[go: up one dir, main page]

CN110545289B - Error data injection attack defense method based on mixed homomorphic encryption - Google Patents

Error data injection attack defense method based on mixed homomorphic encryption Download PDF

Info

Publication number
CN110545289B
CN110545289B CN201910917532.4A CN201910917532A CN110545289B CN 110545289 B CN110545289 B CN 110545289B CN 201910917532 A CN201910917532 A CN 201910917532A CN 110545289 B CN110545289 B CN 110545289B
Authority
CN
China
Prior art keywords
algorithm
state estimation
homomorphic
encryption
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910917532.4A
Other languages
Chinese (zh)
Other versions
CN110545289A (en
Inventor
张镇勇
程鹏
潘骏
陈积明
欧阳柳
姚一杨
陈嵘
王文华
方景辉
唐锦江
赵志军
徐晨
金军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Terabits Technology Co ltd
Jiaxing Hengchuang Power Group Co ltd Huachuang Information Technology Branch
Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Hangzhou Terabits Technology Co ltd
Jiaxing Hengchuang Power Group Co ltd Huachuang Information Technology Branch
Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Terabits Technology Co ltd, Jiaxing Hengchuang Power Group Co ltd Huachuang Information Technology Branch, Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Hangzhou Terabits Technology Co ltd
Priority to CN201910917532.4A priority Critical patent/CN110545289B/en
Publication of CN110545289A publication Critical patent/CN110545289A/en
Application granted granted Critical
Publication of CN110545289B publication Critical patent/CN110545289B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a mixed homomorphic encryption-based error data injection attack defense method, which comprises the steps of firstly constructing an attack vector to obtain the influence of a system state estimation result so as to obtain an object needing encryption protection, and rewriting a static Kalman filtering state estimation algorithm iteration process to obtain an iteration form supporting a mixed homomorphic encryption process; then designing a quantization and mapping method from a real number domain to a plaintext space to adapt to homomorphic encryption operation, and respectively designing communication protocols for executing an addition homomorphic algorithm and a multiplication homomorphic algorithm; and finally, defining different groups participating in the state estimation algorithm, designing calculation tasks required to be executed by the different groups, and further designing an encryption state estimation protocol for ensuring the data security in the calculation and communication processes. The protocol solves the problem that the reliability and the accuracy of the calculation result from the plain text domain to the cipher text domain are difficult to guarantee, considers the requirement of each party on data confidentiality, and can effectively resist the injection attack of error data in an information physical system.

Description

基于混合同态加密的错误数据注入攻击防御方法False data injection attack defense method based on hybrid homomorphic encryption

技术领域technical field

本发明涉及信息物理系统安全领域,特别涉及针对系统状态估计的错误数据注入攻击的防御。The invention relates to the field of cyber-physical system security, in particular to the defense against wrong data injection attack of system state estimation.

背景技术Background technique

随着信息技术的发展,传统工业系统迈向信息化和智能化的脚步加快,渐渐形成了开放、高效、可靠的信息物理融合系统。由于信息技术与物理技术的深度融合,信息系统面临的各类安全问题也逐渐渗透到了物理系统。尤其是越来越多的智能仪表、通用计算机、通用通信协议的引入,使得原本封闭的物理系统也可能遭到来自信息系统的攻击,例如,2010年伊朗核设施遭受到“震网病毒”的攻击,2015年乌克兰电网遭受到“黑暗能量病毒”的攻击。With the development of information technology, the pace of traditional industrial systems towards informatization and intelligence has accelerated, and an open, efficient and reliable information-physical fusion system has gradually formed. Due to the deep integration of information technology and physical technology, various security problems faced by information systems have gradually penetrated into physical systems. In particular, the introduction of more and more smart instruments, general-purpose computers, and general-purpose communication protocols makes the originally closed physical system possible to be attacked from information systems. In 2015, the Ukrainian power grid was attacked by a "dark energy virus".

系统状态估计根据数据采集与监视控制系统(SCADA)采集的有噪声测量数据来估计系统的真实状态,是信息物理系统中不可或缺的功能模块。例如,在电力系统中,状态估计是最优潮流、故障分析和经济调度的基础。状态估计的过程如附图1所示,其包括三个部分。传感部分测量工业现场数据,通过公用网络传送给估计器,估计器(通常位于控制中心)结合系统模型执行估计算法,并根据估计结果判断测量数据是否存在坏数据,最后,估计器将估计结果传送给需要应用的单元,如控制器、故障分析部门等。然而,有大量工作表明,状态估计的结构极易受到攻击,例如通信信道的数据会被劫持或者篡改。攻击者构造的错误数据注入攻击可以随意改变测量值,而绕过状态估计算法中的坏数据检测器。System state estimation is an indispensable functional module in cyber-physical systems to estimate the real state of the system based on the noisy measurement data collected by the Supervisory Control System for Data Acquisition (SCADA). For example, in power systems, state estimation is the basis for optimal power flow, fault analysis, and economic dispatch. The process of state estimation is shown in Fig. 1, which includes three parts. The sensing part measures the industrial field data and transmits it to the estimator through the public network. The estimator (usually located in the control center) executes the estimation algorithm in combination with the system model, and judges whether the measurement data has bad data according to the estimation result. Finally, the estimator will estimate the result. It is transmitted to the units that need to be applied, such as controllers, fault analysis departments, etc. However, a large body of work has shown that the structure of state estimation is extremely vulnerable to attacks, such as data hijacking or tampering of communication channels. Bad data injection attacks constructed by attackers can arbitrarily change the measurements while bypassing bad data detectors in state estimation algorithms.

目前大量研究仅考虑测量数据在传输过程中被窃取和攻击,而很少分析估计器的安全性。实际上,估计器是面临的威胁更大。攻击者以估计器为攻击目标能够获取的系统知识更多。首先,估计器一般是由第三方生产商提供,可能会存在后门或漏洞。其次,估计器汇集工业现场数据、系统状态估计结果以及系统模型参数,由于这些数据直接反映了系统的运行状况和物理特性,对系统方而言极其重要,因此,入侵估计器能较全面的获取系统信息,从而执行更加隐蔽的攻击。另外,随着系统规模的增大,为了实现实时控制与监测,系统方可能会把状态估计任务外包给第三方服务器或者云服务商,使得系统方的关键数据更容易被窃取和利用。利用这些数据,攻击者可以构造具有强隐蔽的错误数据注入攻击策略,对系统造成巨大的物理破坏和经济损失。因此,保护估计器中的数据尤为重要。At present, a large number of studies only consider that the measurement data is stolen and attacked during the transmission process, and rarely analyze the security of the estimator. In fact, the estimator is more threatened. The attacker can gain more system knowledge by targeting the estimator. First, estimators are generally provided by third-party manufacturers, which may have backdoors or vulnerabilities. Secondly, the estimator collects industrial field data, system state estimation results and system model parameters. Since these data directly reflect the operating status and physical characteristics of the system, they are extremely important to the system side. Therefore, the intrusion estimator can obtain a comprehensive system information to perform more stealthy attacks. In addition, as the scale of the system increases, in order to achieve real-time control and monitoring, the system side may outsource the task of state estimation to a third-party server or cloud service provider, making the key data of the system side more likely to be stolen and utilized. Using these data, attackers can construct a strong concealment error data injection attack strategy, causing huge physical damage and economic losses to the system. Therefore, it is especially important to protect the data in the estimator.

