Design and Implementation of the Zero Trust Model in the Power Internet of Things

Wu, Kehe; Cheng, Rui; Xu, Huiyan; Tong, Jie

doi:https://doi.org/10.1155/2023/6545323

International Transactions on Electrical Energy Systems

On this page

Abstract Introduction Analysis Conclusion Abbreviations Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 6545323 | https://doi.org/10.1155/2023/6545323

Design and Implementation of the Zero Trust Model in the Power Internet of Things

Kehe Wu,¹Rui Cheng,¹Huiyan Xu,¹and Jie Tong²

Academic Editor: Baseem Khan

Received28 Oct 2022

Revised28 Mar 2023

Accepted11 Apr 2023

Published20 Apr 2023

Abstract

As a novel network security scheme, the zero trust model can effectively improve the traditional role-based access control model in the public network by continuous trust evaluation and dynamic authorization. As a private network for collecting the health status data of the power equipment, the terminals in the power Internet of Things (IoT) have the characteristics of fixed and controllable hardware, software, and users, and the main network security threat of the power IoT comes from the risk of terminals being damaged or forged. Therefore, based on the analysis of the key connotation of the zero trust and the security characteristics of the power IoT, this paper proposes a novel zero trust model and framework to synthetically evaluate the security status of the power IoT based on the behaviour and characteristics of the terminals. The analysis based on the stochastic Petri net and simulation results show that the proposed model can effectively address network security problems and significantly improve the level of security protection of the power IoT.

1. Introduction

The power Internet of Things (IoT) obtains a comprehensive perception of the status of power equipment and systems by deploying a mass of sensors and edge terminals, which can realize real-time data acquisition, communication, and status control in the power generation, transmission, distribution, and consumption. At the same time, the power IoT provides physical support for enterprise information sharing, asset maintenance, and industrial upgrading [1–4]. Therefore, the network and information security of the power IoT is an important factor to be considered in the construction of smart homes, smart grids, and smart cities [5–8]. However, in recent years, the occurrence of malicious software such as Stuxnet and Industroyer, as well as a number of network attacks specifically targeting the IoT [9], makes the network security situation of the power IoT become increasingly serious, which also shows that the existing security schemes of the power IoT still have shortcomings.

The power IoT presents the characteristics of multiple points, wide areas, and harsh environment, which make the terminals to be forged or destroyed easily. With the escalation of network attacks, attackers can also use the terminals as the springboard to break through the network boundary, access the intranet for lateral movement, and even obtain higher access rights through privilege escalation operations, which will inevitably have a bad impact on the power IoT and even power grid. Therefore, how to address network security risks has become an important issue of power information security protection [10–12].

As a novel network security scheme and concept, the zero trust model (ZTM) [13] realizes end-to-end security protection by building a confirmation mechanism via hardware, software, users, and network traffic in public information network scenarios. For instance, the ZTM is mapped to the supply chain in [14]. In [15], a novel zero trust architecture (ZTA) that can guarantee the necessary security level is presented for the cloud computing environment. The work reported in [16] also establishes a digital identity model of two-way authentication between edge computing nodes and sensing terminals to realize fine-grained authorization and access control in edge computing.

Considering the network security risks and protection requirements of the power IoT, many domestic and foreign experts, scholars, and security manufacturers have proposed applying ZTM to the power IoT to achieve network security protection [17–19]. However, the ZTM is an internet-oriented security model that realizes continuous trust evaluation and dynamic access control through real-time network traffic analysis with a large number of network and computing resources, and the efficiency is too low. Therefore, if the ZTM is directly applied into the power IoT, the feasibility and satisfactory protection effects will not be achieved. Therefore, it is necessary to research and build a novel ZTM and zero trust framework (ZTF) in the power IoT.

Based on these premises, the contributions of this paper are outlined as follows:(1)The paper expounds the key connotation and implementation methods of the zero trust and points out that the core concept is to improve the traditional role-based access control (RBAC) model by continuous trust evaluation and authorization against the security risk in the public information network.(2)A novel ZTM and ZTF in the power IoT is proposed based on the analysis of the zero trust. The proposed model combines the characteristics of the power IoT and implements security authentication, status evaluation, and access control for the terminals in the power IoT.(3)Comparative analysis and simulation experiments verify that the proposed ZTM and ZTF in this paper can effectively address the network security problems of the power IoT. The designed components can be easier to implement and apply in the power IoT, while the security is not compromised.

