Tian y big data and security revised selected papers 2021

The traditional centralized access authentication method of power Internet of things terminal brings great communication pressure and computationcost to the authentication center.. In vi

Tinghuai Ma

Second International Conference, ICBDS 2020

Singapore, Singapore, December 20–22, 2020

Revised Selected Papers

Big Data and Security

Communications in Computer and Information Science 1415

Editorial Board Members

Joaquim Filipe

Polytechnic Institute of Setúbal, Setúbal, Portugal

Ashish Ghosh

Indian Statistical Institute, Kolkata, India

Raquel Oliveira Prates

Federal University of Minas Gerais (UFMG), Belo Horizonte, Brazil

Lizhu Zhou

Tsinghua University, Beijing, China

More information about this series athttp://www.springer.com/series/7899

Yuan Tian · Tinghuai Ma ·

Muhammad Khurram Khan (Eds.)

Big Data and Security

Second International Conference, ICBDS 2020 Singapore, Singapore, December 20–22, 2020 Revised Selected Papers

Yuan Tian

Nanjing Institute of Technology

Nanjing, China

Muhammad Khurram Khan

King Saud Unviersity

Riyadh, Saudi Arabia

Tinghuai MaNanjing University of Information Scienceand Technology

Nanjing, China

Communications in Computer and Information Science

https://doi.org/10.1007/978-981-16-3150-4

© Springer Nature Singapore Pte Ltd 2021

This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd.

The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

This volume contains the papers from the Second International Conference on Big Dataand Security (ICBDS 2020) The event was held at Curtin University, Singapore, andwas organized by the Nanjing Institute of Technology, Oulu University, King SaudUniversity, Curtin University, JiangSu Computer Society, Nanjing University of Postsand Telecommunications, and IEEE Broadcast Technology Society

The International Conference on Big Data and Security brings experts andresearchers together from all over the world to discuss the current status of, and poten-tial ways to address, security and privacy regarding the use of Big Data systems BigData systems are complex and heterogeneous; due to their extraordinary scale and theintegration of different technologies, new security and privacy issues are introduced thatmust be properly addressed The ongoing digitalization of the business world is puttingcompanies and users at risk of cyber-attacks more than ever before Big Data analysishas the potential to offer protection against these attacks Participation in the confer-ence workshops on specific topics is expected to achieve progress by facilitating globalnetworking along with the transfer and exchange of ideas

The papers presented at ICBDS 2020 coming from researchers who work in versities and research institutions gave us the opportunity to achieve a good level ofunderstanding of the mutual needs, requirements, and technical means available in thisfield of research The topics included in this second edition of the conference coveredfields connected to Big Data, Security in Blockchain, IoT Security, Security in Cloud andFog Computing, Artificial Intelligence/Machine Learning Security, Cybersecurity, andPrivacy We received 153 submissions and accepted 52 papers All the accepted paperswere peer reviewed by three qualified reviewers chosen from our Technical ProgramCommittee based on their qualifications and experience

uni-The proceedings editors wish to thank the dedicated committee members and all theother reviewers for their efforts and contributions We also thank Springer for their trustand for publishing the proceedings of ICBDS 2020

