CN-121984781-A - Privacy protection data aggregation method and system for large-scale advanced measurement system

Abstract

The invention discloses a privacy protection data aggregation method and system for a large-scale advanced measurement system, and belongs to the technical field of information security and smart power grids. The invention combines an MAC mechanism on a non-determined security homomorphic encryption primitive DSHE in a four-layer hierarchical network of a control center-a base station-a fog node-a smart electric meter to realize IND-CCA 2-level security, effectively blocks active tampering attack by a structure of binding MAC-before-decryption forced verification after encryption, divides the nodes into two types of active and fault through a flow mixed domain fault-tolerant mechanism, respectively and parallelly aggregates a plaintext mask domain and a ciphertext domain to realize near-constant level fault-tolerant expenditure, optimizes a cross-domain transmission path through a base station layer Minimum Spanning Tree (MST) backbone topology to reduce core network congestion, ensures forward and backward security through dynamic key rotation based on a time window, and introduces post traceability audit based on ECDSA signature and value to realize near-constant level fault-tolerant spending The time complexity accurately locates the abnormal node. The method has the advantages of strong safety, low interaction fault tolerance and high communication efficiency under the scale of millions of nodes, and can be widely applied to the scenes such as intelligent city energy management, industrial Internet of things data acquisition and the like.

Inventors

• QIAN JIAWEI
• LIN BINGZHENG
• KONG XINRAN
• LI WAN
• Liu Zhusen
• MI BOFENG
• ZHANG XIAORONG

Assignees

• 上海立信会计金融学院

Dates

Publication Date

20260505

Application Date

20260317

Claims (10)

1. 1. The privacy protection data aggregation method and system for a large-scale advanced measurement system are applied to a four-layer hierarchical network comprising a Control Center (CC), a Base Station (BS), a Fog Node (FN) and a Smart Meter (SM), and are characterized in that the method comprises the following steps: dividing the SM into a set of active nodes within each aggregation period And a set of failed nodes The active SM reads its plaintext Hash with private identity And time window index Generated random numbers Adding to obtain mask data And generates a CC-oriented ECDSA signature Generating random numbers thereof by fault SM DMC2 ciphertext of (C) ; FN sums mask data of active SMs in its sub-region to obtain Obtaining the product of the ciphertext of the fault SM And calculates CC-oriented signature and value ; BS vs. all FNs in its jurisdiction Summing to obtain For all of Obtaining the product And for all Summing to obtain The BS encrypts with DMC2 And is connected with Homomorphism merging to generate regional aggregation ciphertext ; Each BS will follow a pre-built Minimum Spanning Tree (MST) backbone topology And (3) with Hop-by-hop aggregation is carried out to a Root base station Root, and the Root is uploaded to a CC; the CC pair finally aggregates ciphertext Performing DMC2 decryption once to obtain the sum of active SM readings and the sum of global random numbers, and reconstructing the sum of global random numbers according to the private credentials And removing and recovering the real total power consumption of the whole network 。
2. 2. The method of claim 1, wherein the DMC2 encryption employs an IND-CCA2 security encapsulation structure of "bind after encryption MAC-force check before decryption" that ciphertext is composed of homomorphic ciphertext components Ciphertext component of seed Message authentication code tag Constitute, must pass through before decryption Verification, outputting if verification fails And refusing decryption, verifying that decryption is possible after passing 。
3. 3. The method of claim 1, wherein the random number Hash by node private identity Index with time window By ECDSA signature generation: The one-time pad characteristic of the random number is realized.
4. 4. The method of claim 1, wherein the signature and value And (3) with For post traceability audit when When deviation exists from the macro measurement value of the power grid, the CC uses the signature and the value stored in each BS to trace back step by step along the FN-BS-CC level to Positioning data bias to a specific sub-region or abnormal node, where N is the total number of nodes in the whole network.
5. 5. The method of claim 1, wherein the Minimum Spanning Tree (MST) backbone topology is built with BS as node and link communication cost as side weight, and the aggregate ciphertext is aggregated hop-by-hop along the MST path to RootBS, minimizing cross-regional transmission costs.
6. 6. The method of claim 1 further comprising a failure node self-healing mechanism that maintains a list of failures and reports the BS to a fully failed SM, FN, the CC is reconstructing a global random number and And eliminating the random number contribution of the corresponding node.
7. 7. The method of claim 1, further comprising a dynamic key rotation mechanism that includes a session key By master key Time window index Link tag By a generating function Derived, and automatically updated along with each time window, so as to realize forward security and backward security.
8. 8. A privacy protection data aggregation system for a large-scale advanced measurement system is characterized in that the system is used for executing the method of any one of claims 1 to 7 and comprises a CC, a BS, an FN, an SM and an SM, wherein the CC is used as a whole-network credible root and is responsible for system parameter generation, final aggregation ciphertext decryption and abnormal audit, the BS is used as a regional aggregation node and is responsible for MST backbone topology construction, regional aggregation ciphertext generation and forwarding, the SM is used as an SM with computing capability and is responsible for node state distribution, local aggregation, signature and value calculation in a subarea, and the SM is responsible for electricity reading collection, random number mask generation and signature reporting.
9. 9. The system of claim 8, wherein the system employs an initialization architecture that minimizes TA dependency, and wherein Trusted Authorities (TAs) only participate in parameter issuance and credential issuance during system initialization phases and do not participate in online aggregation, fault tolerance, and key renewal.
10. 10. The system of claim 8, wherein the system supports linear scalability on a node scale of more than a million levels, wherein the computational load of the CC does not increase with node scale, fault tolerant interaction costs approach a constant level, and the delay jitter of the communication path is controlled after MST optimization.