The rest of this paper is organized as follows: Section 2 introduces the zero trust background and summarizes the connotation of zero trust. Section 3 proposes the ZTM and ZTF in the power IoT. Section 4 carries out the analysis and experiment of the proposed model and framework. Conclusions are given in Section 5.

2. The Zero Trust Background

The intention of network security protection is to ensure the privacy and integrity of interactive data, as well as the continuity and nonrepudiation of the network communication. The traditional network security model or architecture is implemented based on the method of the network boundary. Thus, network security architecture also follows the RBAC [20], which asserts that the resources and users in the intranet are fully trusted, and intranet users have unlimited access to intranet resources within the scope of their role-based permissions. Therefore, an important factor to improve the boundary-based model is to eliminate or reduce the trust of the resources and users in the network as much as possible to avoid the security problems caused by the abuse of trust.

Zero trust is a network security model proposed by Forrester in 2010. In recent years, zero trust has gradually evolved into a new generation of security architecture covering the cloud computing, big data, remote offices, and many other scenarios. At present, various ZTM have been proposed by network security research institutions [21–24], such as Google, Qi An Xin, Tencent, etc. Furthermore, the National Institute of Standards and Technology (NIST) of the United States released the first national-level ZTA standard [25] in 2021. The standard emphasizes that the zero trust is a network security paradigm with resource protection as the core, and the premise is that the subjects should never be granted implicitly but must be continuously evaluated. NIST’s ZTA is shown in Figure 1.

In NIST’s ZTA, the implemented components are divided into policy enforcement points (PEPs) and policy decision points (PDPs), which include policy engines (PEs) and policy administrators (PAs). When an untrusted subject requests access to the resources in the trusted zone, the PEP and PDP must authenticate and authorize the request. In addition, the ZTA requires data sources to provide policies and rules for PE to make access decisions. These data sources consist of both local and external sources, including continuous diagnostics and mitigation (CDM) systems, industry compliance, threat intelligence, activity logs, data access policies, public key infrastructure (PKI), ID management, and security information and event management (SIEM) systems. The workflow of the ZTA is as follows: the subject sends the access request to the PEP, and the PEP forwards the request to the PDP via the control plane. The PE in the PDP will evaluate the request according to the security policies supported by the data sources. Then, the PA will decide to establish or deny the session between the subject and the resource according to the PE evaluation decision. After the session is established, the access subject can communicate with the resource through the PEP in the data plane. During this process, the PE will continue to evaluate trust and forwards the access policy to the PEP through the PA. In this way, the PEP can disconnect in time to quickly protect the security of resources when risks occur.

Referring to NIST’s ZTA, the China Academy of Information and Communication Technology (CAICT) also proposed a ZTM through four security capabilities: identity authentication, security access, continuous trust evaluation, and dynamic permission control. The CAICT’s ZTM works by encrypting, authenticating, and enforcing authorization for all access requests by the digital identities of all participating entities in the network. It also gathers and associates various data sources for continuous trust evaluation and dynamically adjusts permissions. Thus, the dynamic trust relationship between the subjects and the resources is established [26].

Based on domestic and foreign research, this paper summarizes the connotation of the ZTM as follows:(1)The premise of the ZTM: any subject who accesses the network will get a claimed role, and the ZTM distrusts the subject’s claimed role by default, rather than the network.(2)The core of the ZTM: the legitimacy and access permission of the subjects should be calculated based on the dynamic behaviour rather than the static role, which recovers the nonfeedback problem of RBAC.(3)The implementation of the ZTM: the behaviour of the access subjects can be analyzed based on the dynamic network traffic, and the identity identification can be realized by the characteristics of the hardware, software, and users.(4)Problem solved: in the boundary-based security model, the relation between the access permission and the rule is static and lacks real-time and continuous evaluation. The ZTM covers the shortcoming of the traditional access control model by continuously monitoring and evaluating the behaviour of subjects through the network traffic.

The current research on the ZTM still focuses on the public information networks and intends to solve the security access problem caused by untrusted terminals. It mainly relies on identity authentication and traffic analysis to realize behaviour discrimination, which has the problem of excessive resource consumption. Therefore, how to propose a ZTM in the actual and specific networks is still a worthy topic for further study.

3. The ZTM and ZTF in the Power IoT

3.1. The ZTM in the Power IoT

The openness of public information networks such as the Internet makes it impossible to control and forbid the network access from various subjects. Therefore, all access subjects should be considered untrusted. It is necessary to continuously evaluate their trust and change their access permissions in real time according to their behaviors and claimed roles. In contrast, the original intention of the power IoT is to realize the health status collection of the power equipment by specific and private protocols, such as IEC60870, IEC 61850, etc., so the power IoT has a relatively closed network environment, and the characteristics of the hardware, software, and users in the terminals are initially trusted, as they are completely controlled by the power enterprises. Therefore, based on the principle of ZTM and characteristics of the power IoT, this paper proposes a novel ZTM with the analysis of the actual network scenarios in the power IoT. The proposed model is designed in Figure 2.

The ZTM in the power IoT is aimed at ensuring that the terminals are always running in normal state. The proposed model can be divided into two components: device trust evaluation and network access control. The trust evaluation component evaluates the security status of the terminals in the process of data interaction in real time by the authority centre. The PEP component in NIST’s ZTM is replaced by the designed network access control component, which is responsible for dynamically adjusting the access permission of the terminals, especially blocking the network access of the abnormal terminals.

The specific workflow of the proposed ZTM is as follows: first, the security baseline of the terminals is established in the authority centre, including the hardware characteristics (serial number of the hard disk and mac address of the network card), software characteristics (hash of the applications), user characteristics (serial number of the linked sensors), and data characteristics (protocol, collection period, collection frequency, and collection value) of the terminals. At the same time, the authority centre provides relevant security authentication interfaces such as identity recognition and data verification. Then, the terminals integrate the security module, which is responsible for collecting the characteristics of hardware, software, and users and generating a unique hash value. The authority centre confirms the terminal identity periodically or on demand to prevent physical damage and system intrusion or other abnormal situations. In addition, the terminals communicate with the IoT system in strict accordance with the established business requirements. Therefore, the authority centre can parse the data during the communication and will do nothing if the data characteristics are normal. If the terminal has been destroyed or abnormal, the data characteristics will be biased and then the trust evaluation component will notify the network access control component to block the network access of the terminal via relevant network security devices such as routes and firewalls.

The proposed model fully draws on the protection concept of the ZTM in the public network, but the difference is that the proposed model maintains one authority centre that contains the characteristics of the hardware, software, users, traffic data, and congruent relationship to establish the initial trust. Trust evaluation is implemented during the process of access by the authority centre, which calculates the period, frequency, and value from the data and then verifies whether the terminal is abnormal.

The connotation of the proposed ZTM is summarized as follows:(1)The premise of the proposed ZTM: the network security protection node of the power IoT should be defined as the terminals with network communication capability. It is an internal terminal with trusted characteristics, but its physical environment is not trusted and can be easily damaged and forged.(2)The core of the proposed ZTM: as a trusted device, the operating mode of the terminal is fixed and controllable. Therefore, it is possible to judge whether an anomaly occurs by comparing the behavioral characteristics.(3)The implementation of the proposed ZTM: the behaviour analysis of the terminal is realized based on the data characteristics during the communication, and the identity recognition of the terminal is realized based on the characteristics of hardware, software, and users.(4)The advantage of the proposed ZTM: due to the definite characteristics of the terminal behaviour and data, the permission of the network access can be simplified and many computing resources can be saved.

The proposed ZTM does not completely reverse the existing security scheme of the power grid [27] but improves the access control model and enhances the protection capability by fully analyzing the security requirements and characteristics of the power IoT to ensure the security of the trusted terminals under an unreliable physical environment.

3.2. The ZTF in the Power IoT

According to the ZTM described previously, this section integrates the network and security characteristics of the power IoT to design security capabilities and constructs the ZTF to solve illegal or unauthorized access in Figure 3 on the basis of retaining the original border access control and other security measures.

The proposed ZTF makes full use of the existing security infrastructure in the power enterprises and realizes full-level network security protection in the edge layer, network layer, and platform layer. On the basis of the existing security protection of the terminals, the edge layer adds the characteristic collection capability to assess the security status by calculating the terminal status periodically or on demand. The network layer adds network flow control and blocking capabilities to prevent malicious terminals from launching network attacks such as flooding attacks or replay attacks to occupy other normal terminals’ bandwidth and affect system operation. The network blocking ability can block the communication of abnormal terminals to enhance the border protection ability. On the basis of the existing security authority centre, the platform layer adds a terminals’ characteristic baseline library and provides authentication and data verification interfaces for trust evaluation component to realize the identity recognition, data verification, and behaviour analysis of the terminals.

4. Analysis and Experiment

To dynamically describe the process and effect of the proposed model and framework, this section first introduces stochastic Petri net (SPN) [28] to describe the various states changes in the ZTM and the relationship between these changes.

4.1. Model Analysis

As a formal modelling tool, the Petri nets not only have strict mathematical expression but also have intuitive graphical expression, which is widely used in reliability analysis of industrial control systems and other fields [29, 30]. As a derivative of Petri nets, SPN is a directed graph that uses graphical symbols to represent system states by two types of node named places and transitions, and the relationships between the nodes are represented by directed arcs [28]. When using SPN to model the system, the different states of the system are abstracted as places and the actions that cause the state to change are abstracted as transitions. In addition, the paper introduces a fuzzy mathematics method to realize the activation of the transitions in the system.

To prove the effectiveness of the proposed ZTM, this paper compares and analyzes it with the state grid’s IoT (SGIoT) security scheme [27]. According to the practical application, we first construct the SPN model of the SGIoT security scheme in Figure 4, and then the isomorphic Markov chain is established to analyze the system performance by calculating the busy probability of the places and the utilization rate of the transitions.

The definitions of the places and transitions in the SPN model are shown in Table 1.

The average implementation rate of the transitions can be defined as . Meanwhile, the reachable marking set and isomorphic Markov chain of the SPN model can also be calculated, and the results are shown in Table 2 and Figure 5.

When the system is running, a new marking is formed after the transitions are implemented and () are defined as the reachable marking set of the SPN model, which represent the dynamic operation of the SGIoT security model. Based on the constructed Markov chain, the stable probability equations can be calculated according to the theorem of the stationary distribution of the Markov chain and the Chapman–Kolmogorov equations. The stable probability means the probability that the system can reach the marking . can be calculated by the following formula:

The average implementation rate is set according to the actual operation of the SGIoT security scheme. In fact, it will take a long time to attack the terminals, so can be set to 5 and the transitions of identity authentication, data parsing, and warning have a certain delay after the attack occurs, so and can be set to 2, and set . Considering the actual situation and the fuzziness of the transitions, that is, the average implemented rates of the transition are difficult to definitely fix, so we introduce ambiguity degrees of 10% and 20% as the upper and lower limits and obtain , , , , and . Then, is calculated as follows:

According to the busy probability calculation formula , the busy probabilities of the places are calculated as follows:

According to the utilization rate calculation formula , where E represents the reachable marking set when transition t is implemented, the utilization rates of the transitions are calculated as follows:

The calculation results show that the busy probability of the places increases significantly when places and turn into , which means that the SGIoT security scheme can normally identify the hardware, software, and data abnormalities after the terminal is attacked. Moreover, with the identity authentication mechanism, it can also solve the software and hardware tampering problems. However, the utilization rate of transition is significantly higher than that of , which means that the SGIoT security model needs to take a long time to process transition . The uneven rates of and also show that the correlation analysis and collaborative processing ability of the SGIoT for the anomalies of terminals and behaviour need to be improved. In addition, the high busy probability of and utilization rate of show that the bottleneck of the security scheme is on the side of the administrator, and the policy update transition takes up more system resources, indicating that administrators need to integrate alarm information to handle the abnormal terminals manually.

Therefore, based on the above analysis of the SPN model, the SGIoT security scheme can be improved by combining the data and behaviour of the terminals to achieve multidimensional status analysis and further improve the network control ability. In the following, the SPN model of the proposed ZTM is constructed and analyzed as follows in Figure 6:

The places and transitions in the SPN model are defined as shown in Table 3.

