CN115659288A - Transformer substation embedded device, software version control method, terminal and storage medium - Google Patents
Transformer substation embedded device, software version control method, terminal and storage medium Download PDFInfo
- Publication number
- CN115659288A CN115659288A CN202211336797.3A CN202211336797A CN115659288A CN 115659288 A CN115659288 A CN 115659288A CN 202211336797 A CN202211336797 A CN 202211336797A CN 115659288 A CN115659288 A CN 115659288A
- Authority
- CN
- China
- Prior art keywords
- software
- certificate
- trusted
- detection
- developer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a software version control method, a terminal and a storage medium for a transformer substation embedded device, wherein the transformer substation embedded device is pre-deployed with a trusted execution environment; the trusted execution environment comprises a digital certificate system, a trusted management center and a trusted policy library; the method comprises the following steps: periodically starting a verification program of the trusted management center, and verifying the validity of the software to be operated currently; allowing the software passing the validity verification to continue to run; for the software which fails in the validity verification, the software is prevented from running; verifying the signature information of the software of the latest version through a trusted management center; and receiving and installing the latest version of software which passes the verification of the signature information forwarded by the trusted management center, and loading the software installation path and the signature information of the installed software into a trusted policy library. The invention can prevent the attack behavior of software replacement or version replacement which may occur in the software issuing and transmitting process.
Description
Technical Field
The invention relates to a transformer substation embedded device, a software version control method, a terminal and a storage medium, and belongs to the technical field of industrial control safety.
Background
At present, embedded automation devices are widely applied to industrial control systems of industrial fields such as energy, traffic, electric power and the like, and have important functions such as measurement, control, communication and the like. With the informatization and digitization of industrial systems, the attack faced by embedded device software is increasing.
In the existing software version management scheme, an effective software version management technology aiming at the embedded device is lacked. Meanwhile, in the schemes, a software version manager is a core department of software version management, and the optimization direction is to improve the efficiency of software development, test and release and ensure the safety and confidentiality of software. Software replacement or version replacement attack behaviors which may occur in the software issuing and transmitting process cannot be prevented. And corresponding verification and protection measures are not provided for the condition that the integrity of the software is damaged in the running process. Software updating is mainly manually controlled and operated by manufacturers and field engineers, and an active feedback software safety updating process is lacked.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a transformer substation embedded device, a software version control method, a terminal and a storage medium, which can prevent software replacement or version replacement attack behaviors possibly occurring in a software issuing and transmitting process.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, the invention provides a software version control method for a transformer substation embedded device, which is characterized in that a trusted execution environment is pre-deployed in the transformer substation embedded device; the trusted execution environment comprises a digital certificate system, a trusted management center and a trusted policy library; the method comprises the following steps:
periodically starting a verification program of the trusted management center, and verifying the validity of the software to be operated currently;
allowing the software passing the validity verification to continue to run;
for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center;
verifying signature information of the software of the latest version through the trusted management center;
receiving and installing the latest version of software which passes the verification of the signature information forwarded by the trusted management center, and loading a software installation path and the signature information of the installed software into the trusted policy library;
wherein the signature information comprises a developer digital signature and a detection agency digital signature; the developer digital signature is acquired by a software developer after developing or updating software according to a development certificate; the digital signature of the detection mechanism is obtained by the software detection mechanism after detecting the software according to the detection certificate; the development certificate and the detection certificate are manufactured and issued by the digital certificate system.
With reference to the first aspect, further, the verifying the validity of the software to be currently run includes:
step A: capturing current software running through a HOOK mechanism, and obtaining a software installation path of the current software;
and B: c, verifying whether the trusted policy library has a software installation path of the current software, and if so, entering the step C; otherwise, entering step D;
and C: acquiring signature information of the current software from the trusted policy library, and decrypting the signature information by using a digital certificate of the current software to acquire a reference hash value of the current software;
calculating a hash value of the current software, and comparing the calculated hash value with a corresponding reference hash value to verify the software source validity and the version validity of the current software; if the comparison is consistent, the validity verification is passed, and the next software is captured continuously; repeating the step B and the step C by taking the captured next software as the current software; if the validity verification is not passed, entering the step D;
step D: the method comprises the steps of preventing current software from running, and sending an instruction for acquiring the latest version of the current software to a trusted management center; repeating the step B and the step C after the latest version of software is obtained;
the digital certificate includes a development certificate and a detection certificate.
With reference to the first aspect, further, when the verification program of the trusted management center is started, a hardware watchdog timer is started to start timing;
after the validity verification of all the software is completed, resetting the timing value of the hardware watchdog timer;
and if the timing value of the hardware watchdog timer reaches a preset time threshold and is not cleared, sending a warning signal that the verification program is normally started to the trusted management center.
