An electronic information security protection system based on edge computing
By collecting lattice cryptographic multinomial error distribution characteristics in edge computing systems for integrated authentication and adaptive security parameter adjustment, combined with federated cross-validation and zero-knowledge storage, the problem of compound attacks in edge computing is solved, improving security and efficiency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- NANJING FORESTRY UNIV
- Filing Date
- 2026-04-10
- Publication Date
- 2026-07-03
AI Technical Summary
Existing technologies cannot effectively defend against combined attacks such as key leakage, hardware tampering, and quantum attacks in edge computing. Furthermore, the mechanisms operate in isolation and cannot form a synergy, resulting in security gaps and high interaction overhead.
An edge computing-based electronic information security protection system is adopted. The hardware fingerprint registration module collects the error distribution characteristics of lattice cryptography multinomials, which are then used for authentication in conjunction with an integrated authentication module. A two-way closed-loop adaptive module adjusts security parameters, a federated cross-validation module verifies the model, and zero-knowledge storage is performed using consortium blockchain storage nodes.
It simultaneously resists key leakage, hardware tampering and quantum attacks, reduces system interaction overhead, improves security protection capabilities and task execution efficiency, and reduces the risk of business interruption and privacy leakage.
Smart Images

Figure CN122339773A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of edge computing security technology, specifically to an electronic information security protection system based on edge computing. Background Technology
[0002] As edge computing is increasingly adopted in key sectors such as power and industry, existing technologies address security issues from three dimensions: identity authentication, trust assessment, and resource scheduling. However, each of these technologies has deep-seated flaws that are difficult to overcome, and the mechanisms operate in isolation, failing to form a collaborative system.
[0003] Existing quantum-resistant cryptographic authentication schemes can only address identity forgery and quantum attack issues, but cannot cope with combined attacks involving key leakage and hardware tampering. Once an attacker steals a node's key, they can forge an identity to pass authentication, which current technologies cannot detect. Meanwhile, hardware tampering detection requires additional vulnerability scanning and hardware fingerprinting, resulting in over 30% additional interaction overhead and creating a security vulnerability. Therefore, we propose an electronic information security protection system based on edge computing. Summary of the Invention
[0004] The purpose of this invention is to provide an electronic information security protection system based on edge computing.
[0005] To achieve the above objectives, the present invention provides the following technical solution: an electronic information security protection system based on edge computing, the system comprising a trust center, multiple edge computing nodes, and consortium blockchain evidence storage nodes; The trust center is equipped with a hardware fingerprint registration module, an integrated authentication module, and a two-way closed-loop adaptive module. The hardware fingerprint registration module collects the statistical features generated by the edge computing node when it registers for the first time, including the mean error, variance, and higher-order moments of the error, as a unique hardware fingerprint of the node, and stores these features in the trust center. The integrated authentication module, during subsequent quantum-resistant three-way interactive authentication, synchronously extracts the error distribution features of the lattice cryptographic polynomial generated by the node to be authenticated and compares them with the corresponding hardware fingerprint stored in the trust center. If the error distribution features match the stored fingerprint, authentication is successful; otherwise, authentication is rejected and identified as a key leakage attack. The two-way closed-loop adaptive module automatically adjusts the security parameter n of the quantum-resistant lattice cryptographic authentication based on the node's real-time trust coefficient, and adjusts the weights of each dimension in the node selection comprehensive score based on the adjusted security parameter n. The edge computing node includes a trust evaluation submodule and a federated cross-validation submodule. The trust evaluation submodule is used to calculate and update the trust coefficient of the node in real time after each round of authentication. The federated cross-validation submodule is used to trigger the federated cross-validation process when the node's trust coefficient is lower than a preset threshold for two consecutive evaluation cycles. The security model parameters of the node to be verified are homomorphically encrypted using quantum lattice-resistant cryptography and then distributed to three highly trusted neighbor nodes. The three highly trusted neighbor nodes cross-validate the statistical distribution characteristics and anomaly characteristics of the model parameters in the ciphertext state. The consortium blockchain evidence storage node is used to receive and store lattice cryptographic multinomial commitments corresponding to four types of end-to-end security parameters: authentication, trust assessment, node selection, and model cross-validation. The commitments do not contain the plaintext of the underlying parameters and are used for zero-knowledge verification during security event tracing.
[0006] As a further aspect of the present invention: the error distribution statistical features collected by the hardware fingerprint registration module are determined by the inherent differences in the hardware architecture and computing units of the edge computing nodes, and cannot be forged by software means; the integrated authentication module extracts the error distribution features by reusing the lattice cipher polynomials natively generated during the authentication process, without the need to initiate a separate hardware scanning process, so that hardware fingerprint comparison and identity authentication are completed in the same interaction.
[0007] As a further aspect of the present invention: the rule by which the bidirectional closed-loop adaptive module adjusts the security parameter n according to the real-time trust coefficient t of the node is as follows: when When, the safety parameters are adjusted to ; when When, the safety parameters are adjusted to ; when When, the safety parameters are adjusted to ; in, The real-time trust coefficient for a node is a real number that is greater than or equal to 0 and less than or equal to 1. For the dimension parameter of the lattice cryptography authentication polynomial, The higher the value, the stronger the authentication security, but the greater the computational cost.
[0008] As a further aspect of the present invention: the rule by which the bidirectional closed-loop adaptive module adjusts the node selection weights according to the security parameter n is as follows: when At that time, the selection weight of the trust coefficient dimension Set to 0.8, the weight for the execution efficiency dimension. Set to 0.2; when When choosing the execution efficiency dimension, the weighting is... Set to 0.7, the selection weight for the trust coefficient dimension. Set to 0.3; in, Choose the weights for the trust coefficient dimension in the rating for each node. Choose the weights for the execution efficiency dimension in the node scoring, and .
[0009] As a further aspect of the present invention: the three highly trusted neighbor nodes verify, in encrypted state, whether the distribution of the security model parameters of the verified node conforms to the statistical characteristics of a normal security model, and whether there are any abnormal characteristics of backdoor implantation, and determine the final verification conclusion by majority voting mechanism; if the verification conclusion is passed, the security model of the verified node is retained, and its existing security parameters remain unchanged; if the verification conclusion is failed, the security model of the verified node is deleted, and the node is added to the blacklist.
[0010] As a further aspect of the present invention: the lattice-cipher polynomial commitments stored by the consortium blockchain evidence storage nodes specifically include the following four categories: commitments to lattice-cipher polynomial parameters during the three-way interactive authentication process, commitments to the trust assessment score change sequence, commitments to the node selection weighted scoring parameters, and commitments to the model cross-validation results; when a security event occurs and tracing is required, the traced node submits the corresponding original parameters, and the verifier verifies the legality of the original parameters in a zero-knowledge manner by comparing the original parameters with the polynomial commitments stored on the chain, without needing to obtain the plaintext of the original parameters.
[0011] As a further aspect of the present invention: while the quantum-resistant three-way interactive authentication is completed, the trust evaluation submodule collects the behavioral characteristics during the current round of authentication interaction, weights and fuses the behavioral characteristics with the historical trust coefficient, calculates and updates the trust coefficient of the node in real time, and feeds back the updated trust coefficient to the bidirectional closed-loop adaptive module to trigger the automatic adjustment of the authentication security parameters for the next round.
[0012] As a further aspect of the present invention: the bidirectional closed-loop adaptive module, the trust evaluation submodule, and the federated cross-validation submodule form a complete dynamic closed loop: the node trust coefficient drives the adjustment of security parameters, the adjustment of security parameters drives the update of node selection weights, the update of node selection weights affects the combination of task execution nodes, and the task execution result updates the trust coefficient in reverse after trust evaluation, thereby achieving a dynamic adaptive balance between security strength and execution efficiency.
[0013] Compared with the prior art, the beneficial effects of the present invention by adopting the above technical solution are as follows: 1. This invention achieves integrated detection of hardware fingerprints by utilizing the error distribution characteristics of lattice cryptography multinomials. It can simultaneously resist complex attacks such as key leakage, hardware tampering, quantum attacks, and model contamination, thus improving security protection capabilities compared to existing technologies.
[0014] 2. This invention extracts hardware fingerprints by reusing the native polynomial of the authentication process, eliminating additional hardware detection overhead, reducing overall system interaction overhead, and improving task execution efficiency.
[0015] 3. The federated cross-validation mechanism of this invention reduces the false deletion rate of the security model and effectively prevents business interruption caused by temporary decline in node trust.
[0016] 4. The zero-knowledge evidence storage mechanism of this invention replaces plaintext upload with polynomial commitment, achieving a balance between traceability and privacy protection, and significantly reducing the risk of leakage of sensitive node information. Attached Figure Description
[0017] Figure 1 This is a schematic diagram of the system architecture in an embodiment of the present invention; Figure 2 This is a flowchart of the bidirectional closed-loop adaptive mechanism for trust coefficient and security parameters in an embodiment of the present invention; Figure 3 This is a flowchart of the federated cross-validation model maintenance mechanism in an embodiment of the present invention; Figure 4 This is a flowchart of the zero-knowledge blockchain notarization mechanism for polynomial commitments in an embodiment of the present invention. Detailed Implementation
[0018] The specific embodiments of the present invention will be further described below with reference to the accompanying drawings. It should be noted that the description of these embodiments is for the purpose of helping to understand the present invention, but does not constitute a limitation of the present invention.
[0019] Furthermore, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.
[0020] Please see the appendix Figure 1 -Appendix Figure 4 This invention relates to an electronic information security protection system based on edge computing.
[0021] I. System Overall Architecture This system includes a trust center, 12 edge computing nodes (distributed across various distribution network areas), and consortium blockchain evidence storage nodes. The historical trust coefficient configurations for typical nodes are as follows: Edge node A has a trust coefficient of 0.92 (high trust), edge node B has a trust coefficient of 0.75 (medium trust), edge node C has a trust coefficient of 0.88 (high trust), and edge node D has a trust coefficient of 0.85 (high trust).
[0022] The trust center is responsible for collecting and storing hardware fingerprints during node registration, performing integrated identity authentication and hardware fingerprint comparison during subsequent authentication processes, and adaptively adjusting the trust coefficient and security parameters in a two-way closed loop. Edge computing nodes are responsible for completing distributed computing tasks, updating their own trust coefficients in real time, and participating in the federated cross-validation process when trigger conditions are met. Consortium blockchain evidence storage nodes are responsible for receiving and persistently storing multinomial commitments of security parameters throughout the entire process.
[0023] II. Hardware fingerprint integrated detection based on lattice cipher polynomial error characteristics (a) Hardware fingerprint collection and registration Upon initial registration, an edge computing node generates a polynomial following a lattice cryptographic error distribution under the instruction of the trust center. This invention uses the statistical characteristics of this polynomial's error distribution as the node's unique hardware fingerprint, characterized by the following three statistical measures: Mean error , defined as the arithmetic mean of the error values of each term in the polynomial, reflects the systematic deviation of the node operation circuit; ; Error variance , defined as the arithmetic mean of the squares of the differences between each error value and the mean, reflects the fluctuation range of the node's operational unit; ; Higher-order moments of error ( (A positive integer greater than or equal to 3), defined as the difference between each error value and the mean. The arithmetic mean of powers is used to capture higher-order statistical characteristics of the error distribution, such as skewness and kurtosis. ; in, For the lattice cipher polynomial number Error value of the item, Let be the number of terms in the polynomial. This represents the order of higher-order moments. The aforementioned statistical characteristics are determined by the inherent, subtle differences in the node's hardware architecture and computational units, making them unique and impossible to forge through software. The credit center combines these ternary statistical characteristics. This serves as a permanent hardware fingerprint storage for the node.
[0024] (ii) Integrated comparison of authentication and hardware fingerprint In the subsequent quantum-resistant three-way interactive authentication process, the integrated authentication module reuses the lattice cryptographic polynomial natively generated by the node during the authentication interaction, and simultaneously extracts the statistical characteristics of the error distribution of the current round. The hardware fingerprint stored during registration Compare: like , and If both are true, the hardware fingerprint is considered to match, the node identity is legitimate, and the authentication is successful, without the need to initiate an additional hardware scanning process. If any of the above comparison conditions are not met, it will be determined as a key leakage attack, and the authentication request will be rejected directly even if the key verification passes.
[0025] in, , , These are the allowable deviation thresholds for the mean error, variance error, and higher-order moments of the error, respectively, which are determined by the system during initialization based on the node hardware characteristics. , , These are the corresponding statistics extracted for the current certification round.
[0026] This mechanism combines hardware fingerprint comparison with identity authentication in the same interaction, eliminating the need for additional hardware scanning processes, reducing hardware fingerprint detection overhead by more than 80%, and effectively eliminating security gaps.
[0027] III. Two-way closed-loop adaptive mechanism for trust coefficient and security parameters This mechanism establishes a two-way closed-loop feedback between the trust coefficient and the security parameters, breaking the limitation of the one-way static adaptation between the two in the existing technology.
[0028] (a) Trust coefficient drives dynamic adjustment of security parameters The bidirectional closed-loop adaptive module adjusts the node's real-time trust coefficient. Automatically adjust the security parameters of quantum lattice-resistant cryptographic authentication. The adjustment rules are as follows: ; in, For the dimension parameter of the lattice cryptography authentication polynomial, The higher the value, the stronger the authentication security, but the greater the computational cost. This represents the real-time trust coefficient for the node, and its value is a real number greater than or equal to 0 and less than or equal to 1. A higher value indicates that the node's historical behavior is more reliable.
[0029] When the node trust coefficient At that time, adjust the safety parameters to To reduce authentication computation overhead and improve task execution efficiency; when the node trust coefficient is at When the interval is reached, adjust the safety parameter to Appropriately increase authentication security strength; when the node trust coefficient At that time, adjust the safety parameters to Initiate high-strength authentication and verification to prevent attacks.
[0030] (ii) Dynamic adjustment of node selection weights driven by safety parameters Adjusted safety parameters The adjustment of the weights of each dimension in the comprehensive score for reverse-driven node selection follows these rules: When At that time, the selection weight of the trust coefficient dimension Weighting of execution efficiency dimension Prioritize highly trusted nodes; when When choosing the execution efficiency dimension, the weighting is... The selection weight of the trust coefficient dimension Prioritize ensuring the real-time nature of tasks.
[0031] Node selection comprehensive score Calculated using the following formula: ; in, For the first The comprehensive selection score of each candidate node; For the first The real-time trust coefficient of each candidate node, with values ranging from a real number greater than or equal to 0 to less than or equal to 1; For the first The normalized score of the execution efficiency of each candidate node, with values ranging from 0 to 1. and The weights for the trust coefficient dimension and the execution efficiency dimension are respectively, satisfying... .
[0032] (III) Closed-loop feedback After a node is selected, it participates in task execution. The behavioral data during the task execution process is collected and integrated by the trust assessment submodule. After authentication is completed, the node trust coefficient is updated synchronously. The updated trust coefficient triggers the adaptive adjustment of security parameters again, forming a complete closed loop.
[0033] IV. Maintenance Mechanism of Trust-Aware Lattice Cryptographic Federated Cross-Validation Model This mechanism addresses the issue of accidental deletion in the maintenance of existing security models by introducing federated cross-validation and combining it with lattice-based homomorphic encryption to protect the privacy of model parameters.
[0034] When the trust coefficient of an edge computing node is detected to be lower than a preset threshold for two consecutive evaluation periods, the system does not directly delete the security model of the node, but triggers the following federated cross-validation process: The federated cross-validation submodule uses quantum-resistant lattice cryptography to homomorphically encrypt the security model parameters of the node to be validated, generates an encrypted model parameter package, and distributes the encrypted model parameter package to three highly trusted neighbor nodes (neighbor nodes with a trust coefficient of not less than 0.8).
[0035] Three highly trusted neighbor nodes each perform cross-validation on the encrypted model parameter packet in encrypted state. The validation includes: whether the distribution of model parameters conforms to the statistical characteristics of a normal security model, and whether there are any abnormal characteristics indicating backdoor implantation in the model parameters. The validation conclusions of the three neighbor nodes are determined by a majority voting mechanism to finalize the validation result.
[0036] If the federated cross-validation concludes as passed, the decrease in the trust coefficient of the verified node is determined to be a temporary fluctuation, its security model is retained, and the existing security parameters remain unchanged; if the federated cross-validation concludes as failed, the security model of the verified node is determined to have been polluted by an attack, the node's security model is deleted, and the node is added to the blacklist, refusing its participation in subsequent task execution.
[0037] This mechanism uses lattice-based homomorphic encryption to ensure that model parameters are not exposed in plaintext throughout the verification process, effectively protecting the private information of nodes.
[0038] V. Zero-knowledge blockchain evidence storage mechanism based on multinomial commitments After the entire task is completed, the trust center and edge computing nodes work together to generate lattice cryptographic multinomial commitments corresponding to the security parameters at each stage, and upload the commitments to the consortium blockchain evidence storage nodes for persistent storage.
[0039] The generated multinomial commitments specifically include four categories: the first category is the commitment to the lattice cipher multinomial parameters during the three-way interactive authentication process, recording the multinomial feature values of each node in each round of authentication; the second category is the commitment to the trust evaluation score change sequence, recording the trajectory of the trust coefficient change of each node during task execution; the third category is the commitment to the node selection weighted scoring parameters, recording the weights and scoring data used in the node selection decision in each round; and the fourth category is the commitment to the model cross-validation results, recording the input summary and output conclusions of the federated cross-validation process.
[0040] None of the aforementioned polynomial commitments contain the plaintext of the underlying parameters, and the commitment itself does not reveal any private information of the node. When a security incident occurs and tracing is required, the node being traced submits the corresponding original parameters. The verifier compares the original parameters with the polynomial commitments stored on the chain to verify the legality of the original parameters in a zero-knowledge manner, without needing to obtain the plaintext of the original parameters and without leaking node privacy.
[0041] While the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the invention. Any variations and modifications can be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, any modifications, equivalent changes, and alterations made to the above embodiments based on the technical essence of the present invention, without departing from the scope of the invention, fall within the protection scope defined by the claims of the present invention.
Claims
1. An electronic information security protection system based on edge computing, characterized in that: The system includes a trust center, multiple edge computing nodes, and consortium blockchain evidence storage nodes. The trust center is equipped with a hardware fingerprint registration module, an integrated authentication module, and a two-way closed-loop adaptive module. The hardware fingerprint registration module collects the statistical features generated by the edge computing node when it registers for the first time, including the mean error, variance, and higher-order moments of the error, as a unique hardware fingerprint of the node, and stores these features in the trust center. The integrated authentication module, during subsequent quantum-resistant three-way interactive authentication, synchronously extracts the error distribution features of the lattice cryptographic polynomial generated by the node to be authenticated and compares them with the corresponding hardware fingerprint stored in the trust center. If the error distribution features match the stored fingerprint, authentication is successful; otherwise, authentication is rejected and identified as a key leakage attack. The two-way closed-loop adaptive module automatically adjusts the security parameter n of the quantum-resistant lattice cryptographic authentication based on the node's real-time trust coefficient, and adjusts the weights of each dimension in the node selection comprehensive score based on the adjusted security parameter n. The edge computing node includes a trust evaluation submodule and a federated cross-validation submodule; the trust evaluation submodule is used to calculate and update the trust coefficient of the node in real time after each round of authentication. The federated cross-validation submodule is used to trigger the federated cross-validation process when the node trust coefficient is lower than a preset threshold for two consecutive evaluation cycles. The security model parameters of the node to be verified are homomorphically encrypted using quantum lattice-resistant cryptography and then distributed to three highly trusted neighbor nodes. The three highly trusted neighbor nodes then cross-validate the statistical distribution characteristics and anomaly characteristics of the model parameters in the ciphertext state. The consortium blockchain evidence storage node is used to receive and store lattice cryptographic multinomial commitments corresponding to four types of end-to-end security parameters: authentication, trust assessment, node selection, and model cross-validation. The commitments do not contain the plaintext of the underlying parameters and are used for zero-knowledge verification during security event tracing. 2.The edge computing based electronic information security protection system according to claim 1, characterized in that: The error distribution statistical features collected by the hardware fingerprint registration module are determined by the inherent differences in the hardware architecture and computing units of the edge computing nodes and cannot be forged by software means. The integrated authentication module extracts error distribution features by reusing the lattice cipher polynomials generated natively during the authentication process, without the need to initiate a separate hardware scanning process, so that hardware fingerprint comparison and identity authentication are completed in the same interaction. 3.The edge computing based electronic information security protection system according to claim 1, characterized in that: The bidirectional closed-loop adaptive module adjusts the security parameter n according to the node's real-time trust coefficient t as follows: when When, the safety parameters are adjusted to ; when When, the safety parameters are adjusted to ; when When, the safety parameters are adjusted to ; in, The real-time trust coefficient for a node is a real number that is greater than or equal to 0 and less than or equal to 1. For the dimension parameter of the lattice cryptography authentication polynomial, The higher the value, the stronger the authentication security, but the greater the computational cost.
4. The electronic information security protection system based on edge computing according to claim 1, characterized in that: The bidirectional closed-loop adaptive module adjusts the node selection weights according to the security parameter n as follows: when At that time, the selection weight of the trust coefficient dimension Set to 0.8, the weight for the execution efficiency dimension. Set to 0.2; when At that time, the selection weight of the execution efficiency dimension Set to 0.7, the selection weight for the trust coefficient dimension. Set to 0.3; in, Choose the weights for the trust coefficient dimension in the rating for each node. Choose the weights for the execution efficiency dimension in the node scoring, and .
5. The electronic information security protection system based on edge computing according to claim 1, characterized in that: The three highly trusted neighbor nodes verify, in encrypted state, whether the distribution of the security model parameters of the verified node conforms to the statistical characteristics of a normal security model, and whether there are any abnormal characteristics of backdoor implantation, and determine the final verification conclusion by majority voting mechanism. If the verification result is passed, the security model of the verified node is retained, and its existing security parameters remain unchanged. If the verification result is unsuccessful, the security model of the verified node will be deleted, and the node will be added to the blacklist.
6. The electronic information security protection system based on edge computing according to claim 1, characterized in that: The lattice-cipher polynomial commitments stored by the consortium blockchain's evidence storage nodes specifically include the following four categories: commitments to lattice-cipher polynomial parameters during the three-way interactive authentication process, commitments to the trust assessment score change sequence, commitments to node selection weighted scoring parameters, and commitments to model cross-validation results. When a security incident occurs and tracing is required, the traced node submits the corresponding original parameters. The verifier compares the original parameters with the polynomial commitments stored on the chain to verify the legality of the original parameters in a zero-knowledge manner, without needing to obtain the plaintext of the original parameters.
7. The electronic information security protection system based on edge computing according to claim 1, characterized in that: While the quantum-resistant three-way interactive authentication is completed, the trust assessment submodule collects the behavioral characteristics of the current authentication interaction process, integrates the behavioral characteristics with the historical trust coefficient in a weighted manner, calculates and updates the trust coefficient of the node in real time, and feeds back the updated trust coefficient to the bidirectional closed-loop adaptive module to trigger the automatic adjustment of the authentication security parameters for the next round.
8. The electronic information security protection system based on edge computing according to claim 1, characterized in that: The bidirectional closed-loop adaptive module, the trust evaluation submodule, and the federated cross-validation submodule form a complete dynamic closed loop: the node trust coefficient drives the adjustment of security parameters, the adjustment of security parameters drives the update of node selection weights, the update of node selection weights affects the combination of task execution nodes, and the task execution result updates the trust coefficient in reverse after trust evaluation, thereby achieving a dynamic adaptive balance between security strength and execution efficiency.