利用加密技术来保障数据安全一直是安全领域研究的热点。目前大部分研究主要集中在如何保护通信信道中的数据安全,而缺乏对计算单元中数据安全的研究。通信数据加密的优点在于能够实现数据的轻量传输,缺点是需要实时分配秘钥,设立可信的秘钥管理中心。并且,其不能保证数据在密文状态下参与运算。在计算单元,如估计器中,所有参与运算的数据仍然为明文状态。近年来,有些工作采用安全多方计算的思想来实现密文域的状态估计算法,但是,其计算协议复杂,需要增加额外繁杂的通信过程。本发明采用混合同态加密方案,结合加法和乘法同态特性,实现状态估计过程的全密文运算,同时保障了通信信道及估计器中的数据安全。The use of encryption technology to ensure data security has always been a hot research topic in the field of security. At present, most researches mainly focus on how to protect the data security in the communication channel, and there is a lack of research on the data security in the computing unit. The advantage of communication data encryption is that it can realize lightweight transmission of data, but the disadvantage is that it needs to distribute secret keys in real time and establish a trusted secret key management center. Moreover, it cannot guarantee that the data participates in the operation in the ciphertext state. In the computing unit, such as the estimator, all the data involved in the operation are still in the state of plaintext. In recent years, some works have adopted the idea of secure multi-party computation to realize the state estimation algorithm in the ciphertext domain. However, the computation protocol is complicated and extra complicated communication process needs to be added. The invention adopts the hybrid homomorphic encryption scheme, and combines the homomorphic characteristics of addition and multiplication to realize the full ciphertext operation of the state estimation process, and at the same time guarantees the data security in the communication channel and the estimator.

发明内容SUMMARY OF THE INVENTION

为了实现对系统测量数据和系统模型参数的保护,解决现有方法无法实现密文域运算或通信负荷大的问题,本发明提供一种状态估计运算过程在全密文状态下执行、额外通信量少、运算结果有效的加密估计算法,能够同时保护通信信道和估计器中的关键数据,以抵御隐蔽性的错误数据注入攻击。In order to realize the protection of system measurement data and system model parameters, and to solve the problem that the existing method cannot realize the ciphertext domain operation or the communication load is large, the present invention provides a state estimation operation process performed in a full ciphertext state, with additional traffic The encryption estimation algorithm with few operation results and effective results can protect the key data in the communication channel and the estimator at the same time, so as to resist the concealed error data injection attack.

本发明解决其技术问题所采用的技术方案是:一种基于混合同态加密的错误数据注入攻击防御方法,该方法包括以下步骤:The technical scheme adopted by the present invention to solve the technical problem is: a method for defending against wrong data injection based on hybrid homomorphic encryption, the method comprises the following steps:

(1)结合系统物理动态模型,给出攻击者为执行攻击必须获取的参数,进而构造攻击向量,得到系统状态估计结果的影响,进而得到需要加密保护的对象为:系统模型参数、测量值和状态估计结果;(1) Combined with the physical dynamic model of the system, the parameters that the attacker must obtain to execute the attack are given, and then the attack vector is constructed to obtain the influence of the system state estimation result, and then the objects that need to be encrypted and protected are obtained: system model parameters, measured values and state estimation result;

(2)将静态卡尔曼滤波状态估计算法迭代过程进行改写,得到能够支持混合同态加密加解密过程的迭代形式;状态估计算法迭代过程改写如下:(2) Rewrite the iterative process of the static Kalman filter state estimation algorithm to obtain an iterative form that can support the encryption and decryption process of hybrid homomorphic encryption; the iterative process of the state estimation algorithm is rewritten as follows:

Figure BDA0002216544260000021
Figure BDA0002216544260000021

其中,

Figure BDA0002216544260000022
H∈Rn×l,l=n+m,r(t)∈Rn×l
Figure BDA0002216544260000023
表示t时刻的状态估计结果,
Figure BDA0002216544260000024
表示t-1时刻的状态估计结果,y(t)表示t时刻的测量值,A表示系统矩阵,C表示测量矩阵,K表示静态卡尔曼增益,
Figure BDA0002216544260000025
表示系统参数的计算结果,n表示状态维数,m表示测量维数,包含系统模型参数的矩阵H和系统状态信息r(t)是需要被加密保护的对象,其中,系统状态信息包括测量值和状态估计结果。in,
Figure BDA0002216544260000022
H∈R n×l , l=n+m, r(t)∈R n×l ,
Figure BDA0002216544260000023
represents the state estimation result at time t,
Figure BDA0002216544260000024
Represents the state estimation result at time t-1, y(t) represents the measurement value at time t, A represents the system matrix, C represents the measurement matrix, K represents the static Kalman gain,
Figure BDA0002216544260000025
Represents the calculation result of the system parameters, n represents the state dimension, m represents the measurement dimension, the matrix H containing the system model parameters and the system state information r(t) are the objects that need to be encrypted and protected, wherein the system state information includes the measured value and state estimation results.

(3)设计实数域到明文空间的量化与映射方法,将状态估计算法迭代过程改写后的系统模型参数和系统状态信息,从实数域量化和映射到明文空间,以适应同态加密运算;所述实数域到明文空间的量化方法为:(3) Design the quantization and mapping method from the real number field to the plaintext space, and quantify and map the system model parameters and system state information after rewriting the iterative process of the state estimation algorithm from the real number field to the plaintext space, so as to adapt to the homomorphic encryption operation; The quantization method from the real number field to the plaintext space is described as:

对于系统模型参数的矩阵H:采用量化误差消去法,即,对于H中的每一元素,首先将其转化为分数形式,然后,将该矩阵乘以所有元素的公分母,即:For the matrix H of system model parameters: use quantization error cancellation, that is, for each element in H, first convert it to fractional form, and then multiply the matrix by the common denominator of all elements, that is:

Figure BDA0002216544260000026
Figure BDA0002216544260000026

其中,

Figure BDA0002216544260000027
为矩阵H的量化结果,α为公分母。in,
Figure BDA0002216544260000027
is the quantization result of matrix H, and α is the common denominator.

对于系统状态信息r(t):采用参数随机量化法,对于r(t)中的一个元素ri(t),若ri(t)∈[μk,μk+1),μk,μk+1为整数,则其量化结果依据如下概率分布形式:For system state information r(t): adopt the parameter random quantization method, for an element r i (t) in r(t), if r i (t)∈[μ k , μ k+1 ), μ k , If μ k+1 is an integer, the quantization result is based on the following probability distribution:

Figure BDA0002216544260000031
Figure BDA0002216544260000031

其中,Pr(·)表示概率值,

Figure BDA0002216544260000032
表示ri(t)的量化结果,0≤p≤1。Among them, Pr( ) represents the probability value,
Figure BDA0002216544260000032
Indicates the quantization result of ri (t), 0≤p≤1 .

量化结果到密码算法明文空间M的映射为:The mapping of the quantization result to the plaintext space M of the cryptographic algorithm is:

Figure BDA0002216544260000033
Figure BDA0002216544260000033

其中,

Figure BDA0002216544260000034
表示映射结果,
Figure BDA0002216544260000035
表示实数x的量化结果,fm(·)表示映射函数,N为密码算法的取模参数。in,
Figure BDA0002216544260000034
represents the mapping result,
Figure BDA0002216544260000035
represents the quantization result of the real number x, f m (·) represents the mapping function, and N is the modulo parameter of the cryptographic algorithm.

(4)对步骤(3)中的映射结果,采用加法同态加密方案的公钥进行加密,得到系统模型参数、测量值和状态估计结果的密文数据;并根据系统模型参数、测量值和状态估计结果的保密性,分别设计执行加法同态算法与乘法同态算法的通信协议,将密文数据作为加法同态算法与乘法同态算法的通信协议的输入;(4) Encrypt the mapping result in step (3) using the public key of the additive homomorphic encryption scheme to obtain ciphertext data of system model parameters, measured values and state estimation results; and according to the system model parameters, measured values and Confidentiality of the state estimation results, respectively design the communication protocol for the additive homomorphic algorithm and the multiplicative homomorphic algorithm, and use the ciphertext data as the input of the communication protocol for the additive homomorphic algorithm and the multiplicative homomorphic algorithm;

(5)定义参与状态估计算法的数据提供方、核心算法执行方和状态估计结果应用方三个群体,运用加法同态算法与乘法同态算法的通信协议设计不同群体在密文域状态估计算法中所需执行的计算任务;(5) Define three groups of data providers, core algorithm executors and state estimation result application parties participating in the state estimation algorithm, and use the communication protocol of the additive homomorphic algorithm and the multiplicative homomorphic algorithm to design the state estimation algorithm of different groups in the ciphertext domain The computing tasks that need to be performed in;

(6)综合以上步骤,设计保证计算和通信过程数据全保密的加密状态估计协议。(6) Combining the above steps, design an encrypted state estimation protocol that ensures the complete confidentiality of the data in the calculation and communication process.

