CN112202731B - Power equipment authentication method - Google Patents

Power equipment authentication method Download PDF

Info

Publication number
CN112202731B
CN112202731B CN202010962024.0A CN202010962024A CN112202731B CN 112202731 B CN112202731 B CN 112202731B CN 202010962024 A CN202010962024 A CN 202010962024A CN 112202731 B CN112202731 B CN 112202731B
Authority
CN
China
Prior art keywords
legal
simulated
channel
equipment
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010962024.0A
Other languages
Chinese (zh)
Other versions
CN112202731A (en
Inventor
张宇南
蒋屹新
许爱东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
Original Assignee
CSG Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CSG Electric Power Research Institute filed Critical CSG Electric Power Research Institute
Priority to CN202010962024.0A priority Critical patent/CN112202731B/en
Publication of CN112202731A publication Critical patent/CN112202731A/en
Application granted granted Critical
Publication of CN112202731B publication Critical patent/CN112202731B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses an authentication method of power equipment, which comprises the steps of obtaining a standard environment fingerprint and a standard channel fingerprint of legal equipment in advance; when the unknown equipment simulates any legal equipment to access the smart grid, the server performs first authentication on the unknown equipment and the simulated legal equipment according to the standard environmental fingerprint of the non-simulated legal equipment and the current new environmental fingerprint of the non-simulated legal equipment; when the first authentication is failed, the server performs second authentication on the simulated legal equipment and the simulated unknown equipment according to the standard channel fingerprint of the simulated legal equipment, the current new channel fingerprint of the simulated legal equipment and the current new channel fingerprint of the simulated unknown equipment; by carrying out twice authentication on unknown equipment and simulated legal equipment, the safety authentication can be effectively realized in power equipment with limited resources and energy sources, and the authentication safety right is improved.