With reference to the first aspect, further, the software developer and the software detection authority serve as certificate users, and the method for the substation embedded device to issue a corresponding certificate to the certificate users includes:
receiving, by the digital certificate system, a public key and user information sent by the certificate user;
verifying the user information through the digital certificate system, after the user information passes the verification, encrypting related information including the public key, the user information, an issuing date and a valid period by using a root certificate private key to generate a secondary certificate, and safely storing the secondary certificate; the secondary certificate comprises: the development certificate and the detection certificate;
sending the secondary certificate and the root certificate public key to the certificate user through the digital certificate system;
and the public key refers to a public key in a public-private key pair generated by calling an SM2 algorithm by the certificate user.
With reference to the first aspect, further, the method for acquiring the developer digital signature includes:
the software developer calculates the hash value of the software by using SM3 algorithm;
and the software developer encrypts the hash value by adopting an SM2 algorithm according to a private key in the public-private key pair to obtain a digital signature of the developer.
With reference to the first aspect, further, before the software detection mechanism detects the software, the software developer obtains the development certificate, and verifies and signs the software according to the development certificate.
With reference to the first aspect, further, the signing the software according to the development certificate includes:
the software detection mechanism decrypts the development certificate by using a root certificate public key safely stored in the server to obtain a developer public key;
the software detection mechanism decrypts the digital signature sent by the software developer by adopting an SM2 algorithm according to the public key of the developer, and if the decryption is successful, the source of the digital signature of the software is legal;
the software detection mechanism calculates the hash value of the software sent by the software developer by using an SM3 algorithm;
and the software detection mechanism compares the reference hash value obtained by decrypting the digital signature with the hash value of the software, and if the two values are the same, the software is not tampered.
With reference to the first aspect, further, the verifying, by the trusted management center, the signature information includes:
importing, by the trusted management center, a development certificate and a detection certificate of the software from the digital certificate system through an internal API of the trusted execution environment;
and verifying the digital signature of the developer by using the development certificate, verifying the digital signature of the detection mechanism by using the detection certificate, and if the two are verified, indicating that the signature information of the software is verified.
With reference to the first aspect, further, the detecting, by the software detecting mechanism, the software includes: virus detection and functional detection.
In a second aspect, the present invention provides a transformer substation embedded device, where the transformer substation embedded device is deployed with an RTU execution environment and a trusted execution environment; the trusted execution environment comprises a digital certificate system, a trusted management center and a trusted policy library;
the RTU execution environment: the verification program is used for periodically starting the trusted management center and verifying the validity of the software to be operated currently; allowing the software passing the validity verification to continue to run; for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center; the software is used for receiving and installing the latest version of signature information which is forwarded by the trusted management center and passes the verification; wherein the signature information comprises a developer digital signature and a detection agency digital signature;
the trusted management center: the signature device is used for receiving the latest version of software and corresponding signature information and verifying the signature information of the latest version of software;
the digital certificate system: the system comprises a root certificate, a software developer and a software developer, wherein the root certificate is used for manufacturing a development certificate and a detection certificate according to the root certificate and issuing the development certificate to the software developer so that the software developer develops or updates software according to the development certificate and acquires a digital signature of the developer; issuing the detection certificate to a software detection mechanism so that the software detection mechanism detects the software developed or updated by the software developer according to the detection certificate to acquire a digital signature of the detection mechanism;
the trusted policy repository: for storing the development certificate, the detection certificate, a software installation path of the installed software, and signature information of the installed software.
With reference to the second aspect, further, the digital certificate system includes:
a first telecommunications module: for exchanging user information with the software developer and the software detection authority, and sending corresponding digital certificates to the software developer and the software detection authority;
the information identification module: the system is used for judging the legality of the user information and identifying a legal certificate user;
the first database module: the isolated storage area used for calling the hardware trusted root is used for safely storing the user information, the root certificate and the secondary certificate, and the secondary certificate comprises: the development certificate and the detection certificate;
a security encryption module: the system comprises a public and private key pair, a public and private key pair and a public and private key pair, wherein the public and private key pair is generated by calling a symmetric encryption algorithm and an asymmetric encryption algorithm of a hardware trusted root, and the public and private key pair is used for performing encryption operation on related information of a digital certificate so as to generate a corresponding digital certificate;
a time information interface: for generating real time information;
a first control execution module: the system is used for interacting with other modules in the digital certificate system and controlling other modules to execute corresponding operations through receiving and sending control instructions;
wherein the digital certificate comprises a development certificate and a detection certificate.