进一步地,所述步骤(1)中,攻击者可以构造如下的攻击向量,以实现坏数据检测器的隐蔽性攻击:Further, in the step (1), the attacker can construct the following attack vector to realize the stealth attack of the bad data detector:

Ya≡{ya(τ)|ya(τ)=CAτ-tKya(t),τ≥t}Y a ≡{y a (τ)|y a (τ)=CA τ-t Ky a (t), τ≥t}

其中,t表示攻击开始时刻,τ表示攻击延续时间,C∈Rm×n,A∈Rn×n和K∈Rn×m表示系统参数,Ya表示攻击向量序列,ya(τ)∈Rm表示攻击向量,即注入到测量值中的错误数据,ya(t)∈Rm表示初始攻击向量;进而,对系统状态估计结果的影响为:Among them, t is the attack start time, τ is the attack duration, C∈R m×n , A∈R n×n and K∈R n×m are the system parameters, Y a is the attack vector sequence, y a (τ) ∈R m represents the attack vector, that is, the wrong data injected into the measurement value, y a (t) ∈ R m represents the initial attack vector; further, the influence on the system state estimation result is:

Figure BDA0002216544260000036
Figure BDA0002216544260000036

其中,

Figure BDA0002216544260000037
表示真实的状态估计结果,Xa是有攻击下状态估计结果的序列,
Figure BDA0002216544260000038
是有攻击情形下时刻τ的状态估计结果,T∈Rm×m是一个对角矩阵,如果第i个测量值被篡改,则Tii=1,否则,Tii=0。in,
Figure BDA0002216544260000037
represents the real state estimation result, X a is the sequence of state estimation results under attack,
Figure BDA0002216544260000038
is the state estimation result at time τ under attack situation, T∈R m×m is a diagonal matrix, if the i-th measurement value is tampered with, then T ii =1, otherwise, T ii =0.

进一步地,所述步骤(4)中,所述的乘法同态算法为:Further, in the step (4), the multiplication homomorphic algorithm is:

Figure BDA0002216544260000039
Figure BDA0002216544260000039

其中,

Figure BDA00022165442600000310
为解密算法,sk1为解密秘钥,⊙为对应于明文乘法的密文域运算,
Figure BDA00022165442600000311
为加密算法,pk1为加密秘钥,m1∈M,m2∈M为原始明文;in,
Figure BDA00022165442600000310
is the decryption algorithm, sk 1 is the decryption key, ⊙ is the ciphertext domain operation corresponding to the plaintext multiplication,
Figure BDA00022165442600000311
is the encryption algorithm, pk 1 is the encryption key, m 1 ∈ M, m 2 ∈ M is the original plaintext;

所述的加法同态算法为:The additive homomorphic algorithm described is:

Figure BDA0002216544260000041
Figure BDA0002216544260000041

其中,

Figure BDA0002216544260000042
为对应明文加法的密文域运算。in,
Figure BDA0002216544260000042
It is the ciphertext field operation corresponding to plaintext addition.

进一步地,所述步骤(5)中,所述数据提供方、核心算法执行方和状态估计结果应用方三个群体所需执行的计算任务具体为:数据提供方负责将测量值和系统模型参数采用加法同态方案进行加密,并将其传送给核心算法执行方,即加密估计器,加密估计器基于密文域数据执行加法同态算法,将运算结果C1传送给估计结果应用方,状态估计结果应用方将C1进行解密和恢复,并采用乘法同态方案进行加密,将C2发送给加密估计器;加密估计器执行乘法同态算法,将运算结果C3发送给状态估计结果应用方;状态估计结果应用方将C3进行解密和恢复,得到状态估计结果,状态估计结果应用方将状态估计结果采用加法同态加密方案的公钥进行加密,并反馈给加密估计器进行迭代运算。Further, in the step (5), the calculation tasks required to be performed by the three groups of the data provider, the core algorithm executor and the state estimation result application party are specifically: the data provider is responsible for the measurement value and the system model parameter. The addition homomorphic scheme is used for encryption, and it is sent to the core algorithm executor, that is, the encryption estimator. The encryption estimator executes the addition homomorphic algorithm based on the ciphertext domain data, and sends the operation result C 1 to the estimation result application side. The estimation result application party decrypts and restores C 1 , encrypts it using the multiplication homomorphic scheme, and sends C 2 to the encrypted estimator; the encrypted estimator executes the multiplication homomorphic algorithm, and sends the operation result C 3 to the state estimation result application The application side of the state estimation result decrypts and restores C3 to obtain the state estimation result. The application side of the state estimation result encrypts the state estimation result with the public key of the additive homomorphic encryption scheme, and feeds it back to the encryption estimator for iterative operation. .

进一步地,所述步骤(6)中,所设计的加密状态估计协议为:Further, in the described step (6), the designed encryption state estimation protocol is:

Figure BDA0002216544260000043
Figure BDA0002216544260000043

Figure BDA0002216544260000051
Figure BDA0002216544260000051

其中,注:

Figure BDA0002216544260000052
表示安全加法操作(同态加法);⊙表示安全乘法操作(同态乘法);⊙h表示模指数运算;pk1和sk1表示乘法同态密码算法的公钥和私钥;pk2和sk2表示加法同态密码算法的公钥和私钥;fq表示实数量化算法;fm表示整数映射算法;M为明文空间;
Figure BDA0002216544260000053
表示在乘法同态加密下的数据;
Figure BDA0002216544260000054
表示在加法同态加密下的数据;→表示数据映射;→表示数据传输;C*表示密文;
Figure BDA0002216544260000055
为加密估计器计算的中间结果,V(t)为状态估计结果应用方计算的中间结果,d为一个随机变量;
Figure BDA0002216544260000056
是矩阵
Figure BDA0002216544260000057
中第i行第j列的元素;d-1表示d的模逆。
Figure BDA0002216544260000058
表示初始状态的估计结果,
Figure BDA0002216544260000059
表示*的量化结果,
Figure BDA00022165442600000510
表示*的映射结果,Enc(*)pk1表示*被加法同态方案的加密算法,Enc(*)pk2表示*被乘法同态方案的加密算法,
Figure BDA00022165442600000511
表示*的估计结果,Dec(*)sk1表示*被加法同态方案的解密算法,Dec(*)sk2表示*被乘法同态方案的解密算法,
Figure BDA00022165442600000512
表示整数恢复算法;fq -1表示整数恢复成实数。
Figure BDA00022165442600000513
为t时刻经复原和返回后的状态估计结果的映射结果。Among them, note:
Figure BDA0002216544260000052
represents a secure addition operation (homomorphic addition); ⊙ represents a secure multiplication operation (homomorphic multiplication); ⊙ h represents a modular exponential operation; pk 1 and sk 1 represent the public and private keys of the multiplicative homomorphic cryptographic algorithm; pk 2 and sk 2 represents the public key and private key of the additive homomorphic encryption algorithm; f q represents the real number quantization algorithm; f m represents the integer mapping algorithm; M represents the plaintext space;
Figure BDA0002216544260000053
Represents data under multiplicative homomorphic encryption;
Figure BDA0002216544260000054
Represents data under additive homomorphic encryption; →represents data mapping; →represents data transmission; C * represents ciphertext;
Figure BDA0002216544260000055
is the intermediate result calculated by the encryption estimator, V(t) is the intermediate result calculated by the state estimation result application side, and d is a random variable;
Figure BDA0002216544260000056
is the matrix
Figure BDA0002216544260000057
The element in the i-th row and the j-th column; d -1 represents the modular inverse of d.
Figure BDA0002216544260000058
represents the estimated result of the initial state,
Figure BDA0002216544260000059
represents the quantization result of *,
Figure BDA00022165442600000510
Represents the mapping result of *, Enc(*) pk1 represents the encryption algorithm of the added homomorphic scheme, Enc(*) pk2 represents the encryption algorithm of the multiplication homomorphic scheme,
Figure BDA00022165442600000511
Represents the estimation result of *, Dec(*) sk1 represents the decryption algorithm of the added homomorphic scheme, Dec(*) sk2 represents the decryption algorithm of the multiplication homomorphic scheme,
Figure BDA00022165442600000512
Indicates the integer recovery algorithm; f q -1 indicates that the integer is recovered to a real number.
Figure BDA00022165442600000513
is the mapping result of the restored and returned state estimation result at time t.

