Application and Optimization of Endogenous Security Mechanisms in Photovoltaic Data Transmission and Storage

Endogenous security mechanism means that when designing, developing and operating a software system, security is taken as part of the system throughout its life cycle, and the system is protected through internal mechanisms. The goal of endogenous security mechanism is to protect the system from various threats, including malicious attacks, data leakage, vulnerability exploitation and so on. The realization of endogenous security mechanism needs to start from several aspects [1-4].

First, security design needs to be incorporated into the requirements analysis and architecture design of the software system, taking into account the various threats that the system may face, so as to design the corresponding security measures in a targeted manner [5-6]. Secondly, secure coding standards need to be adopted and secure code needs to be written to avoid vulnerabilities and security holes. Again, security testing is needed to ensure that the system can withstand various attacks and vulnerability exploitation [7-8]. Finally, various security mechanisms, including authentication, access control, data encryption, and so on, need to be adopted to ensure the security of the system during operation [9-10]. The realization of endogenous security mechanisms can not only improve the security of the system, but also reduce the security risk and cost. By implementing security in the software development process, it can reduce the number of software vulnerabilities and the scope of influence, reduce the probability of security events and the degree of influence, thus reducing the losses and costs caused by security events [11-14]. At the same time, the endogenous security mechanism can also improve the reliability and stability of the system, and enhance the user trust and reputation of the system, so it is important to realize the significance of its ensuring the security and stability of data in PV data transmission and storage [15-17].

In this paper, a security protection system for PV data transmission and storage is proposed and verified. A LoRa-based PV plant data transmission system is constructed in the PV transmission part. In the PV data storage part, a distributed transmission protocol and hash consistency detection method are used for group storage of PV data. Trusted security architecture and data desensitization mechanism are used to optimize the security protection of the system. The feasibility of the PV data storage method designed in this paper is verified in terms of bandwidth occupancy, load balancing degree, node residual energy, and data storage quantity, respectively. The applicability of the optimization method is tested based on the security protection posture assessment.

2

Endogenous security defense system for PV data transmission and storage

2.1

Endogenous security defense system

Traditional security defenses are usually isolated in specific areas such as anti-malware, network traffic anomaly detection, network security operations and system security assessment. Intelligent security is the use of artificial intelligence methods to analyze threats with the effect of discovering unknown threats.

From the perspective of bionics, endogenous security builds an endogenous security system for information systems based on the biological nervous system. The difference between this and existing intelligent security research is that endogenous security integrates the human bionic system, immunity, artificial intelligence and 5G mobile communication network, arranges a huge number of sensors with reference to the characteristics of distributed sensing of the human nervous system, monitors changes in various parts of the system in real time, constructs a security center similar to the human brain using the method of artificial intelligence, and makes a decision through the aggregated information, so as to reasonably counteract external invasion and Immune defense against internal invasion. Bionic is embodied in the deployment of sensing network, learning and decision-making of human-like brain, and moderate countermeasure of external invasion, and immune is embodied in the marking and defense of internal invasion, which is an endogenous security mechanism based on bionic immunity. According to the idea of bionic immunity, we will overcome the basic theoretical problems of constructing a bionic immunity system that is highly integrated with the information system, designing a distributed fine-grained threat sensing and countermeasure mechanism, designing a multilayer transmission network that is integrated with the information system in a parallel manner, establishing an irreproducible access control mechanism, and constructing a security center that has the ability to learn, process, and make decisions by using the method of artificial intelligence.Deploying the key security components of perception, response, immunity, and security center in 5G networks, through the autonomous learning and evolution of the AI “brain”, and through the innate autonomous response capabilities of living creatures such as perception, judgment, confrontation and countermeasure, autonomous growth, etc., we can form a distributed fine-grained threat perception and countermeasure, a multilayered security defense network, brain-like security control, autonomous evolution and decision-making, and other security mechanisms. The security mechanism of brain-like security control and autonomous evolution and decision-making. It establishes an “innate and autonomous growth” security protection system, actively responds to security threats to information systems, and creates a new security architecture.

2.2

LoRa-based PV data transmission system

In this paper, a photovoltaic power station data transmission system based on LoRa wireless networking technology is designed. The system connects each device to a small LoRa star LAN through LoRa wireless networking technology, carries out unified management and coordinated control through the gateway, and indirectly connects each device to the server through the gateway to realize the safe transmission of each basic data of the photovoltaic power plant.