Description

Power equipment authentication method
Technical Field
The invention relates to the technical field of power equipment access authentication, in particular to a power equipment authentication method.
Background
With the rapid development of the internet of things and big data, a large number of intelligent metering devices, intelligent terminals and sensor devices are deployed in an intelligent power grid, wireless communication has the advantages of easiness in deployment and low economic cost, power terminals of the intelligent power grid are widely connected in a wireless communication mode, but security problems which cannot be ignored are brought, for example, clone node totalization or Sybil attack and the like are initiated, and as clone nodes have the same ID and key information as legal nodes, the traditional authentication technology based on cryptography cannot effectively prevent and detect internal node attack, so that the security of power terminal authentication is low, the complexity of an encryption algorithm is high, and the method is not suitable for power terminals with limited resources and energy.
Disclosure of Invention
Based on the above, the invention provides an electric power equipment authentication method, which can effectively realize safety authentication in electric power equipment with limited resources and energy sources and improve authentication safety.
The embodiment of the invention provides an authentication method of power equipment, which comprises the following steps:
legal equipment generates a standard environment fingerprint of the legal equipment according to the received signal strength of a plurality of channels of other legal equipment and sends the standard environment fingerprint to a server;
the server generates a standard channel fingerprint of each legal device according to the acquired signal intensity of the plurality of channels of each legal device;
when an unknown device simulates any one legal device to access the smart grid, the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated;
when the first authentication fails, the server performs second authentication on the simulated legal equipment according to the standard channel fingerprint of the simulated legal equipment and the current channel fingerprint of the simulated legal equipment; and the server performs the second authentication on the unknown equipment according to the newly generated current channel fingerprint of the unknown equipment and the current channel fingerprint of the simulated legal equipment.
As an improvement of the above solution, the generating, by the legal device, the standard environment fingerprint of the legal device according to the received signal strengths of the plurality of channels of the other legal devices includes:
the legal device calculates the signal intensity mean value of each channel of any other legal device according to the received signal intensity of the plurality of channels of any other legal device; wherein each channel acquires signal strength M times;
and the legal equipment grades a plurality of channels of any other legal equipment according to the signal intensity mean value to obtain the environment fingerprint of any other legal equipment.
As an improvement of the above scheme, the classifying, by the legal device, the plurality of channels of any one other legal device according to the signal strength mean value to obtain the environmental fingerprint of any one other legal device includes:
the legal device sorts a plurality of channels of any other legal device according to the signal intensity mean value and a set first sequence;
and the legal equipment grades the plurality of channels of any other sequenced legal equipment according to a set second sequence to obtain the environment fingerprint of any other legal equipment.
As an improvement of the above solution, the server generates a standard channel fingerprint of each legal device according to the collected signal strengths of the multiple channels of each legal device, including:
the server performs equivalent processing on each channel of any legal device according to the acquired signal strength of the plurality of channels of any legal device to obtain the equivalent signal strength of each channel of any legal device; wherein each channel acquires the signal intensity K times;
the server calculates the first equivalent signal intensity occupying rate of the ith channel of any legal device according to the signal intensity number of the ith channel of any legal device and the corresponding equivalent signal intensity number;
and the server acquires the channel fingerprint of any legal device according to the equivalent signal strengths of the plurality of channels of any legal device and the corresponding first equivalent signal strength occupation ratio.
As an improvement of the above scheme, the performing, by the server, equivalent processing on each channel of any one legal device according to the acquired signal strengths of the multiple channels of any one legal device to obtain the equivalent signal strength of each channel of any one legal device includes:
and the server takes the signal strength with the largest occurrence frequency in the K times of signal strengths of the ith channel of any legal device as the equivalent signal strength of the ith channel of any legal device.
As an improvement of the above solution, the server performs a first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device that is not simulated and the current environment fingerprint of the legal device that is not simulated, including:
the server judges whether the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated;
when the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated, determining that the unknown device and the simulated legal device pass the first authentication;
when the current environment fingerprint of the non-simulated legal device is inconsistent with the standard environment fingerprint of the non-simulated legal device, determining that the unknown device and the simulated legal device do not pass the first authentication.
As an improvement of the above scheme, the standard channel fingerprint includes: the equivalent signal strengths of a plurality of channels and corresponding first equivalent signal strength account ratios;
the server performs second authentication on the simulated legal device according to the standard channel fingerprint of the simulated legal device and the current channel fingerprint of the simulated legal device, and the second authentication includes:
the server respectively collects the intensities of signals to be processed of a plurality of channels of simulated legal equipment and unknown equipment; each channel acquires the intensity of a signal to be processed for K times;