进一步地,所述模糊运算基于如下乘法模糊(multiplication blind)原则:Further, the fuzzy operation is based on the following multiplication blind principle:

b(ax)mod L=bmod Lb(ax)mod L=bmod L

其中,ax≡1mod L,即,x=a-1mod Lwhere ax≡1mod L, that is, x=a -1 mod L

进一步地,所述安全状态估计协议中,通信信道数据和系统模型参数的加密结果能够直接参与状态估计算法,且能够保证估计结果的有效性。Further, in the security state estimation protocol, the encryption results of communication channel data and system model parameters can directly participate in the state estimation algorithm, and the validity of the estimation results can be guaranteed.

本发明的有益效果是:针对信息物理系统状态估计过程,考虑估计器或者通信信道被攻击者劫持,企图获取系统关键数据以执行具有破坏性的错误数据注入攻击,采用加密技术保证数据安全性,即,不被窃取和篡改;引入同态加密算法后,解决输入为密文的状态估计算法各类操作难以执行的问题,实现密文域的安全加法和乘法运算;对状态估计过程参与各方进行定义和任务分工,利用混合同态加密方案,所设计的加密状态估计协议能够保证任何一方以及外界攻击者难以同时获取测量数据、系统模型参数和状态估计结果。该加密状态估计协议设计过程简便,所得基于混合同态加密的状态估计算法能够有效估计系统状态,参与各方通信量少。与传统加密方法相比,能够抵御直接入侵估计器的错误数据注入攻击,加强了信息物理系统的安全性。The beneficial effects of the present invention are: for the state estimation process of the cyber-physical system, considering that the estimator or the communication channel is hijacked by the attacker, trying to obtain the key data of the system to perform destructive error data injection attack, adopting encryption technology to ensure data security, That is, it will not be stolen and tampered with; after the introduction of the homomorphic encryption algorithm, it solves the problem that various operations of the state estimation algorithm whose input is ciphertext is difficult to perform, and realizes the secure addition and multiplication of the ciphertext domain; all parties involved in the state estimation process The definition and task division are carried out. Using the hybrid homomorphic encryption scheme, the designed encryption state estimation protocol can ensure that it is difficult for any party and external attackers to obtain measurement data, system model parameters and state estimation results at the same time. The design process of the encryption state estimation protocol is simple, and the obtained state estimation algorithm based on hybrid homomorphic encryption can effectively estimate the state of the system, and the communication volume of the participating parties is small. Compared with the traditional encryption method, it can resist the wrong data injection attack that directly invades the estimator, and strengthens the security of the cyber-physical system.

附图说明Description of drawings

图1为状态估计框架图;Figure 1 is a frame diagram of state estimation;

图2为加密状态估计协议计算流程示意图;Fig. 2 is the schematic flow chart of encryption state estimation protocol calculation;

图3为IEEE 9-bus系统模型图;Figure 3 is a diagram of the IEEE 9-bus system model;

图4为主导节点电压估计结果在基于加密状态估计协议和无加密的状态估计算法下的比较图;Figure 4 is a comparison diagram of the leading node voltage estimation results under the encryption-based state estimation protocol and the state estimation algorithm without encryption;

图5为基于加密状态估计协议和无加密的状态估计算法下发电电压的波动情况比较图;FIG. 5 is a comparison diagram of the fluctuation of the power generation voltage based on the encrypted state estimation protocol and the state estimation algorithm without encryption;

图6为基于加密状态估计协议和无加密的状态估计算法下状态估计结果之差的统计结果图;Fig. 6 is a statistical result graph of the difference between state estimation results based on an encrypted state estimation protocol and an unencrypted state estimation algorithm;

图7为基于加密状态估计协议的输出状态估计误差协方差变化情况图;Fig. 7 is the output state estimation error covariance change situation diagram based on the encryption state estimation protocol;

具体实施方式Detailed ways

下面结合附图和具体实施例对本发明作进一步详细说明。The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

如图1所示,本发明提供的一种基于混合同态加密的错误数据注入攻击防御方法,包括下述步骤:As shown in Fig. 1, a kind of wrong data injection attack defense method based on hybrid homomorphic encryption provided by the present invention comprises the following steps:

步骤1,对信息物理系统的动态过程进行建模,得到如下方程组:In step 1, the dynamic process of the cyber-physical system is modeled, and the following equations are obtained:

Figure BDA0002216544260000061
Figure BDA0002216544260000061

其中,x(t)∈Rn,y(t)∈Rm,A∈Rn×n,C∈Rm×n,w(t)∈Rn,v(t)∈Rm表示独立的高斯白噪声,即w(t)~N(0,Q),v(t)~N(0,E),Q∈Rn×n和R∈Rm×m表示噪声的协方差。初始状态x(0)服从零均值的高斯分布。

Figure BDA0002216544260000062
可控,(A,C)可观。基于以上系统动态模型,采用卡尔曼滤波算法可以得到状态估计结果:Among them, x(t)∈R n , y(t)∈R m , A∈R n×n , C∈R m×n , w(t)∈R n , v(t)∈R m represent independent White Gaussian noise, i.e. w(t)~N(0,Q), v(t)~N(0,E), Q∈Rn ×n and R∈Rm ×m represent the covariance of the noise. The initial state x(0) follows a Gaussian distribution with zero mean.
Figure BDA0002216544260000062
Controllable, (A, C) considerable. Based on the above system dynamic model, the Kalman filter algorithm can be used to obtain the state estimation results:

P=APAT+Q-APCT(CPCT+R)-1CPAT P =AP A T +Q-AP C T (CP C T +R) -1 CP A T

K=PCT(CPCT+E)-1 K=P C T (CP C T +E) -1

Figure BDA0002216544260000063
Figure BDA0002216544260000063

其中,

Figure BDA0002216544260000071
是状态估计结果,K∈Rn×m表示卡尔曼增益矩阵,P∈Rn×n表示稳态卡尔曼滤波的状态估计误差协方差矩阵。in,
Figure BDA0002216544260000071
is the state estimation result, K∈R n×m represents the Kalman gain matrix, and P ∈R n×n represents the state estimation error covariance matrix of the steady-state Kalman filter.