2.2.1

Overall design of the data transmission system

The LoRa gateway is used as the node concentrator of the data transmission system, and the terminal devices are the system nodes to build a complete LoRa star topology network to realize the data transmission function of the PV power plant. The terminal node devices mainly realize the data collection and sending functions.The LoRa gateway acts as a hub for communication between the terminal node devices and the LoRa WAN server by connecting with the terminal node devices and the LoRa WAN server to realize the interconnection between the parts.The LoRa WAN server is mainly responsible for the network entry and parameter configuration of the terminal node devices and the LoRa gateway. The terminal node and data collection device share the MCU control processor, and the terminal node RF chip communicates with the control processor using the serial port, which is mainly responsible for the terminal sending of data [18].

Terminal nodes and data acquisition equipment share MCU control processor, terminal node RF chip and control processor using serial communication, mainly responsible for the terminal sending of data.

The gateway is the core part of the whole system, which is responsible for managing the LoRa star network, realizing the communication with the application servers, and realizing the functions of data processing, forwarding, and storage.

The LoRa WAN server is the “brain” of the entire system, which manages communication devices, authenticates terminal access, stores data, and parses communication protocols.

2.2.2

Hybrid encryption mechanism design

LoRa network’s own security mechanism uses AES-128 data encryption algorithm, whose key length is 128 bits, and the length of the key is much lower than the key length of the RSA encryption algorithm, so the process of encrypting/decrypting the data has a high efficiency. However, in the process of data encryption/decryption, a pair of symmetric keys is used, and the key parameters of the two keys overlap similarly in many aspects, which is easy to be cracked by malicious network attack analysis.The two keys used by the RSA algorithm in the encryption/decryption of the data information are completely irrelevant in terms of the key parameters, and the key difference is longer than that of the AES algorithm, which improves the difficulty of cracking and the computing efficiency is much lower than that of the AES algorithm. Operational efficiency is much lower than the AES algorithm, and is not suitable for the operation of large numbers of data [19].Aiming at the characteristics of the above algorithms and analyzing the advantages and shortcomings of each of the two algorithms, this paper adopts a hybrid encryption mechanism that combines the AES data encryption algorithm with the RSA encryption algorithm.The AES-128 algorithm is used to encrypt/decrypt the data transmitted in the LoRa network, and the RSA algorithm is used to protect the key of the AES. The specific flow is shown in Figure 1. The principle of this hybrid algorithm is: before the LoRa terminal node device sends real-time data, the terminal node device uses the AES-128 algorithm to generate a cipher text by encrypting the collected environmental parameter data message, and then uses the public key of the RSA algorithm to realize encryption of the AES key generated by the encryption work in the previous step, and then packages the cipher text together with the encrypted key and sends it to the LoRa WAN The encrypted message and the encrypted key are sent to the LoRa WAN server.The LoRa WAN server receives the data packet and parses it to obtain the encrypted AES key and the data ciphertext. First, it calls the private key configured in advance to decrypt the data encrypted with the public key, extracts the valid AES key parameter, and then carries out the rest of the decryption operation using this key to finally obtain the PV power station environmental parameter data. The terminal device realizes the encryption of real-time data, and the server realizes the decryption. Generally speaking, the server should create an RSA key pair at the very beginning to improve the security of the AES key.

2.3

PV data storage method based on consistent hash algorithm

Since PV systems are usually distributed in different geographical locations and the data from each solar power point is generated and updated simultaneously, a distributed storage system is a more appropriate choice [20].

In order to realize the storage integrity of PV data, a consistent hash algorithm is used to group the PV data. Before grouping the data, a data transmission protocol is agreed upon. Since PV data is mostly distributed data structure, the transmission protocol also adopts the distributed protocol, i.e: (1) $X_{T C P} = {D, P_{1}, Z, P_{2}}$ \[{{X}_{TCP}}=\left\{ D,{{P}_{1}},Z,{{P}_{2}} \right\}\]

Where: X_TCP is the distributed transmission protocol. D is the IP address of the PV data access end. P₁ is the port of the data access side. Z is the IP address of different databases. P₂ is the data storage port. The hash value Hash(x) of X_TCP is used as the unique identification for node authentication, and then the stored PV data is grouped using a consistent hash algorithm, and the grouping process is shown in Fig. 2.First, all the actual nodes are counted, i.e., the hash value of each PV data that will be deposited. Subsequently, virtual nodes are introduced, i.e., the hash value of the corresponding data storage location, and virtual nodes and actual nodes are mapped to each other. The nodes that are close to the hash value are grouped together, i.e., node grouping is performed. After that, each grouping is divided into details to increase the granularity, for example, the electricity price is subdivided into industrial electricity price, enterprise electricity price, user electricity price and so on. Finally, the actual PV data is mapped to the corresponding PV storage database according to the storage location, and the metrics for each node are completed in the process.

2.4

Trusted Protection of Photovoltaic Data

2.4.1

Trusted Security Architecture

PV data after trusted storage will still have multiple potential problems, including risks of data leakage, unauthorized access and integrity damage. For this reason, trusted computing architecture is introduced to ensure the security and reliability of PV data. Trusted architecture through the strengthening of trusted environment security, data desensitization data encryption and other means to build a multi-level security defense, improve the ability of the system to resist attacks and protect data. This architecture not only helps to prevent external threats, but also fights against internal potential risks, providing a highly credible data storage environment for the PV system [21].

The protection architecture covers a number of key aspects designed to combat potential threats and ensure that data is not compromised during storage and processing. In the Trusted Security Protection Architecture, the primary consideration is the security of the hardware layer. The introduction of the Hardware Security Module (TCM) provides a protected hardware environment that performs chain-of-trust construction and provides the Security Services Module (TSM) and the Software Services Module (TSS), which together form the Trusted Execution Environment (TEE). The hardware module is resistant to physical attacks and provides a trusted security base for desensitizing and encrypting upper layer photovoltaic data, ensuring the integrity of critical parts of the system.

2.4.2

Data desensitization mechanisms

In differential privacy, the Laplace mechanism and the exponential mechanism are commonly used to calculate the privacy score. In this case, the Laplace mechanism is applicable to numerical data, while the exponential mechanism is applicable to non-numerical data [22].

For numerical data, assume that the true value of the attribute is x and the added noise is Δx, then the noise Δx of the Laplace mechanism satisfies the probability distribution: (2) $P (Δ x = δ) = \frac{ε}{2 b} e^{- \frac{| δ |}{b}}$ \[P\left( \Delta x=\delta \right)=\frac{\varepsilon }{2b}{{e}^{-\frac{|\delta |}{b}}}\]

Where: ε is the privacy budget. δ is the value of added noise. b is the scale parameter of the random variable to control the intensity of the added noise, and different values of b can be chosen to balance privacy protection and data quality.

For non-numeric data, such as categorical variables, an exponential mechanism can be used to compute a privacy score. For example, suppose there is a non-numeric attribute A with a range of values {a₁,a₂,…,a_n}. consider adding noise ΔA to attribute A such that differential privacy is preserved. The noise ΔA of the exponential mechanism satisfies a probability distribution: (3) $P (Δ A = a_{i}) = \frac{e^{[ε f (a_{i})]}}{\sum_{i = 1}^{n} e^{[f (a_{i})]}}$ \[P\left( \Delta A={{a}_{i}} \right)=\frac{{{e}^{\left[ \varepsilon f\left( {{a}_{i}} \right) \right]}}}{\sum\limits_{i=1}^{n}{{{e}^{\left[ f\left( {{a}_{i}} \right) \right]}}}}\]

where f(a_i) selects the sensitivity of a_i. The larger the privacy budget ε in the exponential mechanism, the more noise is added and the higher the degree of differential privacy protection, but at the same time it affects the accuracy of the data.

2.4.3

Desensitization of photovoltaic data

For the secure storage of PV data, based on the traditional DiffGen differential privacy algorithm, an improved DiffGen algorithm is proposed by borrowing the idea of group desensitization to improve the efficiency and quality of data desensitization while ensuring the availability of PV data. The operation steps are as follows.

1) Form a generalization tree and root node based on the original PV data table. Assuming that the original dataset has m attributes and n data for each attribute, this dataset can be formed into a data table with n rows and m columns: (4) $X = [\begin{matrix} a_{11} & \dots & a_{1 m} \\ ⋮ & ⋱ & ⋮ \\ a_{n 1} & \dots & a_{n n} \end{matrix}]$ \[X=\left[ \begin{matrix} {{a}_{11}} & \cdots & {{a}_{1m}} \\ \vdots & \ddots & \vdots \\ {{a}_{n1}} & \cdots & {{a}_{nn}} \\ \end{matrix} \right]\]

Generalize each column of data with an attribute name to form a generalized tree containing m×n pieces of data, with each attribute name forming a parent node.