the server compares the strength of K to-be-processed signals of the ith channel of the simulated legal equipment with the equivalent signal strength of the ith channel in the standard channel fingerprint of the simulated legal equipment, and counts the number of the K to-be-processed signals of the ith channel, which is the same as the equivalent signal strength of the ith channel in the corresponding standard channel fingerprint, as the equivalent number of the ith channel of the simulated legal equipment;
the server calculates the second equivalent signal intensity ratio of the ith channel of the simulated legal equipment according to the equivalent number of the ith channel of the simulated legal equipment and the number of the signals to be processed;
the server calculates the channel similarity of the simulated legal equipment according to the second equivalent signal strength occupation ratio of the ith channel of the simulated legal equipment and the first equivalent signal strength occupation ratio in the corresponding standard channel fingerprint;
and the server performs second authentication on the simulated legal equipment according to the channel similarity of the simulated legal equipment.
As an improvement of the above solution, the performing, by the server, the second authentication on the simulated legal device according to the channel similarity of the simulated legal device includes:
the server judges whether the channel similarity is larger than a first preset value or not;
if so, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the intelligent power grid.
As an improvement of the above solution, the performing, by the server, the second authentication on the simulated legal device according to the channel similarity of the simulated legal device includes:
the server judges whether the channel similarity is greater than a first preset value or not;
if so, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging whether the channel similarity is larger than a second preset value or not;
when the channel similarity is judged to be larger than the second preset value, the channel similarity of the legal device to be simulated for N times is calculated again;
the server judges whether the number of the channel similarities of the N +1 simulated legal devices, which are greater than the third preset value, is greater than or equal to a fourth preset value or not;
if yes, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the intelligent power grid.
As an improvement of the above solution, the server calculates the channel similarity of the simulated legal device according to the second equivalent signal strength ratio of the ith channel of the simulated legal device and the first equivalent signal strength ratio in the corresponding standard channel fingerprint, and includes:
the server calculates the occupation ratio difference value of the second equivalent signal strength occupation ratio of the ith channel of the simulated legal equipment and the first equivalent signal strength occupation ratio in the corresponding standard channel fingerprint as the channel deviation degree of the ith channel of the simulated legal equipment;
the server judges whether the channel deviation degree of the ith channel is greater than a preset threshold value or not;
if yes, judging that the ith channel of the simulated legal equipment is an unreliable channel;
if not, judging that the ith channel of the simulated legal equipment is a reliable channel;
and the server counts the number of the reliable channels of the simulated legal equipment and calculates the channel similarity of the simulated legal equipment according to the number of the reliable channels and the total number of the collected channels of the simulated legal equipment.
Compared with the prior art, the embodiment of the invention has the beneficial effects that: the method comprises the steps that a standard environment fingerprint and a standard channel fingerprint of legal equipment are obtained in advance and stored in a fingerprint library of a server to serve as subsequent authentication information; when an unknown device simulates any one legal device to access the smart grid, the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated; when the first authentication fails, the server performs second authentication on the simulated legal equipment according to the standard channel fingerprint of the simulated legal equipment and the current channel fingerprint of the simulated legal equipment; the server performs the second authentication on the unknown equipment according to the newly generated current channel fingerprint of the unknown equipment and the current channel fingerprint of the simulated legal equipment; and according to the standard environment fingerprint and the standard channel fingerprint stored in the server, the unknown equipment and the simulated legal equipment are authenticated twice, so that the safety authentication can be effectively realized in the power equipment with limited resources and energy sources, and the authentication safety right is improved.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an authentication method for an electrical device according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an authentication model of an electrical device according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a flow of an authentication method for an electrical device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Referring to fig. 1 and fig. 2, in which, fig. 1 is a flowchart of an authentication method for an electrical device according to an embodiment of the present invention; fig. 2 is a schematic diagram of an authentication model of an electrical device according to an embodiment of the present invention; a power device authentication method, comprising:
s1: legal equipment generates standard environment fingerprints of the legal equipment according to the received signal strength of a plurality of channels of other legal equipment, and sends the standard environment fingerprints to a server.
S2: and the server generates a standard channel fingerprint of each legal device according to the acquired signal strength of the plurality of channels of each legal device.
S3: when an unknown device simulates any one legal device to access the smart grid, the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated.
In the embodiment of the present invention, each of the legitimate devices has unique ID information; when unknown equipment simulates any one legal equipment to access a smart grid, the unknown equipment Eve and the simulated legal equipment Alice (x) have the same ID information, at the moment, the current environment fingerprints of the two equipment Eve and Alice (x) with the same ID information are received by the un-simulated legal equipment Alice (1, 2 \8230; x-1, x \8230n), the current environment fingerprints of the un-simulated legal equipment Alice (y), y ≠ x and the standard environment fingerprints stored in a fingerprint library are compared and analyzed, and if the environment fingerprint information of the legal equipment Alice (y) changes, the unknown equipment Eve and the simulated legal equipment Alice (x) can be judged to be suspicious equipment, an alarm is generated, and a second authentication program is started; and if so, judging that the unknown device Eve and the simulated legal device Alice (x) are legal devices. Furthermore, only one of the environmental fingerprints of the non-simulated legal device Alice (y) can be used for comparison, and the environmental fingerprints of the non-simulated legal device Alice (y) can also be combined for comparison.
