Anti-interference method for power time synchronization based on a hon gming system

By adopting a power time synchronization anti-spoofing and anti-interference method based on the HarmonyOS system, the shortcomings of existing technologies in anti-signal spoofing, anti-interference and system security protection are solved, achieving high-precision, long-term and secure time synchronization, and improving the stability and anti-attack capability of the power system.

CN122394839APending Publication Date: 2026-07-14SHANDONG ZHONGRUI ELECTRIC CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANDONG ZHONGRUI ELECTRIC CO LTD
Filing Date
2026-03-26
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing power time synchronization technologies have significant shortcomings in terms of resistance to signal spoofing, interference, multi-source coordination, and system security protection. They cannot effectively cope with complex electromagnetic environments and cybersecurity challenges, leading to risks to the safe and stable operation of the power grid.

Method used

A power time synchronization anti-spoofing and anti-interference method based on HarmonyOS is adopted. Through multi-source heterogeneous time beacon data acquisition, source quality assessment and adaptive fusion, distributed collaborative consensus and spoofing detection, secure time output and feedback and adaptive optimization, a high-precision time synchronization system with intrinsic intelligence, proactive security and collaborative reliability is formed.

Benefits of technology

It achieves proactive defense against satellite signal spoofing and interference, enhances the anti-attack capability of time synchronization, breaks the dependence on a single information source, strengthens the system's robustness and survivability, and ensures long-term high accuracy of time synchronization and system security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394839A_ABST
    Figure CN122394839A_ABST
Patent Text Reader

Abstract

The application relates to the technical field of time synchronization, in particular to a power time synchronization anti-fraud and anti-interference method based on a Hongmeng system. The method is applied to a power time synchronization device carrying a Hongmeng operating system and supporting a trusted execution environment, and comprises the following steps: S1, collecting multi-source heterogeneous time beacon data; S2, performing source quality assessment and adaptive fusion; S3, distributed collaborative consensus and fraud detection; S4, realizing safe time output; and S5, feedback and adaptation. According to the defects of the existing power time synchronization technology, the Hongmeng operating system distributed characteristics and the trusted execution environment hardware-level security capability are relied on to form an endogenous intelligent, active security and collaborative trusted high-precision time synchronization system.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of time synchronization technology, specifically to a method for preventing deception and interference in power time synchronization based on the HarmonyOS system. Background Technology

[0002] High-precision time synchronization in power systems, ranging from nanoseconds to microseconds, is a core foundation for stable power system operation. It directly determines the reliability of critical applications such as correct relay protection operation, accurate fault waveform analysis, event sequence recording and responsibility determination, and stable control of wide-area power grid measurement systems. Currently, mainstream time synchronization solutions in the power industry heavily rely on high-precision time signals provided by global navigation satellite systems, such as BeiDou, GPS, and GLONASS. Establishing a unified time reference for various power system devices through precise time information broadcast by satellite has become the core implementation path of existing time synchronization technologies.

[0003] However, existing power time synchronization technologies have many prominent shortcomings in practical applications, making them difficult to cope with increasingly complex electromagnetic environments and cybersecurity challenges, and have become potential risk points threatening the safe and stable operation of the power grid. First, the ground receiving power of satellite timing signals is extremely low, making them highly susceptible to unintentional electromagnetic interference in the same frequency band or malicious deceptive or suppressive interference. Forging satellite signals can induce time synchronization devices to calculate incorrect time information, and the resulting timing attacks are highly covert, which may lead to relay protection malfunctions / refusals to operate, and decision-making errors in the power grid stability control system, causing serious power grid accidents. Secondly, traditional time synchronization devices suffer from a single source of information dependence. When satellite signals fail, they can only rely on internal high-stability crystal oscillators to keep time autonomously. However, the crystal oscillator frequency is easily affected by temperature and voltage and drifts, and there is an aging effect. The clock error accumulates over time, which cannot meet the high-precision synchronization requirements of smart grids after long-term loss of synchronization. Third, the time synchronization terminals in the power grid are in an information island state, lacking an effective coordination mechanism, unable to cross-verify the time information of neighboring terminals, and lacking a reliable distributed consensus mechanism to identify and isolate abnormal terminals, making it difficult to form collective intelligence to improve the robustness of the time system; Fourth, traditional devices often use general-purpose real-time operating systems, and the core time processing module lacks hardware-level security isolation protection. System security vulnerabilities or configuration defects are easily exploited, and malicious software can tamper with the kernel time, undermining the reliability and trustworthiness of the time source.

[0004] In summary, current power system time synchronization technologies have significant shortcomings in terms of anti-signal spoofing, anti-interference, multi-source coordination, and system security protection. The industry urgently needs a power time synchronization anti-spoofing and anti-interference solution that can actively resist signal spoofing and interference, break the dependence on a single source, achieve terminal collaborative timekeeping, and maintain high-precision synchronization for a long time even when the satellite source fails completely. Summary of the Invention

[0005] The technical problem to be solved by this invention is to overcome the shortcomings of the prior art and provide a power time synchronization anti-spoofing and anti-interference method based on the HarmonyOS system.

[0006] This invention is achieved through the following technical solution: a power time synchronization anti-spoofing and anti-interference method based on the HarmonyOS system, applied to a power time synchronization device equipped with the HarmonyOS operating system and supporting a trusted execution environment, comprising the following steps: S1. Collect multi-source heterogeneous time beacon data; S2. Perform source quality assessment and adaptive fusion. Use a multi-source heterogeneous time source adaptive fusion algorithm to perform real-time quality assessment on each source in the multi-source heterogeneous time beacon dataset. Based on the assessment results, perform intelligent fusion processing through a dynamic weighted Kalman filter fusion algorithm to output the optimal local time estimate. S3, Distributed Collaborative Consensus and Spoofing Detection; In a trusted execution environment, this node exchanges time information with partner nodes in the trusted time cluster and performs Byzantine fault-tolerant consensus to achieve group-level spoofing detection and collaborative timekeeping; S4. Implement secure time output; maintain the authoritative time determined by the consensus of the trusted time cluster in the trusted execution environment, perform digital signature processing on the time synchronization signal to be distributed, and distribute the signed time synchronization signal to downstream power equipment. S5, Feedback and Adaptation: Feedback on distributed collaborative consensus results and real-time operating status information, dynamically adjust source quality assessment parameters, optimize local clock discipline and maintenance parameters, and form a closed-loop time synchronization control system.