With reference to the second aspect, further, the trusted management center includes:
a second telecommunications module: for receiving the developed or updated software and corresponding developer digital signatures and detection authority digital signatures; and for importing a development certificate and a detection certificate from the digital certificate system through the trusted execution environment internal API;
a signature verification module: the system is used for verifying the digital signature of the developer by using the development certificate and verifying the digital signature of the detection mechanism by using the detection certificate;
software library module: for storing the developed or updated software;
a second database module: for storing the development certificate, the detection certificate, the developer digital signature, and the detection authority digital signature;
a second control execution module: the system is used for interacting with other modules in the trusted management center and controlling the other modules to execute corresponding operations through receiving and sending control instructions.
In combination with the second aspect, further, the trusted policy repository includes:
the third database module: the system comprises a trusted policy unit and a certificate management unit; the trusted policy unit is to: for securely storing the software installation path and the signature information; the certificate management unit is used for safely storing the development certificate and the detection certificate;
an input-output module: for forwarding information input or output by said third database module.
With reference to the second aspect, further, the substation embedded device includes a substation telecontrol device, and the software includes a self-checking program, a data acquisition and calculation program, and a communication program.
In a third aspect, the present invention provides an electronic terminal comprising a processor and a memory connected to the processor, wherein a computer program is stored in the memory, and wherein the computer program, when executed by the processor, performs the steps of the method according to any of the first aspect.
In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of any one of the first aspect.
Compared with the prior art, the invention has the following beneficial effects:
the trusted management center in the trusted execution environment receives software developed or updated by a software developer, and performs double-signature verification on signature information consisting of a digital signature of the developer and a digital signature of a detection mechanism, so that the software installed in the embedded device of the transformer substation is guaranteed to be the software which is verified by the trusted management center, attack behaviors such as software replacement or version replacement and the like which may occur in the process of software issuing and transmission can be prevented, and the safety and confidentiality of the software are improved; the trusted execution environment can provide a password function, an integrity measurement function and a safety isolation storage space through a hardware trusted root, can meet signature verification and integrity verification in software development, test, operation and updating, and ensures the source consistency and version controllability of the whole life cycle of software; when a verification program of a trusted management center is started, a hardware watchdog timer is started to start timing, the characteristic that the attack surface of the hardware watchdog timer is small is utilized, the fact that one of a normal start of a software verification program and a triggering of a warning signal when a timing value reaches a preset time threshold value is guaranteed, and a software updating process can be triggered when software, a signature or a version are inconsistent is guaranteed.
Drawings
Fig. 1 is a flowchart of a method for managing and controlling a software version of an embedded device of a substation according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for verifying the validity of the software when the transformer substation embedded device runs the software according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a structure of an embedded device of a substation according to an embodiment of the present invention;
FIG. 4 is a functional block diagram of an architecture of the digital certificate system of FIG. 3;
FIG. 5 is a schematic block diagram of an architecture of the trusted management center of FIG. 3;
FIG. 6 is a schematic block diagram of an architecture of the trusted policy repository of FIG. 3.
Detailed Description
The technical solutions of the present invention are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present invention are described in detail in the technical solutions of the present application, and are not limited to the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
The terms "first", "second", and the like, herein are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature.
The first embodiment is as follows:
fig. 1 is a flowchart of a method for managing and controlling a software version of an embedded device of a substation according to an embodiment of the present invention. The flowchart only shows a part of the logic sequence of the method described in this embodiment, and on the premise of no conflict, in other possible embodiments of the present invention, the steps shown or described may be completed in a different sequence from that shown in fig. 1, or further steps may be extended on the basis of fig. 1. The method provided by the embodiment can be applied to the terminal and can be executed by the embedded device of the transformer substation. In the embodiment of the invention, the transformer substation embedded device is a transformer substation telecontrol device and is responsible for data acquisition, calculation and remote data transmission, and the software of the transformer substation embedded device comprises a self-checking program, a data acquisition and calculation program and a communication program.
It is worth noting that the transformer substation embedded device needs to deploy a Trusted Execution Environment (TEE) in advance, and a secure area is established by a software and hardware method, so that programs and data loaded in the secure area are protected in confidentiality and integrity. TEE basic principle: the hardware and software resources are divided into two execution environments-a trusted execution environment and a generic execution environment. The two environments are securely isolated, with independent internal data paths and storage space required for computation. The application programs of the ordinary execution environment cannot access the TEE, even inside the TEE, the operation of a plurality of applications is independent, and the applications cannot be accessed without authorization.