Yi PanMuhammad Khurram Khan

Markku OivoYuan Tian

General Chairs

Technology, China

Technical Program Chairs

Technology, China

Technical Program Committee

viii Organization

China

Advanced Computing, China

China

China

China

China

Organization ix

Technology, China

China

China

Publication Chair

Organization Chairs

x Organization

Organization Committee Members

Pilar Rodriguez Gonzalez University of Oulu, Finland

China

Software, China

China

Cybersecurity and Privacy

Application and Research of Power Communication Trusted Access

Gateway 3

Wei-wei Kong, Jie Zhang, Pei-chun Pan, and Jia Yu

The Database Fine-Grained Access SQL Statement Control Model Based

on the Dynamic Query Modification Algorithm 15

Ya Wei, Rongyan Cai, Lan Zhang, and Qian Guo

Research on Application Technology and Security of VoLTE in Power

Wireless Private Network 27

Wei-wei Kong, Long Liu, Xing-qi Wei, Shan-yu Bi, and Xin-lei Yang

Semi-supervised Time Series Anomaly Detection Model Based on LSTM

Autoencoder 41

Hui Xiao, Donghai Guan, Rui Zhao, Weiwei Yuan, Yaofeng Tu,

and Asad Masood Khattak

Fault Inspection of Brake Shoe Wear for TEDS Based on Machine Vision 54

Mengqiong Ge, Shengfang Lu, Yan Zhang, and Cui Qin

Android Malware Detection Method Based on App-Image Conversion 60

Nannan Xie, Hongpeng Bai, Yanfeng Shi, and Haiwei Wu

Research on IMS Security Access and Mechanism in Power System 75

Xiao-yuan Zhang, Peng Jia, and Shao-peng Wanyan

Research on the Role-Based Access Control Model and Data Security

Method 86

Junhua Deng, Lei Zhao, Xuechong Yuan, Zhu Tang, and Qian Guo

Research on Network Optimization and Network Security in Power

Wireless Private Network 97

Jun-yao Zhang, Shan-yu Bi, Liang-liang Gong, Wei-wei Kong,

and Xiao-yuan Zhang

Research on Location Planning of Multi-station Integration Based

on Particle Swarm Optimization 111

Xincong Li, Mingze Zhang, Jun Wang, and Minhao Xia

xii Contents

Quick Response Code Based on Least Significant Bit 122

Zhuohao Weng, Jian Zhang, Cui Qin, and Yan Zhang

Event-Based H∞Control for Networked Control System with Saturation

Constraints 133

Wenlin Zou, Lisheng Jia, and Liuwen Li

Privacy Preserving Data Sharing in Online Social Networks 142

Randa Aljably

Indoor and Outdoor Fusion Positioning and Security Technology Based

on Beidou Satellite 153

Bing-sen Xia, Zhao-zheng Zhou, Zhang-huang Zhang, Yang Li, and Jia Yu

Research on Safety Protection Scheme of Distribution Network Automation 165

Xue Gao, Sai Liu, Jun Liu, and Jia Yu

Research on Experimental Verification Scheme of 5G in Power System 177

Ningzhe Xing, Shen Jin, Wei Song, Yang Li, and Jia Yu

Immune Network Based Anomaly Detection Algorithm 194

Xinlei Hu, Zhengxia Wang, and Yunbing Hu

Incremental Anonymous Privacy-Protecting Data Mining Method Based

on Feature Correlation Algorithm 204

Yongliang Jia, Peng Tao, Dapeng Zhou, and Bing Li

The Privacy Data Protection Model Based on Random Projection

Technology 215

Wen Shen, Qian Guo, Hui Zhu, Kejian Tang, Shaohui Zhan,

and Zhiguo Hao

Event-Driven H∞Control for Networked Control Systems with Random

Actuator Nonlinearity 227

Liuwen Li, Wenlin Zou, and Haiqiang Liu

Research on the Sensitive Data Protection Method Based on Game Theory

Algorithm 238

Yunfeng Zou, Pengfei Yu, Chao Shan, and Meng Wu

Research on Differential Protection and Security in Power System Under

5G Environment 249

Guo-feng Tong, Yuan-wen Jin, Kang-yi Li, and Jia Yu

Contents xiii

Research on Intelligent Fault and Security Handling Based on IMS

in Power System 261

Peng Jia, Shao-peng Wanyan, and Xiao-yuan Zhang

Research on System Simulation and Data Analysis of Power Wireless

Private Network 274

Weiwei Yan and Hui Chu

Research on Attitude Control System of Four-Rotor Aircraft 285

Zhan Shi, Yonghui Liu, Fengxian Zhao, and Chenxu Liu

Big Data

A Method for Image Big Data Utilization: Automated Progress Monitoring

Based on Image Data for Large Construction Site 299

Chengtao Li, Li Chen, Jiafeng Wang, and Tianjian Xia

Big Data from Collection to Use in Competitive Games—A Study Case

on Badminton 314

Guanzhe Zhao, Zaichao Duan, Chengbo Zhang, Zilong Jin,

and Benjamin Kwapong Osibo

The Interactive Query Method with Clustering and Differential Privacy

Protection Model Under Big Data Environment 327

Huanyu Fan, Yunan Zhu, and Chao Shan

Research on Spatio-Temporal Characteristics of Distribution Network

Voltage Based on Big Data 337

Xin He, Zhentao Han, Nan Zhang, Yixin Hou, and Yutong Liu

Oracle Data Privacy Protection System of Virtual Database 353

Shenglong Liu, Hongbin Zhu, Tao Zhao, Heng Wang, Xianzhou Gao,

and Ruxia Yang

Enterprise Credit Decisions Using Logistic Regression and Particle Swarm

Optimization Based on Massive Data Records 364

Caixin Kang, Mingrui Wan, Murong Du, and Daokang Zhang

A Novel Artificial Immune Model on Hadoop for Anomaly Detection 377

Xinlei Hu, Zhengxia Wang, and Yunbing Hu

Research on Accurate Location of Line Loss Anomaly in Substation Area

Based on Data Driven 391

Zuobin Liang, Zhaojun Lu, Fei Yuan, Qing Wang, Guangfeng Zhao,

Han Zhang, and Wei Zhang

xiv Contents

A Reactive Power Reserve Prediction Method for EV Charging Piles

Based on Big Data and Optimized Neural Network 406

Yibin Guan, Wenlong Wu, Jianhua Chen, Xiaochun Xu, Kanglin Cai,

and Wenhui Yuan

Research on Scattered Point Cloud Coordinate Reduction and Hole Repair

Technology Based on Big Data Model 420

Liu Lei, Zhu Hao, and Weiye Xu

Survey on Computation Offloading Schemes in Resource-Constrained

Mobile Edge Computing 433

Huiting Sun, Yanfang Fan, Shuang Yuan, and Ying Cai

Blockchain and Internet of Things

Discussion on the Influence of 5G and Blockchain Technology on Digital

Virtual Assets 447

YaNan Li, Hui Pang, Zhixin Liu, and ShiJie Li

Research on Power Universal Service Access Gateway Based

on Blockchain 458

Shao-peng Wanyan, Peng Jia, and Xiao-yuan Zhang

Application of Whole-Service Ubiquitous Internet of Things in Power

System 471

Weiwei Yan and Hui Chu

Artificial Intelligence/Machine Learning Security

Learning Depth from Light Field via Deep Convolutional Neural Network 485

Lei Han, Xiaohua Huang, Zhan Shi, and Shengnan Zheng

Cycle-Derain: Enhanced CycleGAN for Single Image Deraining 497

Yuting Guo, Zifan Ma, Zhiying Song, Ruocong Tang, and Linfeng Liu

Sensitive Data Recognition and Filtering Model of Webpage Content

Based on Decision Tree Algorithm 510

Sheng Ye, Yong Cheng, Yonggang Yang, and Qian Guo

Hard Disk Failure Prediction via Transfer Learning 522

Rui Zhao, Donghai Guan, Yuanfeng Jin, Hui Xiao, Weiwei Yuan,

Yaofeng Tu, and Asad Masood Khattak

Contents xv

Design and Application of CMAC Neural Network Based on Software

Hardening Technology 537

Hao Zhu, Mulan Wang, and Weiye Xu

Research on Path Planning of Mobile Robot Based on Deep Reinforcement

Learning 549

Shi Zhan, Tingting Zhang, Han Lei, Qian Yin, and Lu Ali

Research on K-Means Clustering Algorithm Based on Improved Genetic

Algorithm 561

Lulu Zhang and Yu Shu

Research on Low Voltage Early Warning of Distribution Network Based

on Improved DNN-LSTM Algorithm 572

Zeyu Zhang, Xizhong Li, Xuan Fei, Xin Cao, and Qian Xu

Cross-Task and Cross-Model Active Learning with Meta Features 585

Guo-Xiang Li, Yao-Feng Tu, and Sheng-Jun Huang

Improved Random Forest Algorithm Based on Attribute Comprehensive

Weighting Used in Identification of Missing Data in Power Grid 599

Yihe Wang, Yufei Jin, Yuancheng Zhu, Xiyuan Li, and Dazhi Li

Course Classification of Online Learning Platform Based on Sentence-Bert

Model 612

Jiaze He, Qian Lu, Ying Tong, and Yiyang Chen