S4: when the first authentication fails, the server performs second authentication on the simulated legal equipment according to the standard channel fingerprint of the simulated legal equipment and the current channel fingerprint of the simulated legal equipment; and the server performs the second authentication on the unknown equipment according to the newly generated current channel fingerprint of the unknown equipment and the current channel fingerprint of the simulated legal equipment.
In the embodiment of the invention, the unknown equipment and the simulated legal equipment are authenticated twice according to the standard environment fingerprint and the standard channel fingerprint stored in the server, so that the safety authentication can be effectively realized in the power equipment with limited resources and energy sources, and the authentication safety right is improved.
In an alternative embodiment, S1: the legal device generates the standard environment fingerprint of the legal device according to the received signal strength of a plurality of channels of other legal devices, and the method comprises the following steps:
the legal device calculates the signal intensity mean value of each channel of any other legal device according to the received signal intensity of the plurality of channels of any other legal device; wherein each channel acquires signal strength M times;
and the legal equipment grades a plurality of channels of any other legal equipment according to the signal intensity mean value to obtain the environment fingerprint of any other legal equipment.
In an optional embodiment, the classifying, by the legal device, the multiple channels of any one other legal device according to the signal strength mean value to obtain the environmental fingerprint of any one other legal device includes:
the legal device sorts a plurality of channels of any other legal device according to the signal intensity mean value and a set first sequence;
and the legal equipment grades the plurality of channels of any other sequenced legal equipment according to a set second sequence to obtain the environment fingerprint of any other legal equipment.
In the embodiment of the invention, the legal device Alice (1) collects the signal intensity of each channel of the legal device Alice (2) for a plurality of times and calculates the signal intensity mean value of each channel as the channel intensity of the corresponding channel to obtain the channel intensity of all the channels of the legal device Alice (2) by the legal device Alice (1), dividing the channel intensity values into a plurality of grades, for example, sorting all channels of the legal equipment Alice (2) from large to small or from small to large according to the channel intensity (namely the signal intensity mean value), sorting the sorted channels of the legal equipment Alice (2) from the first bit to the last bit or from the last bit to the first bit, for example, the first channel is in one grade, the last channel is in N grade, so that the channel intensity grade rule of the legal equipment Alice (2) can be obtained, the channel intensity grade rule of the legal equipment Alice (2) collected by the legal equipment Alice (1) can be used as the channel intensity grade of the legal equipment Alice (2) collected by the legal equipment Alice (1), and the signal intensity grade rule of the legal equipment Alice (x) collected by the legal equipment Alice (1) can be obtained in the same way, and in other similar manners, the channel level rule of the surrounding legal equipment Alice (x), x ≠ 1 received by the legal equipment Alice (1) is used as the environmental fingerprint collected by the legal equipment Alice (1).
In the same way, legal equipment Alice (2) receives the multichannel strength of the legal equipment Alice (x) in the surrounding environment, wherein x is not equal to 2, the channel strength is judged to be graded and used as the environmental fingerprint of the legal equipment Alice (2), and other legal equipment have the same way; legal device Alice (x) (x =1,2,3 \ 8230; \8230n) sends the self-collected environmental fingerprint to the server and saves to the fingerprint library of the server.
In an alternative embodiment, S2: the server generates a standard channel fingerprint of each legal device according to the acquired signal strength of the plurality of channels of each legal device, and the standard channel fingerprint comprises the following steps:
the server performs equivalent processing on each channel of any legal device according to the acquired signal strength of the plurality of channels of any legal device to obtain the equivalent signal strength of each channel of any legal device; wherein each channel acquires the signal intensity K times;
the server calculates the first equivalent signal intensity occupation ratio of the ith channel of any legal device according to the signal intensity number of the ith channel of any legal device and the corresponding equivalent signal intensity number;
and the server acquires the channel fingerprint of any legal device according to the equivalent signal strengths of the plurality of channels of any legal device and the corresponding first equivalent signal strength occupation ratio.
In an optional embodiment, the performing, by the server, equivalent processing on each channel of any one legal device according to the acquired signal strengths of the multiple channels of any one legal device to obtain the equivalent signal strength of each channel of any one legal device includes:
and the server takes the signal strength with the largest occurrence frequency in the K signal strengths of the ith channel of any legal device as the equivalent signal strength of the ith channel of any legal device.
In the embodiment of the present invention, a server collects N channels of a legitimate device Alice (x) (x =1,2,3 \ 8230; \8230;) and collects K times of signal strength for each channel, performs an equivalent process on the signal strength of each channel, calculates a first equivalent signal strength occupation ratio of the equivalent signal strength in a channel sample thereof, and stores the equivalent channel strength and the first equivalent signal strength occupation ratio as a channel fingerprint of the Alice device, which is specifically as follows:
Figure GDA0003984864050000101
L x set, L, representing the channel signal strengths of Alice (x) collected by a server upon registration access to a legitimate device x In the formula (y) 1i y 2i … y Ki ) Representing K signal strength data collected for channel i. The radio signal is influenced by the environment during transmission, and the channel strength value is varied according to L x The signal strength data set can judge the signal strength value with the most occurrence in each channel strength, and the signal strength value is taken as the equivalent signal strength of the channel, and the equivalent channel strength of the ith channel is recorded as y i . According to the equivalent channel strength y of the ith channel i Can judge y i At the ith letterThe first equivalent channel strength ratio of a track is denoted as J i The method comprises the following steps:
Figure GDA0003984864050000102
and K is the acquisition frequency of the signal intensity of the ith channel.
In the present inventive embodiment, the equivalent signal strength y is determined i And its equivalent channel strength ratio is denoted as J i The channel fingerprint, denoted S, that constitutes a legitimate device Alice (x) x And storing the fingerprint database;
Figure GDA0003984864050000103
the fingerprint library of the legitimate device Alice (x) stores two fingerprints, one being the device's environment fingerprint, one being the device's channel fingerprint, and two device fingerprints, collectively referred to as the legitimate device Alice (x).
In an alternative embodiment, S3: the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated, and the first authentication includes:
the server judges whether the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated;
when the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated, determining that the unknown device and the simulated legal device pass the first authentication;
when the current environment fingerprint of the non-simulated legal device is inconsistent with the standard environment fingerprint of the non-simulated legal device, determining that the unknown device and the simulated legal device do not pass the first authentication.
In the embodiment of the invention, whether the environmental fingerprints of the surrounding legal devices are changed or not can be directly judged by comparing whether the current environmental fingerprints of the non-simulated legal devices are consistent with the standard environmental fingerprints of the non-simulated legal devices or not, if so, the environmental fingerprints of the surrounding legal devices are not changed, the unknown devices and the simulated legal devices can be preliminarily judged to pass the first authentication, if not, the environmental fingerprints of the surrounding legal devices are changed, the unknown devices and the simulated legal devices can be preliminarily judged to fail the first authentication, the server sends out an alarm and starts a second authentication program, and the second authentication program is a suspicious device. Or whether the channel strength of two pieces of same ID information exists in the environmental fingerprint of the legal device which is not simulated or not can be directly judged, if so, the device which is not simulated and has the same ID information is shown to exist, the two devices which have the ID information are alarmed to be suspicious devices, the unknown device and the simulated device which do not pass the first authentication can be preliminarily judged, a second authentication program is started, and which device is a legal device and which device is provided with an illegal device in the two devices which have the same ID information is judged through the second authentication program, the illegal device does not allow communication, and the server can alarm that the ID device is illegally simulated.
In an alternative embodiment, the standard channel fingerprint comprises: the equivalent signal strengths of a plurality of channels and corresponding first equivalent signal strength account ratios;
s4: the server performs second authentication on the simulated legal device according to the standard channel fingerprint of the simulated legal device and the current channel fingerprint of the simulated legal device, and the second authentication includes:
the server respectively collects the intensities of signals to be processed of a plurality of channels of simulated legal equipment and unknown equipment; each channel acquires the intensity of a signal to be processed for K times;
the server compares the strength of K signals to be processed of the ith channel of the simulated legal equipment with the equivalent signal strength of the ith channel in the standard channel fingerprint of the simulated legal equipment, and counts the number of the K signals to be processed of the ith channel, which is the same as the equivalent signal strength of the ith channel in the corresponding standard channel fingerprint, as the equivalent number of the ith channel of the simulated legal equipment;
the server calculates the second equivalent signal intensity ratio of the ith channel of the simulated legal equipment according to the equivalent number of the ith channel of the simulated legal equipment and the number of the signals to be processed;
the server calculates the channel similarity of the simulated legal equipment according to the second equivalent signal strength occupation ratio of the ith channel of the simulated legal equipment and the first equivalent signal strength occupation ratio in the corresponding standard channel fingerprint;
and the server performs second authentication on the simulated legal equipment according to the channel similarity of the simulated legal equipment.
In an optional embodiment, the server calculates the channel similarity of the simulated legal device according to the second equivalent signal strength ratio of the ith channel of the simulated legal device and the first equivalent signal strength ratio in the corresponding standard channel fingerprint, including:
the server calculates a ratio difference value of a second equivalent signal strength ratio of the ith channel of the simulated legal equipment and a first equivalent signal strength ratio in the corresponding standard channel fingerprint as a channel deviation degree of the ith channel of the simulated legal equipment;
the server judges whether the channel deviation degree of the ith channel is greater than a preset threshold value;
if yes, judging that the ith channel of the simulated legal equipment is an unreliable channel;
if not, judging that the ith channel of the simulated legal equipment is a reliable channel;
and the server counts the number of the reliable channels of the simulated legal equipment and calculates the channel similarity of the simulated legal equipment according to the number of the reliable channels and the collected total number of the channels of the simulated legal equipment.
In the embodiment of the invention, a server acquires N channels of unknown equipment Eve with legal ID information and simulated legal equipment Alice (2), and acquires signal strength for K times, wherein the specific data are as follows:
Figure GDA0003984864050000131
Figure GDA0003984864050000132