2) Perform a sensitivity analysis on all attributes to determine the sensitivity measure values, sorting them in order from smallest to largest. Determine the size of the sensitivity according to the data classification and grading criteria. For attributes at the same level, determine the size of the sensitivity according to the degree of data dispersion. First find the mean E(m) under each attribute, and then calculate the variance size under each attribute: (5) $D (m) = \sum_{1}^{n} {[m_{i} - E (m)]}^{2}, i = 1, 2, \dots, n,$ \[D\left( m \right)=\sum\limits_{1}^{n}{{{\left[ {{m}_{i}}-E\left( m \right) \right]}^{2}}},i=1,2,\cdots ,n,\]

Where: D(m) is the variance. Determine the magnitude of sensitivity of peer attributes by variance.

3) The sorted attributes are clustered. For low sensitivity data without generalized clustering, from the parent node to generate all the leaf nodes. For medium sensitivity data using k–means algorithm for clustering, and according to the attribute sensitivity to determine the k–means in the k, according to the attribute sensitivity to gradually reduce the k, until all the attributes are traversed, in which the character-type data can be automatically clustered according to the characters are the same and not the same. For high sensitivity data, a clustering center is determined, after which the entire attribute is generalized according to its clustering center. The sensitivity ranking and data clustering are shown in Fig. 3.

4) Subdivide leaf nodes from under the parent node by attributes until they cannot be subdivided.

5) Different types of desensitization methods are processed for leaf nodes. For low sensitivity data simple data desensitization is used. For medium sensitivity data according to different differential privacy mechanisms, choose appropriate differential privacy algorithms for data desensitization after clustering, and choose the same differential privacy algorithms for the same type of data to operate. For high sensitivity data, grouped differential privacy is used to ensure data privacy and complete PV sensitive data desensitization. The specific process is shown in Figure 4.

3

Experimentation and analysis

3.1

PV Data Transmission Security Analysis

The encryption scheme designed in this paper is able to encrypt the data message of LoRa protocol using AES data encryption algorithm, and at the same time introduce RSA encryption algorithm to encrypt the key of AES-128 algorithm and transmit the ciphertext together. This design reasonably combines the advantages of the two algorithms to maximize the security of PV data transmission. Therefore, the hybrid encryption scheme for PV data transmission designed in this paper can greatly meet the demand for security of PV data transmission.

3.2

Analysis of PV Data Storage Methods

In order to verify the feasibility of the proposed PV data storage method based on consistent hash algorithm, it needs to be tested.

1)

Bandwidth occupancy

The bandwidth occupancy rate is used as an indicator to test the PV data storage method based on consistent hash algorithm (Ours), the distributed data storage method based on K-distance topology (Method 1), and the distributed storage method based on pre-partitioning strategy for equipment data (Method 2), and the lower the bandwidth occupancy rate is, the better the method is for data storage, and the bandwidth occupancy rate for the above methods is as shown in Fig. 5. With the increase of bandwidth, the bandwidth occupancy of the three methods decreases, and the bandwidth occupancy of the proposed method is lower than that of the traditional method under the same bandwidth condition. When the bandwidth is 100MB/s, the bandwidth occupancy of the proposed method is 21.4%, which is 23.9% and 49.7% lower than the distributed data storage method based on K-distance topology and the distributed storage method based on prepartitioning strategy for equiped data, respectively. It shows that the proposed method is effective in data storage because the proposed method reasonably allocates redundant data during the distributed storage of PV data, which in turn reduces the bandwidth occupancy of the method.

2)

Load Balancing Degree

The higher the load balancing degree, the better the storage performance of the method, and the lower the load balancing degree, the worse the storage performance of the method. Three methods are used for distributed storage of PV data, and the test results are counted as shown in Fig. 6. With the increase of time, the load balancing degree of the three methods decreases, but during the test, the load balancing degree of the proposed method is kept above 0.897, which is much higher than that of the traditional method, indicating that the proposed method has good performance of distributed storage of PV data.

3)

Node residual energy

To further validate the overall effectiveness of the method, the node residual energy is used as an indicator and the test results are shown in Fig. 7. The average residual energy of nodes decreases with the increase of PV data storage, indicating that storing data consumes the energy of nodes. The above test shows that the proposed method has the highest average residual energy of the nodes under the same condition of data volume, and when the data volume reaches 5000 entries, it still maintains the average residual energy at 210J, which verifies the effectiveness of the proposed method.