Analysis of Economic Loss of Voltage Sag Based on Artificial Intelligence

Algorithm 624

Bo Yang, Bo Jia, Wanchao Jiang, Yongxin Miao, and Yang Wang

Posterior Transfer Learning with Active Sampling 639

Jie Pan and Yaofeng Tu

Author Index 653

Cybersecurity and Privacy

Application and Research of Power

Communication Trusted Access Gateway

Wei-wei Kong(B), Jie Zhang, Pei-chun Pan, and Jia Yu

NARI Group Corporation, State Grid Electric Power Research Institute, Nanjing, China

kongweiwei1@sgepri.sgcc.com.cn

Abstract The traditional centralized access authentication method of power

Internet of things terminal brings great communication pressure and computationcost to the authentication center In view of this situation, block chain technology

is introduced and applied to all kinds of power service access application narios through research and development A block-chain-based power universalservice access gateway is developed and tested The test shows that it can realizeterminal access authentication of typical power Internet of things systems such

sce-as distribution automation This scheme improves the data transfer performance

of power communication network and solves the bottleneck problem of networkperformance of power service information communication support platform

Keywords: Access authentication· Block chain · Identity authentication ·

Gateway· Functional module

1 Introduction

It is necessary to integrate the infrastructure resources and the infrastructure resources ofpower system effectively, improve the information level of the power system, improvethe utilization efficiency of the existing infrastructure of the power system, and provideimportant technical support for the transmission, transmission, transformation, distri-bution and power consumption of the power network [1 3] In 2018, China NationalNetwork Company put forward the strategic goal of the new era company informationand communication, the goal is to build the power Internet of things, build intelligententerprises, and lead the construction of world-class energy Internet enterprises withoutstanding competitiveness [4 6] Among them, the electricity Internet of things, is thecompany’s second network integrated with the grid development [7]

Current power communication networks are typical convergent networks tion services converge from terminal to master station, control services are sent frommaster station to terminal, and there is little data interaction between terminal and ter-minal [8,9,10] The authentication of terminals depends on centralized proxy com-munication modes and servers, all of which are verified and connected through cloudservers with powerful running and storage capabilities With the construction of theenergy Internet, the central network will face challenges [11]

Acquisi-© Springer Nature Singapore Pte Ltd 2021

Y Tian et al (Eds.): ICBDS 2020, CCIS 1415, pp 3–14, 2021.

https://doi.org/10.1007/978-981-16-3150-4 _ 1

4 W Kong et al.

Block-chain technology can naturally adapt to the application demand of power service trusted access [12,13,14,15] Therefore, the application of block chain technol-ogy in power communication system is an inevitable requirement for the development ofsmart grid to the foundation of information communication support technology A largenumber of studies have also shown that the current traditional information and com-munication infrastructure, if not improved, will not meet the development requirements

pan-of the energy Internet In this paper, the power communication network technology inthe foundation of information communication is deeply studied, and the blockchaintechnology is introduced The technology is expanded, practicalized and optimized, andthe service access gateway of power communication network based on block chain isdeveloped

2 Research on Access Authentication

2.1 Access Authentication Method for Power Communication Network

Access authentication means that the user needs to identify the user’s identity according

to some strategy before accessing the system, so as to ensure the legitimacy of theuser’s identity of the access system [16] To record the authentication of the user, asthe user in the system running identity credentials Access authentication includes twoprocesses, identification and authentication Identification is the process of the usershowing his identity to the system, and authentication is the process of checking the user’sidentity Access authentication is an important part of platform security [17,18] Forillegal users, access authentication mechanism limits access to platform resources Forlegitimate users, access authentication permits them to access the system and generateidentification for them Access authentication is the basis of other security mechanisms

of the platform Prior to formal communication between the device and the platform,the platform authenticates visitors After authentication, the platform authenticates andbackups the equipment, the identity certificate can be checked at any time, and theidentity certificate generated by the two parties through the access authentication is toprevent the occurrence of the denial behavior [19]

With the construction of smart grid, higher requirements are put forward for the fidentiality, integrity and availability of information security of enterprises At present,the main service system of power grid enterprises has gradually adopted the accessmode of mobile terminals, and the data exchange is carried out through wireless accesstechnology such as 4G and information inside and outside network, and the number ofaccess will continue to grow rapidly Under this background, how to ensure that all kinds

con-of decentralized mobile operation terminals can safely access the smart grid, and at thesame time monitor and audit the access objects, so as to realize the confidentiality andcontrollability in the process of information transmission, has become an urgent problem

to be considered and solved in the development of smart grid In the future, with thecontinuous expansion of access terminals, the complexity of access environment andthe diversification of access methods, the security, confidentiality and controllability

of all kinds of decentralized information transmission processes will face more severechallenges

Application and Research of Power Communication Trusted Access Gateway 5

2.2 Certification Framework for Power Communication Networks

The overall architecture of the access system for grid information security data is shown

in figure Secure access system consists of secure client, secure channel, secure accessplatform, PKI certificate and directory service, secure service access, etc [20]

(1) Security client

The digital certificate, encryption chip, security module, client software and so onare deployed on the pc, portable computer terminal, PDA, smartphone terminal, meterterminal, etc

(2) Safe access

It provides network channels between the terminal and the access platform, includingall kinds of wired special lines, virtual private dial-up network of wireless special lines,access point channels, etc., encrypted tunnel connection in secure terminal layer andsecure access platform layer through secure channel

(3) Secure access platform

1) Secure access gateway system

Provide security channel layer for security authentication and access to all kinds ofdecentralized terminals, set up a two-way encryption tunnel to encrypt the data of theapplication system As the boundary core protection access equipment of the plat-form, the terminal is effectively authenticated and the data integrity, confidentialityand non-tampering are guaranteed

2) Security exchange service system

After authentication access, the terminal carries on the network security partitionand the bare data stripping through the security exchange service system, realizesthe access control and the security exchange to the service data, guarantees to thedata access security, the reliability and the legitimacy

3) Authentication server

The server mainly has the functions of certificate online verification, terminal accessarbitration, access control authority and so on

4) Centralized supervision server

The server mainly provides the storage of the basic data of the platform, and carries onthe unified centralized management to the platform access terminal, the equipmentasset information, the hardware characteristic information, the certificate informa-tion and so on, and realizes the centralized control and management of the systemrunning state in the secure access platform through the platform bus At the sametime, it realizes the functions of platform cascade, superior and subordinate infor-mation active reporting, unified centralized configuration, security management and

so on

6 W Kong et al.

5) Certificate and directory services

A digital certificate is issued by the PKI certificate service and directory system toprovide the security terminal, and the online certificate verification function of theidentity server is provided

6) Security operations visits

Security service access includes the front-end machine and the background cation system of each service system, provides the service external access interface,

appli-at present mainly for the web service interface, the XML-RPC call interface and soon

3 Design of Trusted Access Gateway for Power IoT

Based on PKI system, digital certificate, encryption and decryption algorithm and othersecurity technologies, the management service of terminal identity certificate of powerInternet of things is strengthened, and the authentication architecture of distributed access

of power Internet of things terminal is realized Users can flexibly deploy according tothe business requirements of different power Internet of things

IoT terminals contain two types of nodes Order node is responsible for receiving theaccess authentication request of the power terminal, organizing the access authentication,sending the token to respond to the authentication request Peer node is used to contactadjacent peer nodes, perform query validation, and do not perform transactions recorded.The gateway of the Internet of Things performs data reading, writing and querying Thegateway maintains the account database with the help of the consensus algorithm andconsistency protocol of the block chain

The device consists of three components,member authentication authorization ule, block chain service module and business editing module It realizes three functions,authentication of power Internet of things terminal identity, authentication certificate ofpower Internet of things terminal and access status certificate, authentication parameter

mod-of power Internet mod-of things and configuration mod-of protocol It realizes three functions,authentication of power Internet of things terminal, authentication certificate of powerInternet of things terminal and access status certificate, authentication parameter ofpower Internet of things and configuration of protocol, as shown below (Fig.1)

Block chain Member accreditation module Block chain service module Business editing module

Work Register

Identity management Authentication

Consensus mechanisms P2P network

Distributed accounts

Development language SDK, API Security

Fig 1 Architecture diagram of gateway system based on block chain

Application and Research of Power Communication Trusted Access Gateway 7

The implementation process of block-chain-based gateway includes the followingthree steps

Step 1 Each terminal authenticates to the gateway, and the gateway queries the tication information in the block chain module to verify the identity of the terminal Agateway opens a service access port for a validated terminal A terminal that can not bevalidated will not have access to the business For terminals that can not pass verifica-tion, if it is the first request of the terminal, the registration function of the new node

authen-is triggered, otherwauthen-ise its request authen-is ignored The process of authentication request authen-isshown below (Fig.2)

Start

Send authenticati

on request

First certification?

Send authenticati

on request Certified?

Fig 2 Flow chart of terminal authentication based on block chain

Step 2 The service module of the block chain is responsible for maintaining the tributed account book, and the digital signature of each legal node is stored in theblock chain For newly registered nodes, the blockchain service module generates newauthentication blocks by consensus algorithm

dis-Step 3 The business editing module realizes the authentication parameters and protocolconfiguration of the Internet of things through the intelligent contract of the block chain,and realizes the functions of terminal initialization according to the requirements ofdifferent Internet of things systems

8 W Kong et al.

Among them, the authentication process of the terminal is as follows

Step 1 The key system assigns keys to each terminal Key system constructs a lightweightkey based on identification for massive terminals The system can generate the uniqueidentification key according to the identification of the terminal, and can downloadthe identification key safely to the terminal or its security chip online or offline Allthe terminals can calculate the public key corresponding to any identity locally Thepublic key algorithm of the key system adopts the SM2 algorithm, and the chip selectsthe low power chip which supports the SM2 algorithm The physical terminal withidentification key supports end-to-end authentication and end-to-end data encryptiontransmission, and supports off-line authentication of terminal The key system includeskey production, application, approval, revocation, statistical analysis and other functions.The key management system stores the certificate information of the terminal in the blockchain, each block stores the certificate of one terminal, and the block chain runs in thegateway node

Step 2 The terminal sends an access request to the access gateway, which responds tothe request and the terminal obtains access rights to the intranet

Step 3 According to the characteristics of the service contained in the terminal request,the gateway selects the terminal that satisfies the threshold number to form the authenti-cation group and initiates the distributed authentication The nodes of the authenticationgroup are divided into peer nodes and order nodes

Step 4 A terminal sends the authentication request to the order node in the cation group, order node encapsulates the authentication request and broadcasts it tothe authentication group All peer nodes in the authentication group initiate distributedauthentication, which is done by voting

authenti-Step 5 Authentication group order the node, sends the token to the access gateway, andthe access gateway sends the authorization token to the terminal, so the terminal obtainsaccess rights

The process of the above authentication interaction is shown in the following figure(Fig.3)

A distributed authentication process consisting of peer nodes consists of thefollowing steps

Step 1 M is the authentication request information broadcast by the Order node Ballot

papers submitted by the peer node voting in favour are as followsσi = H2(yi)||M The

corresponding authentication criterion is (σi, yi, M ) Peer node sends authentication

Application and Research of Power Communication Trusted Access Gateway 9

Encapsulate and distribute authentication messages

Access gateway

Orde rnode Peer node1 Peer node2 Peer node3

Accounting node

Distributed authentication interaction

Fig 3 Schematic diagram of distributed authentication based on blockchain

The group key S k , the legal terminal that meets the threshold number t has confirmed

the authentication of the new terminal The sorting node submits the authenticationinformation to the accounting node to generate new blocks

Gateway uses the public key P to decrypt the token, and sends the information to the

terminal requesting access to the network, the authentication ends

4 Development and Test of Power Trusted Access Gateway

4.1 Development of Trusted Access Gateway

The gateway device realizes the trusted access and authentication function of the terminalbased on the blockchain technology, and forms two subsystems, which are respectivelythe gateway system and the configuration tool of trusted access The system mainlycarries on the terminal distributed authentication and the edge authentication according tothe access characteristic The system can adapt to the power application scenarios wherethe physical location of each communication station is scattered, the number of serviceterminals is large, and each node device has many kinds of access services The systemcan ensure the real-time and reliability requirements of access authentication, and canadapt the data service characteristics of different bandwidths, including discontinuouscommunication and burst communication, real-time service and non-real-time service,heavy load and light load, etc

(1) Design of functional modules

Gateway system includes block chain engine, authentication module, accountingmodule, gateway module and configuration module and other functional modules

10 W Kong et al.

Block chain module is based on super account book platform, which realizes sus algorithm, chain code running environment, bookkeeping and query function

consen-It interacts with the authentication algorithm through the API interface

In the authentication module, the authentication algorithm is called by the uration tool, the authentication algorithm is called for distributed authentication

config-In the accounting module, according to the authentication results of the newlyadded nodes, the new block nodes are generated by sorting nodes to record thetransactions

In the gateway module, the network control instruction is output according to theauthentication result, and the network port is set

In the configuration module, the setting of authentication parameters, block chainparameters and so on is realized, and the editing, modification and execution ofchain code are realized

(2) System deployment

The block-chain certified server is connected with the power communication work through the convergent switch to verify the access request of the terminalequipment

net-A demonstration verification system is divided into two segments, in which theDTU in slice 1 interworking with the convergent switch in layer 2 through the accessswitch, and the terminal in slice 2 interworking with the convergent switch throughthe public network Before the terminal connects to the backbone communicationnetwork, it needs to authenticate through the block chain authentication server andobtain the communication token, otherwise, the communication link of the networklayer can not be established (Fig.4)

Access switch Peer

Access switch Peer

Access switch Peer

Access switch Peer

Block chain authentication server

Core switch

Distribution Automation Main Station

Blockchain Node

Monitoring terminal

Intelligent manhole cover business platform

Peer

4G Private network

Monitoring terminal

Peer Monitoring terminal Peer

Slice1

Slice 2

Monitoring terminal

Fig 4 Total topology of the system

Application and Research of Power Communication Trusted Access Gateway 11

(3) Composition of hardware

The hardware of the gateway includes a programmable switch, a blockchainauthentication server, and a configuration terminal, as shown in the figure below(Fig.5)

Fig 5 Hardware connection diagram

4.2 Test Analysis of Service Access Gateway

The test scenario is the distribution automation terminal monitoring service, and theblock chain authentication server is deployed in the computer room as shown in thefigure (Fig.6)

Fig 6 Field deployment of servers and gateways

12 W Kong et al.

The test results are shown in the table below (Table1)

Table 1 The results of terminal access

authenti-Fig 7 Interface display

5 Conclusion

With the further development of the technology in the field of smart grid, the powerterminal puts forward higher requirements for high efficiency access The application ofblock chain technology in power communication system is an inevitable requirement forthe development of smart grid to support the foundation of communication technology.Based on the technology of decentralization of block chain and the characteristics ofpower communication network, a distributed authentication scheme for power Internet

Application and Research of Power Communication Trusted Access Gateway 13

of things is proposed in this paper The test shows that it can realize terminal accessauthentication of typical power Internet of things system, such as distribution automation,which has the characteristics of good universality and convenient configuration, and cansignificantly improve the security of terminal system without affecting the topology oforiginal system

Acknowledgments The authors would like to thank the anonymous reviewers and editor for

their comments that improved the quality of this paper This work was supported by science &research project of SGCC (Research and application of terminal layer architecture and edge eIoTagent technologies in full service ubiquitous SG-eIoT Project No 5700-201958240A-0-0-00.)

References

1 He, Y.-y., Pang, J.: Application prospect of block chain technology in electric power industry

Electr Power Inf Commun Technol 16(3), 39–42 (2018)

2 Ji, B., Mo, J., Wang, J.: Study on communication reliability of weakly centralized electricity

mutual transaction based on blockchain technology Guangdong Electr Power 32(1), 85–92

(2019)

3 Sun, Y., Yu, Yu., Li, X., Zhang, K., Qian, H., Zhou, Y.: Batch verifiable computation withpublic verifiability for outsourcing polynomials and matrix computations In: Liu, J.K., Ste-infeld, R (eds.) ACISP 2016 LNCS, vol 9722, pp 293–309 Springer, Cham (2016).https://doi.org/10.1007/978-3-319-40253-6_18

4 Zeng, Z., Zhang, L.: A blockchain-based smart power grid system Electr Power Inf Commun

7 Samaniego, M., Deters, R.: Blockchain as a service for IoT In: 2016 IEEE InternationalConference on Internet of Things (iThings) and IEEE Green Computing and Communications(GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE SmartData (SmartData), Chengdu, pp 433–436 (2016)

8 Kan, L., Wei, Y., Hafiz Muhammad, A., Siyuan, W., Linchao, G., Kai, H.: A multipleblockchains architecture on inter-blockchain communication In: 2018 IEEE InternationalConference on Software Quality, Reliability and Security Companion (QRS-C), Lisbon,Portugal, pp 139–145 (2018)

9 Yuan, Y., Ni, X., Zeng, S., Wang, F.: Blockchain consensus algorithms: the state of the art

and future trends Acta Autom Sinica 44(11), 2011–2022 (2018)

10 Xiao, Z., Chen, N., Wei, J., Zhang, W.: A high performance management schema of metadata

clustering for large-scale data storage systems J Comput Res Dev 52(4), 929–942 (2015)

11 Li, Y., Zheng, K., Yan, Y., et al.: EtherQL: a query layer for blockchain system In: Proceedings

of International Conference on Database Systems for Advanced Applications Suzhou, China,

pp 556–567 (2017)

12 Yihua, D., James, W., Pradip, K., et al.: Scalable practical byzantine fault tolerance with lived signature schemes In: CASCON 2018 Proceedings of the 28th Annual InternationalConference on Computer Science and Software Engineering, pp 245–256 (2018)

short-14 W Kong et al.

13 Min, X.P., Li, Q.Z., Kong, L.J., et al.: Permissioned blockchain dynamic consensus mechanism

based multi-centers Chin J Comput 41(5), 1005–1020 (2018)

14 Luu, L., Narayanan, V., Zheng, C., et al.: A secure sharding protocol for open blockchains.In: CCS 2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer andCommunications Security, pp 17–30 (2016)

15 Chen, X., Hu, X., Yu, J.: Research on access authentication technology of power IoT based

on blockchain Appl Electron Tech 45(5), 56–60 (2019)

16 Chen, X., Xu, X., Guo, F., Li, Y.: Research on distributed authentication of power IoT based

on hyperledger blockchain Appl Electron Tech 45(11), 77–81 (2019)

17 Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery ACM Trans

Comput Syst Assoc Comput Mach 20(4), 398–461 (1999)

18 Xu, Z.-H., Han, S.-Y., Chen, L.: CUB, a consensus unit-based storage scheme for blockchainsystem In: Proceedings of IEEE 34th International Conference on Data Engineering, Paris,France, pp 173–184 (2018)

19 Zhang, J.-Y., Wang, Z.-Q., Xu, Z.-L.: A regulatable digital currency model based on

blockchain J Comput Res Dev 55(10), 127–140 (2018)

20 Wang, J., Li, L., Yan, Y., Zhao, W., Xu, Y.: Security incidents and solutions of blockchain

technology application Comput Sci 45(z1), 352–355,382 (2018)

The Database Fine-Grained Access SQL

Statement Control Model Based on the Dynamic

Query Modification Algorithm

Ya Wei1(B), Rongyan Cai2, Lan Zhang1, and Qian Guo3,4

1State Grid Henan Marketing Service Center (Metrolgy Center),

Zhengzhou 450000, China

2State Grid Fujian Electric Power Company Limited, Fuzhou 350000, China

3Global Energy Interconnection Research Institute Co., Ltd., Nanjing 210000, China

4State Grid Key Laboratory of Information and Network Security, Nanjing 210003, China

Abstract The SQL query technology which is the standard computer language

for the processing of databases, the existing technology cannot guarantee theintegrity of all SQL queries While the fine-grained access control (FGAC) method

in the DBMS shall meet the sanity attribute requirements It means that theanswer to the query obtained by this method under the FGAC shall conform tothe answer without the FGAC In this article, a new query modification algorithm isproposed And the theory of robustness is extended and perfected, and it is pointedout that for the several SQL queries proposed, the proposed algorithm guaranteesthe robustness Finally, the algorithm is implemented by the query modificationand performance evaluation is carried out, which is the feasible method

Keywords: Database security· Access control · Fine-grained access control ·

SQL query

1 Introduction

Through fine-grained access control (FGAC), access to tables at the granularity of vidual columns, rows and cells in rows are allowed Recently, researchers have studiednew technologies for integrating FGAC into database management systems (DBMS)[1 4] Literature [5] proposed the robustness of FGAC If the returned answer is con-sistent with the answer without FGAC, the algorithm is correct, which means that withFGAC the answer will not return an error message At the same time, it points out thatthe existing method cannot retain soundness as well as that when the query contains anynegatives words (for example, MINUS, NOT EXISTS or NOT IN), the method in [6]will weaken soundness To settle this situation, an algorithm is put forward in [5] to meetthe soundness requirements of the MINUS queries But for those queries that containNOT EXISTS or NOT IN, the algorithm cannot directly retain its soundness properties

indi-In addition, there are still many other queries, and the algorithms of these queries arenot working properly Let us look at the following example

© Springer Nature Singapore Pte Ltd 2021

Y Tian et al (Eds.): ICBDS 2020, CCIS 1415, pp 15–26, 2021.

https://doi.org/10.1007/978-981-16-3150-4 _ 2

16 Y Wei et al.

Table 1 Staff

• Strategy P1 for Antony table “Staff”:

• The limit of row-level strategy: “ Number = 3”;

• The limit of cell-level strategy of age: “ Number = 1”

• The limit of cell-level strategy of telephone: “ Number = 1”

Based on FGAC strategy, each cell is tagged with “(Y)” or “(N)” to indicate whetherthis strategy allows the cell (see Table1) Suppose Antony issues three queries:

For Q1, if do not consider FGAC strategy, the answer is {Tom} However, underthe FGAC strategy P1, the answer of the algorithm in [5], [6] is {Jerry, Tom, Mike},

The Database Fine-Grained Access SQL Statement 17

including Jerry and Mike whose telephone number is not NULL Obviously, this doesnot conform to the soundness requirements For Q2 and Q3, the soundness propertiescannot be retained as well

According to the example, many queries in [5], and the algorithm in [6] still cannotmeet the soundness requirements

There is no algorithm to guarantee the soundness of all queries, since SQL is to-use but has lots of high-level architectures and many complicated queries can bewritten

easy-Thus, it is actually necessary to know which SQL query in all cases can definitelyretain its soundness for an algorithm But the soundness definition in the literature [5]

is for all queries, and it is so strict that we cannot discover an algorithm that meets thisrequirement Therefore, a definition should be proposed that only defines the soundness

of query or a kind of query

2 Related Work and Background

Wang et al [5] put forward the formal concept of FGAC rightness in the database Theconcept first proposed robustness and discussed why existing methods have limitations

in some cases Then, they proposed a marking method for concealing unauthorized dataitems and a query valuation algorithm in relational databases for FGAC It settles therobustness weakness caused by the MINUS operation in the SQL statement But it canneither guarantee soundness for all queries, nor specify which types of queries it canensure soundness

2.2 FGAC Strategy

The FGAC strategies description approaches could be summarized into three types:view-based methods, predicate-based methods, and data log-based methods

18 Y Wei et al.

View-Based Method

This method can be described through the view of access control permits in the based method Views describe the data that users could access in the database It isnot same as the supported conventional SQL statement views Similarly, users cannotaccess the base table directly, but can only view it using conventional SQL But usersare allowed by the view here to access the base table directly

view-1 Access control on the basis of INGRES

The method of implementing FGAC on the basis of INGRES view is introduced byStonebraker and Wong The access rights of users are described by views, and the querymodification technology is used to realize the FGAC As for query modification, itsbasic meaning is to dynamically and transparently modify and execute SQL statements

to guarantee that users cannot access prohibited data [10]

2 Access control on the basis of Motro

A query modification algorithm resembling INGRES is put forward by Motro [11] If

a query statement S is submitted, it can be considered as a view When the view Q isderived from the safe collection view V, the access to Q is allowed When Q is not derivedfrom V, but V derives the sub-view set of Q, the access to the sub-view is allowed Thedisadvantages are disjoint sub views generation by the algorithm and other problems

Method Based on Predicate

The most representative predicate-based method is Oracle Virtual Private Database(VPD) The FGAC strategy returns SQL predicates by the strategy function definition

To realize FGAC strategy functions, the strategy functions are bound to basic tables orviews However, the description of the FGAC security strategy put forward by OracleVPD is very complicated, thus the availability and scalability are relatively low

Method Based on Data Log

B Purevjii et al proposed FGAC strategies, such as methods based on data logs [15].They used Authorization Description Language (ADL) to describe FGAC To solve theproblem of security analysis of FGAC policies, a method description based on data logrules is provided But it cannot be used directly in the DBMS, and must be converted to

be effective further

3 Dynamic Query Modification Algorithm Based on Key Attributes

For the relation R, we use CR to represent the set of all attributes in R A definition isintroduced first before the query modification algorithm is explained

1 Definition One (key attribute of query relationship)

• For any query Q, R is the relationship within Q

The Database Fine-Grained Access SQL Statement 19

• For any attribute A ∈ CR, if A is part of the attribute set of the WHERE clause of Q,

we say that A is the key attribute for which R represents Q

In Example One, the attribute telephone is the key attribute of Q1’s Staff becausetelephone is in the WHERE clause of Q1 For Q3, name and age are the key attributes

of Staff for Q3, and age is the only key attribute of Staff for Q3 subquery Here, analgorithm called the key attribute-based algorithm (KAB algorithm) will be explained.There are three steps:

Step 1: Create a temporary view for each relationship within the SQL query The keyattributes of Q can be obtained based on Definition One Then, the row-level and unit-level strategy for these key attributes could be achieved by FGAC As below, R is therelationship within the query, Prow is the row-level strategy and Pcell is the cell-levelstrategy The operational relationship will be established as:

FROM R

WHERE P row and P cell)

Step 2: Use temporary views to replace these relationships

Step 3: Use the “CASE” statement [12] to change each attribute in the SQL query selectlist

Literature [9] introduces the KAB algorithm for SQL query in details

2 Example Two

In Example One, two SQL queries Q1 and Q3 under the FGAC strategy P1 are introduced,and they are used to explain the modification method also For Q1, the telephone is theonly key attribute, the row-level strategy is “Number= 4”, and the cell-level strategy ofthe telephone is “Number= 1” Therefore, the temporary view is:

(SELECT Number, name, age, telephone

FROM Staff

Because no unit-level strategy on the name, there is no “CASE” statement to replacethe name in the changed query The final modified query Q1modifiedis shown below

20 Y Wei et al.

WHERE telephone IS NULL

The same method can be used to modify the query Q3 to Q3modified Assuming thatthere is a unit-level strategy on the attribute name “Number= 1”, the changed query forQ1 is Q1modified

• Q3modified=

SELECT name

FROM (SELECT Number, name, age, telephone

FROM Staff

WHERE name NOT IN (SELECT name

FROM (SELECT Number, name, age, telephone

THEN name ELSE NULL END AS name

FROM (SELECT Number, name, age, telephone

FROM Staff

WHERE telephone IS NULL

In [12], in order to maintain security, for any constant c, by replacing the value ofthe key attribute of these rows with NULL and the valuation rules “NULL= NULL”and “NULL = c”, you can delete rows from the result that may break security Theput forward algorithm directly deletes these rows that may violate security based on theFGAC strategy to establish a temporary view, so that the suggested method can alsoretain security

4 Algorithm Performance Evaluation

4.1 Robustness Definition

In this section, we will focus on which type of SQL query, KAB algorithm can guaranteethe soundness

The definition of robustness was first proposed in literature [5] However, it cannot

be used to determine whether the algorithm is correct for a query or for a certain kind

of query

The Database Fine-Grained Access SQL Statement 21

1 Definition Two

• Given two tuples tx= < x1, x2, ···, xn> and ty= < y1, y2, ···, yn> , we say that tx

is contained by ty(and written as tx ty) if and only if∀i∈[1…n] makes (xi= yi∨xi

= ).

•  = .

• For any constant c,  = c.

According to the above definition, the following attributes are obviously correct:Property 1:

• t1= t2⇒ t1 t2

This symbol can be expanded to the following relationship:

2 Definition Three

• Taking two simple relations R1 and R2, we say that R1 is included in R2 (represented

as R1 R2) if and only if ∀t1∈R1, ∃t2∈R2 makes t1  t2

According to the above definition, the following lemma will be proved

Considering query processing algorithm A, use FGAC strategy P and query Q on database

D to output the result R= A (D, P, Q) Let S represents the standard query responseprocess, and S(D, Q) denotes the answer to Q when the database status is D and there is

no FGAC policy

• If and only if the following conditions are met, A of Q is reasonable, written asSound(A, Q)= true:

• ∀D∀PA(D, P, Q) S(D, Q)

• If A cannot retain the robustness of Q, Sound(A, Q) = false

According to the above definition, the soundness definition of Algorithm A defined

in [5] corresponds to the following definition

4.2 Robustness of Relational Algebra Expression

σ and π below represent queries, which mean the selection and projection of relationalalgebra operations, respectively.π expands to π(A, F,),

• π(A1,true,), (A2,true,),···,(An,true,)(R)= πA1, A2,···, An(R)

The predicate definition is explained as below, which can simplify the description

1 Definition 6

• There are two predicates: F and F’ If F is equal to the predicate of F’, then it is defined

as F’≤ F

• ∀t, F’(t) = true ⇒ F(t) = true

The Database Fine-Grained Access SQL Statement 23

4.3 Robustness of KAB Algorithm

With relational algebra, four forms of query exist “π”, “σ”, “ × ”, “∪”, “-” are fivebasic operations and other operations can be derived from them [13] Only one table isinvolved in the first, multiple tables are involved in the second For the other tables, setoperations (such as “∪” and “-”) are used in combination with the first and second formsshown as below:

• Form1: Qform1= π(A1,A2,···,An)(σF(R1));

• Form2: Qform2= π(A1,A2,···,An)(σF(R1× ··· × Rm));

• Form3: Qform3= Q1∪Q2, Q1 and Q2 have Form1 or Form2;

• Form4: Qform4= Q1-Q2, Q1 and Q2 have Form1 or Form2

In literature [10], a translator that converts the relevant SQL queries subset into relationalalgebra was put forward By this, the SQL queries can be mapped to relational algebra.That is, if there is a SQL query Q, an expression where the relational algebra Q is equal

to Q can be found

5 Experiment

This experiment mainly describes the KAB algorithm performance Since the method in[5] can retain the soundness of queries including MINUS, this paper mainly comparesthe KAB algorithm performance with the algorithm in [5] The experimental method in[5] is mainly used to compare performance First, the experimental parameters of thisarticle are introduced as follows:

• Table Size means the tuples number in the table;

• Selectivity means the percentage of tuples selected by the query that has been issued

When there is no negative in the query, modify the query with the method in [5],and it can only guarantee the soundness of the query including MINUS Thus, onlyqueries containing MINUS are used to measure performance in the tests of this paper

To measure the queries execution cost, each query run 6 times, and the query cache andbuffer pool were refreshed between any two query executions The following resultsprovide the average performance for each query

24 Y Wei et al.

5.2 Experiment Results and Analysis

For convenience, KAB algorithm is called as KAB here, and the method in [5] is called asSound, the method in [12] is called as Hippo, and the general query evaluation (withoutaccess control strategy) is called as Unmodified Here only the algorithm scalability isdescribed This article shows the selectivity impact, the disclosure probability influence,and the operational relationship probability impact

The query modification algorithm scalability is measured by changing the tablesize In order to evaluate the cost, the case is selected with the selectivity of 100%, theprobability of disclosure at 25%, and the probability of operating relationship at 100%.The experimental result is shown in Fig.1 KAB, Hippo and Unmodified are better thanSound For the Sound method, when the table size is 100000 and 200000, the cost is

2833 and 34495 ms, respectively The reason why Sound is not scalable is that it employs

a join operation to provide reasonable answers to MINUS But, to preserve soundness,only predicates in the WHERE clause are added Thus, when the table size increases,KAB is better than Sound, and the effect is similar to Hippo, and Hippo cannot retainsoundness

Fig 1 Table size scalability Selectivity = 100%, disclosure probability = 75%, operationrelationship probability= 100%

The Database Fine-Grained Access SQL Statement 25

6 Conclusion

In this research, we first propose an algorithm to ensure the soundness of certain SQLquery types Then we expanded and improved the theory of robustness, and introducednew features on robustness by relational algebraic expressions The query represented

by relational algebra can be summarized into four forms, which are analyzed separatelyfor their soundness According to these theories, the proposed algorithm can ensurerobustness for any type of SQL query Finally, the algorithm performance evaluation

is conducted Experimental results indicate that the algorithm hardly increases the costand is feasible

In this article, we only study the SELECT operation But the operations controlled

by FGAC are SELECT, UPDATE, INSERT, and DELETE Therefore, we will considerother operations in FGAC in future work

Acknowledgement This paper is supported by the science and technology project of State

Grid Corporation of China: “Research and Application of Key Technology of Data Sharing andDistribution Security for Data Center” (Grand No 5700-202090192A-0-0-00)

References

1 Bingyu, Z., Huanguo, Z., Xi, G., et al.: A fine-grained authorization model based on credibility

in trusted network connection J Wuhan Univ (Sci Edn.) 02, 147–150 (2010)

2 Wu, C.: Fine-grained authorization delegation method based on quantitative roles Comput

key-5 Wang, Q., Yu, T., Li, N., et al.: On the correctness criteria of fine-grained access control inrelational databases In: International Conference on Very Large Data Bases DBLP (2007)

6 Calvio, A.: A simple method for limiting disclosure in continuous microdata based on principal

component analysis J Off Stats 33(1) (2017)

7 Yanan, W., Yiqiu, S.: Performance optimization of oracle database application system

auto-10 Xiaofeng, L., Dengguo, F., Chaowu, C., et al.: Access control model based on attributes J

26 Y Wei et al.

13 Ceri, S., Gottlob, G., et al.: Translating SQL into relational algebra: optimization, semantics,

and equivalence of SQL queries IEEE Trans Softw Eng SE-11(4), 324–345 (2006)

14 DeWitt, D.J.: The wisconsin benchmark: past, present, and future, Technical report (1993)

15 Purevjii, B.-O., Aritsugi, M., Imai, S., Kanamori, Y., Pancake, Cherri M.: Protecting personaldata with various granularities: a logic-based access control approach In: Hao, Y., et al (eds.)CIS 2005 LNCS (LNAI), vol 3802, pp 548–553 Springer, Heidelberg (2005).https://doi.org/10.1007/11596981_81