进一步地,针对上述给出的系统动态模型,考虑错误数据注入攻击:Further, for the system dynamic model given above, consider the wrong data injection attack:

y′(t)=Cx(t)+Tya(t)+v(t)y'(t)=Cx(t)+Ty a (t)+v(t)

其中,ya(t)∈Rm表示攻击者注入的错误数据,T∈Rm×m表示对角矩阵,对角元素为0或1,若第i个测量值被攻击,则Tii=1,反之,Tii=0。基于稳态卡尔曼滤波算法,经过推导得到,若攻击者注入攻击序列:Among them, y a (t) ∈ R m represents the wrong data injected by the attacker, T ∈ R m×m represents the diagonal matrix, and the diagonal elements are 0 or 1. If the i-th measurement value is attacked, then T ii = 1, otherwise, T ii =0. Based on the steady-state Kalman filter algorithm, it is derived that if the attacker injects the attack sequence:

Ya≡{ya(τ)|ya(τ)=CAτ-tKya(t),τ≥t}Y a ≡{y a (τ)|y a (τ)=CA τ-t Ky a (t), τ≥t}

其中,t表示攻击开始时刻,τ表示攻击延续时间,Ya表示攻击向量序列,ya(τ)∈Rm表示攻击向量。则对系统状态估计结果的影响为:Among them, t represents the attack start time, τ represents the attack duration, Y a represents the attack vector sequence, and ya (τ)∈R m represents the attack vector. Then the impact on the system state estimation result is:

Figure BDA0002216544260000072
Figure BDA0002216544260000072

其中,Xa是状态估计结果的影响序列,

Figure BDA0002216544260000073
是时刻τ状态估计结果的影响。where X a is the influence sequence of the state estimation result,
Figure BDA0002216544260000073
is the influence of the state estimation result at time τ.

进一步地,为了使得稳态卡尔曼滤波算法满足同态加密运算框架,将状态估计算法中的迭代过程改写如下:Further, in order to make the steady-state Kalman filter algorithm meet the homomorphic encryption operation framework, the iterative process in the state estimation algorithm is rewritten as follows:

Figure BDA0002216544260000074
Figure BDA0002216544260000074

其中,

Figure BDA0002216544260000075
H∈Rn×l,l=n+m,r(t)∈Rn×l。需要强调的是,包含系统模型参数的矩阵H和包含系统状态信息的r(t)是需要被加密保护的对象。in,
Figure BDA0002216544260000075
H∈Rn ×l , l=n+m, r(t)∈Rn ×l . It should be emphasized that the matrix H containing system model parameters and r(t) containing system state information are objects that need to be encrypted and protected.

进一步地,由于加密算法只能在非负整数明文空间执行,需要将所有参与运算的实数进行量化与映射:Further, since the encryption algorithm can only be executed in the non-negative integer plaintext space, it is necessary to quantify and map all the real numbers involved in the operation:

所述实数量化到整数的方法为:The method for quantizing the real number to an integer is:

对于系统模型参数H:采用量化误差消去法,即,对于H中的每一元素,首先将其转化为分数形式,然后,将该矩阵乘以所有元素的公分母,即:For the system model parameter H: use the quantization error cancellation method, that is, for each element in H, first convert it to fractional form, and then multiply the matrix by the common denominator of all elements, that is:

Figure BDA0002216544260000076
Figure BDA0002216544260000076

其中,

Figure BDA0002216544260000077
为矩阵H的量化结果,α为公分母。in,
Figure BDA0002216544260000077
is the quantization result of matrix H, and α is the common denominator.

对于系统状态参数r(t):采用参数随机量化法,即,对于r(t)中的一个元素ri(t),若ri(t)∈[μk,μk+1),μk,μk+1为整数,σ=μk+1k为量化参数,则其量化结果依据如下概率分布形式:For the system state parameter r(t): adopt the parameter random quantization method, that is, for an element r i (t) in r(t), if r i (t)∈[μ k , μ k+1 ), μ k , μ k+1 is an integer, σ=μ k+1 - μ k is a quantization parameter, then the quantization result is based on the following probability distribution form:

Figure BDA0002216544260000078
Figure BDA0002216544260000078

其中,Pr(·)表示概率值,

Figure BDA0002216544260000079
表示ri(t)的量化结果,0≤p≤1。Among them, Pr( ) represents the probability value,
Figure BDA0002216544260000079
Indicates the quantization result of ri (t), 0≤p≤1 .

所述的整数空间到密码算法明文空间的映射方法为:The mapping method from the integer space to the plaintext space of the cryptographic algorithm is:

Figure BDA0002216544260000081
Figure BDA0002216544260000081

其中,

Figure BDA0002216544260000082
表示映射结果,fm(·)表示映射函数,N为密码算法的取模参数。in,
Figure BDA0002216544260000082
represents the mapping result, f m (·) represents the mapping function, and N is the modulo parameter of the cryptographic algorithm.

进一步地,由于参与状态估计算法的变量均进行了量化,在算法输出结果中需要对其进行恢复,变量的量化与复原方法如下:Further, since the variables participating in the state estimation algorithm are all quantized, they need to be restored in the output of the algorithm. The quantification and restoration methods of the variables are as follows:

表1参数量化与复原Table 1 Parameter quantization and restoration

Figure BDA0002216544260000083
Figure BDA0002216544260000083

进一步地,得到基于量化结果的状态估计迭代过程:Further, the iterative process of state estimation based on the quantization results is obtained:

Figure BDA0002216544260000084
Figure BDA0002216544260000084

在最后的输出结果中,将其恢复为:In the final output, restore it to:

Figure BDA0002216544260000085
Figure BDA0002216544260000085

进一步地,对参与状态估计过程的三方进行任务分工。数据提供方负责对原始测量数据(含噪声的数据)以及系统模型参数进行加密,并将其传送给核心算法执行方,即加密估计器,加密估计器基于密文对数据进行操作,将操作结果传送给估计结果应用方,估计结果应用方将数据进行解密,并得到最后的状态估计结果。Further, tasks are divided among the three parties involved in the state estimation process. The data provider is responsible for encrypting the original measurement data (data with noise) and system model parameters, and sending them to the core algorithm executor, that is, the encryption estimator. It is sent to the estimation result applying party, and the estimation result applying party decrypts the data and obtains the final state estimation result.

进一步地,所述的安全乘法为:Further, the described safe multiplication is:

Figure BDA0002216544260000086
Figure BDA0002216544260000086

其中,

Figure BDA0002216544260000087
为解密算法,sk1为解密秘钥,⊙为密文域运算,
Figure BDA0002216544260000088
为加密算法,pk1为加密秘钥,m1∈M,m2∈M为原始明文。所述的安全加法为:in,
Figure BDA0002216544260000087
is the decryption algorithm, sk 1 is the decryption key, ⊙ is the ciphertext domain operation,
Figure BDA0002216544260000088
is the encryption algorithm, pk 1 is the encryption key, m 1 ∈ M, m 2 ∈ M is the original plaintext. Said safe addition is:

Figure BDA0002216544260000089
Figure BDA0002216544260000089

进一步地,为了保证加密估计器(核心算法执行方)与估计结果应用方之间交互数据的安全性,采用乘法模糊(multiplication blind)方法,即,Further, in order to ensure the security of the interactive data between the encryption estimator (the core algorithm executor) and the estimation result application party, a multiplication blind method is adopted, that is,

Figure BDA00022165442600000810
Figure BDA00022165442600000810

其中,

Figure BDA00022165442600000811
为加密估计器(核心算法执行方)计算的中间结果,d为一个随机变量,⊙表示乘法同态运算。in,
Figure BDA00022165442600000811
is the intermediate result calculated by the encryption estimator (executor of the core algorithm), d is a random variable, and ⊙ represents the multiplication homomorphic operation.

进一步地,在加密估计器中执行加法同态运算时,除去随机变量d,即Further, when performing the additive homomorphic operation in the encrypted estimator, the random variable d is removed, i.e.

Figure BDA0002216544260000091
Figure BDA0002216544260000091

其中,

Figure BDA0002216544260000092
是矩阵
Figure BDA0002216544260000093
中第i行的元素,⊙h表示模指数运算,d-1表示d的模逆。in,
Figure BDA0002216544260000092
is the matrix
Figure BDA0002216544260000093
The element in row i, ⊙ h represents the modular exponential operation, and d -1 represents the modular inverse of d.

