SG-Edge: Key technologies of trusted edge computing framework for power Internet of Things——(1)

Enterprise 2023-12-17 01:31:07 views: null

Today’s paper sharing: SG-Edge: Key technologies of trusted edge computing framework for power Internet of Things

SG-Edge: Key technologies of trusted edge computing framework for power Internet of Things

  • In 2019, the State Grid Corporation of China's "Two Sessions" made a strategic deployment to comprehensively promote the construction of "three types and two networks" and accelerate the creation of a world-class energy Internet enterprise with global competitiveness. This is the specific practice of the network power strategy in the company and the implementation of the central government's Deploying and giving full play to the important measures of central enterprises to take the lead is an inevitable requirement to adapt to internal and external situations and challenges. The power Internet of Things is to fully apply modern information technology and advanced communication technology such as mobile Internet and artificial intelligence around all aspects of the power system to realize power All aspects of the system are interconnected and human-computer interactive. It is a smart service system with comprehensive status awareness, efficient information processing, and convenient and flexible application. Building the power Internet of Things will provide safer power grid operation, leaner management, more accurate investment, and better services. It has opened up a new path, and at the same time, it can also give full play to the unique advantages of the power grid and open up the huge blue ocean market of the digital economy. Building the power Internet of Things is the core task of implementing the strategic goal of "three types, two networks, and world-class".
  • With the gradual advancement of the power Internet of Things, edge computing frameworks have gradually become a research hotspot. The designs of edge computing frameworks are diverse and generally include the following functions: resource management based on edge operating systems, sub-device access, data collection and equipment Control, security management, application management, and IoT platform interaction functions. According to the design goals and application deployment scenarios, it can generally be divided into “edge computing for the Internet of Things, edge computing for edge cloud services, and edge computing for cloud-edge integration. There are three categories of "computing". Among them, the power Internet of Things not only has the characteristics of edge computing for the Internet of Things, but also has certain application scenarios of cloud-edge integration.
  • To this end, this paper designs and implements a set of trusted edge computing framework SG-Edge adapted to the power Internet of Things to meet the edge computing functional requirements of the power Internet of Things, focusing on ensuring edge computing security through safe operation and hardware assurance technology. Credible. The framework technology route is as follows.
    · In terms of the framework technology route, fully draw on mature frameworks to meet growing business needs; at the same time, combine the framework with power security
    Design;
    · In terms of level protection compliance, full consideration is given to the use of the trusted boot mechanism of new hardware to enable the edge gateway to boot from the CPU to
    Trusted verification from BootLoader to the operating system kernel to achieve active immunity, ensure safe startup of firmware, and safe and trusted upgrades;
    · In terms of software behavior security assurance, through TrustZone and trusted security modules, etc. Physical isolation measures ensure the security of trusted software base, and realize the determination of software dynamic behavior through stream processing;
    · In terms of situation awareness and threat monitoring, combine the KillChain model and ATT&CK knowledge base to build Based on behavioral analysis from the attack perspective, abnormal attacks are discovered, which can be used as a supplement to the trust guarantee system to further enhance the active defense capabilities of the Internet of Things.
    Section 1 of this article reviews the existing framework and related work of edge computing. Make a summary and identify the advantages and disadvantages of each framework. Section 2 provides an overall introduction to the design ideas of the SG-Edge edge computing framework. Section 3 summarizes the key technical points of the trusted protection mechanism of SG-Edge. Section 4 starts from Carry out a comprehensive evaluation of SG-Edge in terms of feasibility, performance and security. Section 5 summarizes the full text and conducts a preliminary discussion on future research directions worthy of attention.

