基于纠删码的区块链存储优化

区块链具有去中心化、不可篡改、可追溯以及公开透明等特性,可以解决去中心化网络中节点之间相互不信任的问题,为构建价值互联平台提供了可能.然而,区块链要求每个节点都存储一份完整的数据,以高存储冗余来保证数据的可靠性,给节点带来了巨大的存储压力,降低了存储资源的利用效率,也导致系统的存储可扩展性成为区块链性能的一个瓶颈.采用...     

基于区块链和动态累加器的跨域认证方案

基于区块链的跨域认证利用区块链代替传统的CA机构颁发区块链证书,借助区块链的去中心化和透明性,实现了信任的去中心化;针对现有基于区块链的跨域认证存在着跨域认证效率不高,没有完整的证书管理功能、区块链存储证书开销大的问题,提出了基于区块链和动态累加器的跨域认证方案,设计了区块链证书格式,描述了跨域认证协议,将区块链证书信息映射为累加值,提升了验证效率,通过在智能合约中构建动态累加器,实现证书的注册,撤销和查询功能;实验结果表明,该方案能够有效降低区块链证书存储成本,提升跨域认证效率.     

基于混合算法区块链和节点身份认证的数据存储方案

为了增强云数据存储的完整性和安全性,在无线传感器网络（WSN）中,提出一种基于混合算法区块链的数据存储方案,以及一种集成身份验证和隐私保护的去中心化框架。首先,簇头将采集到的信息传递至基站,而基站在分布式区块链上记录所有关键参数,并传递至云端存储。然后,为了获得更高的安全等级,合并椭圆曲线加密（ECC）的160位密钥与高级加密标准（AES）的128位密钥,并在云存储层之间进行密钥对交换。基于混合算法的区块链结合身份验证方案可以很好地保证云数据的安全性存储,因此所提方案在安全性方面较为优秀。此外,恶意节点可通过基站从区块链中直接移除并撤销认证,方便快捷。仿真结果表明,与去中心化的区块链信息管理（BIM）方案、基于信任和分布式区块链评估的安全定位（DBE）算法和利用密钥衍生加密和数据分析（KDE-DA）管理方案相比,所提方案在延迟、吞吐量、计算开销方面具有一定的优越性。     

基于区块链的云存储安全研究进展

云存储使得用户能够随时随地通过网络连接按需获取廉价的在线存储服务,但因云服务提供商、第三方机构和用户的不可信以及不可避免的恶意攻击,存在诸多云存储安全漏洞.区块链拥有去中心化、持久性、匿名性和可审计性的特点,具有建立可信平台的潜力.因此,基于区块链技术的云存储安全机制研究已成为一种研究趋势.据此,首先概述云存储系统安全架构与区块链技术的安全性,然后从访问控制、完整性验证、重复数据删除和数据溯源4个方面进行文献综述与对比分析,最后对基于区块链的云存储安全进行技术挑战分析,并总结全文与展望未来.     

基于区块链技术的跨境商品授权与存证系统

随着海外产品在国内市场的推广,做好跨境电商的信任机制和防伪工作成为了新的技术难点。传统的集中式存储方式容易受到信息篡改的威胁,传统的第三方交易平台提供的信任机制无法满足物联网信息高度自动化趋势的需求。基于区块链技术记录交易信息,设计智能合约进行分级授权。利用基于身份的数字签名技术实现信息认证,提出一种授权与存证方案,并且做了相关的仿真实验,实现了一个去中心化、安全可靠的海外入境商品的授权与存证中心化系统。     

基于区块链的监控视频数据存储模型研究

监控设备生成海量的视频数据，由于管理不善、维护不力和人为删除等原因，存在监控视频数据的丢失和篡改等问题。在研究云存储和区块链的基础上，结合区块链去中心化、难篡改和可溯源等特性，提出一种基于区块链的监控视频数据存储模型。监控视频数据存储在单位的云存储服务器，监控视频数据的哈希值等元数据存储在区块链，云存储技术实现监控视频数据的海量存储和便捷访问，区块链技术实现上链监控视频数据的防篡改和防删除，对于提高监控视频数据的安全性和可靠性有一定的应用价值。     

