CN-122001637-A - Artificial intelligence application data security encryption method

Abstract

The application relates to the field of data security, and particularly discloses an artificial intelligent application data security encryption method, which is characterized in that a physical unclonable function is utilized to generate a secret key, a physical fingerprint is used as an endogenous characteristic, and a reversible confusion matrix is constructed to perform advanced characteristic modulation transformation on data load, so that the data and a specific hardware identity are deeply bound before encryption. Therefore, even if the session key is leaked carelessly, an attacker cannot construct a correct reversible confusion matrix to demodulate data because the physical fingerprint and the real-time running state of the original equipment cannot be obtained or simulated, so that a false data injection attack path based on the key leakage is effectively blocked, and the authenticity and the non-imitation of the data source are ensured. By the method, the credibility of the edge side data is strengthened fundamentally, and the secure transmission guarantee with strong equipment binding and state sensing capability is provided for the application of the artificial intelligence in the key industrial scene.

Inventors

• DANG FANGFANG
• WANG ZHIYING
• LI SHUAI
• LIU HAN
• Yan lijing
• SONG YIFAN
• CUI XIAORUI
• MENG HUIPING
• LI YU
• ZHU YING

Assignees

• 国网河南省电力公司信息通信分公司

Dates

Publication Date

20260508

Application Date

20260126

Claims (9)

1. 1. An artificial intelligence application data security encryption method, comprising: S1, preprocessing acquired original sensor data flow and system measurement data to obtain standardized data load and state measurement vector; S2, inputting a preset hardware challenge value into a physical unclonable function module of the equipment to excite a physical response, and carrying out error correction and denoising extraction on the physical response to obtain a stable physical fingerprint; S3, constructing a special dynamic session key for the round of communication based on the stable physical fingerprint, the state metric vector and the currently generated time seed; s4, constructing a reversible confusion matrix based on stable physical fingerprints, and performing endogenous characteristic modulation transformation on the standardized data load by utilizing the reversible confusion matrix to obtain a modulation load; s5, carrying out load encryption on the modulation load based on the dynamic session key to obtain a data ciphertext block; and S6, constructing a transmission protocol header based on the data ciphertext block, the state metric vector and the time seed, and calculating a message authentication code to obtain a final transmission data packet.
2. 2. The artificial intelligence application data security encryption method of claim 1, wherein the raw sensor data stream includes electrical analog sampling data, physical environment awareness data, and switching state data, and the system metric data includes static integrity metrics, dynamic runtime state, and resource behavior fingerprints.
3. 3. The artificial intelligence application data security encryption method according to claim 1, characterized in that step S1 comprises: establishing a dual-channel buffer area to synchronously receive the original sensor data stream and the system measurement data; noise filtering is carried out on the original sensor data stream to obtain a denoised sensor data fragment; carrying out standardized transformation on the denoising sensor data segment to obtain a standardized data load; Analyzing key memory segment codes in system measurement data, calculating code segment fingerprints, reading key register values in the system measurement data, converting the key register values into binary strings, and performing bit-level splicing on the code segment fingerprints and the binary strings to obtain state measurement vectors.
4. 4. The artificial intelligence application data security encryption method according to claim 1, characterized by step S2 comprising: Analyzing the hardware challenge value into a circuit selection signal to select a specific physical unit pair in the physical unclonable function module, and applying voltage excitation to the specific physical unit pair to acquire an original physical response signal in a simulation state; performing differential comparison quantization on the original physical response signal to obtain a noisy response bit string; And performing fuzzy extraction error correction and fingerprint stabilization on the noisy response bit string to obtain a stable physical fingerprint.
5. 5. The artificial intelligence application data security encryption method according to claim 1, characterized by step S3, comprising: Performing multidimensional entropy source fusion and seed compression on the stable physical fingerprints, the state measurement vector and the time seeds to obtain main entropy seeds; and taking the main entropy seed as a pseudo-random key source and carrying out parameterization expansion by combining a preset context information character string to obtain a dynamic session key.
6. 6. The artificial intelligence application data security encryption method according to claim 1, characterized by step S4, comprising: taking the stable physical fingerprint as a seed, and carrying out seeded expansion on the stable physical fingerprint to obtain a displacement matrix and a diagonal matrix; multiplying the permutation matrix and the diagonal matrix to obtain a reversible confusion matrix; Carrying out data load vectorization shaping on the standardized data load to obtain a formatted data vector; Based on the reversible confusion matrix, carrying out endogenous characteristic modulation transformation on the formatted data vector to obtain a modulation load.
7. 7. The artificial intelligence application data security encryption method according to claim 1, characterized by step S5, comprising: performing data filling and block alignment on the modulated load to obtain a filled load; generating an initialization vector by using a true random number generator, and performing symmetric encryption on the filled load by using a dynamic session key and the initialization vector to obtain an original secret and a document; And splicing the initialization vector to the front end of the original ciphertext and performing block encapsulation to obtain a data ciphertext block.
8. 8. The artificial intelligence application data security encryption method according to claim 1, characterized by step S6, comprising: Performing one-way hash operation on the state metric vector to generate a state abstract, and splicing the unique identifier of the device, the time seed and the state abstract to obtain a transmission protocol header; Binary concatenation is carried out on the transmission protocol header and the data ciphertext block, and a message authentication code operation based on hash is carried out on the concatenated sequence by utilizing a dynamic session key so as to obtain a message authentication code; and splicing the transmission protocol header, the data ciphertext block and the message authentication code in sequence to obtain a final transmission data packet.
9. 9. The artificial intelligence application data security encryption method of claim 5, wherein performing an endogenous signature modulation transform on the formatted data vectors based on the reversible confusion matrix to obtain the modulation payload comprises: Determining a dynamic disturbance factor based on the state metric vector and the time seed; Performing matrix manifold dynamic warping on the reversible confusion matrix and the dynamic disturbance factor to obtain a time-varying modulation operator; based on the time-varying modulation operator and the dynamic disturbance factor, carrying out dynamic affine projection transformation on the formatted data vector to obtain a modulation load.

Description

Artificial intelligence application data security encryption method Technical Field The application relates to the field of data security, and more particularly, to an artificial intelligence application data security encryption method. Background With the deep application of artificial intelligence technology in the key fields of automatic driving, smart power grid and the like, sensor data generated by edge equipment has become a core element for driving intelligent decision. However, data is faced with a serious security threat in the process of being transferred from the physical device to the cloud AI processing unit. Once data is maliciously stolen or tampered, the decision error of an AI model is possibly caused, and disastrous results are possibly caused, so that a safe encryption scheme capable of ensuring that the data source is credible, the content is complete and secret is constructed, and the method has become an urgent requirement for ensuring the safe and reliable operation of an artificial intelligent system. Currently, mainstream artificial intelligence application data security encryption schemes generally rely on conventional encryption technologies such as transport layer security protocols or pre-shared keys. The scheme mainly focuses on confidentiality and transmission integrity of data in a channel, and the core mechanism is to treat the data as a general binary load for pipeline encryption processing. However, this mode has a significant technical bottleneck in that the encryption process is completely decoupled from the physical device and its operating state in which the data is generated. In particular, the traditional encryption algorithm has the characteristics of digital logic and physical world equipment that are split, meanwhile, a system usually adopts a separated architecture of 'authentication before communication', and once a session is established, a subsequent data packet lacks continuous physical identity and dynamic running state verification. This traditional architecture results in an attacker, once it steals the key from the edge device by means of physical extraction, etc., simulating a legitimate sensor on any computing device, injecting well-structured spurious data into the cloud AI. Because the cloud can only verify whether decryption is successful or not, whether data is derived from real physical equipment and the real running state of the physical equipment cannot be distinguished, and therefore false data injection attacks based on key leakage cannot be effectively prevented, and extremely high risks of blackout or major accidents are brought to industrial field-level applications such as novel power systems and automatic driving. Therefore, an optimized artificial intelligence application data security encryption method is desired. Disclosure of Invention In order to solve the technical problems, the application provides an artificial intelligence application data security encryption method. According to one aspect of the present application, there is provided an artificial intelligence application data security encryption method, comprising: S1, preprocessing acquired original sensor data flow and system measurement data to obtain standardized data load and state measurement vector; S2, inputting a preset hardware challenge value into a physical unclonable function module of the equipment to excite a physical response, and carrying out error correction and denoising extraction on the physical response to obtain a stable physical fingerprint; S3, constructing a special dynamic session key for the round of communication based on the stable physical fingerprint, the state metric vector and the currently generated time seed; s4, constructing a reversible confusion matrix based on stable physical fingerprints, and performing endogenous characteristic modulation transformation on the standardized data load by utilizing the reversible confusion matrix to obtain a modulation load; s5, carrying out load encryption on the modulation load based on the dynamic session key to obtain a data ciphertext block; and S6, constructing a transmission protocol header based on the data ciphertext block, the state metric vector and the time seed, and calculating a message authentication code to obtain a final transmission data packet. Compared with the prior art, the method for encrypting the artificial intelligence application data safely generates the secret key by utilizing the physical unclonable function, takes the physical fingerprint as the endogenous characteristic, constructs the reversible confusion matrix to carry out advanced characteristic modulation transformation on the data load, and then carries out deep binding on the data and the specific hardware identity before encryption. Therefore, even if the session key is leaked carelessly, an attacker cannot construct a correct reversible confusion matrix to demodulate data because the physical fingerprint and the re