如图2所示,基于多方安全计算思想,所设计的加密状态估计协议为:As shown in Figure 2, based on the idea of multi-party secure computing, the designed encryption state estimation protocol is:

Figure BDA0002216544260000094
Figure BDA0002216544260000094

Figure BDA0002216544260000101
Figure BDA0002216544260000101

其中,注:

Figure BDA0002216544260000102
表示安全加法操作(同态加法);⊙表示安全乘法操作(同态乘法);⊙h表示模指数运算;pk1和sk1表示乘法同态密码算法的公钥和私钥;pk2和sk2表示加法同态密码算法的公钥和私钥;fq表示实数量化算法;fm表示整数映射算法;M为明文空间;
Figure BDA0002216544260000103
表示在乘法同态加密下的数据;
Figure BDA0002216544260000104
表示在加法同态加密下的数据;→表示数据映射;→表示数据传输;C*表示密文;
Figure BDA0002216544260000105
为加密估计器计算的中间结果,V(t)为状态估计结果应用方计算的中间结果,d为一个随机变量;
Figure BDA0002216544260000106
是矩阵
Figure BDA0002216544260000107
中第i行第j列的元素;d-1表示d的模逆。
Figure BDA0002216544260000108
表示初始状态的估计结果,
Figure BDA0002216544260000109
表示*的量化结果,
Figure BDA00022165442600001010
表示*的映射结果,Enc(*)pk1表示*被加法同态方案的加密算法,Enc(*)pk2表示*被乘法同态方案的加密算法,
Figure BDA00022165442600001011
表示*的估计结果,Dec(*)sk1表示*被加法同态方案的解密算法,Dec(*)sk2表示*被乘法同态方案的解密算法,
Figure BDA00022165442600001012
表示整数恢复算法;
Figure BDA00022165442600001013
表示整数恢复成实数。
Figure BDA00022165442600001014
为t时刻经复原和返回后的状态估计结果的映射结果。Among them, note:
Figure BDA0002216544260000102
represents a secure addition operation (homomorphic addition); ⊙ represents a secure multiplication operation (homomorphic multiplication); ⊙ h represents a modular exponential operation; pk 1 and sk 1 represent the public and private keys of the multiplicative homomorphic cryptographic algorithm; pk 2 and sk 2 represents the public key and private key of the additive homomorphic encryption algorithm; f q represents the real number quantization algorithm; f m represents the integer mapping algorithm; M represents the plaintext space;
Figure BDA0002216544260000103
Represents data under multiplicative homomorphic encryption;
Figure BDA0002216544260000104
Represents data under additive homomorphic encryption; →represents data mapping; →represents data transmission; C * represents ciphertext;
Figure BDA0002216544260000105
is the intermediate result calculated by the encryption estimator, V(t) is the intermediate result calculated by the state estimation result application side, and d is a random variable;
Figure BDA0002216544260000106
is the matrix
Figure BDA0002216544260000107
The element in the i-th row and the j-th column; d -1 represents the modular inverse of d.
Figure BDA0002216544260000108
represents the estimated result of the initial state,
Figure BDA0002216544260000109
represents the quantization result of *,
Figure BDA00022165442600001010
Represents the mapping result of *, Enc(*) pk1 represents the encryption algorithm of the added homomorphic scheme, Enc(*) pk2 represents the encryption algorithm of the multiplication homomorphic scheme,
Figure BDA00022165442600001011
Represents the estimation result of *, Dec(*) sk1 represents the decryption algorithm of the added homomorphic scheme, Dec(*) sk2 represents the decryption algorithm of the multiplication homomorphic scheme,
Figure BDA00022165442600001012
Represents an integer recovery algorithm;
Figure BDA00022165442600001013
Indicates that integers are restored to real numbers.
Figure BDA00022165442600001014
is the mapping result of the restored and returned state estimation result at time t.

所述模糊运算基于如下乘法模糊(multiplication blind)原则:The fuzzy operation is based on the following multiplication blind principle:

b(ax)mod L=bmod Lb(ax)mod L=bmod L

其中,ax≡1mod L,即,x=a-1mod L。where ax≡1mod L, that is, x=a -1 mod L.

实施例Example

本实施例使用PowerWorld中IEEE 9-bus系统进行算法验证,IEEE 9-bus系统如附图3所示。考虑电压控制问题,其动态模型近似为:This embodiment uses the IEEE 9-bus system in PowerWorld to perform algorithm verification, and the IEEE 9-bus system is shown in FIG. 3 . Considering the voltage control problem, its dynamic model is approximated as:

Figure BDA00022165442600001015
Figure BDA00022165442600001015

其中,系统状态x(t)代表主导节点电压值,控制变量u(t)代表发电节点的电压值。通常情况下,

Figure BDA00022165442600001018
其中,ρ∈(0,1),x(0)为参考电压。系统状态估计算法的迭代过程为:Among them, the system state x(t) represents the voltage value of the dominant node, and the control variable u(t) represents the voltage value of the power generation node. usually,
Figure BDA00022165442600001018
Among them, ρ∈(0,1), x(0) is the reference voltage. The iterative process of the system state estimation algorithm is as follows:

Figure BDA00022165442600001016
Figure BDA00022165442600001016

进一步地,further,

Figure BDA00022165442600001017
Figure BDA00022165442600001017

在仿真过程中,乘法同态算法采用RSA,其密钥长度为512位,公钥参数e=65537,公钥和私钥根据RSA算法规则产生。加法同态算法采用Paillier,其密钥长度为512位。测量值y(t)与系统状态估计结果

Figure BDA0002216544260000111
的量化参数为:σx=σy=0.01。In the simulation process, the multiplication homomorphic algorithm adopts RSA, its key length is 512 bits, the public key parameter e=65537, and the public key and private key are generated according to the RSA algorithm rules. The additive homomorphic algorithm adopts Paillier, and its key length is 512 bits. Measured value y(t) and system state estimation result
Figure BDA0002216544260000111
The quantization parameter is: σ xy =0.01.

为了验证加密状态估计协议输出结果的有效性,附图4给出了主导节点的电压与参考电压差值的变化。与没有进行加密的状态估计算法相比,基于加密状态估计协议的估计算法性能较好。两个算法均在大约20次迭代之后开始收敛,20次迭代时候,两种算法的估计结果与参考值相差最大的偏差为0.0225(主导节点5,加密)和0.0202(主导节点5,没有加密),0.0157(主导节点6,加密)和0.0168(主导节点6,没有加密),0.0138(主导节点8,加密)和0.0123(主导节点8,没有加密)。附图5给出了发电节点的电压变化,比较加密和没有加密的状态估计算法,在20次迭代之后,两者输出的控制参数相差最大为0.0024(发电节点1)、0.0153(发电节点2)和0.0101(发电节点3)。In order to verify the validity of the output result of the encryption state estimation protocol, Fig. 4 shows the variation of the difference between the voltage of the dominant node and the reference voltage. Compared with the state estimation algorithm without encryption, the performance of the estimation algorithm based on the encrypted state estimation protocol is better. Both algorithms start to converge after about 20 iterations. At 20 iterations, the estimated results of the two algorithms have the largest deviation from the reference value by 0.0225 (dominant node 5, encrypted) and 0.0202 (dominant node 5, no encryption) , 0.0157 (lead node 6, encrypted) and 0.0168 (lead node 6, no encryption), 0.0138 (lead node 8, encrypted) and 0.0123 (lead node 8, no encryption). Figure 5 shows the voltage change of the power generation node. Comparing the encrypted and unencrypted state estimation algorithms, after 20 iterations, the difference between the output control parameters of the two is at most 0.0024 (power generation node 1) and 0.0153 (power generation node 2). and 0.0101 (generating node 3).

比较两种状态估计算法(加密和无加密)的输出结果,附图6给出了输出节点(主导节点和发电节点)电压差值统计结果。该结果表明,输出结果差值几乎为0,说明基于加密状态估计协议的状态估计算法是有效的。Comparing the output results of the two state estimation algorithms (encrypted and non-encrypted), Figure 6 shows the statistical results of the voltage difference between the output nodes (dominant node and power generation node). The results show that the difference between the output results is almost 0, indicating that the state estimation algorithm based on the encryption state estimation protocol is effective.

进一步地,基于加密状态估计协议,附图7给出了状态估计误差协方差的波动情况。在500次的迭代过程中,状态估计误差协方差二范数的上界为0.001。说明基于加密状态估计协议的状态估计算法的稳定性得到了保障。Further, based on the encrypted state estimation protocol, Fig. 7 shows the fluctuation of the state estimation error covariance. During 500 iterations, the upper bound of the second norm of the state estimation error covariance is 0.001. It shows that the stability of the state estimation algorithm based on the encrypted state estimation protocol is guaranteed.

Claims (4)

1. A method for defending against error data injection attacks based on hybrid homomorphic encryption is characterized by comprising the following steps:
(1) combining with a system physical dynamic model, providing parameters which must be obtained by an attacker for executing attack, further constructing an attack vector, obtaining the influence of a system state estimation result, and further obtaining an object needing encryption protection as follows: system model parameters, measurement values and state estimation results;
(2) rewriting a static Kalman filtering state estimation algorithm iteration process to obtain an iteration form capable of supporting a mixed homomorphic encryption process; the state estimation algorithm iteration process is rewritten as follows;
Figure FDA0002768212890000011
wherein,
Figure FDA0002768212890000012
H∈Rn×l,l=n+m,r(t)∈Rn×l
Figure FDA0002768212890000013
indicating the result of the state estimation at time t,
Figure FDA0002768212890000014
representing the state estimation result at the time t-1, y (t) representing the measured value at the time t, A representing a system matrix, C representing a measurement matrix, K representing a static Kalman gain,
Figure FDA0002768212890000015
representing the result of a calculation of system parameters, n representing the state dimension, m representing the measurement dimension, including system model parametersA matrix H of numbers and system state information r (t) are objects needing to be encrypted and protected, wherein the system state information comprises measured values and state estimation results;
(3) designing a quantization and mapping method from a real number domain to a plaintext space, quantizing and mapping system model parameters and system state information rewritten in the iterative process of a state estimation algorithm to the plaintext space from the real number domain to adapt to homomorphic encryption operation; the quantization method from the real number domain to the plaintext space is as follows;
for the matrix of system model parameters H: quantization error elimination is used, i.e. for each element in H, it is first converted to fractional form and then the matrix is multiplied by the common denominator of all elements, i.e.:
Figure FDA0002768212890000016
wherein,
Figure FDA0002768212890000017
is the quantization result of the matrix H, alpha is a common denominator;
for system state information r (t): using a parameter random quantization method for one element r in r (t)i(t) if ri(t)∈[μk,μk+1),μk,μk+1Is an integer, the quantization result is according to the following probability distribution form:
Figure FDA0002768212890000018
wherein Pr (-) represents a probability value,
Figure FDA0002768212890000019
is represented by ri(t) as a result of the quantization, p is not less than 0 and not more than 1;
the mapping of the quantization result to the cryptographic algorithm plaintext space M is:
Figure FDA00027682128900000110
wherein,
Figure FDA00027682128900000111
the result of the mapping is represented by,
Figure FDA00027682128900000112
representing the result of quantization of a real number x, fm(. -) represents a mapping function, N is a modulus parameter of the cryptographic algorithm;
(4) encrypting the mapping result in the step (3) by adopting a public key of an addition homomorphic encryption scheme to obtain ciphertext data of system model parameters, measurement values and state estimation results; respectively designing communication protocols for executing the addition homomorphic algorithm and the multiplication homomorphic algorithm according to the confidentiality of system model parameters, measured values and state estimation results, and taking ciphertext data as the input of the communication protocols for the addition homomorphic algorithm and the multiplication homomorphic algorithm;
(5) defining three groups of a data provider, a core algorithm executor and a state estimation result application party participating in a state estimation algorithm, and designing calculation tasks required to be executed by different groups in a ciphertext domain state estimation algorithm by using a communication protocol of an addition homomorphic algorithm and a multiplication homomorphic algorithm;
(6) integrating the steps, designing an encryption state estimation protocol for ensuring the data security in the calculation and communication processes; the designed encryption state estimation protocol is provided with a data provider, a core algorithm executor and a state estimation result applier;
the data provider performs the following processes:
and (3) quantification:
Figure FDA0002768212890000021
mapping:
Figure FDA0002768212890000022
encryption:
Figure FDA0002768212890000023
the data provider will provide
Figure FDA0002768212890000024
Transmitting the data to a core algorithm executing party, wherein the core algorithm executing party is an encryption estimator and executes the following processes:
inputting:
Figure FDA0002768212890000025
for 0 ≦ T ≦ T: and (3) calculating:
Figure FDA0002768212890000026
fuzzy operation parameters: let d be { d ═ di|diE.m, i ═ 1, …, n }, such that
Figure FDA0002768212890000027
The kernel algorithm executing party is to
Figure FDA0002768212890000028
And transmitting the data to a state estimation result application party, and executing the following processes by the state estimation result application party:
and (3) decryption:
Figure FDA0002768212890000029
encryption:
Figure FDA00027682128900000210
the application side of the state estimation result will
Figure FDA00027682128900000211
Transmitted back to the kernel algorithm executing party and then processed by the kernel algorithmThe executive side executes the following processes:
elimination of blur parameters:
Figure FDA00027682128900000212
obtaining:
Figure FDA00027682128900000213
the kernel algorithm executing party is to
Figure FDA00027682128900000214
And then transmitting the data to a state estimation result application party, and then executing the following processes by the state estimation result application party:
and (3) decryption:
Figure FDA0002768212890000031
and (3) restoration:
Figure FDA0002768212890000032
Figure FDA0002768212890000033
and returning:
Figure FDA0002768212890000034
Figure FDA0002768212890000035
state estimation result application side will result
Figure FDA0002768212890000036
Transmitting back to the kernel algorithm executing party;
wherein,
Figure FDA0002768212890000037
representing a safe addition operation, namely homomorphic addition; an indication of a secure multiply operation, being a homomorphic multiply; anhRepresenting a modular exponential operation; pk1And sk1A public key and a private key representing a multiplicative homomorphic cryptographic algorithm; pk2And sk2A public key and a private key representing an additive homomorphic cryptographic algorithm; f. ofqRepresenting a real number quantization algorithm; f. ofmRepresents an integer mapping algorithm; m is a plaintext space;
Figure FDA0002768212890000038
representing data under multiplicative homomorphic encryption;
Figure FDA0002768212890000039
representing data under additive homomorphic encryption; → denotes data mapping; → data transfer; c*Representing a ciphertext;
Figure FDA00027682128900000310
v (t) is an intermediate result calculated by a state estimation result application party, and d is a random variable;
Figure FDA00027682128900000311
is a matrix
Figure FDA00027682128900000312
Row i and column j; d-1Represents the modulo inverse of d;
Figure FDA00027682128900000313
the result of the estimation representing the initial state,
Figure FDA00027682128900000314
the result of the quantification is shown as,
Figure FDA00027682128900000315
the result of the mapping, Encpk1Encryption algorithm representing a homomorphic scheme added, Encpk2An encryption algorithm representing a homomorphic scheme to be multiplied,
Figure FDA00027682128900000316
the result of estimation, Dec +sk1Decryption algorithm, Dec (#) representing an additively homomorphic schemesk2A decryption algorithm representing a homomorphic scheme multiplied,
Figure FDA00027682128900000317
represents an integer recovery algorithm;
Figure FDA00027682128900000318
representing the restoration of an integer to a real number;
Figure FDA00027682128900000319
the mapping result of the state estimation result after the recovery and the return at the time t;
wherein the fuzzy operation is based on the following multiplicative fuzzy principle:
b(ax)mod L=b mod L
where ax ≡ 1mod L, i.e. x ≡ a-1mod L。
2. The method for defending against false data injection attack based on hybrid homomorphic encryption as claimed in claim 1, wherein in step (1), an attacker can construct the following attack vector to realize the hidden attack of the bad data detector:
Ya≡{ya(τ)|ya(τ)=CAτ-tKya(t),τ≥t}
wherein t represents attack start time, tau represents attack duration, and C epsilon Rm×n,A∈Rn×nAnd K ∈ Rn×mDenotes the system parameter, YaRepresenting a sequence of attack vectors, ya(τ)∈RmRepresenting an attack vector, i.e. error data, y, injected into the measurementa(t)∈RmRepresenting an initial attack vector; further, the influence on the system state estimation result is:
Figure FDA00027682128900000320
wherein,
Figure FDA00027682128900000321
representing the true state estimation result, XaIs a sequence of state estimation results under attack,
Figure FDA00027682128900000322
is the state estimation result of the time tau under the attack situation, and T epsilon Rm×mIs a diagonal matrix, T if the ith measurement is tampered withii1, otherwise, Tii=0。
3. The method for defending against false data injection attack based on hybrid homomorphic encryption according to claim 1, wherein in the step (4), the multiplicative homomorphic algorithm is:
Figure FDA0002768212890000041
wherein,
Figure FDA0002768212890000042
for the decryption algorithm, sk1For a decrypted key, an operation corresponding to a ciphertext domain of a plaintext multiplication,
Figure FDA0002768212890000043
for the encryption algorithm, pk1For encrypting a key, m1∈M,m2E is M as an original plaintext;
the addition homomorphic algorithm comprises the following steps:
Figure FDA0002768212890000044
wherein,
Figure FDA0002768212890000045
a ciphertext domain operation corresponding to a plaintext addition.
4. The method for defending against false data injection attack based on hybrid homomorphic encryption as claimed in claim 1, wherein in the step (5), the computing tasks required to be performed by the three groups of the data provider, the core algorithm executor and the state estimation result applier are specifically: the data provider is responsible for encrypting the measured value and the system model parameter by adopting an addition homomorphic scheme and transmitting the encrypted measured value and the system model parameter to a core algorithm executing party, namely an encryption estimator, the encryption estimator executes an addition homomorphic algorithm based on the ciphertext domain data and then sends an operation result C1Transmitted to the estimation result application side, and the state estimation result application side sends C1Decrypting and recovering, encrypting by adopting a multiplication homomorphism scheme, and converting C into C2Sending to the encryption estimator; the encryption estimator executes a multiplication homomorphic algorithm to obtain an operation result C3Sending the state estimation result to a state estimation result application party; state estimation result application side C3And decrypting and recovering to obtain a state estimation result, encrypting the state estimation result by adopting a public key of an addition homomorphic encryption scheme by a state estimation result application party, and feeding back to the encryption estimator for iterative operation.
CN201910917532.4A 2019-09-26 2019-09-26 Error data injection attack defense method based on mixed homomorphic encryption Active CN110545289B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910917532.4A CN110545289B (en) 2019-09-26 2019-09-26 Error data injection attack defense method based on mixed homomorphic encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910917532.4A CN110545289B (en) 2019-09-26 2019-09-26 Error data injection attack defense method based on mixed homomorphic encryption

Publications (2)

Publication Number Publication Date
CN110545289A CN110545289A (en) 2019-12-06
CN110545289B true CN110545289B (en) 2021-01-01

Family

ID=68714646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910917532.4A Active CN110545289B (en) 2019-09-26 2019-09-26 Error data injection attack defense method based on mixed homomorphic encryption

Country Status (1)

Country Link
CN (1) CN110545289B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995409B (en) * 2020-02-27 2020-06-23 南京红阵网络安全技术研究院有限公司 Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm
CN113268707B (en) * 2021-06-11 2022-03-18 中国电子科技集团公司第三十研究所 A ciphertext covariance matrix calculation method based on row coding
CN115225305B (en) * 2022-04-12 2024-04-19 上海大学 Attack detection and recovery method for distributed economic dispatch of microgrids under cyber attacks
CN115834018A (en) * 2022-10-28 2023-03-21 蚂蚁区块链科技(上海)有限公司 Multi-party data processing method, system and equipment for protecting privacy
CN116527515B (en) * 2023-05-16 2025-04-04 哈尔滨工业大学 Remote state estimation method based on polling protocol
CN120166396B (en) * 2025-05-19 2025-08-22 武汉工程大学 A method and device for estimating encryption state based on secret sharing

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8281121B2 (en) * 2010-05-13 2012-10-02 Microsoft Corporation Private aggregation of distributed time-series data
CN103259643B (en) * 2012-08-14 2016-06-15 苏州大学 Matrix fully homomorphic encryption method
CN105933102A (en) * 2016-04-06 2016-09-07 重庆大学 Identity-based and hidden matrix-constructed fully homomorphic encryption method
CN107592195A (en) * 2017-09-12 2018-01-16 北京电子科技学院 A kind of accurate full homomorphism ciphertext data manipulation method and system
CN108965258B (en) * 2018-06-21 2021-07-16 河南科技大学 A data integrity verification method in cloud environment based on fully homomorphic encryption
CN108989330B (en) * 2018-08-08 2020-10-09 广东工业大学 Double-layer defense method for false data injection attack in power system

Also Published As

Publication number Publication date
CN110545289A (en) 2019-12-06

Similar Documents

Publication Publication Date Title
CN110545289B (en) Error data injection attack defense method based on mixed homomorphic encryption
Zhang et al. GELU-Net: A Globally Encrypted, Locally Unencrypted Deep Neural Network for Privacy-Preserved Learning.
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
Wang et al. Secure and practical outsourcing of linear programming in cloud computing
Prouff et al. Masking against side-channel attacks: A formal security proof
EP2874341B1 (en) Secure evaluation of a program
US8843762B2 (en) Cryptographic system for performing secure iterative computations and signal processing directly on encrypted data in untrusted environments
EP2873186B1 (en) Method and system for homomorphicly randomizing an input
US20180083780A1 (en) Method for verifying information
US20180365195A1 (en) Methods and devices for estimating secret values
US20110060901A1 (en) Cryptographic System for Performing Secure Iterative Matrix Inversions and Solving Systems of Linear Equations
JP2012129993A (en) Cryptographic device protection method and protection system
Zhang et al. A privacy protection scheme for IoT big data based on time and frequency limitation
CN106788980A (en) Safe encryption method in a kind of matrix multiplication sub-contract management towards cloud computing
Li et al. Lattice-based privacy-preserving and forward-secure cloud storage public auditing scheme
Kaaniche et al. A novel zero-knowledge scheme for proof of data possession in cloud storage applications
Xu et al. Secure and practical output feedback control for cloud-enabled cyber-physical systems
Zeng et al. Bsr-fl: An efficient byzantine-robust privacy-preserving federated learning framework
CN116488806A (en) Key encapsulation method, device, equipment and storage medium
Patil et al. Big data privacy using fully homomorphic non-deterministic encryption
Nguyen et al. Multi-observer privacy-preserving hidden markov models
Liu Efficient processing of encrypted data in honest-but-curious clouds
Li et al. General quantum secure multiparty computation protocol for simultaneous summation and multiplication
CN114640436A (en) A privacy protection-based computing method and device for grouping statistical parameters
Melenti et al. DEVELOPMENT OF POST-QUANTUM CRYPTOSYSTEMS BASED ON THE RAO-NAM SCHEME.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant