引用本文: | 张少敏,王志男,王保义.基于可信计算的用电信息采集终端完整性检测方案[J].电力自动化设备,2017,37(12): |
| ZHANG Shaomin,WANG Zhinan,WANG Baoyi.Terminal integrity detection scheme of electricity information acquisition system based on trusted computing[J].Electric Power Automation Equipment,2017,37(12): |
|
摘要: |
针对信息物理融合下用电信息采集终端面临的信息安全风险问题,结合采集终端的特点,提出了一种基于可信计算的终端完整性检测方案以保护终端安全。从信任结构、可信平台模块扩展方式、扩展策略三方面改进了可信计算组织的检测方案,减少了信任传递损失,并提高了扩展在计算上的灵活性。在验证所提扩展方式可行性和安全性的基础上,重新设计了扩展策略。与原方案相比,所提方案对计算资源、存储空间的占用都有一定的优化,也为终端提供了支持动态信任度量的方法。 |
关键词: 信息物理融合系统 用电信息采集 完整性检测 可信计算 信任结构 扩展方式 扩展策略 |
DOI:10.16081/j.issn.1006-6047.2017.12.008 |
分类号:TM73 |
基金项目:国家自然科学基金资助项目(61502168,61300040);河北省自然科学基金资助项目(F2016502069) |
|
Terminal integrity detection scheme of electricity information acquisition system based on trusted computing |
ZHANG Shaomin, WANG Zhinan, WANG Baoyi
|
School of Control and Computer Engineering, North China Electric Power University, Baoding 071003, China
|
Abstract: |
Aiming at the information security risks faced by terminals of cyber-physical electricity information acquisition system, a terminal integrity detection scheme based on trusted computing is proposed to ensure the security of terminals considering the characteristics of acquisition terminals. The detection scheme of trusted computing group is improved from three aspects, i. e. trust structure, extended mode of trusted platform module and extended strategy, to reduce the loss of trust transmission and improve the computing flexibility of extension. Based on the verification of the proposed extension mode’s feasibility and security, a new extension strategy is designed. Compared with the original scheme, the proposed scheme can optimize the computing resource and storage space to a certain level and can provide a dynamic trust measurement method for terminals. |
Key words: cyber-physical system electricity information acquisition integrity detection trusted computing trust structure extension mode extension strategy |