wherein, T Alice(2) ,T Eve And collecting the signal strength set of the unknown equipment and the simulated legal equipment with the same legal ID information for the server.
Will T Alice(2) Of (y' 1i y′ 2i … y′ Ki ) Each element is matched with the channel fingerprint S of a legal device Alice (2) in the fingerprint library 2 Of the corresponding channel of (a) the equivalent signal strength y i For comparison, the same number is found and recorded as the equivalent number m i
Calculating a second equivalent signal strength to fraction according to equation (6):
Figure GDA0003984864050000133
wherein K is the acquisition frequency of the signal intensity of the ith channel, j i Representing the equivalent signal strength y of the ith channel i The occupation ratio in the ith channel reflects the basic characteristics of the channel. Wherein, the ratio J is i And j i It is impossible to be 100% and there is a certain fluctuation, and the present example further reflects the ratio J by comparison i And j i The similarity of the ith channel is as follows:
(a) Calculating the channel deviation D i
D i =J i -j i (7)
In the formula D i Reflects the similarity deviation of the ith channel in the simulated legal device Alice (2) from the fingerprint library,difference of ratio D i The smaller the channel is, the higher the similarity is reflected, and the higher the reliability is, in the embodiment of the invention, the threshold value is preset to judge whether the ith channel is a reliable channel, and if D is i If the value of (D) is greater than the threshold value, the ith channel is an unreliable channel, and if D is greater than the threshold value i If the value is less than the threshold value, the ith channel is a reliable channel.
(b) Counting the number p of reliable channels in N channels in the simulated equipment;
(c) Calculating the similarity Q;
Figure GDA0003984864050000141
and K is the acquisition frequency of the signal intensity of the ith channel. The higher the similarity Q is, the higher the reliability of the simulated legal equipment Alice (2) is, and the identification accuracy can be effectively improved by setting the threshold valve in the embodiment of the invention. The embodiment of the invention executes the similarity calculation process on the unknown device Eve, which is the same as that of the simulated legal device Alice (2), and the description is not repeated here.
In an optional embodiment, the performing, by the server, the second authentication on the simulated legal device according to the channel similarity of the simulated legal device includes:
the server judges whether the channel similarity is larger than a first preset value or not;
if so, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the intelligent power grid.
In an optional embodiment, the performing, by the server, the second authentication on the simulated legal device according to the channel similarity of the simulated legal device includes:
the server judges whether the channel similarity is greater than a first preset value or not;
if yes, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging whether the channel similarity is larger than a second preset value or not;
when the channel similarity is judged to be larger than the second preset value, the channel similarity of the simulated legal equipment is calculated again for N times;
the server judges whether the number of the channel similarities of the N +1 simulated legal devices, which are greater than the third preset value, is greater than or equal to a fourth preset value or not;
if yes, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the smart grid.
In the embodiment of the invention, when the channel similarity is judged to be not greater than the second preset value, the simulated legal equipment is directly judged to be illegal, and the simulated legal equipment is forbidden to access the smart grid; in order to further improve the identification accuracy, a method of multiple times of authentication is adopted, taking 3 times as an example, when a second authentication procedure is performed for the first time, if the similarity Q is greater than or equal to a first preset value (for example, the first preset value is 90%), the simulated legal device Alice (2) is directly judged to be a legal device, and the second and third authentication procedures are not needed; if the similarity Q in the first authentication procedure is smaller than a second preset value (for example, the second preset value is 30%), directly judging the simulated legal equipment Alice (2) as illegal equipment; and if the similarity Q in the first second authentication procedure is smaller than 90% and larger than 30%, performing second authentication procedures for two or three times, if the number of similarities Q in the third second authentication procedure which are larger than a third preset value (for example, the third preset value is 70%) is larger than or equal to a fourth preset value (for example, the fourth preset value is 2), judging that the simulated legal equipment Alice (2) is legal equipment, otherwise, judging that the simulated legal equipment Alice (2) is illegal equipment, and forbidding access.
The second authentication process of the unknown device Eve in the embodiment of the invention is the same as the second authentication process of the simulated legal device Alice (2), and the description is not repeated here.
Compared with the prior art, the embodiment of the invention has the beneficial effects that: the method comprises the steps that a standard environment fingerprint and a standard channel fingerprint of legal equipment are obtained in advance and stored in a fingerprint library of a server to serve as subsequent authentication information; when an unknown device simulates any one legal device to access the smart grid, the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated; when the first authentication is failed, the server performs second authentication on the simulated legal equipment according to the standard channel fingerprint of the simulated legal equipment and the current channel fingerprint of the simulated legal equipment, and the schematic block diagram of the whole flow of equipment authentication is shown in fig. 3; the server performs the second authentication on the unknown equipment according to the newly generated current channel fingerprint of the unknown equipment and the current channel fingerprint of the simulated legal equipment; according to the method and the device, the unknown device and the simulated legal device are authenticated twice according to the standard environment fingerprint and the standard channel fingerprint stored in the server, the identity identification authentication of the power device is carried out based on the physical characteristics of the wireless signals, the safety authentication can be effectively realized in the power device with limited resources and energy sources, and the authentication safety right is improved.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (10)

1. An electric power device authentication method, characterized by comprising:
legal equipment generates a standard environment fingerprint of the legal equipment according to the received signal strength of a plurality of channels of other legal equipment and sends the standard environment fingerprint to a server;
the server generates a standard channel fingerprint of each legal device according to the acquired signal intensity of the plurality of channels of each legal device;
when an unknown device simulates any one legal device to access the smart grid, the server performs first authentication on the unknown device and the simulated legal device according to the standard environment fingerprint of the legal device which is not simulated and the current environment fingerprint of the legal device which is not simulated;
when the first authentication fails, the server performs second authentication on the simulated legal equipment according to the standard channel fingerprint of the simulated legal equipment and the current channel fingerprint of the simulated legal equipment; and the server performs the second authentication on the unknown equipment according to the newly generated current channel fingerprint of the unknown equipment and the simulated current channel fingerprint of the legal equipment.
2. The power equipment authentication method according to claim 1, wherein the legal equipment generates a standard environmental fingerprint of the legal equipment according to the received signal strengths of a plurality of channels of other legal equipment, and the method comprises the following steps:
the legal equipment calculates the signal intensity mean value of each channel of any other legal equipment according to the received signal intensities of the plurality of channels of any other legal equipment; wherein each channel acquires signal strength M times;
and the legal equipment grades a plurality of channels of any other legal equipment according to the signal intensity mean value to obtain the environment fingerprint of any other legal equipment.
3. The power equipment authentication method according to claim 2, wherein the legal equipment ranks the plurality of channels of any one other legal equipment according to the signal strength mean value to obtain the environmental fingerprint of any one other legal equipment, and the method comprises:
the legal equipment sequences a plurality of channels of any other legal equipment according to the signal intensity mean value and a set first sequence;
and the legal equipment grades the plurality of channels of any other sequenced legal equipment according to a set second sequence to obtain the environment fingerprint of any other legal equipment.
4. The power equipment authentication method of claim 1, wherein the server generates a standard channel fingerprint of each of the legal equipment according to the collected signal strengths of the plurality of channels of each of the legal equipment, and comprises:
the server performs equivalent processing on each channel of any legal device according to the acquired signal strength of the plurality of channels of any legal device to obtain the equivalent signal strength of each channel of any legal device; wherein each channel acquires the signal intensity K times;
the server calculates the first equivalent signal intensity occupation ratio of the ith channel of any legal device according to the signal intensity number of the ith channel of any legal device and the corresponding equivalent signal intensity number;
and the server acquires the channel fingerprint of any legal device according to the equivalent signal strengths of the plurality of channels of any legal device and the corresponding first equivalent signal strength occupation ratio.
5. The method for authenticating the electric power equipment according to claim 4, wherein the server performs equivalent processing on each channel of any one legal equipment according to the collected signal strengths of the plurality of channels of any one legal equipment to obtain the equivalent signal strength of each channel of any one legal equipment, and the method comprises the following steps:
and the server takes the signal strength with the largest occurrence frequency in the K signal strengths of the ith channel of any legal device as the equivalent signal strength of the ith channel of any legal device.
6. The method for authenticating the electric power equipment, according to claim 1, wherein the server performs the first authentication on the unknown equipment and the simulated legal equipment according to the standard environmental fingerprint of the non-simulated legal equipment and the current environmental fingerprint of the non-simulated legal equipment, and comprises:
the server judges whether the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated;
when the current environment fingerprint of the legal device which is not simulated is consistent with the standard environment fingerprint of the legal device which is not simulated, determining that the unknown device and the simulated legal device pass the first authentication;
and when the current environment fingerprint of the non-simulated legal device is inconsistent with the standard environment fingerprint of the non-simulated legal device, determining that the unknown device and the simulated legal device fail the first authentication.
7. The power device authentication method of claim 4, wherein the standard channel fingerprint comprises: the equivalent signal strengths of a plurality of channels and corresponding first equivalent signal strength account ratios;
the server performs second authentication on the simulated legal equipment according to the simulated standard channel fingerprint of the legal equipment and the simulated current channel fingerprint of the legal equipment, and the second authentication comprises the following steps:
the server respectively collects the intensities of signals to be processed of a plurality of channels of simulated legal equipment and unknown equipment; each channel acquires the intensity of a signal to be processed for K times;
the server compares the strength of K to-be-processed signals of the ith channel of the simulated legal equipment with the equivalent signal strength of the ith channel in the standard channel fingerprint of the simulated legal equipment, and counts the number of the K to-be-processed signals of the ith channel, which is the same as the equivalent signal strength of the ith channel in the corresponding standard channel fingerprint, as the equivalent number of the ith channel of the simulated legal equipment;
the server calculates the second equivalent signal intensity ratio of the ith channel of the simulated legal equipment according to the equivalent number of the ith channel of the simulated legal equipment and the number of the signals to be processed;
the server calculates the channel similarity of the simulated legal equipment according to the second equivalent signal strength occupation ratio of the ith channel of the simulated legal equipment and the first equivalent signal strength occupation ratio in the corresponding standard channel fingerprint;
and the server performs second authentication on the simulated legal equipment according to the channel similarity of the simulated legal equipment.
8. The power equipment authentication method of claim 7, wherein the second authentication of the simulated legal equipment by the server according to the channel similarity of the simulated legal equipment comprises:
the server judges whether the channel similarity is greater than a first preset value or not;
if yes, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the smart grid.
9. The power equipment authentication method of claim 7, wherein the second authentication of the simulated legal equipment by the server according to the channel similarity of the simulated legal equipment comprises:
the server judges whether the channel similarity is greater than a first preset value or not;
if so, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging whether the channel similarity is larger than a second preset value or not;
when the channel similarity is judged to be larger than the second preset value, the channel similarity of the legal device to be simulated for N times is calculated again;
the server judges whether the number of the channel similarities of the N +1 simulated legal devices, which are greater than the third preset value, is greater than or equal to a fourth preset value or not;
if so, judging that the simulated legal equipment is legal, and allowing the simulated legal equipment to access the smart grid;
if not, judging that the simulated legal equipment is illegal, and forbidding the simulated legal equipment to access the smart grid.
10. The power device authentication method of claim 7, wherein the server calculates the channel similarity of the simulated legitimate device according to the second equivalent signal strength fraction of the ith channel of the simulated legitimate device and the first equivalent signal strength fraction in the corresponding standard channel fingerprint, comprising:
the server calculates a ratio difference value of a second equivalent signal strength ratio of the ith channel of the simulated legal equipment and a first equivalent signal strength ratio in the corresponding standard channel fingerprint as a channel deviation degree of the ith channel of the simulated legal equipment;
the server judges whether the channel deviation degree of the ith channel is greater than a preset threshold value or not;
if yes, judging that the ith channel of the simulated legal equipment is an unreliable channel;
if not, judging that the ith channel of the simulated legal equipment is a reliable channel;
and the server counts the number of the reliable channels of the simulated legal equipment and calculates the channel similarity of the simulated legal equipment according to the number of the reliable channels and the total number of the collected channels of the simulated legal equipment.
CN202010962024.0A 2020-09-14 2020-09-14 Power equipment authentication method Active CN112202731B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010962024.0A CN112202731B (en) 2020-09-14 2020-09-14 Power equipment authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010962024.0A CN112202731B (en) 2020-09-14 2020-09-14 Power equipment authentication method

