymous authentication scheme for mobile edge computing[J]. IEEE Systems Journal, 2020, 14(1): 560–571.
[5] CHEN Y, WEN H, WU J S, et al. Clustering based physical-layer authentication in edge computing systems with asymmetric resources[J]. Sensors (Basel, Switzerland), 2019, 19(8): 1926.
[6] BADAR H M S, QADRI S, SHAMSHAD S, et al. An identity based authentication protocol for smart grid environment using physical uncloneable function[J]. IEEE Transactions on Smart Grid, 2021, 12(5): 4426–4434.
[7] ROBERTS B, AKKAYA K, BULUT E, et al. An authentication framework for electric vehicle-to-electric vehicle charging applications[C]//2017 IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). Orlando, FL, USA. IEEE, 2017: 565–569.
[8] LING C H, LEE C C, YANG C C, et al. A secure and efficient one-time password authentication scheme for WSN[J]. Int. J. Netw. Secur., 2017, 19(2): 177–181.
[9] WANG G D, TIAN D B, GU F Q, et al. Design of terminal security access scheme based on trusted computing in ubiquitous electric Internet of Things[C]//2020 IEEE 9 th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). Chongqing, China. IEEE, 2021: 188–192.
[10] 程洋, 雷敏, 罗群. 基于深度学习的物联网终端设备接入认证方法[J]. 信息网络安全, 2020, 20(11): 67–74
CHENG Yang, LEI Min, LUO Qun. Access authentication method for IoT terminal devices based on deep learning[J]. Netinfo Security, 2020, 20(11): 67–74
[11] DOLEV D, YAO A. On the security of public key protocols[J]. IEEE Transactions on Information Theory, 1983, 29(2): 198–208.
[12] ARMANDO A, BASIN D, BOICHUT Y, et al. The AVISPA tool for the automated validation of internet security protocols and applications[M]//Computer Aided Verification. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005: 281–285.
[13] MANSOOR K, GHANI A, CHAUDHRY S A, et al. Securing IoT-based RFID systems: a robust authentication protocol using symmetric cryptography[J]. Sensors (Basel, Switzerland), 2019, 19(21): 4752.
[14] WAZID M, DAS A K, SHETTY S, et al. LDAKM-EIoT: lightweight device authentication and key management mechanism for edge-based IoT deployment[J]. Sensors (Basel, Switzerland), 2019, 19(24): 5539.
[15] FARASH M S, TURKANOVIĆ M, KUMARI S, et al. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment[J]. Ad Hoc Networks, 2016, 36(P1): 152–176.
[16] JIA X Y, HE D B, KUMAR N, et al. Authenticated key agreement scheme for fog-driven IoT healthcare system[J]. Wireless Networks, 2019, 25(8): 4737–4750.
[17] ZHOU L, LI X, YEH K H, et al. Lightweight IoT-based authentication scheme in cloud computing circumstance[J]. Future Generation Computer Systems, 2019, 91: 244–251.
[18] MASUD M, ALAZAB M, CHOUDHARY K, et al. 3 P-SAKE: privacy-preserving and physically secured authenticated key establishment protocol for wireless industrial networks[J]. Computer Communications, 2021, 175: 82–90.
[19] 王茜, 杨德礼. 验证电子商务协议的新逻辑分析方法[J]. 系统工程学报, 2009, 24(1): 32–38
WANG Qian, YANG Deli. New logic analysis method for the verification of electronic commerce protocol[J]. Journal of Systems Engineering, 2009, 24(1): 32–38
[20] LU Y R, LI L X, PENG H P, et al. An energy efficient mutual authentication and key agreement scheme preserving anonymity for wireless sensor networks[J]. Sensors (Basel, Switzerland), 2016, 16(6): 837.
[21] WU F, XU L L, KUMARI S, et al. A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security[J]. Journal of Ambient Intelligence and Humanized Computing, 2017, 8(1): 101–116.
[22] 李露, 谢映宏, 许永军, 等. 一种DNP3 SAv5的安全架构在配网终端的设计与应用[J]. 电力系统保护与控制, 2022, 50(17): 154–166
LI Lu, XIE Yinghong, XU Yongjun, et al. Design and implementation of a DNP3 SAv5 secure architecture in a distribution network terminal[J]. Power System Protection and Control, 2022, 50(17): 154–166
[23] 孔垂跃, 陈羽, 赵乾名. 基于MQTT协议的配电物联网云边通信映射研究[J]. 电力系统保护与控制, 2021, 49(8): 168–176
KONG Chuiyue, CHEN Yu, ZHAO Qianming. Research on cloud-side communication mapping of the distribution Internet of Things based on MQTT protocol[J]. Power System Protection and Control, 2021, 49(8): 168–176
[24] 刘林彬, 苗泉强, 李俊娥. 基于模糊测试的GOOSE协议解析漏洞挖掘方法[J]. 中国电力, 2022, 55(4): 33–43
LIU Linbin, MIAO Quanqiang, LI June. A method for mining GOOSE protocol parsing vulnerabilities based on fuzzing[J]. Electric Power, 2022, 55(4): 33–43
[25] 李精松, 刘路翊, 曹尚, 等. 适应变电站智能运维的智能协议转换方法[J]. 电力系统保护与控制, 2021, 49(18): 146–153
LI Jingsong, LIU Luyi, CAO Shang, et al. An intelligent protocol conversion method for intelligent substation operation and maintenance[J]. Power System Protection and Control, 2021, 49(18): 146–153

面向边缘计算的电力终端轻量级认证协议

Power Terminal Lightweight Authentication Protocol for Edge Computing

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 12

编辑推荐

Metrics

[1]	魏明江, 李鹏, 于浩, 冀浩然, 宋关羽, 习伟. 数字配电网边缘计算模拟实验平台[J]. 中国电力, 2024, 57(3): 12-19.
[2]	夏向阳, 谭欣欣, 单周平, 李辉, 徐志强, 吴晋波, 岳家辉, 陈贵全. 储能电站锂离子电池本体安全关键技术及新技术应用情况[J]. 中国电力, 2024, 57(11): 1-17.
[3]	李天楚, 容斌, 伍智鹏, 黄珏, 黄开来, 杨刚, 易杨. 基于边缘计算的风电群非故意发射超高次谐波抑制策略[J]. 中国电力, 2023, 56(8): 200-206,215.
[4]	吴钢, 周金辉, 李慧. 面向边缘增强分布式电力无线传感网的资源分配[J]. 中国电力, 2023, 56(8): 77-85,98.
[5]	孙毅, 常少南, 陈恺, 崔强, 沈维捷. 面向电工智慧物联的服务缓存和计算卸载策略[J]. 中国电力, 2022, 55(4): 23-32,43.
[6]	陆旭, 陈影, 许中平, 张海全, 慕春芳, 陈恺, 孙毅. 面向5G边缘计算网络的联合需求响应与任务卸载策略[J]. 中国电力, 2022, 55(10): 209-218.
[7]	黄冬梅, 王玥琦, 胡安铎, 孙锦中, 时帅, 孙园, 房岭锋. 融合多维度特征的绝缘子状态边缘识别方法[J]. 中国电力, 2022, 55(1): 133-141.
[8]	刘世栋, 卜宪德, 刘川, 田峰. 基于计算卸载的电力物联网能效优化研究[J]. 中国电力, 2021, 54(5): 28-34,45.
[9]	靳开元, 杨建华, 陈正, 王维洲, 侯斌, 薛文景. 基于区块链的分布式光伏就地消纳交易模式研究[J]. 中国电力, 2021, 54(5): 8-16.
[10]	路艳巧, 孙翠英, 曹红卫, 闫红伟. 基于边缘计算与深度学习的输电设备异物检测方法[J]. 中国电力, 2020, 53(6): 27-33.
[11]	钱斌, 蔡梓文, 肖勇, 杨劲锋, 董歆滢, 谷科. 基于边缘计算的电表计量系统数据协同检测方案[J]. 中国电力, 2019, 52(11): 145-152.
[12]	李彬, 贾滨诚, 陈宋宋, 杨斌, 孙毅, 祁兵. 边缘计算在电力供需领域的应用展望[J]. 中国电力, 2018, 51(11): 154-162.

模态框（Modal）标题

面向边缘计算的电力终端轻量级认证协议

Power Terminal Lightweight Authentication Protocol for Edge Computing

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 12

编辑推荐

Metrics