面向异构身份联盟风险评估模型的区块链共识机制

doi:10.3969/j.issn.0255-8297.2022.04.011

摘要/Abstract

摘要： 异构身份联盟风险评估系统普遍为中心化架构，存在单点故障、内部作恶以及用户数据控制权丢失等问题，为此提出一种基于区块链的异构身份联盟风险评估模型。该模型以属性加密技术保障数据的安全存储及用户控制权，并结合网络分片思想和聚合签名技术提出一种两级共识机制——分组和聚合签名拜占庭容错（grouped and aggregate-signaturesByzantine fault tolerance,GABFT）算法。GABFT首先利用一致性哈希算法对网络节点进行分组，然后在组内及组间采用了结合聚合签名的实用拜占庭容错（practical Byzantinefault tolerance,PBFT）算法，提高了所提模型的处理效率，降低了通信开销，同时支持节点的动态变化。最后经实验得出：与PBFT相比，GABFT将节点达成共识所需通信次数由平方级降为线性级，且吞吐量约提升2~3倍。

关键词: 区块链, 异构身份联盟, 风险评估, 属性加密, 实用拜占庭容错

Abstract: Existing heterogeneous identity alliance risk assessment systems are generally centralized, with single point of failure, internal mischief and loss of control of user data. Therefore, a blockchain-based risk assessment model for heterogeneous identity alliances is proposed. This model uses attribute encryption to ensure the secure storage of data and user control rights, and combines the idea of network fragmentation and aggregation signature technology, to propose a two-level consensus mechanism called grouped and aggregate-signature Byzantine fault tolerance (GABFT), which first groups network nodes using a consistent Hashing algorithm, and uses practical Byzantine fault tolerance (PBFT) improved by aggregated signatures within and between groups to reach consensus, then improves the processing efficiency of the proposed model, reduces the communication overhead, and supports dynamic changes of nodes. Finally, an experiment shows that compared to PBFT, GABFT reduces the number of communications required for nodes to reach consensus from squared to linear and improves the throughput by a factor of 2~3.

Key words: blockchain, heterogeneous identity alliance, risk assessment, attribute-based encryption, practical Byzantine fault tolerance (PBFT)

中图分类号:

TP311

杨彦伯, 万武南, 张仕斌, 张金全, 秦智. 面向异构身份联盟风险评估模型的区块链共识机制[J]. 应用科学学报, 2022, 40(4): 681-694.

YANG Yanbo, WAN Wunan, ZHANG Shibin, ZHANG Jinquan, QIN Zhi. Blockchain Consensus Mechanism for Risk Assessment Model of Heterogeneous Identity Alliance[J]. Journal of Applied Sciences, 2022, 40(4): 681-694.

参考文献

[1] 姜文博,李洪伟,郝尧,等.网络空间身份管理研究综述[J].信息安全与通信保密, 2019(9):46-57.Jiang W B, Li H W, Hao Y, et al.A survey on cyberspace identity management[J].Information Security and Communications Privacy, 2019(9):46-57.(in Chinese)
[2] 董贵山,张兆雷,李洪伟.基于区块链的异构身份联盟与监管体系架构和关键机制[J].通信技术, 2020, 53(2):401-413.Dong G S, Zhang Z L, Li H W.Regulatory system architecture and key mechanisms of blockchain-based heterogeneous identity alliance[J].Communications Technology, 2020, 53(2):401-413.(in Chinese)
[3] 杨敏,张仕斌,张航.异构联盟系统中基于二层区块链的用户信任协商模型[J].应用科学学报, 2019, 37(2):244-252.Yang M, Zhang S B, Zhang H.User trust negotiation model based on two-layer blockchain in heterogeneous alliance system[J].Journal of Applied Sciences, 2019, 37(2):244-252.(in Chinese)
[4] Chen H, Wan W N, Xia J Y, et al.Task-attribute-based access control scheme for IoT via blockchain[J].Computers, Materials&Continua, 2020, 65(3):2441-2453.
[5] Gan J C, Sheng Z W, Zhang S B, et al.Design and implementation of heterogeneous identity alliance risk assessment system[C]//International Conference on Artificial Intelligence and Security.Cham:Springer, 2020:307-317.
[6] 张利,彭建芬,杜宇鸽.信息安全风险评估的综合评估方法综述[J].清华大学学报(自然科学版), 2012, 52(10):1364-1369.Zhang L, Peng J F, Du Y G.Information security risk assessment survey[J].Journal of Tsinghua University (Science and Technology), 2012, 52(10):1364-1369.(in Chinese)
[7] 曾诗钦,霍如,黄韬.区块链技术研究综述:原理、进展与应用[J].通信学报, 2020, 41(1):134-151.Zeng S Q, Huo R, Huang T.Survey of blockchain:principle, progress and application[J].Journal on Communications, 2020, 41(1):134-151.(in Chinese)
[8] Fu Y, Zhu J, Sheng G.CPS information security risk evaluation system based on Petri net[C]//IEEE Second International Conference on Data Science in Cyberspace, 2017:541-548.
[9] Zhao Y, Zhang S B, Yang M, et al.Research on architecture of risk assessment system based on block chain[J].Computers Materials&Continua, 2019, 61(2):677-686.
[10] 杨阳,刘军,田原.实现网络态势感知的区块链网络、感知方法及电子设备:中国, CN201811025259.6[P].2019-02-01.
[11] 王秀利,江晓舟,李洋.应用区块链的数据访问控制与共享模型[J].软件学报, 2019, 30(6):1661-1669.Wang X L, Jiang X Z, Li Y.Model for data access control and sharing based on blockchain[J].Journal of Software, 2019, 30(6):1661-1669.(in Chinese)
[12] 张磊,郑志勇,袁勇.基于区块链的电子医疗病历可控共享模型[J].自动化学报, 2021, 47(9):2143-2153.Zhang L, Zheng Z Y, Yuan Y.A controllable sharing model for electronic health records based on blockchain[J].Acta Automatica Sinica, 2021, 47(9):2143-2153.(in Chinese)
[13] 葛纪红,沈韬.基于区块链的能源数据访问控制方法[J].计算机应用, 2021, 41(9):2615-2622.Ge J H, Shen T.Energy data access control method based on blockchain[J].Journal of Computer Applications, 2021, 41(9):2615-2622.(in Chinese)
[14] 苑超,徐蜜雪,斯雪明.基于聚合签名的共识算法优化方案[J].计算机科学, 2018, 45(2):53-56.Yuan C, Xu M X, Si X M.Optimization scheme of consensus algorithm based on aggregation signature[J].Computer Science, 2018, 45(2):53-56.(in Chinese)
[15] 王子钰,刘建伟,张宗洋.基于聚合签名与加密交易的全匿名区块链[J].计算机研究与发展, 2018, 55(10):2185-2198.Wang Z Y, Liu J W, Zhang Z Y.Full anonymous blockchain based on aggregate signature and confidential transaction[J].Journal of Computer Research and Development, 2018, 55(10):2185-2198.(in Chinese)
[16] 衡星辰,董灿,林克全.基于区块链的分布式电力竞价交易算法[J].计算机工程, 2020, 46(2):35-40, 47.Heng X C, Dong C, Lin K Q.Blockchain-based algorithm for distributed power bidding transaction[J].Computer Engineering, 2020, 46(2):35-40, 47.(in Chinese)
[17] Lawson S.The US military's social media civil war:technology as antagonism in discourses of information-age conflict[J].Cambridge Review of International Affairs, 2014, 27(2):226-245.
[18] 李灿强.美国网络安全国家行动计划述评[J].电子政务, 2016(12):98-109.Li C Q.Review of the U.S.national action plan on cybersecurity[J].E-Government, 2016(12):98-109.(in Chinese)
[19] Roßnagel H, Camenisch J, Fritsch L, et al.Futureid-shaping the future of electronic identity[J].Datenschutz und Datensicherheit, 2012, 36(3):189-194.
[20] Blažič B J.Designing a large cross-border secured eID service for e-government and e-business[C]//2014 International Conference on Multimedia Computing and Systems, IEEE, 2014:657-662.
[21] 方滨兴,邹鹏,朱诗兵.网络空间主权研究[J].中国工程科学, 2016, 18(6):1-7.Fang B X, Zou P, Zhu S B.Research on cyberspace sovereignty[J].Strategic Study of CAE, 2016, 18(6):1-7.(in Chinese)
[22] 陈颂,王光伟,刘欣宇.信息系统安全风险评估研究[J].通信技术, 2012, 45(1):128-130.Chen S, Wang G W, Liu X Y.Study on security risk assessment for information system[J].Communications Technology, 2012, 45(1):128-130.(in Chinese)
[23] Nakamoto S.Bitcoin:a peer-to-peer electronic cash system[R/OL].(2008-10-31)[2021-08-16].https://www.debr.io/article/21260-bitcoin-a-peer-to-peer-electronic-cash-system.
[24] Wang S, Yuan Y, Wang X.An overview of smart contract:architecture, applications, and future trends[C]//2018 IEEE Intelligent Vehicles Symposium, 2018:108-113.
[25] 张奥,白晓颖.区块链隐私保护研究与实践综述[J].软件学报, 2020, 31(5):170-198.Zhang A, Bai X Y.Survey of research and practices on blockchain privacy protection[J].Journal of Software, 2020, 31(5):170-198.(in Chinese)
[26] Reshma V, Gladwin S J, Thiruvenkatesan C.Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications[C]//2019 International Conference on Communication and Signal Processing, IEEE, 2019:501-505.
[27] Boneh D, Gentry C, Lynn B, et al.Aggregate and verifiably encrypted signatures from bilinear maps[M].Berlin, Heidelberg:Springer, 2003.
[28] Yoo H K, Yim J, Kim S.The blockchain for domain based static sharding[C]//The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, 2018:1689-1692.
[29] 陈子豪,李强.基于K-medoids的改进PBFT共识机制[J].计算机科学, 2019, 46(12):101-107.Chen Z H, Li Q.Improved PBFT consensus mechanism based on K-medoids[J].Computer Science, 2019, 46(12):101-107.(in Chinese)
[30] 陈忠贤,李秦伟,罗婧雯.基于通信时间分组的PBFT算法改进[J].计算机与数字工程, 2021, 49(4):711-717.Chen Z X, Li Q W, Luo J W.Improvement of PBFT algorithm based on communication time grouping[J].Computer&Digital Engineering, 2021, 49(4):711-717.(in Chinese)
[31] Castro M, Liskov B.Practical Byzantine fault tolerance and proactive recovery[J].ACM Transactions on Computer Systems, 2002, 20(4):398-461.