[0007] The sources of the multi-source heterogeneous time beacon data in S1 include multi-mode satellite receiving modules, terrestrial wired networks, and neighboring nodes within a trusted time cluster that acquire time information.

[0008] S2 includes the following sub-steps: S2-1, Define a comprehensive quality factor Q for each information source i. i Comprehensive quality factor Q i A weighted sum of multiple evaluation dimensions; S2-2, Construct the state equation of the local clock and the observation equation based on multiple sources, and integrate the quality factors Q of each source obtained in S2-1. i The observation noise covariance matrix is ​​introduced for dynamic adjustment, and the Kalman filter algorithm is used to complete the intelligent fusion processing of time information from multiple sources, outputting the optimal local time estimate.

[0009] In S2-1, the comprehensive quality factor Q i The calculation formula is: ; In the formula, Indicates short-term stability. This indicates the long-term credibility historical score. Indicates continuity, , , This represents the corresponding weighting coefficient, and each weighting coefficient is dynamically adjusted. .

[0010] The state equation for constructing the local clock in S2-2 is as follows: ; In the formula, This represents the state vector at time k. Let A represent the state vector at time k-1, and let A represent the state transition matrix. Indicates process noise; The observation equation establishes the relationship between the observations and the state vector, and it is expressed as follows: ; H represents the observation vector, and H represents the observation matrix. This indicates observation noise.

[0011] S3 includes the following sub-steps: S3-1. Within the trusted time cluster, a consensus message is constructed. After digitally signing the consensus message using the node's private key, it is broadcast to all other nodes in the cluster. S3-2. Perform signature verification and deviation consistency check; after a node receives a message from another node, it performs signature verification, discards nodes that fail verification, calculates the relative deviation and dynamic security threshold for the remaining nodes, and judges the consistency of time of each node based on the comparison results of the relative deviation and dynamic security threshold. S3-3. Isolate abnormal nodes through Byzantine fault tolerance decision-making; each node counts the number of nodes in the cluster that consider each node to be consistent in time. If the number of nodes that a node is judged to be time-suspicious exceeds the Byzantine fault tolerance threshold, then the node is marked as an abnormal node and its time information is isolated and no longer used as a time information source. S3-4. When all external absolute time sources are detected to be in failure, the trusted time cluster automatically switches to cooperative timekeeping mode, uses the time estimate of normal nodes in the cluster as the observation, and achieves relative time synchronization without external reference by tracking the average time of the cluster.

[0012] S3-1 includes the following sub-steps: S3-1-1, Each node i obtains the current best local time estimate calculated in S2, and obtains the uncertainty U of this local time estimate. i Build a consensus message ; S3-1-2, Using node i's private key Regarding the message Perform digital signature; S3-1-3, The message to be signed ( , It broadcasts the local time to all other nodes in the trusted time cluster.

[0013] Consensus message in S3-1-1 It is expressed as follows: ; In the formula, Indicates the ID of node i. This represents the current optimal local time estimate for node i. Represents a timestamp. Represents a random number.

[0014] The digital signature result generated in S3-1-2 It is expressed as follows: ; in, This represents the private key of node i. This indicates a consensus message awaiting signature. This indicates the selected digital signature algorithm.

[0015] The relative deviation in S3-2 The calculation formula is as follows: ; in, This represents the current optimal local time estimate for node j. This represents the current optimal local time estimate for node i; Dynamic security threshold The calculation formula is: ; Where d represents the coverage factor, U i and U j Let i and j represent the uncertainties of node i and node j, respectively. like ≤ If node j determines that node i's time is consistent with its own, then node j determines that node i's time is consistent with its own time.

[0016] like > If node j determines that the time of node i is suspicious, then node j is suspicious.

[0017] The formula for calculating the Byzantine fault tolerance threshold F in S3-3 is as follows: F=[(B 1) / 3]; Where B represents the total number of nodes in the trusted time cluster; If the number of nodes considered suspicious by node i exceeds the Byzantine fault tolerance threshold F, then node i is marked as an abnormal node.

[0018] Compared with the prior art, the beneficial effects of the present invention are: This invention discloses a power time synchronization anti-spoofing and anti-interference method based on the HarmonyOS system. Addressing the shortcomings of existing power time synchronization technologies, it leverages the distributed characteristics and trusted execution environment hardware-level security capabilities of the HarmonyOS operating system to form a high-precision time synchronization system characterized by inherent intelligence, proactive security, and collaborative trust. Compared to existing technologies, this method represents a significant technological advancement, with the following beneficial effects: This application achieves proactive defense against satellite signal deception and interference, significantly improving the anti-attack capability of time synchronization. This invention abandons the traditional passive signal reception mode and utilizes the HarmonyOS distributed soft bus to construct a trusted time cluster. Through a Byzantine fault-tolerant distributed consensus mechanism, it achieves mutual time verification between nodes within the cluster. When a single or local node is deceived / interfered, causing a time deviation, it can be quickly identified, marked, and isolated by a majority of normal nodes within the cluster. This upgrades the time synchronization system from "passively enduring" attacks to "actively immune," providing inherent security protection for the core control links of the power system and fundamentally avoiding power grid safety accidents caused by timing attacks.

[0019] This application overcomes the bottleneck of reliance on a single time source, significantly improving the robustness and survivability of the time synchronization system. This invention utilizes a multi-source heterogeneous time source adaptive fusion algorithm to achieve intelligent fusion of multiple time sources, including satellite timing networks, terrestrial wired time networks, and trusted time cluster partner nodes. It can dynamically adjust weights based on source quality and seamlessly switch sources. In extreme cases where all external absolute time sources fail, the system can automatically switch to a cooperative timekeeping mode, utilizing the independence of crystal oscillator drift among nodes within the cluster for group compensation. This results in a long-term virtual time stability of the cluster that is far superior to the timekeeping accuracy of a single node, achieving long-term high-precision relative synchronization without external reference, thus meeting the stringent requirements of smart grids for the continuity and reliability of time synchronization.

[0020] This application strengthens the security mechanism of the core time synchronization mechanism from a systemic perspective, ensuring the immutability of the core time synchronization process. This invention encapsulates core time processing logic such as dynamic weighted Kalman filtering and distributed consensus within a trusted execution environment (TEA). Core time data and encryption keys are stored in the secure memory of the TEA, achieving hardware-level isolation from the normal operating environment and preventing malicious software from tampering with the core time logic and data. Simultaneously, in the time signal output stage, digital signature generation is completed through the TEA, and downstream devices can achieve end-to-end trusted verification through public key verification, ensuring the integrity and authenticity of the time signal throughout the entire generation, transmission, and reception chain.

[0021] This application achieves intelligent closed-loop optimization of the time synchronization system, improving overall synchronization accuracy and operational efficiency. The invention feeds back distributed collaborative consensus results and real-time operating status to the source quality assessment stage, dynamically adjusting source quality assessment parameters and optimizing local clock discipline and maintenance parameters. This makes the source quality assessment more closely match the actual operating status of the system, and continuously optimizes the frequency calibration and timekeeping accuracy of the local clock. Simultaneously, the cluster-based collaborative mechanism enables accurate alarm and location of abnormal nodes, significantly shortening fault diagnosis and handling time, reducing the operation and maintenance costs of power system time synchronization equipment, and improving the overall intelligence level and operational stability of the system. Attached Figure Description

[0022] Figure 1 This is a block diagram of a power time synchronization device; Figure 2 This is a flowchart of the method used in this application; Figure 3 This is a schematic diagram of a security reinforcement mechanism; Figure 4 This is a flowchart of the logic judgment for detection and isolation in Example 2; Figure 5 This is a time deviation curve of the three nodes in Example 2; Figure 6 This is a schematic diagram comparing the defense effects of BeiDou deception attacks with those of Example 3 and Comparative Example 2. Detailed Implementation

[0023] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of the present invention.

[0024] Example 1 This embodiment proposes a power time synchronization anti-spoofing and anti-interference method based on the HarmonyOS system, which is applied to a power time synchronization device equipped with the HarmonyOS operating system and supporting a Trusted Execution Environment (TEE). The time synchronization device constructs a trusted time cluster from neighboring synchronization devices with established trust relationships through the HarmonyOS distributed soft bus.

[0025] The power time synchronization device described in this embodiment refers to... Figure 1 It includes a main control chip, a multi-mode satellite receiver module, a high-stability crystal oscillator (OCXO) and discipline maintenance module, a security encryption module, and an interface module.

[0026] The main control chip uses a multi-core processor that supports Trusted Execution Environment (TEE) technology and is based on ARM TrustZone. At the hardware level, the chip is divided into a Secure World and a Normal World, providing hardware-level isolation protection for critical time data and processing logic.

[0027] The multi-mode satellite receiver module is used to receive and analyze signals from global navigation satellite systems such as BeiDou (BDS), GPS, and GLONASS, and output standard time information (such as 1PPS pulses and TOD time messages). The multi-mode design enhances the diversity and reliability of signal sources.

[0028] The high-stability crystal oscillator (OCXO) and disciplined hold module includes a high-stability oven-controlled crystal oscillator (OCXO) and a disciplined hold unit. The oven-controlled crystal oscillator (OCXO) provides a high-quality local frequency reference. The disciplined hold unit is responsible for "disciplining" the crystal oscillator's frequency using algorithms (such as PID control) to synchronize it with satellite time when satellite signals are available; and for maintaining high-precision "holding" using the docile frequency when signals are lost.

[0029] Security encryption modules, including integrated hardware security chips (SE) or encryption engines utilizing the main chip, are used for digital signatures, key storage, and secure communication.

[0030] The interface module includes a physical layer time interface and a communication interface. The physical layer time interface provides various industry-standard time interfaces, such as the Precision Clock Protocol (PTP) interface, IRIG-B code interface, and pulse output, for distributing synchronization time to downstream power equipment. The communication interface includes Ethernet and fiber optic connections for accessing terrestrial wired time networks (e.g., as a PTP slave clock) and running the HarmonyOS distributed soft bus.

[0031] This application constructs a trusted time cluster. For multiple HarmonyOS time synchronization devices equipped with this invention within a local area network, the self-discovery and self-organizing network capabilities of the HarmonyOS distributed soft bus are utilized to automatically establish a secure and trusted time cluster based on pre-configured Public Key Infrastructure (PKI) certificates or pre-shared keys (PSKs) for two-way authentication. The HarmonyOS distributed soft bus provides low-latency, high-throughput, and encrypted channels for nodes within the cluster, laying the network foundation for subsequent frequent and secure time data exchange.

[0032] Reference Figure 2 The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS includes the following steps: S1. Collect multi-source heterogeneous time beacons; obtain time information in parallel from sources such as multi-mode satellite receiving modules, ground wired networks (such as PTP master clocks), and partner nodes in trusted time clusters (from nearby, trusted synchronization devices via HarmonyOS distributed soft bus). This step provides raw data for subsequent processing.

[0033] S2. Source quality assessment and adaptive fusion. A multi-source heterogeneous time source adaptive fusion algorithm is used to assess the quality of each source in real time. Based on the assessment results, a dynamic weighted Kalman filter fusion algorithm is used for intelligent fusion processing to output the optimal preliminary local time estimate. This step performs real-time quality assessment on the data collected in S1 and performs intelligent filtering fusion based on the assessment results to output an optimal preliminary local time estimate; this step is the first line of defense in this invention. S2 is mainly based on the multi-source heterogeneous time source adaptive fusion algorithm, aiming to solve the problem of unreliability of a single source. Its core is a dynamically weighted Kalman filter.

[0034] S2 includes the following sub-steps: S2-1. Define a comprehensive quality factor Q for each information source i (e.g., BeiDou, PTP, time of partner node A). i Comprehensive quality factor Q i The weighted sum of multiple evaluation dimensions is calculated using the following formula: ; In the formula, This indicates short-term stability, reflecting the recent jitter of the information source. This indicates the long-term credibility historical score. Indicates continuity, , , This represents the corresponding weighting coefficient. .

[0035] in, The variance can be estimated using Allan variance or its variants. For example, it can be used to calculate the variance of the source's deviation from the local crystal oscillator over a recent period. ,but Can be defined as The smaller the variance, the higher the stability and the larger the quality factor.

[0036] This represents the sample variance of the deviation between the time value provided by source i and the local time reference value after initial filtering within the most recent sliding time window (e.g., the past 100 sampling periods). A very small positive number (e.g., 10) 6 (), used to prevent the denominator from being zero and to enhance numerical stability.

[0037] This is a learned value based on the long-term performance of the information sources. The initial value can be set to 1. After each consensus, if the local time is confirmed to be accurate, sources with consistent local times are rewarded, while those with inconsistent times are penalized. This establishes a reputation mechanism for the information sources. The reward expression is: ; The penalty expression is as follows: ; Where k represents the k-th consensus iteration time, As the reward coefficient, This is the penalty coefficient.

[0038] The calculation is the proportion of the number of valid data packets from the corresponding source to the total expected number of packets within the most recent time window (e.g., the past 5 minutes), used to identify situations where the signal is completely interrupted. The calculation formula is: . ∈[0,1]; In the formula, This represents the expected number of data packets to be received from source i within the most recent predefined time window (e.g., 5 minutes) (determined by the protocol frequency of that source). This indicates the number of valid data packets that were actually received correctly within the same time window. A value of 1 indicates that the data stream is completely continuous; A value less than 1 indicates that there is packet loss or interruption.

[0039] The weighting coefficients determine the relative importance of the three quality dimensions in the overall evaluation and can be adaptively adjusted according to the system's operating status. The weights can be dynamically adjusted based on the system's operational phase. For example, in the initial stages of system startup, a higher weight can be given to short-term stability. After stable operation, the weight of long-term credibility can be increased. .

[0040] Furthermore, an example of a dynamic weight adjustment strategy is as follows: Scenario 1: Initial stage of system startup / reset At this point, the long-term reputation of all sources All values ​​are initially set to 1, lacking historical information. Therefore, the focus should be on short-term observations, with weights configured to prioritize short-term stability. The specific configuration values ​​are as follows: .

[0041] Scenario 2: Stable Operation Phase After a period of operation, the reputation mechanism has accumulated a large amount of valid historical data. At this point, the weight of long-term credibility should be increased to make the system more "intelligent." The weight configuration should prioritize long-term credibility. The specific configuration values ​​are as follows: .

[0042] Scenario 3: Potential wide-area interference detected If the system detects continuity of multiple wireless sources (such as all satellite sources) A significant decrease in continuity may indicate regional interference. In this case, the weight of continuity can be temporarily increased to quickly eliminate unusable sources. The weighting should prioritize long-term reliability. The specific configuration values ​​are as follows: .

[0043] Based on the above definitions, a dynamic, adaptive, and multi-dimensional comprehensive evaluation system is formed, providing accurate source reliability basis for subsequent adaptive Kalman filtering.

[0044] S2-2, Construct the state equation of the local clock and the observation equation based on multiple sources, and integrate the quality factors Q of each source obtained in S2-1. i Introducing the observation noise covariance matrix Dynamic adjustments are made to assign higher weights to high-quality sources and lower weights to low-quality sources during the filtering process. The Kalman filter algorithm is used to intelligently fuse time information from multiple sources and output the optimal local time estimate.

[0045] The purpose of a Kalman filter is to optimally estimate the deviation Δt of the local clock relative to the real time and the frequency deviation Δf.

[0046] The state equation for the local clock is constructed as follows: ; In the formula, This represents the state vector at time k. Let A represent the state vector at time k-1, and let A represent the state transition matrix. This indicates process noise.

[0047] State vector The definition is as follows: ; in, This represents the deviation between the local time and the real time at time k; This represents the relative frequency deviation of the local crystal oscillator at time k.

[0048] The state transition matrix A defines how the state evolves from the previous time step to the current time step, and is represented as follows: ; in, This indicates the sampling period of the Kalman filter algorithm.

[0049] Process noise and its covariance matrix Represented as: ; Where N represents a multivariate Gaussian distribution with a mean of zero and a covariance matrix of 0. This matrix simulates the uncertainties of the state equation model, such as the random walk of the crystal oscillator frequency. Covariance matrix The representation is as follows: ; , , and These are the elements of the corresponding row and column in the matrix. elements in (i represents the row, j represents the column) is usually determined by statistical analysis of the noise characteristics of the crystal oscillator.

[0050] The observation equation establishes the relationship between the observations and the state vector, and it is expressed as follows: ; H represents the observation vector, and H represents the observation matrix. This indicates observation noise.

[0051] Observation vector The measurements from m external sources are represented by the following formula: ; in, Let represent the time difference between the i-th source and the local clock at time k, where i∈[1,m].

[0052] The observation matrix H maps the state space to the observation space. Since each observation is a single measurement of the absolute time deviation Δtk, the matrix takes the following form: ; Observation noise and its (adaptive) covariance matrix Represented as: ; in, It is based on the quality of the information source. The core innovation of this algorithm lies in the dynamically adjusted diagonal matrix, which is represented as follows: .

[0053] That is, the observation noise covariance matrix at the k-th filtering / consensus time step. This represents the observation noise variance of the i-th observation source at time k, where m is the total number of observation sources (e.g., how many clocks or reference time sources are included). This represents the scaling factor / weighting factor for the i-th observation source, which can be set or calibrated manually. This represents the quality index of the i-th time source at time k. The better the quality, the better. The smaller the value, the smaller the noise variance, and the higher the reliability.

[0054] The formula for estimating local time is: ; in, Indicates the first Time Node The estimated local time; Indicates the first Time Node Nodes being measured Time value; Represents weights based on adaptive covariance ( The smaller the value, the greater the weight; the better the quality of the source, the higher the weight. (Substitute...) Then the above formula can be rewritten as: .

[0055] S3. Distributed collaborative consensus and spoofing detection; executed in a trusted execution environment (protected by security mechanisms). This step is the second line of defense and core innovation of this invention. By leveraging the distributed capabilities of HarmonyOS, the local node and its partner nodes exchange time information and perform Byzantine fault-tolerant consensus, thereby achieving group-level spoofing detection and collaborative timekeeping. Simultaneously, the operating environment of this crucial step is secured by a security mechanism (based on a clock core hardening method within a trusted execution environment), ensuring that the consensus logic and critical data are not tampered with.

[0056] Furthermore, this step proposes a terminal-to-terminal collaborative timekeeping and spoofing detection algorithm based on the HarmonyOS distributed soft bus. This algorithm is the core innovation of this invention at the system level. By constructing a trusted time cluster, it endows the system with distributed consensus capabilities, achieving a leap from single-point protection to herd immunity.

[0057] Specifically, S3 includes the following sub-steps: S3-1. Within the trusted time cluster, a consensus message is constructed. After digitally signing the consensus message using the node's private key, it is broadcast to all other nodes in the cluster.

[0058] Furthermore, S3-1 includes the following sub-steps: S3-1-1 At the beginning of each consensus round, each node i obtains the current best local time estimate T calculated in S2. local Obtain the uncertainty U of this local time estimate i Construct a consensus message M i It is represented as follows: ; In the formula, Indicates the ID of node i. This represents the current optimal local time estimate for node i. Represents a timestamp. Represents a random number.

[0059] For uncertainty U i Typically, P can be taken as the variance P corresponding to the time deviation in the variance matrix of the Kalman filter state estimate. k (1,1).

[0060] S3-1-2, Using node i's private key Regarding the message Digital signature is performed as follows: ; in, This represents the private key of node i, which is securely stored by that node and used to generate digital signatures; This represents the consensus message to be signed, which includes information such as node ID, local time, and uncertainty. Indicates the selected digital signature algorithm (such as ECDSA); This indicates the generated digital signature result.

[0061] S3-1-3, The message to be signed ( , It broadcasts local time to all other nodes in the cluster via the HarmonyOS distributed soft bus.

[0062] S3-2. Perform signature verification and deviation consistency check: After receiving messages from other nodes, a node performs signature verification, discards nodes that fail verification, calculates the relative deviation and dynamic security threshold for the remaining nodes, and judges the consistency of time of each node based on the comparison results of the relative deviation and dynamic security threshold.

[0063] After receiving a message from another node i, each node j first performs signature verification. In this embodiment, node i's public key is used. Verify signature The validity of the message is verified. If verification fails, the message is discarded.

[0064] For each verified node i, node j calculates the absolute deviation and relative deviation between its local time and the time reported by node i. The calculation formula is as follows: .

[0065] Dynamic security threshold It is not a fixed value, but rather based on the uncertainty of time for both parties, U. i and U j Dynamic calculations typically involve taking the square root of the sum of squares and multiplying by a coverage factor. The specific calculation formula is as follows: ; In the formula, d is a coverage factor, which is usually set to 3 to 5 depending on the required confidence level (e.g., k=3 corresponds to approximately 99.7% confidence).

[0066] like ≤ If node j determines that node i's time is consistent with its own, then node j determines that node i's time is consistent with its own time.

[0067] like > If node j determines that the time of node i is suspicious, then node j is suspicious.

[0068] S3-3. Isolate abnormal nodes through Byzantine fault tolerance decision-making; each node counts the number of nodes in the cluster that consider each node to be consistent in time. If the number of nodes that a node is judged to be time-suspicious exceeds the Byzantine fault tolerance threshold, then the node is marked as an abnormal node and its time information is isolated and no longer used as a time information source.

[0069] Furthermore, for node j, it performs reputation statistics for every other node i in the trusted time cluster. It counts how many nodes in the cluster (including itself) consider node i to be consistent. This number is denoted as Z. Then, the Byzantine fault tolerance principle is applied: if the number of nodes considering node i suspicious exceeds the fault tolerance threshold F, i.e., if... Then node j will officially mark node i as an abnormal node, where B represents the total number of nodes in the trusted time cluster. Typically, F = [(B...] [1) / 3] (This is the maximum number of faulty nodes that the classic Byzantine fault-tolerant algorithm can tolerate).

[0070] Each node is periodic (period T) round The consensus rounds from S3-1 to S3-3 are executed as described above.

[0071] S3-4. When all external absolute time sources are detected to be in failure, the trusted time cluster automatically switches to the cooperative timekeeping mode, using the time estimates of normal nodes in the cluster as the observation of the filtering and fusion algorithm. By tracking the average time of the cluster, high-precision relative time synchronization without external reference is achieved.

[0072] When the cluster detects through consensus that all external absolute time sources (such as satellites) have failed, it automatically switches to cooperative timekeeping mode. Its goal is to keep the clocks of all normal nodes within the cluster relatively synchronized, while minimizing the overall drift rate, in the absence of an external reference.

[0073] In collaborative timekeeping mode, satellite or ground sources are no longer used as observations; instead, the time of other normal nodes within the cluster is used. As the observable Z k The input is fed into the Kalman filter in S2. At this point, the state equation still describes the local clock dynamics, while the observation equation represents the tracking of the cluster's average time. Since the aging and drift of the crystal oscillators (OCXOs) of each node in the cluster are independent random processes, through the fusion and compensation of the distributed filtering algorithm, the long-term stability of the cluster's virtual time, which is finally converged, will be far superior to the timekeeping accuracy of any single node, achieving a performance improvement of 1 / N order of magnitude.

[0074] S4. Implement secure time output; maintain the authoritative time determined by the consensus of the trusted time cluster in the trusted execution environment, perform digital signature processing on the time synchronization signal to be distributed, and distribute the signed time synchronization signal to downstream power equipment through the power system standard time interface.

[0075] Specifically, the authoritative time determined through steps S2 and S3 and based on collective consensus is maintained in a trusted execution environment built with a security hardening mechanism. The time signals to be distributed, such as PTP and IRIG-B, are digitally signed, and finally distributed to downstream power equipment via physical interfaces. This step ensures the integrity and authenticity of the output time signal.

[0076] This step primarily provides a hardware-level secure execution environment for the algorithms in S2 and S3, ensuring the confidentiality and integrity of core time data.

[0077] Combination Figure 3 The security hardening mechanism consists of three parts: secure boot chain construction, memory isolation and secure storage, and secure time output verification.

[0078] For the construction of the secure boot chain, this application establishes a trust chain through step-by-step signature verification after the device is powered on. The digital signature verification is completed sequentially by the hardware read-only memory for the boot program, the boot program for the HarmonyOS kernel, and the HarmonyOS kernel for the time synchronization trusted application, ensuring that all software components have not been tampered with.

[0079] Specifically, this application establishes a complete trust chain from the moment the device is powered on, ensuring the trusted root of the execution environment, namely ROM → Bootloader → HarmonyOS kernel → Trusted Application (TA). The root public key in the hardware read-only memory (ROM) verifies the digital signature of the first-stage Bootloader, and subsequently, the verified Bootloader verifies the digital signature of the HarmonyOS microkernel. The verified kernel verifies the digital signature of the time-synchronized Trusted Application (TA). This process ensures that all software components, from the hardware firmware to critical applications in the secure world, have not been tampered with. Its essence is a step-by-step signature verification operation, represented as follows: ; in, It is the public key of the nth level validator. It is the verified image and its signature.

[0080] Regarding memory isolation and secure storage, this application encapsulates the core computing logic, consensus processing logic, and key management of time synchronization into a trusted application running within a trusted execution environment. Core time data, historical data of source quality, and encryption keys are stored only in the secure memory of the trusted execution environment, achieving hardware-level isolation from the ordinary operating environment.

[0081] In terms of device architecture, the main control chip (such as one based on ARMTrustZone) is divided into a secure world (SWd) and a normal world (NWd) at the hardware level.

[0082] This embodiment encapsulates the Kalman filter core computation in S2, the consensus logic in S3, and key modules such as key management into a trusted application running within a trusted execution environment. The state vector... Source quality history Core data such as encryption keys are stored in secure memory accessible only by the TEE.

[0083] Other applications running in the normal world (RichOS, such as the HarmonyOS standard system) cannot directly access the memory and trusted applications in the secure world, fundamentally preventing malware from tampering with the system time. This process enforces hardware isolation to ensure that malware in the normal world cannot access or tamper with core time and cryptographic materials within the secure world. Its integrity can be represented as: .

[0084] For secure time output verification, this application completes the generation of timestamps and message assembly of time synchronization signals within a trusted execution environment. It uses the securely stored device private key to digitally sign the key time fields of the message. The signature value is distributed along with the time synchronization message. Downstream power equipment verifies the validity of the signature using a pre-set device public key. If the verification fails, the time synchronization signal is discarded.

[0085] This application establishes an end-to-end trusted chain to ensure the integrity and authenticity of the output time signal. The generation of the timestamp and the final assembly of the message for externally distributed time signals (such as the OriginTimestamp field in a PTP message) are completed within a trusted execution environment. Before the message is sent, a device private key securely stored in the trusted execution environment is used. The key time fields are digitally signed, and the signature value is sent along with the message. Its representation is as follows: ; Where H(·) is a hash function (such as SHA-256). It is the generated signature.

[0086] Downstream receiving devices use a pre-configured public key from the transmitting device. Verify the signature, which is represented as: ; If the verification fails, it can be determined that the time signal was maliciously tampered with during transmission or by the sender, and the untrusted signal can be discarded.

[0087] S5. Feedback and Adaptation. Feedback is provided on the distributed collaborative consensus results and real-time system operating status information to dynamically adjust the source quality assessment parameters (especially the long-term reliability historical score S). istab ), optimize the local clock discipline and maintenance parameters, thereby achieving dynamic adjustment of parameters and continuous optimization of the system, forming a closed-loop time synchronization control system.

[0088] Example 2 This embodiment is applied to a 220kV intelligent substation. The substation is equipped with multiple sets of equipment that require high-precision time synchronization, such as line protection devices, fault recorders, and merging units.

[0089] In this embodiment, three power time synchronization devices, equipped with the HarmonyOS operating system and supporting a Trusted Execution Environment (TEE), as described in Embodiment 1, are deployed in the main control room and relay room of the substation, respectively, and are designated as nodes A, B, and C. They are connected via an intra-station Ethernet network and automatically discover each other using the HarmonyOS distributed soft bus, forming a trusted time cluster. All three devices normally receive BeiDou satellite signals (primary signal source). Node A is also connected to a ground-based PTP master clock (backup signal source) via a wired network. All devices obtain time information from the other two partner nodes via the HarmonyOS soft bus.

[0090] Combination Figure 4 and Figure 5 Its operation involves the following stages: Phase 1: Normal Operation Under normal circumstances, all three devices of this invention can receive BeiDou signals normally, and each device operates stably. The overall quality factor Q of each signal source is... i All remain at high levels. For example, the QBDS of the BeiDou signal source is approximately 0.9.

[0091] In conjunction with step S2 of Example 1, the Kalman filter outputs a high-precision local time estimate based on high-quality observations.

[0092] Combining step S3 of Example 1, the periodic consensus within the trusted time cluster shows the relative deviation ΔT of the three nodes. AB ,ΔT BC ,ΔT AC All values ​​are less than the safety threshold (<1μs), indicating that the system is in a harmonious synchronization state.

[0093] Phase Two: Attack Occurrence and Detection At a certain moment, the attacker began transmitting GPS spoofing signals around the substation, with a power stronger than the real signal. The GPS receiver module of node C was successfully tricked, and its calculated GPS time began to drift positively, deviating from the real time at a rate of 5μs per second.

[0094] Node C first issues an alarm: if Node C detects a continuously increasing deviation between its BeiDou signal source and the spoofed GPS signal source, it immediately reduces the quality factor Q of the GPS signal source. GPS Its observation noise variance It then increased dramatically.

[0095] In Kalman filtering, the weight of the GPS source is automatically reduced, and the BeiDou source (BDS) becomes dominant. This slows down the rate at which node C's time is skewed to some extent, but because its GPS module has been hijacked by a spoofed signal, the observations it provides are inherently incorrect, and node C's local time T... C Slow deviations are still beginning to appear.

[0096] In the next consensus cycle, nodes A, B, and C broadcast their respective timestamps T to each other. A T B T C And uncertainty.

[0097] After receiving the information, node A performs the following calculations: ΔT AB =∣T A T B |=0.3μs (<δ, normal); ΔT AC =∣T A T C | = 8.2 μs (>δ, abnormal!).

[0098] Node B performs a similar calculation and arrives at the same conclusion: ΔT BA and ΔT BC All are very small, but ΔT BC The value is very large. Therefore, both nodes A and B consider node C's timing suspicious. In a cluster of 3 nodes, the number of nodes considering node C abnormal (2) exceeds the fault tolerance threshold F = [(3 1) / 3]=0. Therefore, the cluster reaches a consensus and marks node C as an abnormal node.

[0099] Nodes A and B will ignore the time information from node C and penalize partner node C as the information source by reducing its... Meanwhile, node C itself will also receive accusations from A and B. Combined with internal information source conflicts, this can trigger a high-level alarm, indicating "suspected deception attack".

[0100] Phase Three: Safe Output and Recovery Throughout the process, the security hardening mechanism proposed by S4 for nodes A and B ensures that their core time is not tampered with by any malware, and digitally signs the PTP and IRIG-B codes they output.

[0101] After receiving the signed time signal, downstream devices can verify its authenticity to ensure that a reliable time reference is being used.

[0102] After receiving the alarm, maintenance personnel can accurately locate node C and take measures such as maintenance or blocking its GPS signal source. After blocking the spoofed signal, node C can quickly resynchronize to the correct time by trusting nodes A and B in the cluster (as its sole time source).

[0103] Thus, based on the dual protection of steps S2 and S3, proactive detection and isolation of deceptive signals are achieved. (Refer to...) Figure 5 The time of node C gradually deviates and is eventually detected and isolated by nodes A and B. Even if node C fails temporarily, the cluster is still kept in high-precision time synchronization by nodes A and B, and the system function is not seriously affected, demonstrating the resilience of the system.

[0104] Comparative Example 1 This comparative example uses existing technical solutions, deploying three traditional single satellite timing devices within the station. These devices operate independently without any coordination mechanism and are compared and analyzed with Example 2.

[0105] In the traditional approach, among the three independently operating devices, node C will unknowingly receive deceptive signals, causing its output time to gradually drift. This leads to a time synchronization issue between secondary equipment such as protection devices and waveform recorders that rely on node C's time and other equipment within the station. This can result in chaotic fault recording timing during a failure, making accurate fault analysis impossible and potentially causing protection devices to malfunction or fail to operate, thus expanding the scope of the fault. Furthermore, maintenance personnel will find it difficult to quickly pinpoint which node is malfunctioning.

[0106] Example 3 This embodiment is applied to an important coastal converter station. The electromagnetic environment in this area is complex, posing potential risks of GPS / BDS signal interference and spoofing. This embodiment deploys four power time synchronization devices, as described in Embodiment 1, equipped with the HarmonyOS operating system and supporting a Trusted Execution Environment (TEE). These are designated as nodes A, B, C, and D, and form a HarmonyOS trusted time cluster via the station's local area network. Each device is equipped with a multi-mode satellite receiver, capable of simultaneously receiving BeiDou-3 (BDS-3) and GPS signals; a ground backup link is provided, with node A also connected to a high-precision ground-based PTP master clock.

[0107] During the attack phase, the attackers transmitted high-power, highly realistic BeiDou deception signals near the converter station to induce receivers to lock onto the false signals.

[0108] At time T0, the attack begins, and a deceptive signal is injected.

[0109] At time T0+1s, the BeiDou receiver at node C is first deceived, and its output BeiDou time ( A slow drift (+0.5 μs / s) begins; based on this application, the first level of defense is activated to perform source collision detection, and node C detects its... and Signal discrepancies have occurred. The quality factor dynamically degrades, reducing the quality factor of the BeiDou signal source. . ; It decreased from 0.9 to 0.3.

[0110] At time T0+5s, the BeiDou receivers of nodes A, B, and D were successively spoofed, and their BDS times all began to drift. However, their GPS signals remained normal. At this point, the effect was applied across the entire cluster, and all nodes significantly reduced their speed due to detecting source conflicts between BDS and GPS. The weight of the BeiDou signal source decreased sharply, and the GPS signal source became dominant. The system time output was not significantly affected. The [data / information / information] of each node... All decreased to ~0.2.

[0111] At time T0+30s, the attacker escalates the attack, simultaneously suppressing and spoofing the GPS signal. The GPS signal source is interrupted for all nodes within the cluster, and the BeiDou spoofed signal becomes the sole satellite signal source. This triggers the second-level defense (i.e., step S3).

[0112] At time T0+31s, the cluster enters collaborative timekeeping mode. Spoofing detection: Each node exchanges time information via the HarmonyOS soft bus. Because all nodes are misled by the same spoofing source, their BDS times are highly consistent, but there is a significant deviation from node A's ground PTP time. Consensus decision: The PTP source quality factor of node A... Extremely high. Through Byzantine fault-tolerant consensus, the cluster quickly identified the inconsistency between the "BeiDou source" and the "PTP source". Source isolation: The cluster reached a consensus to mark the "BeiDou source" as an untrusted source and completely exclude it from the fusion algorithm.

[0113] At time T0+60s, the attack continues. The cluster time base relies entirely on the PTP signal source of node A, supplemented by the crystal oscillators of nodes B, C, and D for coordinated timekeeping. The system time maintains high precision and high stability. The cluster time error is <1μs.

[0114] This embodiment leverages the advantages of multi-mode (BDS+GPS) to automatically reduce the weight of untrusted sources in the early stages of deception by addressing internal contradictions within the information source, thereby achieving "soft" isolation and initial defense.

[0115] When all satellite sources are unreliable, a distributed consensus mechanism is used to perform cross-verification with heterogeneous sources such as ground-based sources, enabling "hard" identification and isolation of deceptive signals and achieving ultimate defense.

[0116] In the worst-case scenario where all primary signal sources (satellites) fail, the system can seamlessly switch to the backup signal source (ground-based PTP) and enter a collaborative timekeeping mode to ensure the continuity and accuracy of time.

[0117] Comparative Example 2 This comparative example deploys four traditional, independently operating BeiDou timing terminals within the station, without collaborative capabilities, and compares them with Example 3.

[0118] During the attack phase, Comparative Example 2 loses its satellite reference and can only rely on its own crystal oscillator for timekeeping, causing its accuracy to begin to decline.

[0119] Combination Figure 6 Compared to this application, traditional solutions lack deception detection capabilities. Terminals independently receive deception signals and are unable to distinguish between genuine and fake signals, thus being successfully deceived. This application, however, proactively identifies and isolates deception sources through a two-tiered mechanism of multi-source cross-verification (BDS vs. GPS) and distributed consensus (satellite vs. ground-based PTP). This application possesses proactive immunity, while traditional solutions are completely exposed to risk.

[0120] For post-failure time accuracy (1 minute after the attack begins), traditional methods rely solely on local crystal oscillators for timekeeping, resulting in a sharp decline in accuracy. This application, however, utilizes a high-precision ground-based PTP reference, supplemented by multi-node collaborative timekeeping, achieving significantly higher accuracy than a single-node approach.

[0121] From a system reliability perspective, in traditional solutions, a single point of failure leads to satellite signal loss and system degradation. However, this application features triple redundancy across "satellite-ground-nearby nodes," meaning that the failure of a single signal source does not affect system functionality.

[0122] From the perspective of alarms and maintainability, traditional solutions lack effective alarms, making it difficult for maintenance personnel to detect "silent" deception and posing challenges to fault location. This application, however, can generate precise alarms, such as "BeiDou signal source has been deceitfully isolated," and pinpoint the abnormal signal source. Maintenance personnel can respond quickly, greatly improving system maintainability and security.

[0123] The above description is merely an optional embodiment of the present invention and does not limit the patent scope of the present invention. Any equivalent structural transformations made using the content of the present invention under the concept of the present invention, or direct / indirect applications in other related technical fields, are included within the patent protection scope of the present invention.

Claims

1. A power-time synchronization anti-spoofing and anti-interference method based on HarmonyOS system, characterized in that, The power time synchronization device, which is equipped with the HarmonyOS operating system and supports a trusted execution environment, includes the following steps: S1. Collect multi-source heterogeneous time beacon data; S2. Perform source quality assessment and adaptive fusion. Use a multi-source heterogeneous time source adaptive fusion algorithm to assess the quality of each source in real time. Based on the assessment results, perform intelligent fusion processing through a dynamic weighted Kalman filter fusion algorithm to output the optimal local time estimate. S3, Distributed Collaborative Consensus and Spoofing Detection; In a trusted execution environment, this node exchanges time information with partner nodes in the trusted time cluster and performs Byzantine fault-tolerant consensus to achieve group-level spoofing detection and collaborative timekeeping; S4. Implement secure time output; maintain the authoritative time determined by the consensus of the trusted time cluster in the trusted execution environment, perform digital signature processing on the time synchronization signal to be distributed, and distribute the signed time synchronization signal to downstream power equipment. S5, Feedback and Adaptation: Feedback on distributed collaborative consensus results and real-time operating status information, dynamically adjust source quality assessment parameters, optimize local clock discipline and maintenance parameters, and form a closed-loop time synchronization control system.

2. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 1, characterized in that, The sources of the multi-source heterogeneous time beacon data in S1 include multi-mode satellite receiving modules, terrestrial wired networks, and neighboring nodes within a trusted time cluster that acquire time information.

3. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 1, characterized in that, S2 includes the following sub-steps: S2-1, Define a comprehensive quality factor Q for each information source i. i Comprehensive quality factor Q i A weighted sum of multiple evaluation dimensions; S2-2, Construct the state equation of the local clock and the observation equation based on multiple sources, and integrate the quality factors Q of each source obtained in S2-1. i The observation noise covariance matrix is ​​introduced for dynamic adjustment, and the Kalman filter algorithm is used to complete the intelligent fusion processing of time information from multiple sources, outputting the optimal local time estimate.

4. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 3, characterized in that, In S2-1, the comprehensive quality factor Q i The calculation formula is: ; In the formula, Indicates short-term stability. This indicates the long-term credibility historical score. Indicates continuity, , , This represents the corresponding weighting coefficient, and each weighting coefficient is dynamically adjusted. .

5. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 3, characterized in that, The state equation for constructing the local clock in S2-2 is as follows: ; In the formula, This represents the state vector at time k. Let A represent the state vector at time k-1, and let A represent the state transition matrix. Indicates process noise; The observation equation establishes the relationship between the observations and the state vector, and it is expressed as follows: ; H represents the observation vector, and H represents the observation matrix. This indicates observation noise.

6. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 1, characterized in that, S3 includes the following sub-steps: S3-1. Within the trusted time cluster, a consensus message is constructed. After digitally signing the consensus message using the node's private key, it is broadcast to all other nodes in the cluster. S3-2. Perform signature verification and deviation consistency check; after a node receives a message from another node, it performs signature verification, discards nodes that fail verification, calculates the relative deviation and dynamic security threshold for the remaining nodes, and judges the consistency of time of each node based on the comparison results of the relative deviation and dynamic security threshold. S3-3. Isolate abnormal nodes through Byzantine fault tolerance decision-making; each node counts the number of nodes in the cluster that consider each node to be consistent in time. If the number of nodes that a node is judged to be time-suspicious exceeds the Byzantine fault tolerance threshold, then the node is marked as an abnormal node and its time information is isolated and no longer used as a time information source. S3-4. When all external absolute time sources are detected to be in failure, the trusted time cluster automatically switches to cooperative timekeeping mode, uses the time estimate of normal nodes in the cluster as the observation, and achieves relative time synchronization without external reference by tracking the average time of the cluster.

7. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 6, characterized in that, S3-1 includes the following sub-steps: S3-1-1, Each node i obtains the current best local time estimate calculated in S2, and obtains the uncertainty U of this local time estimate. i Build a consensus message ; S3-1-2, Using node i's private key Regarding the message Perform digital signature; S3-1-3, The message to be signed ( , It broadcasts the local time to all other nodes in the trusted time cluster.

8. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 7, characterized in that, Consensus message in S3-1-1 It is expressed as follows: ; In the formula, Indicates the ID of node i. This represents the current optimal local time estimate for node i. Represents a timestamp. Represents a random number; The digital signature result generated in S3-1-2 It is expressed as follows: ; in, This represents the private key of node i. This indicates a consensus message awaiting signature. This indicates the selected digital signature algorithm.

9. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 6, characterized in that, The relative deviation in S3-2 The calculation formula is as follows: ; in, This represents the current optimal local time estimate for node j. This represents the current optimal local time estimate for node i; Dynamic security threshold The calculation formula is: ; Where d represents the coverage factor, U i and U j Let i and j represent the uncertainties of node i and node j, respectively. like ≤ If node j determines that node i's time is consistent with its own, then node j determines that node i's time is consistent with its own time. like > If node j determines that the time of node i is suspicious, then node j is suspicious.

10. The anti-spoofing and anti-interference method for power time synchronization based on HarmonyOS system according to claim 6, characterized in that, The formula for calculating the Byzantine fault tolerance threshold F in S3-3 is as follows: F=[(B 1) / 3]; Where B represents the total number of nodes in the trusted time cluster; If the number of nodes considered suspicious by node i exceeds the Byzantine fault tolerance threshold F, then node i is marked as an abnormal node.