区块链在水利行业政府网站防篡改中的应用研究

水利行业各级政府网站所发布的信息应该及时、准确、权威,信息一旦被篡改,将会严重影响国家安全,损坏水利政府部门公信力和形象,传统防篡改系统存在默认信任特定节点,底稿存储不可靠等问题。为更好地保障水利行业政府网站信息安全,降低入侵风险,通过研究区块链的分布式记账原理和可信去中心化特点,提出一种基于区块链和分布式存储的新型防篡改系统。利用区块链的去中心化的信任机制和分布式存储的安全性,新型防篡改系统能够消除单点薄弱环节,可靠存储底稿文件,不需信任特定节点。测试结果表明：与传统防篡改系统相比,新型防篡改系统能够更好地满足水利行业政府网站在防篡改领域的需求,保证水利行业政府网站发布的内容得到有效保护,保护水利行业政府网站免遭篡改的侵害。     

区块链技术在数字资产安全交易中的应用

针对传统数据资产交易平台依靠中心化的管理机构完成交易过程,不能保证数据资产交易过程中的安全性的弊端,利用区块链技术去中心化、去信任、难以篡改等技术特征.提出了一种基于区块链技术的新型数字资产安全交易方法.首先阐明传统数字资产交易平台的弊端,剖析了区块链技术在数据资产安全交易中的关键技术;其次,分别从数据存储、交易信息加密、验证节点间的共识算法方面提出具体的实施方案;最后,针对数据资产交易过程中的验证节点共识算法进行验证分析,实验结果表明,本文所提出的方法能很好的适用于数字资产安全交易.     

基于动态累加器的去中心化加密搜索方案

近年来区块链技术取得广泛关注,涌现出众多基于区块链技术的新型应用,其中以 StorJ、Filecoin为代表的去中心化存储应用取得了较好的市场反响。对比传统中心化存储,去中心化存储为用户提供了全新的数据存储思路,令用户在获得更好的服务伸缩性的同时,有效降低数据存储的成本。但在现有的去中心化存储方案中,用户的隐私不能得到有效保护。基于此,介绍了一种利用加密搜索技术对去中心化存储方案进行加强的方法。新方法将动态累加器算法引入加密搜索过程中,保障用户存储内容隐私并提供了更好的加密搜索性能。     

一种弱中心化的银行可信数据管理方案

针对传统银行系统的中心化数据存储模式高效便捷但不透明、而新兴的去中心化的应用系统公开透明但共识机制低效的问题,提出了一种面向银行系统的总分双链的弱中心化可信数据管理方案。该模式的核心思想是应用区块链技术打造彼此交叉且相互印证的总分双链的数据存储结构,并利用分户账回溯定位技术,结合大量轻客户端基于密码学技术的分布式监督为个体提供交易验证的可能,从而实现数据的中心化可信存储与管理。它将中心化的数据存储与去中心化的数据验证相结合,从而兼有中心化管理的高效性和分布式机制的透明性,其本质上是一种民主监督下的中心模式,在满足银行独立,完全掌控数据的同时能够自证清白,并兼顾隐私与监督之间的平衡。     

ERSChain: Towards secure and flexible educational resource sharing using consortium blockchain and revocable ciphertext-policy attribute-based encryption

Sharing high-quality educational resources has become an effective way to promote educational equity. The traditional educational resource sharing platforms using centralized storage architecture have security issues. Recently, many studies use blockchain to achieve secure sharing of educational resources. However, the existing blockchain-based educational resource sharing schemes only use blockchain as a storage tool, and have issues such as low sharing efficiency, without considering copyright security, and lack of a trusted sharing environment, which prevents the large-scale sharing of educational resources. In response, we propose ERSChain, a novel blockchain-based educational resources sharing solution. First, we put forward a hybrid storage method that keeps the hash value of resource in the blockchain and stores the encrypted resource in the off-chain, which can alleviate the storage and computing pressure brought by massive educational resources while ensuring the integrity of resources. Second, we construct an efficient revocable ciphertext-policy attribute-based encryption algorithm to implement flexible access control and an outsourced decryption algorithm to achieve greater efficiency. Obtaining access to educational resources is possible when user's attributes meet the access policy and the user's identity does not exist in the revocation list. Third, we put forward a credit mechanism to adjust the user's credibility and a credit-based consensus mechanism to maintain the trusted sharing environment. Finally, security analysis and plentiful of experiments demonstrate that our proposed ERSChain achieves security assurance, has better applicability than similar works, and enables large-scale sharing of educational resources.     

基于云平台的区块链组网方案及数据共享存储机制

为解决在区块链上进行数据存储和共享过程中面临的交易确认效率低以及存储空间利用率低的问题,本文提出一种基于云平台部署的区块链组网方案以及与其适配的数据共享存储方案。首先,通过对传统的全连接区块链组网进行分解和重构,形成一种基于子网的非全连接组网方案,将交易确认的范围限定在有限的节点之内;其次,通过将数据依次划分为事务数据-敏感状态数据-非敏感状态数据3个层次进行管理,节点只保存与状态转移相关的事务数据以保障不可篡改性,状态数据则在云平台上实现不同程度的共享存储,最大限度优化了存储空间。实验结果表明,该方案可为区块链中可信数据的存储和共享提供新的思路。     

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality. The privacy of health data can only be preserved by keeping it in an encrypted form, but it affects usability and flexibility in terms of effective search. Attribute-based searchable encryption (ABSE) has proven its worth by providing fine-grained searching capabilities in the shared cloud storage. However, it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations. In a healthcare cloud-based cyber-physical system (CCPS), the data is often collected by resource-constraint devices; therefore, here also, we cannot directly apply ABSE schemes. In the proposed work, the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network. Thus, it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS. With the assistance of blockchain technology, the proposed scheme offers two main benefits. First, it is free from a trusted authority, which makes it genuinely decentralized and free from a single point of failure. Second, it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network. Specifically, the task of initializing the system, which is considered the most computationally intensive, and the task of partial search token generation, which is considered as the most frequent operation, is now the responsibility of the consensus nodes. This eliminates the need of the trusted authority and reduces the burden of data users, respectively. Further, in comparison to existing decentralized fine-grained searchable encryption schemes, the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users. It has been verified both theoretically and practically in the performance analysis section.      

基于区块链的云制造系统内可信资源调度方案

针对目前云制造系统中存在的各参与主体间信任问题以及资源调度效率问题,研究了将区块链技术应用于云制造系统中.首先,阐述了区块链技术应用于云制造系统的意义,提出了一种基于区块链技术的云制造系统;其次,设计了基于智能合约的制造资源调度方式,构建制造成本最小、时间最短、合格率最高的资源调度模型并用差分进化算法进行求解;最后,进行实验仿真.结果表明,基于区块链技术的智能合约内进行资源调度方法在保证了系统内各参与主体间相互信任的同时,有效地提高了云制造系统的资源调度效率和资源调度方案的优越性.     

云信任驱动的物联网信息资源分层共享仿真

针对传统的物联网信息资源分层共享方法存在开销大等问题,提出云信任驱动的物联网信息资源分层共享方法。根据物联网中心资源模型,将物联网信息资源分为时间模型、Web负载模型以及信息资源中心传输模型。全面分析物联网信息中心资源对外提供的服务以及各个资源基本模型之间的交互关系,组建物联网信息中心资源分层共享模型,采用自适应粒子群算法优化分层模型的早熟收敛问题,实现云信任驱动的物联网信息资源分层共享。经仿真证明,所提方法具有开销小、检索快速以及资源利用率高的问题。     

基于区块链网络的医疗记录安全储存访问方案

针对在当前医疗系统中医疗记录授权流程繁琐、记录分享效率低下和身份验证困难问题，提出一种结合区块链技术与密码学的非对称加密技术的方法，将非对称加密技术的安全性高、多方协作简单等特性应用到区块链技术构成的点对点网络中，实现医疗记录跨域分享的可追踪、数据的不可篡改和身份验证的简化。首先，基于区块链技术的不可篡改性结合非对称加密技术，设计了文件同步合约和授权合约，其分布式储存优势保证了用户医疗信息隐私。其次，跨域获取合约的设计能够有效验证数据分享双方身份以及提高身份验证效率，不需要第三方公证机构便可安全过滤非合法用户。仿真实验结果显示，所提出的方案相比传统使用云计算方法解决医疗记录分享问题的方案，在数据防盗窃、多方身份验证和节约系统开销方面有明显优势。该方案对利用区块链的去中心化、可审计等优点解决数据分享过程中的安全问题提供了参考，为解决数据跨域分享、跨域身份验证问题提供了借鉴思路。     

Trusted data sharing with flexible access control based on blockchain

Along with the progress of cloud service, a growing quantity of data owners store their data on cloud databases, which can not only reduce data owners’ storage cost but also provide a quick search function. However, while cloud storage brings some conveniences to users, new privacy problems may emerge, such as the leakage of data privacy and user’s query privacy. The best way of protecting data privacy is to encrypt the data. So how to efficiently retrieve the ciphertext to make it available becomes a hot issue in recent years. In this paper, new searchable encryption with multiple keywords is described, it can improve the accuracy of retrieval results, and we present a secure and trusted data sharing framework based on attribute-based encryption (ABE), searchable encryption, and blockchain. Unlike the previous studies, we realize flexible data sharing by using ABE. Furthermore, we transfer the related calculation of ciphertext retrieval to blockchain for credible execution without relying on any trusted third party. The security analysis proves that our method meets the proposed security requirements of data, keyword index, trapdoor, and query. Finally, the experimental results indicate that our scheme suggested has certain practicability and efficiency.     

基于区块链的安全电子选举方案

当前电子选举方案主要存在两个矛盾点：一是既要保证选举行为的合法合规性,又要保证选举过程的匿名性;二是既要保证选票信息的隐私保密要求,又要保证选举结果的公众可验证性。针对这些矛盾,提出一种基于以太坊区块链和零知识证明的去中心化的安全电子选举方案。在该方案中,利用非交互式零知识证明算法和区块链去中心化架构设计了选民身份合法性零知识证明和选票合法性零知识证明;利用智能合约和Paillier密码体制实现无需可信第三方计票机构的自动计票。理论分析和模拟实验结果表明,在没有中心信任机构的条件下,该方案满足电子选举安全性要求,可应用于小型社区选举。     

Blockchain-Based Secured IPFS-Enable Event Storage Technique With Authentication Protocol in VANET

In recent decades, intelligent transportation systems (ITS) have improved drivers’ safety and have shared information (such as traffic congestion and accidents) in a very efficient way. However, the privacy of vehicles and the security of event information is a major concern. The problem of secure sharing of event information without compromising the trusted third party (TTP) and data storage is the main issue in ITS. Blockchain technologies can resolve this problem. A work has been published on blockchain-based protocol for secure sharing of events and authentication of vehicles. This protocol addresses the issue of the safe storing of event information. However, authentication of vehicles solely depends on the cloud server. As a result, their scheme utilizes the notion of partially decentralized architecture. This paper proposes a novel decentralized architecture for the vehicular ad-hoc network (VANET) without the cloud server. This work also presents a protocol for securing event information and vehicle authentication using the blockchain mechanism. In this protocol, the registered user accesses the event information securely from the interplanetary file system (IPFS). We incorporate the IPFS, along with blockchain, to store the information in a fully distributed manner. The proposed protocol is compared with the state-of-the-art. The comparison provides desirable security at a reasonable cost. The evaluation of the proposed smart contract in terms of cost (GAS) is also discussed.