Description

Privacy protection data aggregation method and system for large-scale advanced measurement system Technical Field The invention belongs to the crossing fields of information security technology, cryptography technology, distributed computing technology and smart grid communication technology, and particularly relates to a privacy protection data aggregation method and system suitable for a large-scale advanced measurement system (AdvancedMeteringInfrastructure, AMI). The invention relates to a privacy protection data aggregation technology based on homomorphic encryption, an encryption construction method for resisting adaptive selective ciphertext attack (IND-CCA 2), a hierarchical aggregation communication architecture optimization technology for millions of nodes, a streaming fault-tolerant processing mechanism for node faults and dynamic member changes, and an identity authentication and dynamic key rotation mechanism for smart grid scenes. The method can be widely applied to scenes of large-scale data aggregation under the condition of strong privacy protection, such as smart city energy management systems, large-scale distributed power metering systems, industrial Internet of things (IIoT) data acquisition networks, distributed energy scheduling platforms and the like. Compared with the traditional data aggregation system, the method is particularly suitable for the intelligent power grid operation environment with the node scale reaching more than million levels, high network dynamic performance, complex communication link and extremely high safety requirement. Background With global energy internet construction and smart city infrastructure upgrades, advanced Metering Infrastructure (AMI) has become an important component of smart grids. The AMI realizes high-frequency acquisition and reporting of electricity data by deploying intelligent ammeter (SM) on a large scale at a user side, and provides data support for load prediction, demand response, electric energy quality analysis and fine scheduling. In recent years, urban and even provincial AMI deployment scales have entered the "million-level" and even higher-order node age. Under the scale, the AMI network has the characteristics of super large scale, high concurrency, strong dynamic, strong isomerism and the like, wherein the terminal calculation and the energy consumption are limited, the fluctuation of link quality is obvious, the node fault and short-time disconnection are frequent, and the timeliness of a minute level or a second level is required for data reporting. In this context, privacy-preserving data aggregation (PPDA) is one of the key technologies to secure the operation of AMI. The goal of PPDA is typically to implement regional or full network level statistics aggregation without revealing individual manifest text readings, allowing the control center to obtain a useful aggregate or statistic. However, in a million-level AMI environment, the existing PPDA technology path still faces a bottleneck that security, fault tolerance and expansibility are difficult to be compatible, and the following aspects are mainly presented. 1. The security level of the existing homomorphic aggregation scheme is remained in IND-CPA, so that the active attack is difficult to systematically resist The common technical route in the prior PPDA is to realize that ciphertext can be calculated by utilizing a Paillier or ElGamal equivalent encryption mechanism, so that the intermediate aggregation node can finish addition and/or statistics under the condition of not decrypting. The scheme can generally meet the privacy requirement of indistinguishable (IND-CPA) under the choice of plaintext attack, namely that an attacker cannot easily judge plaintext contents when passively monitoring. However, in the threat model closer to the real AMI, an attacker often cannot only passively eavesdrop, but also may control part of edge nodes, falsify messages, inject malicious ciphertext, implement active attack by using protocol response differences and other modes. Because the traditional homomorphic encryption scheme naturally has ciphertext plasticity, an attacker can change the meaning of the ciphertext in a legal way through homomorphic operation under the condition of not decrypting, so that the final aggregation result is deviated. Especially in millions of networks, an attacker may have significant disturbance to the global aggregate value with very few nodes in control, and if the system has a decryption interface or an erroneous feedback path, there is further a risk of being configured to adaptively choose a ciphertext attack (CCA 2). Therefore, the homomorphic aggregation mechanism which depends on the IND-CPA level alone is difficult to meet the strong safety requirements of power grid business on tamper resistance, malicious injection resistance and active control resistance. 2. Contrast to the prior art patents 2.1 Comparison document 1:CN114139170B The co