Publications (2)

Publication Number Publication Date
CN112202731A CN112202731A (en) 2021-01-08
CN112202731B true CN112202731B (en) 2023-03-07

Family

ID=74014888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010962024.0A Active CN112202731B (en) 2020-09-14 2020-09-14 Power equipment authentication method

Country Status (1)

Country Link
CN (1) CN112202731B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102103683A (en) * 2009-12-17 2011-06-22 中兴通讯股份有限公司 Method and device for realizing card simulation application of NFC mobile terminal
CN104540131A (en) * 2015-01-13 2015-04-22 贺湘平 Authentication method based on wireless signal intensity
CN109819444A (en) * 2019-01-11 2019-05-28 杭州电子科技大学 A kind of physical layer initial authentication method and system based on radio channel characteristic
CN111160424A (en) * 2019-12-16 2020-05-15 南方电网科学研究院有限责任公司 NFC equipment fingerprint authentication method and system based on CNN image identification

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7860502B2 (en) * 2005-12-10 2010-12-28 Samsung Electronics Co., Ltd. Apparatus and method for hard handover in a wireless communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102103683A (en) * 2009-12-17 2011-06-22 中兴通讯股份有限公司 Method and device for realizing card simulation application of NFC mobile terminal
CN104540131A (en) * 2015-01-13 2015-04-22 贺湘平 Authentication method based on wireless signal intensity
CN109819444A (en) * 2019-01-11 2019-05-28 杭州电子科技大学 A kind of physical layer initial authentication method and system based on radio channel characteristic
CN111160424A (en) * 2019-12-16 2020-05-15 南方电网科学研究院有限责任公司 NFC equipment fingerprint authentication method and system based on CNN image identification

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《融入LDPC纠错机制的认知无线电物理层认证分析》;周雪倩等;《计算机科学》;20170715;第44卷(第7期);正文1-5页 *

Also Published As

Publication number Publication date
CN112202731A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
Cobb et al. Intrinsic physical-layer authentication of integrated circuits
CN107046468B (en) Physical layer authentication threshold determination method and system
US7698740B2 (en) Sequential data examination method using Eigen co-occurrence matrix for masquerade detection
Sun et al. An intrusion detection model for wireless sensor networks with an improved V-detector algorithm
CN108932535B (en) A kind of edge calculations clone's node recognition methods based on machine learning
US20130108145A1 (en) Intrinsic Physical Layer Authentication of Integrated Circuits
Cui et al. A measurement source authentication methodology for power system cyber security enhancement
CN103888266A (en) PUF reliability guarantee system and method based on RRC
CN105978897A (en) Detection method of electricity secondary system botnet
Guo et al. Survey of mobile device authentication methods based on RF fingerprint
Bitaab et al. Hybrid intrusion detection: Combining decision tree and gaussian mixture model
CN110730473A (en) Signal feature extraction method for WiFi activity recognition
Cherubin et al. Conformal clustering and its application to botnet traffic
CN107273728B (en) Smart watch unlocking and authentication method based on motion sensing behavior characteristics
Bassey et al. Device authentication codes based on RF fingerprinting using deep learning
CN105959337A (en) Sybil node recognition method based on physical layer confidence degree
CN115277189A (en) Unsupervised intrusion flow detection and identification method based on generative countermeasure network
CN105243327B (en) A kind of secure file processing method
CN112202731B (en) Power equipment authentication method
Buhan et al. A survey of the security and privacy measures for anonymous biometric authentication systems
Aminuddin et al. Securing wireless communication using RF fingerprinting
CN109587136B (en) Radio frequency fingerprint feature extraction and identification method based on double maximum values
Bouzida et al. Eigenconnections to intrusion detection
Buhan et al. A quantitative analysis of indistinguishability for a continuous domain biometric cryptosystem
CN116192530A (en) Unknown threat self-adaptive detection method based on deceptive defense

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant