异步区块链支持的安全频谱共享

针对目前频谱稀缺的困境,一个经济有效的解决方案是将未充分利用的授权频谱以机会的方式分配给未授权用户。然而,实现大规模频谱共享面临激励缺失、隐私泄露、安全威胁和时延过大等挑战。利用区块联盟链技术的安全机制,设计了由频谱接入层、区块链网络层、区块链共识层构成的区块链动态频谱接入系统。该系统采用异步实时拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)改善共识延时,设计基于最优匹配算法的匹配方案,提高频谱复用率。经仿真验证,该方案频谱复用率提升近6%。相比于实时拜占庭机制,所提方案减少了系统延时,提升吞吐量近129%。     

RBFT:基于Raft集群的拜占庭容错共识机制

针对现有联盟链共识机制因可拓展性不足,无法在支持大规模网络的同时满足低时延、高吞吐量和安全性的问题,采用网络分片的思想,提出一种适用于联盟链的带有监督节点的两级共识机制——RBFT。首先对网络节点进行分组,组内采用改进的Raft机制进行共识,然后由每个组内选出的领导者组成网络委员会,网络委员会内部采用PBFT机制进行共识。研究结果表明,在大规模网络环境下,相比PBFT和Raft,RBFT在具备拜占庭容错能力的同时可以保证高共识效率,因而具有更高的扩展性。     

LOPE: A Low-Overhead Payment Verification Method for Blockchains

With its characteristics of decentralization, security, data traceability, and tamper-resistance, the blockchain has been widely used in various domains. Considering the difference in the performance of the devices, the light client is proposed so that devices without the ability to store a full blockchain copy can also participate in the blockchain transactions. However, the light client has to communicate with full nodes and verify the authenticity of a transaction which brings in some extent of communication, computation, and storage overheads to the light client. These overheads cannot be ignored for some low-performance devices, such as embedded devices or IoT chips, and therefore the current light client scheme does not work in this situation. We propose LOPE (a Low-overhead payment vErification method) for poor-capacity nodes in the blockchain system. In LOPE, a grouping protocol is designed to partition full nodes into groups to serve the verification requests of the light client. In addition, Practical byzantine fault tolerance (PBFT) is used to ensure the light client to get a credible result in spite of a few dishonest nodes existing in the group. We conduct LOPE and evaluate it in a testbed. The experiment results show that LOPE reduces more than half of the communication overhead, degrades the computation overhead of the light client to a large extent, and avoids the storage overhead of the hash roots of block headers in the light client. We also conduct theoretical analysis to show the performance improvement and security issues of LOPE.     

基于凝聚型层次聚类的PBFT优化共识机制

面对粮食联盟链网络中的大量共识节点,由于传统实用拜占庭容错(practical Byzantine fault tolerance,PBFT)共识算法效率低下,导致通信能耗过高,从而极大地增加信息泄露和数据造假的风险。针对上述难题,本文提出了一种基于凝聚型层次聚类(agglomerative hierarchical clustering,AHC)的PBFT优化共识算法。首先,利用AHC算法对所有网络共识节点进行目标划分和聚类;其次,使所有簇并行发生PBFT共识;最后,通过簇间主节点共识达成消息一致。实验结果表明,该改进算法能够有效降低能量开销,并提高共识效率和吞吐量。     

Imp Raft: a consensus algorithm based on Raft and storage compression consensus for IoT scenario

In order to meet various challenges in the Internet of things (IoT), such as identity authentication, privacy preservation of distributed data and network security, the integration of blockchain and IoT became a new trend in recent years. As the key supporting technology of blockchain, the consensus algorithm is a hotspot of distributed system research. At present, the research direction of the consensus algorithm is mainly focused on improving throughput and reducing delay. However, when blockchain is applied to IoT scenario, the storage capacity of lightweight IoT devices is limited, and the normal operations of blockchain system cannot be guaranteed. To solve this problem, an improved version of Raft (Imp Raft) based on Raft and the storage compression consensus (SCC) algorithm is proposed, where initialization process and compression process are added into the flow of Raft. Moreover, the data validation process aims to ensure that blockchain data cannot be tampered with. It is obtained from experiments and analysis that the new proposed algorithm can effectively reduce the size of the blockchain and the storage burden of lightweight IoT devices.     

Throughput-oriented associated transaction assignment in sharding blockchains for IoT social data storage

Blockchain is a viable solution to provide data integrity for the enormous volume of 5G IoT social data, while we need to break through the throughput bottleneck of blockchain. Sharding is a promising technology to solve the problem of low throughput in blockchains. However, cross-shard communication hinders the effective improvement of blockchain throughput. Therefore, it is critical to reasonably allocate transactions to different shards to improve blockchain throughput. Existing research on blockchain sharding mainly focuses on shards formation, configuration, and consensus, while ignoring the negative impact of cross-shard communication on blockchain throughput. Aiming to maximize the throughput of transaction processing, we study how to allocate blockchain transactions to shards in this paper. We propose an Associated Transaction assignment algorithm based on Closest Fit (ATCF). ATCF classifies associated transactions into transaction groups which are then assigned to different shards in the non-ascending order of transaction group sizes periodically. Within each epoch, ATCF tries to select a shard that can handle all the transactions for each transaction group. If there are multiple such shards, ATCF selects the shard with the remaining processing capacity closest to the number of transactions in the transaction group. When no such shard exists, ATCF chooses the shard with the largest remaining processing capacity for the transaction group. The transaction groups that cannot be completely processed within the current epoch will be allocated in the subsequent epochs. We prove that ATCF is a 2-approximation algorithm for the associated transaction assignment problem. Simulation results show that ATCF can effectively improve the blockchain throughput and reduce the number of cross-shard transactions.     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.     

基于区块链的SDN物联网部署安全

与传统互联网相比,由于基于SDN的物联网覆盖面更广、连接的设备更多、传输的数据更复杂等原因,还存在很多安全方面的技术挑战。提出了在SDN物联网中加入一个基于区块链的安全层作为安全网关,对进入物联网的数据进行一次性的精确验证,各安全网关作为平等的区块链节点加入区块链系统,结合区块链系统的可追踪和不可篡改性,提高了SDN物联网部署的安全性能和效率。     

基于PBFT区块链技术的电网企业仓储系统

提出了一种基于实用拜占庭容错(PBFT)算法的区块链技术,首先对传统的实用拜占庭容错算法原理进行了阐述,该传统算法包含前期、需求、预准备、准备、确认、答复6个阶段,但传统算法具有实时性差、缺乏惩罚机制、带宽高的缺点。针对出现的这些问题,又对传统算法进行了改进,具体涉及记账节点、共识过程以及视图切换过程。通过测试进一步证明了该改进算法的实用性,并将该算法应用于电网企业中,构建的虚拟仓库实现了联储联备,降低了库存资金的耗费,并且提高了电网企业库存管理的效率。     

A notary group-based cross-chain mechanism

As an emerging distributed technology, blockchain has begun to penetrate into many fields such as finance, healthcare, supply chain, intelligent transportation. However, the interoperability and value exchange between different independent blockchain systems is restricting the expansion of blockchain. In this paper, a notary group-based cross-chain interaction model is proposed to achieve the interoperability between different blockchains. Firstly, a notary election mechanism is proposed to choose one notary from the notary group to act as a bridge for cross-chain transactions. Secondly, a margin pool is introduced to limit the misconduct of the elected notary and ensure the value transfer between the involved blockchains. Moreover, a reputation based incentive mechanism is used to encourage members of the notary group to participate in cross-chain transactions. Ethereum-based experiments demonstrate that the proposed mechanism can provide an acceptable performance for cross-chain transactions and provide a higher security level than ordinary cross-chain mechanisms.     

An Optimal Stability Matching Algorithm for DAG Blockchain Based on Matching Theory

IOTA is a typical blockchain designed for IoT applications. The Markov chain monte carlo algorithm (MCMC) used in IOTA may lead to a large number of unverified blocks, which increases transaction delay to a certain extent. We propose a Stable matching algorithm (SMA) based on matching theory to stimulate nodes to verify blocks, thereby reducing the number of unverified blocks and the consensus delay. The structure of our IoT blockchain uses the Directed acyc1ic graph (DAG) to improve the transaction processing capability. The nodes in the network are abstracted as transaction issuers and transaction verifiers. A verification service scheduling system is used to assign transactions to the verifiers and achieve the optimal matching. We designed a trust evaluation mechanism which offers verifiers references and awards to check transactions. The simulation results show that SMA can significantly reduce the number of orphan blocks and improve the transaction throughput, which helps to improve the reliability of the IoT blockchain.     

Research on sybil attack in defense blockchain based on improved PBFT algorithm

Aiming at the problem that sybil attack has great harm to block chain technology,a method to improve the PBFT algorithm in the alliance chain to defend against sybil attacks was proposed.Firstly,using the idea of consensus algorithm based on proof of rights and interests,a reputation model was established,the reputation value of each node accorded to the behavior of each node in the consensus process was calculated,and different discourse rights accorded to the size of the reputation value was given.Then pre-commit phase was added to the PBFT algorithm to reduce the number of communication between nodes.The solution through formal analysis and reasoning and security testing shows that the improved PBFT algorithm can not only effectively defend against sybil attacks in the blockchain,but also make the performance of the blockchain system in terms of TPS and block generation delay.     

A systematic literature review of blockchain cyber security

Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008, blockchain has (slowly) become one of the most frequently discussed methods for securing data storage and transfer through decentralized, trustless, peer-to-peer systems. This research identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a systematic analysis of the most frequently adopted blockchain security applications. Our findings show that the Internet of Things (IoT) lends itself well to novel blockchain applications, as do networks and machine visualization, public-key cryptography, web applications, certification schemes and the secure storage of Personally Identifiable Information (PII). This timely systematic review also sheds light on future directions of research, education and practices in the blockchain and cyber security space, such as security of blockchain in IoT, security of blockchain for AI data, and sidechain security.     

量子计算在信息安全中的潜在应用与挑战

文中旨在研究量子计算在信息安全中的潜在应用与挑战。通过分析量子计算的潜在应用以及量子计算对传统加密算法的影响,深入探索了量子计算时代的信息安全挑战,具体包括量子计算对云安全的潜在威胁、量子计算对区块链技术的影响以及量子计算对物联网（IoT）设备安全产生的影响,同时提出了应对这些挑战的对策。     

Big Data Architecture for Scalable and Trustful DNS based on Sharded DAG Blockchain

Internet applications remain exposed to pervasive Domain Name System (DNS)–based threats. Blockchain technologies provide a new way for tackling DNS vulnerability issues, and have been highlighted recently. However, traditional blockchain is still not well suited for big data applications such as DNS, because the performance of blockchain consensus greatly limits its practical adoption. In this paper, we present DagGridLedger, a sharded directed acyclic graph (DAG) blockchain that provides scalable big data architecture for trustful DNS management. To achieve this goal, DagGridLedger proposes a radical new architecture that combines blockchain sharding and DAG techniques on the DNS resolver side, thereby making it a promising solution to enhance the security and stability of large-scale DNS system. To be specific, DagGridLedger provides a blockchain structure targeting DNS application, which employs a high-performance DAG consensus algorithm named DagGrid. DagGrid consensus realizes a multi-DNS negotiation mechanism through block sharding in generating a block. With an improved asynchronous leaderless Byzantine consensus, DagGrid implements total order determination, which guarantees the trustful DNS management. Further experiments verified the performance of DagGridLedger as well as the applicability of the proposed blockchain architecture in traditional DNS. To this end, DagGridLedger consistently achieves a big data architecture for secure DNS record management, with a novel shared DAG consensus designed for high throughput. This makes DagGridLedger a promising architecture for highly secure and efficient DNS solution.

     

A blockchain future for internet of things security: a position paper

Internet of Things (IoT) devices are increasingly being found in civilian and military contexts, ranging from smart cities and smart grids to Internet-of-Medical-Things, Internet-of-Vehicles, Internet-of-Military-Things, Internet-of-Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English since January 2016. We make a number of observations, including the lack of publicly available IoT datasets that can be used by the research and practitioner communities. Given the potentially sensitive nature of IoT datasets, there is a need to develop a standard for sharing IoT datasets among the research and practitioner communities and other relevant stakeholders. Thus, we posit the potential for blockchain technology in facilitating secure sharing of IoT datasets (e.g., using blockchain to ensure the integrity of shared datasets) and securing IoT systems, before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential research questions.     

基于联盟链的运营商最佳缓存策略

基于区块链的边缘缓存技术可以实现更大范围的内容共享并提高缓存内容的使用效率。针对不同运营商各自建设边缘设备,缓存内容相互隔离,难以共享信息的问题,该文提出一种基于联盟链的边缘缓存系统框架并设计了内容共享和交易流程,实现了不同运营商之间的内容共享。此外,为了降低高维缓存节点的共识开销,设计了基于内容缓存的部分实用拜占庭容错(pPBFT)共识机制,仅选取缓存相关内容的联盟链节点作为验证智能合约的执行节点。最后,将运营商内容共享所带来的收益进行量化并构建为最大化收益的优化问题。通过所提出的内容缓存算法,得到了最优缓存决策的闭式表达式和与内容流行度相关的最优缓存策略。仿真结果表明,在该框架中所提出的共识机制和缓存策略能够有效增加运营商的缓存收益。     

Capability-based IoT access control using blockchain

Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.     

Blockchain-driven distributed consensus mechanism in defensing Byzantine attack for the Internet of spectrum device

To meet the requirement of the precisely spectrum sharing triggered by large-scale and ultra-dense deployment of mobile internet and internet of things,a framework based on blockchain technology for networking the massive personal wireless devices to form the Internet of spectrum device (IoSD) was proposed.The architecture of cloud with edge computing was proposed as the architecture of IoSD,which consists of spectrum management server,mobile base station,and personal wireless devices.The mechanism of spectrum data acquisition,spectrum block appending,spectrum data transmission,and spectrum sensing incentive,consist of basic operational mechanism of IoSD.The distributed consensus mechanism,including fusion consensus among sensing-nodes,verification consensusamong checking-nodes,and confirmation consensus among head-nodes,was applied to determine whether the spectrum data was falsified by the Byzantine attack of malicious sensing-nodesunder the hypothesis test of certain confidence.The simulation results show the effectiveness and robustness of proposed distributed consensus mechanism in preventing spectrum sensing data falsification by the malicious nodes.     

Integration of Internet of Things and blockchain technology in healthcare domain: A systematic literature review

Healthcare is a vitally important field in the industry and evolving day by day in the aspect of technology, services, computing, and management. Its potential significance can be increased by incorporating Internet of Things (IoT) technology to make it smart in the aspect of automating activities, which is then further reformed in the healthcare domain with the help of blockchain technology. Blockchain technology provides many features to IoT-based healthcare domain applications such as restructuring by securing traditional practices, data management, data sharing, patient remote monitoring, and drug analysis. In this study, a systematic literature review has been carried out in which a total of 52 studies were selected to conduct systematic literature review from databases PubMed, IEEE Access, and Scopus; the study includes IoT technology and blockchain integration in healthcare domain-related application areas. This study also includes taxonomy that mentions the aspects and areas in healthcare domain incorporating the traditional system with the integration of IoT and blockchain to provide transparency, security, privacy, and immutability. This study also includes the incorporation of related sensors, platforms of blockchain, the objective focus of selected studies, and future directions by incorporating IoT and blockchain in healthcare domain. This study will help researchers who want to work with IoT and blockchain technology integration in healthcare domain.