• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
高级检索

电力物联场景下抗失陷终端威胁的边缘零信任模型

冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华

冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
引用本文: 冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
shu
Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
Citation: Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
shu
冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. CSTR: 32373.14.issn1000-1239.20211129
引用本文: 冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. CSTR: 32373.14.issn1000-1239.20211129
shu
Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. CSTR: 32373.14.issn1000-1239.20211129
Citation: Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. CSTR: 32373.14.issn1000-1239.20211129
shu

电力物联场景下抗失陷终端威胁的边缘零信任模型

  • 1(西安邮电大学无线网络安全技术国家工程实验室 西安 710121)

  • 2(国网江苏省电力有限公司电力科学研究院 南京 211103) (zhangwenbo@xupt.edu.cn)

基金项目: 国家自然科学基金项目(62102312);国家电网有限公司科技项目(J2021206)
详细信息

  • 中图分类号: TP393

An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments

  • 1(National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications, Xi’an 710121)

  • 2(Electric Power Research Institute, State Grid Jiangsu Electric Power Co., Ltd., Nanjing 211103)

Funds: This work was supported by the National Natural Science Foundation of China (62102312) and the Science and Technology Project of State Grid Co., Ltd. (J2021206).

HTML全文

    摘要
  • 摘要: 信息化技术在电力行业的不断深入,使得电力物联网的暴露面大幅增加.攻击者以失陷终端为跳板渗入网络内部,可以窃取电力工业系统中的敏感数据或实施破坏.面对海量电力终端接入的零信任中心化部署瓶颈,提出了一种边缘零信任模型.围绕密集的电力终端,分布式多点部署零信任引擎,实时收集信任因素并上链存储.通过维护一个联盟区块链——信任因素区块链(trust factors chain, TF_chain),存储型边缘服务器同步共享电力终端在移动中产生的信任因素,便于追踪溯源和防止信息被篡改.提取异常因子和敏感因子,进行动态信任评估,对失陷终端的突变行为实现信任值迅速衰减,在认证中及时阻断失陷终端威胁.采用轻量级签密,确保认证信息从边缘到云端传递的安全性.仿真结果表明,所提出的模型可以分散中心化部署的零信任处理负载,在边缘化部署条件下有效抗击失陷终端威胁.
    Abstract: With the continuous penetration of information technology into the power industry, the exposure of power IoT networks has been further increased. Attackers can use compromised terminals as the springboard to infiltrate the network, and thus stealing sensitive data or doing damage in the power industry system. Aiming at the bottleneck of zero-trust centralized deployment of massive power terminals access, an edge zero-trust model is proposed. Around the dense power terminals, zero-trust engine should be deployed in manner of distributed multi- points. Trust factors are collected in real time and stored on the blockchain. By maintaining a consortium blockchain called TF_chain, the storage edge servers can synchronously share trust factors generated by power terminals on the move, and thus facilitating traceability and preventing tampering. The abnormal and sensitive factors are extracted to carry out dynamic trust evaluation. The trust value can be rapidly attenuated by the sudden behaviors of compromised terminals, so as to fast prevent their threats during the authentication. A lightweight signcryption method is adopted to ensure the security of authentication information transmitted from edge to cloud. The simulation results show that the proposed model can disperse the zero-trust processing load of centralized deployment and effectively fight against compromised terminals threats under the condition of marginal deployment.
    • HTML全文
    • 参考文献(0)
    • 相关文章
    • 施引文献(12)

  • 期刊类型引用(3)

    1. 王嘉诚,王凯,王昊奋,杜渂,何之栋,阮彤,刘井平. 面向远程监督命名实体识别的噪声检测. 计算机研究与发展. 2024(04): 916-928 . 本站查看
    2. 王鹏,刘小明,杨关,刘杰,刘阳. 基于潜层关系增强的实体和关系联合抽取. 计算机工程与设计. 2024(06): 1780-1788 . 百度学术
    3. 郑志蕴,徐亚媚,李伦,张行进,李钝. 融合位置特征注意力与关系增强机制的远程监督关系抽取. 小型微型计算机系统. 2023(12): 2678-2684 . 百度学术

    其他类型引用(9)

    • 资源附件(0)
计量
  • 文章访问数:  276
  • HTML全文浏览量:  7
  • PDF下载量:  170
  • 被引次数: 12
出版历程
  • 发布日期:  2022-04-30

目录

摘要
HTML全文
    参考文献(0)
    相关文章
    施引文献(12)
    资源附件(0)

    /

    返回文章
    返回
    邮件订阅 RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    版权所有 © 《计算机研究与发展》编辑部

    本系统由北京仁和汇智信息技术有限公司开发  百度统计