高级检索
    冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
    引用本文: 冯景瑜, 于婷婷, 王梓莹, 张文波, 韩刚, 黄文华. 电力物联场景下抗失陷终端威胁的边缘零信任模型[J]. 计算机研究与发展, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
    Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129
    Citation: Feng Jingyu, Yu Tingting, Wang Ziying, Zhang Wenbo, Han Gang, Huang Wenhua. An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments[J]. Journal of Computer Research and Development, 2022, 59(5): 1120-1132. DOI: 10.7544/issn1000-1239.20211129

    电力物联场景下抗失陷终端威胁的边缘零信任模型

    An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments

    • 摘要: 信息化技术在电力行业的不断深入,使得电力物联网的暴露面大幅增加.攻击者以失陷终端为跳板渗入网络内部,可以窃取电力工业系统中的敏感数据或实施破坏.面对海量电力终端接入的零信任中心化部署瓶颈,提出了一种边缘零信任模型.围绕密集的电力终端,分布式多点部署零信任引擎,实时收集信任因素并上链存储.通过维护一个联盟区块链——信任因素区块链(trust factors chain, TF_chain),存储型边缘服务器同步共享电力终端在移动中产生的信任因素,便于追踪溯源和防止信息被篡改.提取异常因子和敏感因子,进行动态信任评估,对失陷终端的突变行为实现信任值迅速衰减,在认证中及时阻断失陷终端威胁.采用轻量级签密,确保认证信息从边缘到云端传递的安全性.仿真结果表明,所提出的模型可以分散中心化部署的零信任处理负载,在边缘化部署条件下有效抗击失陷终端威胁.

       

      Abstract: With the continuous penetration of information technology into the power industry, the exposure of power IoT networks has been further increased. Attackers can use compromised terminals as the springboard to infiltrate the network, and thus stealing sensitive data or doing damage in the power industry system. Aiming at the bottleneck of zero-trust centralized deployment of massive power terminals access, an edge zero-trust model is proposed. Around the dense power terminals, zero-trust engine should be deployed in manner of distributed multi- points. Trust factors are collected in real time and stored on the blockchain. By maintaining a consortium blockchain called TF_chain, the storage edge servers can synchronously share trust factors generated by power terminals on the move, and thus facilitating traceability and preventing tampering. The abnormal and sensitive factors are extracted to carry out dynamic trust evaluation. The trust value can be rapidly attenuated by the sudden behaviors of compromised terminals, so as to fast prevent their threats during the authentication. A lightweight signcryption method is adopted to ensure the security of authentication information transmitted from edge to cloud. The simulation results show that the proposed model can disperse the zero-trust processing load of centralized deployment and effectively fight against compromised terminals threats under the condition of marginal deployment.

       

    /

    返回文章
    返回