An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments

With the continuous penetration of information technology into the power industry, the exposure of power IoT networks has been further increased. Attackers can use compromised terminals as the springboard to infiltrate the network, and thus stealing sensitive data or doing damage in the power industry system. Aiming at the bottleneck of zero-trust centralized deployment of massive power terminals access, an edge zero-trust model is proposed. Around the dense power terminals, zero-trust engine should be deployed in manner of distributed multi- points. Trust factors are collected in real time and stored on the blockchain. By maintaining a consortium blockchain called TF_chain, the storage edge servers can synchronously share trust factors generated by power terminals on the move, and thus facilitating traceability and preventing tampering. The abnormal and sensitive factors are extracted to carry out dynamic trust evaluation. The trust value can be rapidly attenuated by the sudden behaviors of compromised terminals, so as to fast prevent their threats during the authentication. A lightweight signcryption method is adopted to ensure the security of authentication information transmitted from edge to cloud. The simulation results show that the proposed model can disperse the zero-trust processing load of centralized deployment and effectively fight against compromised terminals threats under the condition of marginal deployment.