An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments
-
摘要: 信息化技术在电力行业的不断深入,使得电力物联网的暴露面大幅增加.攻击者以失陷终端为跳板渗入网络内部,可以窃取电力工业系统中的敏感数据或实施破坏.面对海量电力终端接入的零信任中心化部署瓶颈,提出了一种边缘零信任模型.围绕密集的电力终端,分布式多点部署零信任引擎,实时收集信任因素并上链存储.通过维护一个联盟区块链——信任因素区块链(trust factors chain, TF_chain),存储型边缘服务器同步共享电力终端在移动中产生的信任因素,便于追踪溯源和防止信息被篡改.提取异常因子和敏感因子,进行动态信任评估,对失陷终端的突变行为实现信任值迅速衰减,在认证中及时阻断失陷终端威胁.采用轻量级签密,确保认证信息从边缘到云端传递的安全性.仿真结果表明,所提出的模型可以分散中心化部署的零信任处理负载,在边缘化部署条件下有效抗击失陷终端威胁.Abstract: With the continuous penetration of information technology into the power industry, the exposure of power IoT networks has been further increased. Attackers can use compromised terminals as the springboard to infiltrate the network, and thus stealing sensitive data or doing damage in the power industry system. Aiming at the bottleneck of zero-trust centralized deployment of massive power terminals access, an edge zero-trust model is proposed. Around the dense power terminals, zero-trust engine should be deployed in manner of distributed multi- points. Trust factors are collected in real time and stored on the blockchain. By maintaining a consortium blockchain called TF_chain, the storage edge servers can synchronously share trust factors generated by power terminals on the move, and thus facilitating traceability and preventing tampering. The abnormal and sensitive factors are extracted to carry out dynamic trust evaluation. The trust value can be rapidly attenuated by the sudden behaviors of compromised terminals, so as to fast prevent their threats during the authentication. A lightweight signcryption method is adopted to ensure the security of authentication information transmitted from edge to cloud. The simulation results show that the proposed model can disperse the zero-trust processing load of centralized deployment and effectively fight against compromised terminals threats under the condition of marginal deployment.
-
Keywords:
- power IoT /
- zero-trust /
- edge computing /
- trust evaluation /
- blockchain
-
-
期刊类型引用(9)
1. 邢琦. 基于ECC算法的安全芯片增强双向匿名认证方法. 电子设计工程. 2024(02): 176-180+186 . 百度学术
2. 吴忠强,李孟亭. 基于CBAMTL-MobileNet V3的车载网络入侵检测. 计量学报. 2024(09): 1407-1415 . 百度学术
3. 王凯,董建阔,肖甫,吉欣仪,胡昕. 面向物联网的认证密钥协商协议研究综述. 网络空间安全科学学报. 2024(05): 2-16 . 百度学术
4. 姚海龙. 一种物联网轻量级匿名认证协议的仿冒攻击. 甘肃高师学报. 2023(02): 12-15 . 百度学术
5. 况博裕,李雨泽,顾芳铭,苏铓,付安民. 车联网安全研究综述:威胁、对策与未来展望. 计算机研究与发展. 2023(10): 2304-2321 . 本站查看
6. 蒋玉长,徐洋,李克资,秦庆凯,张思聪. 基于深度学习的轻量级车载网络入侵检测方法. 计算机工程与应用. 2023(22): 284-292 . 百度学术
7. 谢绒娜,谭莉,武佳卉,史国振,李楚涵,邓烨. 面向天地一体化网络的认证与密钥协商协议. 密码学报. 2023(05): 1035-1051 . 百度学术
8. 王理冬. 基于生成对抗网络的车载网络入侵检测系统. 安徽电子信息职业技术学院学报. 2023(04): 24-28 . 百度学术
9. 杨文山,陈骁. 基于V2X的车联网安全互信体系架构分析. 信息安全与通信保密. 2022(07): 133-139 . 百度学术
其他类型引用(3)
计量
- 文章访问数: 271
- HTML全文浏览量: 7
- PDF下载量: 166
- 被引次数: 12