1 Introduction

1.1 Establishment and progress of the power Internet of Things

  • in academic research.
  • In October 2016, IEEE and ACM formally established the IEEE/ACM Symposium on Edge Computing
    Computing, forming an academic forum jointly recognized by academia, industry, and government. Research and discussion have been carried out on the application value and research direction of edge computing. In the past two years, we have paid special attention to performance, security, application scenarios, cloud-edge collaboration and integration with AI and other technologies in the Internet of Things scenario.
    In May 2018, the Edge Computing Technology Seminar (SEC China 2018) was held in Xi'an. Many universities and scientific research institutions interactively discussed edge computing and further sorted out the needs of developers. In addition, many domestic scholars focused on data in edge computing scenarios. Extensive research has also been carried out on models, computing models, industrial applications, network security, etc. In terms of standardization. In 2017, IEC released a VEI (vertical edge intelligence) white paper, which introduced the important value of edge computing for vertical industries such as manufacturing. ISO/IEC established an edge computing research group. In the IEEE P2413 IoT framework (standard for an architectural framework for the IoT), edge computing has become an important connotation of the framework. China Communications Standards Association (CCSA) established an industrial Internet ad hoc Group (ST8).
    · In terms of industrial alliance.
  • In November 2016, Huawei, China Electric Power Research Institute, China Academy of Information and Communications Technology, Intel, ARM and iSoftStone Information Technology Co., Ltd. jointly initiated the Edge Computing Industry Alliance. On November 28, 2019, the Edge Computing Industry Alliance released 3 The white papers in the field of edge computing are respectively "Edge Computing IT Infrastructure White Paper 1.0 (2019)", "Operator Edge Computing Network Technology White Paper", and "Edge Computing Security White Paper". In 2017, at the Industrial Internet Alliance, a global industry organization Under the organization of IIC, Edge Computing TG was established to define part of the edge computing reference framework.
  • In 2019, the State Grid Corporation of China's "Two Sessions" made a strategic plan to comprehensively promote the construction of "three types and two networks" and accelerate the creation of a world-class energy Internet enterprise with global competitiveness. Many researchers in the power industry have also begun related application research and practice. [22-25]. China Southern Power Grid Company proposed the concept of "transparent grid": combining modern information technology with the power grid, installing small and micro intelligent sensors on the power grid to display all aspects of the power system, including transparent power supply information and network information. Transparent, transparent market information, transparent equipment status, transparent operating status, transparent transaction status, etc., forming a "transparent grid". The power Internet of Things has the dual attributes of industrial control systems and industrial Internet of Things, while ensuring high security and high reliability. On this basis, it proposes operation and maintenance functions such as APP containerization and trusted remote upgrade with industrial Internet of Things characteristics to quickly respond to business needs.

1.2 Power Internet of Things edge computing framework

  • In terms of specific edge computing frameworks, edge computing for the Internet of Things, edge computing for edge cloud services, and edge computing for cloud-edge integration are currently the mainstream edge computing frameworks. Among them,
  • · Edge computing for the Internet of Things is committed to solving problems existing in the process of developing and deploying Internet of Things applications, such as diverse device access methods. Taking the standardized interoperability framework EdgeX Foundry for the development of industrial Internet of Things edge computing as an example, It provides an extremely simplified and standardized industrial IoT edge computing architecture around an ecosystem of interoperable components; Apache Edgent is a programming model and microkernel-style runtime edge framework that focuses on how to handle data from the edge. Efficient analysis and processing of data can accelerate the development process of edge computing applications in data analysis. It can be deployed in edge computing running Java virtual machines to analyze data from devices in real time. It has rich APIs and is suitable for the actual acceleration of the Internet of Things. Development needs; Predix[28] is oriented to the manufacturing industry, provides a development framework, supports access to open field protocols, and enhances edge computing functions. Partners develop corresponding device access and edge computing functions; · Oriented to edge cloud services Edge computing mainly focuses on optimizing or rebuilding the infrastructure at the edge of the network to build a data center at the edge of the network and provide cloud center-like services, usually found at the network edge of network operators, such as cellular network base stations. Representative examples include CORD of the Open Network Foundation (ONF) uses software-defined network and network function virtualization (NFV) cloud computing technology to reconstruct the existing network edge. CORD provides edge cloud services at the operator edge, eliminating the need for users to provide Computing resources, build a platform to reduce software and hardware costs; In addition, the Linux Foundation provides a set of open source projects for high-performance edge clouds, Akraino Edge Stack, which is dedicated to developing a complete set of open source software stacks to optimize the network construction and edge infrastructure. manage;
  • · Edge computing for cloud-edge integration. Cloud computing service providers are important promoters of edge computing. Based on the concept of "cloud-edge integration", they are committed to extending cloud service capabilities to the edge of the network. Typical examples include AWS's GreenGrass and Baidu's OpenEdge[29], Alibaba's Link IoT Edge and Azure IoT Edge are edge computing frameworks that aim to hybridize cloud and edge and extend cloud functions to edge devices to obtain low latency. Edge frameworks run on edge devices, often using the cloud The same programming model. Different frameworks have different understandings, solution designs, and implementation ideas for edge computing, and compatibility between frameworks cannot be achieved. Existing computing frameworks:
  • · OpenEdge has limited functions and is tightly bound to the Baidu IoT platform, but it can learn from functional computing ideas;
  • · KubeEdge adapts to edge computing based on Kubernetes technology, has restrictions on platform technology, and is tightly coupled with the platform;
  • · EdgeX modules are decoupled, APP runs in the form of microservices, and APP management is also implemented through REST API calls. It is a relatively complete industrial IoT solution, but it lacks cloud-edge integration and security considerations. EdgeX only provides Without an interface for data export, it cannot communicate directly with the IoT management platform. The interaction process with the IoT management platform needs to be developed based on interaction specifications. EdgeX lacks functions such as application distribution, upgrade, management, business APP control, device management control, and monitoring. . At the same time, EdgeX lacks security hardening solutions and lacks design in aspects such as secure access, access control, and application command verification.

1.3 Edge-oriented security and trustworthy technology

  • · Research on security risks of Internet of Things and edge computing
    1. In terms of edge access, edge access uses insecure communication protocols and there may be malicious edge nodes;
    1. In terms of edge node security, edge node data is prone to damage, private data protection is insufficient, insecure systems and components are prone to initiate distributed denial of service, APT attacks are prone to spread, and hardware security support is insufficient;
    1. In terms of edge management, identity, credentials and access management are insufficient, account information is easily hijacked, unsafe interfaces and APIs are difficult to supervise malicious administrators. At the end of 2019, the Edge Computing Industry Alliance's "Edge Computing Security White Paper" started from identifying and explaining And positioning the architecture, design and technology related to edge security, starting from the importance and value of edge security, analyzing the challenges and demand characteristics of edge security in typical value scenarios, and proposing a reference framework for edge security and ensuring processing A combination of methods for corresponding security issues. The specific requirements of Level Protection 2.0 include physical protection of sensing node equipment, access control, intrusion prevention, sensing node device security, gateway node device security, anti-data replay, data fusion processing and sensing node management. 8 major categories of requirements, among which, sensing node device security, gateway node device security, etc. clearly require the use of Trusted 3.0 architecture to build an active protection system.
  • · Security risks and technologies for the Internet of Things and edge computing
  • At the 2019 North American Open Source Summit, Microsoft's Tarditi proposed seven different attributes of highly secure IoT devices, including several key attributes such as certificate authentication, fault reporting, and OTA security. The report focused on root of trust. And the trust base is the cornerstone of the security of the entire Internet of Things. Ning Zhenhu [31] of Beijing University of Technology proposed to combine trusted computing technology with the security mechanism of the perception layer of the Internet of Things, and studied the perception layer trusted immunity technology and the perception layer-oriented The trusted network connection technology of the Internet of Things, as well as the behavioral trustworthiness measurement technology of the perceptual network and the trustworthy certification technology of the perceptual network, ensure the security and credibility of the perception layer of the Internet of Things as a whole.
  • · Specific practices of Internet of Things and edge computing
  • Amazon adopts a universal HTTP & MQTT access solution and adds IoT device monitoring; Microsoft Azure supports the security standard Device Identity Combination Engine (DICE) and Hardware Security Module (HSM); Alibaba Cloud combines the GloablePlatform TEE idea and proposes the Link TEE solution. In terms of IoT terminal trust, in the past 20 years, we have seen various hardware security solutions and practice trends, from Trusted Platform Module TPM, ARM's TrustZone and Physical Unclonable Function (PUF), to the recent With advances such as Intel's Software Guard Extensions (SGX) and Control Flow Enforcement Technology (CET), attacks are becoming more subtle and difficult to prevent, and the dimensions of threats are constantly increasing.
  • Judging from the current research status at home and abroad, in terms of hardware mechanisms, the security and trustworthiness of IoT terminals and edge gateways can be better solved. However, judging from the solutions of manufacturers such as Microsoft, AWS, and Alibaba, based on hardware trustworthy guarantee mechanisms It is still being gradually improved, especially the implementation of the Trusted 3.0 standard for IoT terminals and the research and engineering application of dynamic measurement technology are still in their infancy.

Guess you like

Origin blog.csdn.net/qq_38978225/article/details/130125622
Recommended
Ranking
Tomcat plugin config
And a method of binding non-binding
Simulink model of permanent magnet synchronous motor control system based on FOC directional control
Converting struct to bytes in Rust
The 3 "no"s about gene editing in the Civil Code
Less than or greater escape MyBatis
The first article of 23 design patterns in java development
(9) String
The relationship between CPU, memory and cache in the computer
Remember a production accident: 300,000 orders are gone!
Daily
More
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)
2024-07-16(0)
2024-07-15(0)
2024-07-14(0)

Code World

© 2018 codetd.com