The average implemented rate of the transitions can be defined as = {, , , , , , , , and }. Meanwhile, the reachable marking set and isomorphic Markov chain of the SPN model can also be calculated, and the results are shown in Table 4 and Figure 7.

In this SPN model, the stable probability , the busy probability of place , and the utilization rate of transition are obtained by setting the model parameter and using the same process according to the previous calculation formulas, the results are calculated in Table 5.

In the proposed model, the logic and process of the anomalies detection are same for hardware, software, and users, so to reduce the complexity of the SPN model, the cases of abnormal hardware and users are merged in the construction of reachable marking. The reason is that the changes in user characteristics will only affect the stable probability from to , and the busy probability of places and and the utilization rate of , and are only related to and . Moreover, if we add the place and transition of the user attack in the SPN model, the number of places and transitions will be increasing, but they only divide the busy probability and utilization rate of the places , , and and transitions and equally and have little effect on the busy probability of places and and the utilization rate of , , and .

The calculation results show that the busy probability of the places increases significantly when places and turn into and , which means that the proposed ZTM can also identify the abnormalities of the terminals. Moreover, compared with the SGIoT SPN model, the highest busy probability of the places in the ZTM SPN model is and , which is 0.49625, indicating that the ZTM focuses on the status monitoring of the hardware, software, users, and data. In contrast, the highest busy probability in the SGIoT SPN model is , which is 0.40634, indicating that the SGIoT security model only focuses on the status monitoring of the terminal by authentication. Therefore, by optimizing the authentication mechanism, the improvement rate of anomaly identification is significantly faster than that of the SGIoT security scheme. In addition, after detecting the anomaly terminals, the transition implements the network blocking function, which makes the busy probability of and utilization rate of significantly decrease compared with the SGIoT security scheme. The value decreases from 0.3502 and 0.3502 to 0.15732 and 0.17471, respectively, indicating that the proposed model can more effectively realize the control and processing of anomaly terminals by multidimensional status monitoring and data characteristic analysis.

Therefore, compared with the existing SGIoT security model, the proposed ZTM combines the zero-trust security mechanism to achieve network security protection from multiple dimensions of the terminals, which makes the proposed module more targeted and effective.

4.2. Model Simulation

In addition, this section sets up one simulation test environment to verify the availability of the proposed model. Based on the designed ZTM and ZTF, the simulation environment is built on Centos7_x64 server machines with Intel (R) Xeon CPU E3-1230 V3@3.40 GHz to simulate the terminals and the security management platform, respectively. The terminal server simulates the secure communication module of the edge terminals, and the characteristic configuration can be user-defined. The security management platform is responsible for authentication and management. The terminal simulation server and the security management platform are all written in the C programming language. In the simulation environment, the authority centre of the security management platform has constructed the terminals’ information database in advance to store the corresponding characteristics of the hardware, software, user, and traffic data. To verify the function of the proposed model and framework, the experiment simulates the access cases of the normal and abnormal terminals. The steps are as follows.

4.2.1. Normal Terminal Simulation Test

When the terminal is trying to connect to the security management platform, the characteristics of the hardware, software, and users are collected and the hash value is calculated based on the SM3 algorithm by the secure communication module in the terminal. The module then sends the calculated hash value to the security management platform for identity authentication. When the terminal is authenticated, interactions with the IoT system will be allowed. Meanwhile, the security management platform captures and analyzes the communication data from the network continuously and determines whether the terminal behaviour is abnormal based on the time, frequency, and value of the data. The normal terminal test process is shown in Figures 8 and 9:

Figure 8 shows that the terminal should first complete the authentication process with the security management platform by the hash value of the characteristics of hardware, software, and linked sensors and then start to transmit the data with the IoT system only after authentication is successful. Figure 9 presents the network security situation analysis of a normal terminal based on the received bytes during the communication. The security status of the terminal is obtained by calculating the fluctuation between the real-time attribute value and the standard attribute value of the data. In our case, the anomaly value is always at a low level (under 0.1), indicating that the terminal is in a low-risk status. Therefore, the simulation results show that the normal terminal is always in the correct way to realize the collection and transmission of data. In this case, the security framework only needs to collect the terminal status regularly, which has no impact on the operation of the terminal and power IoT system.