4)

Data storage quantity

Three methods are used to store 3000 PV data to compare the data storage quantity of different methods, and the test results are shown in Fig. 8. The proposed method completes the storage of 3000 pieces of data in 15 min without any leakage.The K-distance topology method and the pre-partitioning strategy do not change the amount of data storage after 23 min and 17 min, respectively, but the amount of storage is lower than 3000 pieces. Comparing the test results of the above methods, it can be seen that the proposed method can complete the data storage in a short period of time and there is no data leakage.

3.3

Analysis of the optimization effect of endogenous security mechanisms

In this section, the designed endogenous security defense system is validated. The hardware setup is a laptop computer with configuration parameters of AMDR9-5800 CPU, 16G of running memory, and Windows 11 as the operating system.The sampling scale of intrusion data is 2000, the training set is 120, the simulation time length is 1200s, and the detection frequency is 24kHz.

According to the above simulation loops and parameters, the security protection posture assessment simulation is carried out. First, the intrusion behavior data containing strong interference signals in one of the segments on the UNSW-NB15 dataset is selected as an example, and the interference amplitude of the intrusion information data is shown in Fig. 9. The interference amplitude of the intrusion information data in the range of 0 to 1000 sampling points is between -0.38 and 0.37.

Generally in the protection posture assessment, the feature information of the system is extracted with a time width of 8s, and then the assessment values of the Sink node and the Source node are obtained through data clustering, and the correlation results between the detected and extracted security threat information streams and the assessment values of the Sink node and the Source node are shown in Fig. 10. The assessment values of the Source node are concentrated above 1, 3, the assessment values of Sink nodes are concentrated above 3 and 4. The security posture assessment of the endogenous security defense system designed based on the method of this paper has good beam directivity and can accurately reflect the final distribution of the security posture after being subjected to security threats.

Quantitatively compare the superior performance of the endogenous security defense system designed in this paper in security posture evaluation. Taking the accuracy of evaluation as the test index, the comparison results of this paper’s method with the traditional endogenous security defense system (System 1) and the endogenous security defense system based on bionic mechanism (System 2) are shown in Fig. 11. In the late iteration, this paper’s method faster to achieve the goal of 100% protection accuracy, the other two algorithms have lower accuracy in the early stage are lower than 71.5%, and with the iteration of the accuracy of the slower to improve, so this paper design endogenous security mechanism has a better protection accuracy and efficiency.

4

Conclusion

This paper proposes an endogenous security defense system for photovoltaic data transmission and storage, and draws the following conclusions through experiments and analysis:

1) The hybrid encryption scheme for PV data transmission designed by the research can greatly satisfy the demand of PV data transmission for security.

2) The data storage method based on the consistent hash algorithm shows good performance in the experiment. In terms of bandwidth occupancy, it is 23.9% and 49.7% lower than the distributed data storage method based on K-distance topology and the distributed storage method based on pre-partitioning strategy for equipment data, respectively. The load balancing degree is kept above 0.897 in all cases. The number of data storage can be completed in a shorter period of time and there is no leakage of storage. The method in this paper provides a practical solution for efficient and reliable storage of PV data.

3) Compared with the traditional endogenous security defense system and the endogenous security defense system based on bionic mechanism. The method in this paper achieves the goal of 100% protection accuracy faster. Therefore, this paper designs the endogenous security mechanism with higher protection efficiency.

Acknowledgement

Supported by Science and Technology Projects (Research on integration of distributed photovoltaic access and communication security based on endogenous security framework in new power systems) of Jilin Jineng Electric Power Communication Co., Ltd.

Idioma:: Inglés

Calendario de la edición:: 1 veces al año
Temas de la revista:: Ciencias de la vida, Ciencias de la vida, otros, Matemáticas, Matemáticas aplicadas, Matemáticas generales, Física, Física, otros

RSS Feed de revista

Application and Optimization of Endogenous Security Mechanisms in Photovoltaic Data Transmission and Storage

Danni Liu

Shengda Wang

Chunhui Shi

Jia Li

Xiuhong Jiang

Publicado en línea: 17 mar 2025

Recibido: 02 nov 2024

Aceptado: 11 feb 2025

DOI: https://doi.org/10.2478/amns-2025-0223

Palabras claveEndogenous security mechanism, Hybrid encryption mechanism, Hash consistency, Data desensitization mechanism, PV data

© 2025 Danni Liu et al., published by Sciendo

This work is licensed under the Creative Commons Attribution 4.0 International License.

Palabras clave
Endogenous security mechanism, Hybrid encryption mechanism, Hash consistency, Data desensitization mechanism, PV data