In an embodiment of the invention, the trusted execution environment comprises: the system comprises a digital certificate system, a trusted management center and a trusted policy library. Referring to fig. 3, the digital certificate system, the trusted management center and the trusted policy repository communicate through an internal application call interface API of the trusted execution environment, so that after the digital certificate system completes a secondary certificate (including a development certificate and a detection certificate), a key pair is generated and data is encrypted by calling a symmetric encryption algorithm and an asymmetric encryption algorithm of a hardware trusted root, and the secondary certificate is imported into the trusted policy repository through the API. In addition, the digital certificate system can also utilize API to safely store user information, a root certificate and a secondary certificate by calling an isolated storage area of a hardware trusted root.
Referring to fig. 1, the method of the present embodiment specifically includes the following steps:
the method comprises the following steps: periodically starting a verification program of the trusted management center, and verifying the validity of the software to be operated currently; allowing the software passing the validity verification to continue to run; for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center;
the software verification process mainly interacts with the trusted policy repository, and it should be understood that: the period for starting the verification program can be set according to actual requirements, the influence on the real-time performance of the system is small, and the time consumed for installing and updating the program can be ignored for the embedded device which runs for a long time.
The verification program of the trusted management center is started periodically, and the updating process can be triggered timely when software, signature information (including digital signatures of developers and digital signatures of detection mechanisms) or software versions are inconsistent. The specific process can be seen in fig. 2:
step A: capturing current software running through a HOOK mechanism, and obtaining a software installation path of the current software;
and B: c, verifying whether the software installation path of the current software exists in the trusted policy library, and if so, entering the step C; otherwise, entering step D;
and C: acquiring signature information of the current software from the trusted policy library, and decrypting the signature information by using a digital certificate of the current software to acquire a reference hash value of the current software;
calculating a hash value of the current software, and comparing the calculated hash value with a corresponding reference hash value to verify the software source validity and the version validity of the current software; if the comparison is consistent, the validity verification is passed, and the next software is captured continuously; repeating the step B and the step C by taking the captured next software as the current software; if the validity verification is not passed, entering the step D;
step D: the current software is prevented from running, and an instruction for acquiring the software of the latest version is sent to the trusted management center; repeating the step B and the step C after the latest version of software is obtained;
the digital certificate includes a development certificate and a detection certificate.
Step two: verifying signature information of the software of the latest version through the trusted management center;
the signature information comprises a developer digital signature and a detection mechanism digital signature; thus, the method steps of verifying the signature information may comprise:
s401: importing, by the trusted management center, a development certificate and a detection certificate of the software from the digital certificate system through an internal API of the trusted execution environment;
s402: and verifying the digital signature of the developer by using the development certificate, verifying the digital signature of the detection mechanism by using the detection certificate, and if the two are verified, indicating that the signature information of the software is verified.
Step three: receiving and installing the latest version of software which passes the verification of the signature information forwarded by the trusted management center, and loading a software installation path and the signature information of the installed software into the trusted policy library;
the developer digital signature is acquired by a software developer after developing or updating software according to a development certificate; the digital signature of the detection mechanism is obtained by the software detection mechanism after detecting the software according to the detection certificate; the development certificate and the detection certificate are manufactured and issued by the digital certificate system. In the embodiment of the invention, the detection performed by the software detection mechanism on the software comprises virus detection and function detection.
In an embodiment of the present invention, the software developer and the software detection mechanism serve as certificate users, and the method for the substation embedded device to issue a corresponding certificate to the certificate users includes:
s201: receiving, by the digital certificate system, a public key and user information sent by the certificate user;
in the embodiment of the present invention, the public key refers to a public key in a public-private key pair generated by the certificate user invoking an asymmetric encryption algorithm SM 2; the user information includes identity information such as organization name or personal name.
S202: verifying the user information through the digital certificate system, after the user information passes the verification, encrypting related information including the public key, the user information, an issuing date and a valid period by using a root certificate private key to generate a secondary certificate, and safely storing the secondary certificate;
s203: and sending the secondary certificate and the root certificate public key to the certificate user through the digital certificate system.
After receiving the corresponding second-level certificate and the public key of the root certificate, the certificate user safely stores the certificate in the server of the certificate user.
As an embodiment of the present invention, the software developer signs the developed or updated software using a hash algorithm and an asymmetric encryption algorithm to obtain the developer digital signature. The method specifically comprises the following steps:
s2-a: the software developer calculates the hash value of the software by using SM3 algorithm;
s2-b: and the software developer encrypts the hash value in the step S2-a by adopting an SM2 algorithm according to a private key in the public-private key pair in the step S201, so as to obtain the digital signature of the developer.