4.2.2. Abnormal Terminal Simulation Test

In the normal terminal simulation test case, the security management platform will authenticate the terminal’s characteristics of hardware, software, and user when the terminal accesses the network. Therefore, when one or more of these items are modified, the authority centre will generate an obvious alarm and forcibly interrupt the unauthorized terminals by sending the security policies to the corresponding firewall device. The test process is shown in Figure 10:

In the test, the software information of the terminal is intentionally modified to simulate being attacked or replaced. Figure 10 shows that the ZTF can timely and effectively identify the anomalies of the terminal and modify the firewall configuration to achieve dynamic network access control and then effectively prevent the unauthorized terminal from accessing the network.

4.2.3. Attacked Terminal Simulation Test

This test case simulates that the legitimate terminal is breached after authentication is successful. We assume that the attacker will change the operation mode of the terminal by replacing the software or hardware to try to further compromise the IoT system. According to the interpretation of the proposed ZTF, if one or more terminal’s characteristics are modified when the terminal is running, the impact will be reflected in the data characteristics, such as the time, frequency, and range of the corresponding value, which will change. Therefore, the test will modify the characteristics of hardware and data to detect whether the proposed ZTF can identify and dispose of the attacked terminal. The test process is shown in Figures 11 and 12:

Figure 11 shows that the terminal is compromised and starts sending a large amount of junk data continuously from 16 : 16 : 28. The authority centre evaluates the terminal status based on the fluctuation of the received data size and frequency, as the data characteristic changes will reflect the status change of the terminal. Figure 12 shows that when the data characteristics of the terminal deviate significantly, the calculated anomaly will increase rapidly, indicating that the terminal may be abnormal or under attack; thus, the confirmation instruction of collecting the characteristics of hardware, software, and user will be sent to the terminal to verify the terminal again, and then the illegal terminal will be blocked by the security devices to protect the security of the power IoT.

5. Conclusion

Aiming at the network security problems caused by the harsh environment of the terminals in the power IoT, the paper proposed a ZTM in the specific network environment based on the study of the principle and mechanism of the zero trust. The ZTM realizes the network control of abnormal terminals through multidimensional identity authentication and continuous trust evaluation. The comparative analysis and simulation experiments have verified that the proposed model in this paper can effectively enhance the network security of the power IoT by monitoring the status change of the terminals and making corresponding access policies to implement network control. In the future, we will focus on the functional implementation of the proposed module and framework, improve performance and practicability, and test it in a real IoT environment.

Abbreviations

IoT:	Internet of Things
RBAC:	Role-based access control
ZTM:	Zero trust model
ZTA:	Zero trust architecture
ZTF:	Zero trust framework
NIST:	National Institute of Standards and Technology
PEPs:	Policy enforcement points
PDPs:	Policy decision points
PEs:	Policy engines
CDM:	Continuous diagnostics and mitigation
PKI:	Public Key Infrastructure
SIEM:	Security information and event management
CAICT:	China Academy of Information and Communication Technology
SPN:	Stochastic petri net
SGIoT:	State grid’s IoT
:	Normal status
:	The software is under attack
:	The hardware is under attack
:	The object (user) is under attack
:	The terminal is abnormal
:	The data are abnormal
:	System administrator
:	Attacks the terminal
:	Authenticate
:	Parse data
:	System warning
:	Updates the policy
:	The average implemented rate of the transitions
:	The reachable marking set of the SPN model
:	The stable probability
:	The malware is in interactive status
:	The malicious hardware or the user is in an interactive state
:	The software is abnormal
:	The hardware or the user is abnormal
:	Software authenticates periodically
:	Hardware authenticates periodically
:	The malware sends data
:	The malicious hardware sends data
:	Access is blocked.

Data Availability

No data were used to support the findings of this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was funded by the National Key R&D Program of China (grant no. 2020YFB0905900).

References

Q. Yuan, “Research on Research on New Technology of Power System Automation Based on Ubiquitous Internet of Things Technologyew technology of power system automation based on ubiquitous internet of things technology,” in IOP Conference Series: Earth and Environmental Science, vol. 440, no. 3, p. 032101, Xian, China, December 2020.
View at: Publisher Site | Google Scholar
A. Huang, “FREEDM system - a vision for the future grid,” in Proceedings of the 2011 IEEE Power and Energy Society General Meeting, Providence, Mn, USA, July, 2010.
View at: Google Scholar
J. S. Tao J, M. Umair, M. Ali M, and J. Zhou, “The impact of internet of things supported by emerging 5G in power systems:A review,” CSEE Journal of Power and Energy Systems, vol. 6, no. 2, pp. 344–352, 2020.
View at: Google Scholar
Y. Kabalci, E. Kabalci, S. Padmanaban, J. B. Holm-Nielsen, and F. Blaabjerg, “Internet of Internet of Things Applications as Energy Internet in Smart Grids and Smart Environmentshings applications as energy internet in smart grids and smart environments,” Electronics, vol. 8, no. 9, p. 972, 2019.
View at: Publisher Site | Google Scholar
Y. K. Li, X. Cheng, Y. Cao, D. X. Wang, and L. Q. Yang, “Smart Smart Choice for the Smart Grid: Narrowband Internet of Things (NB-IoT)hoice for the smart grid: narrowband internet of things (NB-IoT),” IEEE Internet of Things Journal, vol. 5, no. 3, pp. 1505–1515, 2018.
View at: Publisher Site | Google Scholar
J. J. P. Abadia, C. Walther, A. Osman, and K. Smarsly, “A systematic survey of Internet of Things frameworks for smart city applications,” Sustainable Cities and Society, vol. 83, 2022.
View at: Google Scholar
M. Azimi Nasab, M. Zand, M. Eskandari, P. Sanjeevikumar, and P. Siano, “Optimal Optimal Planning of Electrical Appliance of Residential Units in a Smart Home Network Using Cloud Serviceslanning of electrical appliance of residential units in a smart home network using cloud services,” Smart Cities, vol. 4, no. 3, pp. 1173–1195, 2021.
View at: Publisher Site | Google Scholar
A. A. Dashtaki, M. Khaki, M. Zand et al., “A A Day Ahead Electrical Appliance Planning of Residential Units in a Smart Home Network Using ITS-BF Algorithmay ahead electrical appliance planning of residential units in a smart home network using ITS-BF algorithm,” International Transactions on Electrical Energy Systems, vol. 2022, Article ID 2549887, 13 pages, 2022.
View at: Publisher Site | Google Scholar
I. Makhdoom, M. Abolhasan, J. Lipman, R. P. Liu, and W. Ni, “Anatomy of Anatomy of Threats to the Internet of Thingshreats to the internet of things,” IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1636–1675, 2019.
View at: Publisher Site | Google Scholar
M. Asplund and S. Nadjm-Tehrani, “Attitudes and perceptions of IoT security in critical societal services,” IEEE Access, vol. 4, pp. 2130–2138, 2016.
View at: Publisher Site | Google Scholar
A. H. Mohd Aman, N. Shaari, and R. Ibrahim, “Internet of things energy system: Internet of things energy system: Smart applications, technology advancement, and open issuesmart applications, technology advancement, and open issues,” International Journal of Energy Research, vol. 45, no. 6, pp. 8389–8419, 2021.
View at: Publisher Site | Google Scholar
Y. X. Li, Y. Zuo, H. B. Song, and Z. H. Lv, “Deep Deep Learning in Security of Internet of Thingsearning in security of internet of things,” IEEE Internet of Things Journal, vol. 9, no. 22, pp. 22133–22146, 2022.
View at: Publisher Site | Google Scholar
M. Shore, S. Zeadally, and A. Keshariya, “Zero Zero Trust: The What, How, Why, and Whenrust: the What,How,Why,and when,” Computer, vol. 54, no. 11, pp. 26–35, 2021.
View at: Publisher Site | Google Scholar
Z. A. Collier and J. Sarkis, “The zero trust supply chain: The zero trust supply chain: Managing supply chain risk in the absence of trustanaging supply chain risk in the absence of trust,” International Journal of Production Research, vol. 59, no. 11, pp. 3430–3445, 2021.
View at: Publisher Site | Google Scholar
L. Ferretti, F. Magnanini, M. Andreolini, and M. Colajanni, “Survivable zero trust for cloud computing environments,” and Securityand Security, vol. 110, Article ID 102419, 2021.
View at: Publisher Site | Google Scholar
D. W. Li, E. Z. Zhang, M. Lei, and C. X. Song, “Zero trust in edge computing environment: a block chain based practical scheme,” Mathematical Biosciences and Engineering, vol. 19, no. 4, pp. 4196–4216, 2022.
View at: Publisher Site | Google Scholar
P. Gao, L. C. Yan, Z. Y. Chen, X. S. Wei, L. Guo, and R. Shi, “Research on zero-trust based network security protection for power internet of things,” in Proceedings of the 2021 IEEE 4th International Conference on Automation,Electronics and Electrical Engineering (AUTEEE), pp. 458–461, Shenyang, China, November, 2021.
View at: Google Scholar
R. Zeng, N. G. Li, X. M. Zhou, and Y. Y. Ma, “Building A zero-trust security protection system in the environment of the power internet of things,” in Proceedings of the 2021 2nd International Seminar on Artificial Intelligence,Networking and Information Technology (AINIT), pp. 557–560, Shanghai, China, October, 2021.
View at: Google Scholar
P. Gao, R. Yang, C. Shi C, and X. Zhang, “Research on security protection technology system of power internet of things,” in Proceedings of the 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), pp. 1772–1776, Chongqing, China, May, 2019.
View at: Google Scholar
E. Bertino, “RBAC models-concepts and trends,” Computers & Security, vol. 22, no. 6, pp. 511–514, 2003.
View at: Publisher Site | Google Scholar
B. Beyer and R. Ward, “BeyondCorp:A new approach to enterprise security,” login:the magazine of USENIX and SAGE, vol. 39, no. 6, pp. 6–11, 2014.
View at: Google Scholar
Y. H. He, D. C. Huang, L. Chen, Y. Ni, and X. J. Ma, “A A Survey on Zero Trust Architecture: Challenges and Future Trendsurvey on zero trust architecture: challenges and future trends,” Wireless Communications and Mobile Computing, vol. 2022, Article ID 6476274, 13 pages, 2022.
View at: Publisher Site | Google Scholar
X. J. Zhang, L. D. Chen, F. Jie, X. Q. Wang, and Q. Wang, “Power IoT security protection architecture based on zero trust framework,” in Proceedings of the 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp. 166–170, Zhuhai, China, January, 2021.
View at: Google Scholar
B. Scott, “How a zero trust approach can help to secure your AWS environment,” Network Security, vol. 2018, no. 3, pp. 5–8, 2018.
View at: Publisher Site | Google Scholar
S. Rose, O. Borchert, S. Mitchell, and S. Connely, Zero Trust Architecture, NIST Special Publication, Gaithersburg, MD, USA, 2021.
China Academy of Information and Communication, “A series of reports on advanced technology and application development of network security-(zero trust),” 2020, http://www.caict.ac.cn/kxyj/qwfb/ztbg/202008/t20200812_302242.htm.
View at: Google Scholar
W. Y. Yang, W. Liu, X. S. Wei et al., “Edge Keeper: a trusted edge computing framework for ubiquitous power Internet of Things,” Frontiers of Information Technology & Electronic Engineering, vol. 22, no. 3, pp. 374–399, 2021.
View at: Publisher Site | Google Scholar
M. K. Molloy, “Performance Performance Analysis Using Stochastic Petri Netsnalysis using stochastic Petri nets,” IEEE Transactions on Computers, vol. 31, no. 9, pp. 913–917, 1982.
View at: Publisher Site | Google Scholar
A. Abbaszadeh, M. Abedi, and A. Doustmohammadi, “General Stochastic Petri Net approach for the estimation of power system restoration duration,” International Transactions on Electrical Energy Systems, vol. 28, no. 6, p. e2550, 2018.
View at: Publisher Site | Google Scholar
D. Jana and N. Chakraborty, “Generalized stochastic Petri nets for uncertain renewable-based hybrid generation and load in a microgrid system,” International Transactions on Electrical Energy Systems, vol. 30, no. 4, 2020.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2023 Kehe Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies