5G-Power-Compromised Terminal Threat Detection Based on Atomized Zero-Trust Component

doi:10.19678/j.issn.1000-3428.0063799

Abstract

Abstract: The widespread application of 5G technology in the power industry has promoted access by many power terminals to the network.However, many power terminals are exposed to the Internet, attackers can first invade vulnerable power terminals for remote control and then use the lost terminals as a springboard to vertically penetrate the 5G-power Internet of Things(IoT) to steal sensitive data.The emergence of zero-trust makes it possible to detect the threat of collapsed terminals.However, because of the wide distribution of power terminals, the centralized zero-trust security architecture cannot be directly applied to 5G-power IoT.This paper presents a threat detection scheme for a failed terminal with atomized zero-trust components.Zero-trust components are atomized and deployed around power terminals in a distributed multipoint manner.A set of emergency response processes for downtime components is designed to promptly determine zero-trust components with single-point failure.A sudden trust evaluation model is established to fully use the zero-trust agent installed in the power terminal to continuously collect the terminal behavior factors, extract the sudden factors from them, and quantify them into the trust value to rapidly determine and block the failed terminal with sudden abnormal behavior.The simulation results show that the scheme can effectively alleviate the detection pressure of zero-trust components deployed in 5G-power IoT.When the proportion of failed terminals is 20%, the detection rate of sudden abnormal failed terminals is as high as 92.3%, reasonably suppressing illegal access.

Key words: 5G power Internet of Things(IoT), zero-trust component, atomization deployment, trust evaluation, compromised terminal

摘要： 5G技术在电力行业的普及推进了海量电力终端接入网络，但众多电力终端暴露在互联网中，攻击者可以先入侵脆弱的电力终端进行远程控制，然后以失陷终端作为跳板，纵向渗透到5G电力物联网内部从而窃取敏感数据。零信任的出现为失陷终端威胁检测提供了可能，然而电力终端分布具有广泛性，致使中心化零信任安全架构无法直接应用于5G电力物联网。提出一种雾化零信任组件的失陷终端威胁检测方案。采用分布式多点方式将零信任组件雾化部署到电力终端周围，并设计一套宕机组件应急响应流程用于及时发现单点失效的零信任组件。建立一种突发信任评估模型，充分利用安装在电力终端的零信任代理持续性地收集终端行为因素，从中提取突发因子并量化反映到信任值，以快速发现和阻断具有突发异常行为的失陷终端。仿真结果表明，该方案能有效缓解零信任组件部署于5G电力物联网时的检测压力，在失陷终端比例为20%的条件下对突变异常失陷终端的检测率高达92.3%，具有较好的非法访问抑制效果。

关键词: 5G电力物联网, 零信任组件, 雾化部署, 信任评估, 失陷终端

CLC Number:

TP391

GU Zhimin, WANG Ziying, GUO Jing, GUO Yajuan, FENG Jingyu. 5G-Power-Compromised Terminal Threat Detection Based on Atomized Zero-Trust Component[J]. Computer Engineering, 2023, 49(2): 161-168.

顾智敏, 王梓莹, 郭静, 郭雅娟, 冯景瑜. 雾化零信任组件的5G电力失陷终端威胁检测[J]. 计算机工程, 2023, 49(2): 161-168.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0063799

http://www.ecice06.com/EN/Y2023/V49/I2/161

Figures/Tables 10

References

[1] 刘涛, 马越, 姜和芳, 等.基于零信任的电网安全防护架构研究[J].电力信息与通信技术, 2021, 19(7):25-32. LIU T, MA Y, JIANG H F, et al.Research on power grid security protection architecture based on zero trust[J].Electric Power Information and Communication Technology, 2021, 19(7):25-32.(in Chinese)
[2] SAMANIEGO M, DETERS R.Zero-trust hierarchical management in IoT[C]//Proceedings of IEEE International Congress on Internet of Things.Washington D.C., USA:IEEE Press, 2018:88-95.
[3] 李泽科, 陈泽文, 王春艳, 等.电力监控系统的网络安全威胁溯源技术研究[J].电力工程技术, 2020, 39(2):166-172. LI Z K, CHEN Z W, WANG C Y, et al.Network security threat tracing technology of power monitoring system[J].Electric Power Engineering Technology, 2020, 39(2):166-172.(in Chinese)
[4] 李国庆, 成龙, 王振浩, 等.电力物联网技术标准体系初探[J].电力自动化设备, 2021, 41(3):1-9. LI G Q, CHENG L, WANG Z H, et al.Preliminary study on standard framework of power Internet of Things[J].Electric Power Automation Equipment, 2021, 41(3):1-9.(in Chinese)
[5] ZAHEER Z, CHANG H, MUKHERJEE S, et al.eZTrust:network-independent zero-trust perimeterization for microservices[C]//Proceedings of 2019 ACM Symposium on SDN Research.New York, USA:ACM Press, 2019:49-61.
[6] FreeBuf咨询.2021年零信任产业研究报告[EB/OL].[2021-12-05].https://max.book118.com/html/2021/0924/8011105035004010.shtm. FreeBuf consulting. Research report on zero trust industry in 2021[EB/OL].[2021-12-05].https://max.book118.com/html/2021/0924/8011105035004010.shtm. (in Chinese)
[7] 王刚, 张英涛, 杨正权.基于零信任打造封闭访问空间[J].信息安全与通信保密, 2020, 18(8):78-86. WANG G, ZHANG Y T, YANG Z Q.Building a closed space with zero trust architecture[J].Information Security and Communications Privacy, 2020, 18(8):78-86.(in Chinese)
[8] NIST Special Publication 800-207.Zero trust architecture[EB/OL].[2021-12-05].https://doi.org/10.6028/NIST.SP.
[9] HATAKEYAMA K, KOTANI D, OKABE Y.Zero trust federation:sharing context under user control towards zero trust in identity federation[C]//Proceedings of IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events(PerCom Workshops).Washington D.C., USA:IEEE Press, 2021:514-519.
[10] PATIL A P, KARKAL G, WADHWA J, et al.Design and implementation of a consensus algorithm to build zero trust model[C]//Proceedings of IEEE India Council International Conference.Washington D.C., USA:IEEE Press, 2020:1-5.
[11] KONG C W, LIU J, XIAN M, et al.A small LAN zero trust network model based on Elastic Stack[C]//Proceedings of the 5th International Conference on Mechanical, Control and Computer Engineering.Washington D.C., USA:IEEE Press, 2020:1075-1078.
[12] CHEN B Z, QIAO S Y, ZHAO J, et al.A security awareness and protection system for 5G smart healthcare based on zero-trust architecture[J].IEEE Internet of Things Journal, 2020, 8(13):10248-10263.
[13] MA W, WANG X, HU M S, et al.Machine learning empowered trust evaluation method for IoT devices[J].IEEE Access, 2021, 9:65066-65077.
[14] DESAI S S, NENE M J.Multihop trust evaluation using memory integrity in wireless sensor networks[J].IEEE Transactions on Information Forensics and Security, 2021, 16:4092-4100.
[15] UD DIN I, GUIZANI M, KIM B S, et al.Trust management techniques for the Internet of Things:a survey[J].IEEE Access, 2018, 7:29763-29787.
[16] VELUSAMY D, PUGALENDHI G, RAMASAMY K.A cross-layer trust evaluation protocol for secured routing in communication network of smart grid[J].IEEE Journal on Selected Areas in Communications, 2020, 38(1):193-204.
[17] LI H F, SHAN Q Q, ZHAN J J, et al.A trust evaluation method based on environmental assessment in the perception layer of Internet of vehicles[C]//Proceedings of the 13th International Conference on Communication Software and Networks.Washington D.C., USA:IEEE Press, 2021:49-54.
[18] 任智, 吴本源, 周舟, 等.基于CoAP协议的泛在电力物联网拥塞控制算法[J].计算机工程, 2021, 47(10):166-173. REN Z, WU B Y, ZHOU Z, et al.Congestion control algorithm for ubiquitous electric IoT based on CoAP protocol[J].Computer Engineering, 2021, 47(10):166-173.(in Chinese)
[19] 陶耀东, 徐伟, 纪胜龙.边缘计算安全综述与展望[J].计算机集成制造系统, 2019, 25(12):3043-3051. TAO Y D, XU W, JI S L.Summary and prospect of edge computing security[J].Computer Integrated Manufacturing Systems, 2019, 25(12):3043-3051.(in Chinese)
[20] 杜瑞忠, 闫沛文, 刘妍.雾计算中细粒度属性更新的外包计算访问控制方案[J].通信学报, 2021, 42(3):160-170. DU R Z, YAN P W, LIU Y.Fine-grained attribute update and outsourcing computing access control scheme in fog computing[J].Journal on Communications, 2021, 42(3):160-170.(in Chinese)
[21] 李大伟, 宋春晓, 李斌, 等.电力区块链基础设施架构及其设计与实现[J].电力工程技术, 2021, 40(2):93-100. LI D W, SONG C X, LI B, et al.Blockchain technology in power system:infrastructure architecture, design and implementation[J].Electric Power Engineering Technology, 2021, 40(2):93-100.(in Chinese)
[22] 张晓东, 陈韬伟, 余益民.一种基于LWE-CPABE的区块链数据共享方案[J].计算机工程, 2022, 48(10):158-168, 175. ZHANG X D, CHEN T W, YU Y M.A blockchain data sharing scheme based on LWE-CPABE[J].Computer Engineering, 2022, 48(10):158-168, 175.(in Chinese)
[23] 曾玲, 刘星江.基于零信任的安全架构[J].通信技术, 2020, 53(7):1750-1754. ZENG L, LIU X J.Security architecture based on zero trust[J].Communications Technology, 2020, 53(7):1750-1754.(in Chinese)
[24] JOSANG A, ISMAIL R.The beta reputation system[C]//Proceedings of the 15th Bled Electronic Commerce Conference.Washington D.C., USA:IEEE Press, 2002:2502-2511.
[25] EL SAYED H, ZEADALLY S, PUTHAL D.Design and evaluation of a novel hierarchical trust assessment approach for vehicular networks[J].Vehicular Communications, 2020, 24:100227.

Please choose a citation manager

Content to export