According to an embodiment of the invention, before the software detection mechanism detects the software, the software developer obtains the development certificate, the software is checked according to the development certificate, software detection operation is executed after the software passes the verification, and only after the software detection is completely passed, the software is signed according to the rape-rape certificate by using SM2 and SM3 algorithms, so that the digital signature of the detection mechanism is obtained. And finally, transmitting the software, the digital signature of the developer and the digital signature of the detection mechanism to a trusted management center. The developer digital signature and the detection authority digital signature may constitute signature information.
As an embodiment of the present invention, the software detection mechanism performs signature verification on the software according to the development certificate, including:
s301: the software detection mechanism decrypts the development certificate by using a root certificate public key safely stored in the server, and if the decryption is successful, the development certificate is legal, so that a developer public key is obtained;
s302: the software detection mechanism decrypts the digital signature sent by the software developer by adopting an SM2 algorithm according to the public key of the developer, and if the decryption is successful, the source of the digital signature of the software is legal;
s303: the software detection mechanism calculates the hash value of the software sent by the software developer by using an SM3 algorithm;
s304: and the software detection mechanism compares the reference hash value obtained by decrypting the digital signature with the hash value of the software in the step S303, and if the two values are the same, the software is not tampered.
It should be noted that, in the embodiment of the present invention, when the verification program of the trusted management center is started, the hardware watchdog timer may be started to start timing, and by using the characteristic of a small attack surface of the hardware watchdog timer, it is ensured that one of the normal start of the software verification program and the triggering of the warning signal when the timing value reaches the preset time threshold is necessarily triggered, and it is ensured that the software update process can be triggered when the software, the signature, or the version are inconsistent. After the validity verification of all the software is completed, resetting the timing value of the hardware watchdog timer; and if the timing value of the hardware watchdog timer reaches a preset time threshold and is not cleared, sending a warning signal that the verification program is normally started to the trusted management center.
The method provided by the embodiment of the invention can realize the trusted execution environment TEE on the RTU of the transformer substation in a hardware chip replacement mode, and the implementation mode is convenient; the trusted management center in the trusted execution environment receives software developed or updated by a software developer, and performs double-signature verification on signature information consisting of a digital signature of the developer and a digital signature of a detection mechanism, so that the software installed in the embedded device of the transformer substation is guaranteed to be the software which is verified by the trusted management center, attack behaviors such as software replacement or version replacement and the like which may occur in the process of software issuing and transmission can be prevented, and the safety and confidentiality of the software are improved; the trusted execution environment can provide a cryptographic function, an integrity measurement function and a safety isolation storage space through a hardware trusted root, can meet signature verification and integrity verification in software development, testing, operation and updating, and ensures the source consistency and version controllability of the whole life cycle of software. The software source consistency and version control function are realized based on the hardware trusted root and the watchdog timer, the information attack resistance is strong, and the software type restriction is avoided.
Example two:
fig. 3 is a schematic block diagram of a structure of an embedded device of a substation according to an embodiment of the present invention. In the embodiment of the invention, the transformer substation embedded device is a transformer substation motion device and is responsible for data acquisition, calculation and remote data transmission, and the corresponding software of the transformer substation embedded device comprises a self-checking program, a data acquisition and calculation program and a communication program. The embedded device of the transformer substation is provided with an RTU execution environment and a trusted execution environment, and as one embodiment of the invention, the RTU execution environment can be constructed by using an ARM chip supporting Trustzone technology. The trusted execution environment carries out bidirectional communication with the RTU execution environment through the API interface, and the trusted execution environment and the RTU execution environment share the memory.
The RTU execution environment: the verification program is used for periodically starting the trusted management center and verifying the validity of the software to be operated currently; allowing the software passing the validity verification to continue to run; for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center; the software is used for receiving and installing the latest version of signature information which is forwarded by the trusted management center and passes the verification; wherein the signature information comprises a developer digital signature and a detection agency digital signature;
the trusted execution environment comprises: the system comprises a digital certificate system, a trusted management center and a trusted policy library.
The trusted management center: the signature device is used for receiving the latest version of software and corresponding signature information and verifying the signature information of the latest version of software;
the digital certificate system: the system comprises a root certificate, a software developer and a software developer, wherein the root certificate is used for manufacturing a development certificate and a detection certificate according to the root certificate and issuing the development certificate to the software developer so that the software developer develops or updates software according to the development certificate and acquires a digital signature of the developer; issuing the detection certificate to a software detection mechanism so that the software detection mechanism detects the software developed or updated by the software developer according to the detection certificate to acquire a digital signature of the detection mechanism;
the trusted policy repository: for storing the development certificate, the detection certificate, a software installation path of the installed software, and signature information of the installed software.
Referring to fig. 4, a schematic block diagram of a structure of a digital certificate system according to an embodiment of the present invention is shown, where the digital certificate system includes:
a first telecommunications module: for exchanging user information with the software developer and the software detection authority, and sending corresponding digital certificates to the software developer and the software detection authority;
the information identification module: the system is used for judging the legality of the user information and identifying a legal certificate user;
the first database module: the isolated storage area used for calling the hardware trusted root is used for safely storing the user information, the root certificate and the secondary certificate, and the secondary certificate comprises: the development certificate and the detection certificate;
a security encryption module: the system comprises a public and private key pair, a public and private key pair and a digital certificate, wherein the public and private key pair is generated by calling a symmetric encryption algorithm and an asymmetric encryption algorithm of a hardware trusted root, and encryption operation is performed on related information of the digital certificate by utilizing the public and private key pair to generate a corresponding digital certificate;
a time information interface: for generating real time information;
a first control execution module: the system is used for interacting with other modules in the digital certificate system and controlling other modules to execute corresponding operations through receiving and sending control instructions;
wherein the digital certificate comprises a development certificate and a detection certificate.
Referring to fig. 5, a schematic block diagram of a structure of a trusted management center provided in an embodiment of the present invention is shown, where the trusted management center includes:
a second telecommunications module: for receiving the developed or updated software and corresponding developer digital signatures and detection authority digital signatures; and for importing a development certificate and a detection certificate from the digital certificate system through the trusted execution environment internal API;
a signature verification module: the system is used for verifying the digital signature of the developer by using the development certificate and verifying the digital signature of the detection mechanism by using the detection certificate;
software library module: for storing the developed or updated software;
a second database module: for storing the development certificate, the detection certificate, the developer digital signature, and the detection authority digital signature;
a second control execution module: the system is used for interacting with other modules in the trusted management center and controlling the other modules to execute corresponding operations through receiving and sending control instructions.
Referring to fig. 6, it is a structural schematic block diagram of a trusted policy repository provided in an embodiment of the present invention, where the trusted policy repository includes:
the third database module: the system comprises a trusted policy unit and a certificate management unit; the trusted policy unit is to: the software installation path used for safely storing the software and a developer digital signature and a detection agency digital signature corresponding to the software are used; the certificate management unit is used for safely storing the development certificate and the detection certificate;
an input-output module: for forwarding information input or output by said third database module.
The device provided by the embodiment of the present invention can execute the method provided by any embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the execution method, which are not described herein again. In the present embodiment, reference may be made to other embodiments without departing from the scope of the present invention.
Example three:
the embodiment of the present invention further provides an electronic terminal, which includes a processor and a memory connected to the processor, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the steps of the method according to the first embodiment are performed.
Example four:
the present invention also provides a computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the steps of the method according to any one of the embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (16)
1. A software version control method for a transformer substation embedded device is characterized in that a trusted execution environment is pre-deployed in the transformer substation embedded device; the trusted execution environment comprises a digital certificate system, a trusted management center and a trusted policy library; the method comprises the following steps:
periodically starting a verification program of the trusted management center, and verifying the validity of the software to be operated currently;
allowing the software passing the validity verification to continue to run;
for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center;
verifying signature information of the software of the latest version through the trusted management center;
receiving and installing the latest version of software which passes the verification of the signature information forwarded by the trusted management center, and loading a software installation path and the signature information of the installed software into the trusted policy library;
wherein the signature information comprises a developer digital signature and a detection agency digital signature; the developer digital signature is acquired by a software developer after developing or updating software according to a development certificate; the digital signature of the detection mechanism is obtained by the software detection mechanism after detecting the software according to the detection certificate; the development certificate and the detection certificate are produced and issued by the digital certificate system.
2. The transformer substation embedded device software version control method according to claim 1, wherein the verifying the validity of the software to be currently run includes:
step A: capturing current software running through a HOOK mechanism, and obtaining a software installation path of the current software;
and B: c, verifying whether the trusted policy library has a software installation path of the current software, and if so, entering the step C; otherwise, entering step D;
and C: acquiring signature information of the current software from the trusted policy library, and decrypting the signature information by using a digital certificate of the current software to acquire a reference hash value of the current software;
calculating a hash value of the current software, and comparing the calculated hash value with a corresponding reference hash value to verify the software source validity and the version validity of the current software; if the comparison is consistent, the validity verification is passed, and the next software is captured continuously; repeating the step B and the step C by taking the captured next software as the current software; if the validity verification is not passed, entering the step D;
step D: the method comprises the steps of preventing current software from running, and sending an instruction for acquiring the latest version of the current software to a trusted management center; repeating the step B and the step C after the latest version of software is obtained;
the digital certificate includes the development certificate and the detection certificate.
3. The transformer substation embedded device software version control method according to claim 1 or 2, characterized in that a hardware watchdog timer is started to start timing while a check program of the trusted management center is started;
after the validity verification of all the software is completed, resetting the timing value of the hardware watchdog timer;
and if the timing value of the hardware watchdog timer reaches a preset time threshold and is not cleared, sending a warning signal that the verification program is normally started to the trusted management center.
4. The transformer substation embedded device software version management and control method according to claim 1, wherein the software developer and the software detection organization are certificate users, and the method for the transformer substation embedded device to issue the corresponding certificate to the certificate users comprises:
receiving, by the digital certificate system, a public key and user information sent by the certificate user;
verifying the user information through the digital certificate system, after the user information passes the verification, encrypting related information including the public key, the user information, an issuing date and a valid period by using a root certificate private key to generate a secondary certificate, and safely storing the secondary certificate; the secondary certificate comprises: the development certificate and the detection certificate;
sending the secondary certificate and the root certificate public key to the certificate user through the digital certificate system;
and the public key refers to a public key in a public-private key pair generated by calling an SM2 algorithm by the certificate user.
5. The transformer substation embedded device software version control method according to claim 4, wherein the method for acquiring the developer digital signature comprises:
the software developer calculates the hash value of the software by using SM3 algorithm;
and the software developer encrypts the hash value by adopting an SM2 algorithm according to a private key in the public-private key pair to obtain a digital signature of the developer.
6. The transformer substation embedded device software version management and control method according to claim 1, wherein before the software detection mechanism detects the software, the software developer obtains the development certificate, and the software is checked and signed according to the development certificate.
7. The transformer substation embedded device software version management and control method according to claim 6, wherein the verifying and signing the software according to the development certificate comprises:
the software detection mechanism decrypts the development certificate by using a root certificate public key safely stored in the server to obtain a developer public key;
the software detection mechanism decrypts the digital signature sent by the software developer by adopting an SM2 algorithm according to the public key of the developer, and if the decryption is successful, the source of the digital signature of the software is legal;
the software detection mechanism calculates the hash value of the software sent by the software developer by using an SM3 algorithm;
and the software detection mechanism compares the reference hash value obtained by decrypting the digital signature with the hash value of the software, and if the two values are the same, the software is not tampered.
8. The transformer substation embedded device software version management and control method according to claim 1, wherein the verification of the signature information by the trusted management center comprises:
importing, by the trusted management center, a development certificate and a detection certificate of the software from the digital certificate system through an internal API of the trusted execution environment;
and verifying the digital signature of the developer by using the development certificate, and verifying the digital signature of the detection mechanism by using the detection certificate, wherein if the two certificates are verified, the verification of the signature information of the software is passed.
9. The transformer substation embedded device software version management and control method according to claim 1, wherein the detection of the software by the software detection mechanism comprises: virus detection and functional detection.
10. A transformer substation embedded device is characterized in that an RTU execution environment and a trusted execution environment are deployed in the transformer substation embedded device; the trusted execution environment comprises a digital certificate system, a trusted management center and a trusted policy library;
the RTU execution environment: the verification program is used for periodically starting the trusted management center and verifying the validity of the software to be operated currently; allowing the software passing the validity verification to continue to run; for the software which does not pass the validity verification, the software is prevented from running, and an instruction for acquiring the software of the latest version is issued to the trusted management center; the software is used for receiving and installing the latest version of signature information which is forwarded by the trusted management center and passes the verification; wherein the signature information comprises a developer digital signature and a detection agency digital signature;
the trusted management center: the signature verification module is used for receiving the latest version of software and corresponding signature information and verifying the signature information of the latest version of software;
the digital certificate system: the system comprises a root certificate, a software developer and a software developer, wherein the root certificate is used for manufacturing a development certificate and a detection certificate according to the root certificate and issuing the development certificate to the software developer so that the software developer develops or updates software according to the development certificate and acquires a digital signature of the developer; issuing the detection certificate to a software detection mechanism so that the software detection mechanism detects the software developed or updated by the software developer according to the detection certificate to acquire a digital signature of the detection mechanism;
the trusted policy repository: for storing the development certificate, the detection certificate, a software installation path of the installed software, and signature information of the installed software.
11. The substation embedded device of claim 10, wherein the digital certificate system comprises:
a first telecommunications module: for exchanging user information with the software developer and the software detection authority, and sending corresponding digital certificates to the software developer and the software detection authority;
the information identification module: the system is used for judging the legality of the user information and identifying a legal certificate user;
the first database module: the isolated storage area used for calling the hardware trusted root is used for safely storing the user information, the root certificate and the secondary certificate, and the secondary certificate comprises: the development certificate and the detection certificate;
a security encryption module: the system comprises a public and private key pair, a public and private key pair and a digital certificate, wherein the public and private key pair is generated by calling a symmetric encryption algorithm and an asymmetric encryption algorithm of a hardware trusted root, and encryption operation is performed on related information of the digital certificate by utilizing the public and private key pair to generate a corresponding digital certificate;
a time information interface: for generating real time information;
a first control execution module: the system is used for interacting with other modules in the digital certificate system and controlling other modules to execute corresponding operations through receiving and sending control instructions;
wherein the digital certificate comprises a development certificate and a detection certificate.
12. The substation embedded device of claim 10, wherein the trusted management center comprises:
a second telecommunications module: for receiving the developed or updated software and corresponding developer digital signatures and detection authority digital signatures; and for importing a development certificate and a detection certificate from the digital certificate system through the trusted execution environment internal API;
a signature verification module: the system is used for verifying the digital signature of the developer by using the development certificate and verifying the digital signature of the detection mechanism by using the detection certificate;
software library module: for storing the developed or updated software;
a second database module: for storing the development certificate, the detection certificate, the developer digital signature, and the detection authority digital signature;
a second control execution module: the system is used for interacting with other modules in the trusted management center and controlling the other modules to execute corresponding operations through receiving and sending control instructions.
13. The substation embedded device of claim 10, wherein the trusted policy repository comprises:
the third database module: the system comprises a trusted policy unit and a certificate management unit;
the trusted policy unit is to: for securely storing the software installation path and the signature information;
the certificate management unit is used for safely storing the development certificate and the detection certificate;
an input-output module: for forwarding information input or output by said third database module.
14. The substation embedded device according to claim 10, wherein the substation embedded device comprises a substation telemechanical device, and the software comprises a self-test program, a data acquisition and calculation program, and a communication program.
15. An electronic terminal, characterized in that it comprises a processor and a memory connected to said processor, in which memory a computer program is stored which, when executed by said processor, performs the steps of the method according to any one of claims 1 to 9.
16. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211336797.3A CN115659288A (en) | 2022-10-28 | 2022-10-28 | Transformer substation embedded device, software version control method, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211336797.3A CN115659288A (en) | 2022-10-28 | 2022-10-28 | Transformer substation embedded device, software version control method, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115659288A true CN115659288A (en) | 2023-01-31 |
Family
ID=84994211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211336797.3A Pending CN115659288A (en) | 2022-10-28 | 2022-10-28 | Transformer substation embedded device, software version control method, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115659288A (en) |
-
2022
- 2022-10-28 CN CN202211336797.3A patent/CN115659288A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108337239B (en) | Event attestation of electronic devices | |
| CN111708991B (en) | Service authorization method, device, computer equipment and storage medium | |
| US20180287802A1 (en) | Using A Trusted Execution Environment As A Trusted Third Party Providing Privacy For Attestation | |
| JP4912879B2 (en) | Security protection method for access to protected resources of processor | |
| US11601268B2 (en) | Device attestation including attestation-key modification following boot event | |
| EP2278514A1 (en) | System and method for providing secure virtual machines | |
| CN108696356B (en) | Block chain-based digital certificate deleting method, device and system | |
| CN112887282B (en) | Identity authentication method, device, system and electronic equipment | |
| CN103460195A (en) | System and method for secure software update | |
| EP3333747A1 (en) | Methods and systems for detecting rollback attacks | |
| CN113014444B (en) | Internet of things equipment production test system and safety protection method | |
| CN110276198B (en) | Embedded variable granularity control flow verification method and system based on probability prediction | |
| CN116490868A (en) | System and method for secure and fast machine learning reasoning in trusted execution environments | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| JP6385842B2 (en) | Information processing terminal, information processing method, and information processing system | |
| US20050005161A1 (en) | Services and secure processing environments | |
| JP6387908B2 (en) | Authentication system | |
| Van Dijk et al. | Offline untrusted storage with immediate detection of forking and replay attacks | |
| JP2020071880A (en) | Device attestation techniques | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment | |
| CN111651740B (en) | Trusted platform sharing system for distributed intelligent embedded system | |
| Magnanini et al. | Scalable, confidential and survivable software updates | |
| CN115659288A (en) | Transformer substation embedded device, software version control method, terminal and storage medium | |
| CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
| CN115879087A (en) | Safe and trusted starting method and system for power terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |