CN109246137B - Block chain-based safety protection method and device for maritime combat data - Google Patents

Block chain-based safety protection method and device for maritime combat data Download PDF

Info

Publication number
CN109246137B
CN109246137B CN201811237478.0A CN201811237478A CN109246137B CN 109246137 B CN109246137 B CN 109246137B CN 201811237478 A CN201811237478 A CN 201811237478A CN 109246137 B CN109246137 B CN 109246137B
Authority
CN
China
Prior art keywords
data
block chain
algorithm
constructing
consensus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811237478.0A
Other languages
Chinese (zh)
Other versions
CN109246137A (en
Inventor
关振宇
卞良旭
刘建伟
李大伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201811237478.0A priority Critical patent/CN109246137B/en
Publication of CN109246137A publication Critical patent/CN109246137A/en
Application granted granted Critical
Publication of CN109246137B publication Critical patent/CN109246137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain-based safety protection method and device for maritime combat data, wherein the method comprises the following steps: constructing a block chain-based marine military information system model; the PoS consensus mechanism can be verified efficiently by stepwise design from static state to dynamic state; constructing a trusted data storage mechanism with high dynamic network characteristics; constructing an attack tracing and tracing mechanism; and constructing a privacy protection mechanism for the trusted storage of the data. The method aims at the requirements of distributed trusted storage, privacy protection, attack traceability and the like of the maritime formation combat data, the private chain platform architecture of the maritime formation combat data is built, the actual cross-region interconnection requirements among the multi-stage security network information systems are effectively met, and the safety and the reliability of the maritime combat data safety protection system are improved.

Description

Block chain-based safety protection method and device for maritime combat data
Technical Field
The invention relates to the technical field of block chain safety, in particular to a block chain-based safety protection method and device for maritime combat data.
Background
Conventional combat data security systems and corresponding management mechanisms suffer from a number of deficiencies. The design of the currently adopted combat data safety protection system mainly depends on the traditional network technology and is based on a central data storage and processing mode, so that the problems of easy attack by enemies, easy privacy exposure, difficult safety guarantee and the like exist. Therefore, with the change of information technology development, the construction of a combat data security protection system is required to be continuously improved and innovated, so that the military information confidentiality requirement under a new situation can be met, and the smooth progress of the modern construction of our army is guaranteed.
Blockchains are an decentralized infrastructure that has grown with the increasing popularity of digital cryptocurrency, such as bitcoin. The unique working mechanism of the whole network authentication enables the block chain to have the characteristics of being not falsifiable and not forged, and therefore the safety and the stability of the system are guaranteed. After the development and improvement of several years, the blockchain gradually becomes a novel distributed, decentralized and distrusted technical scheme. In recent years, the blockchain has gradually separated from bitcoin and independently becomes a hot spot of network technology innovation, and a brand-new data distributed storage technology is created, and the application of the blockchain is more and more concerned. The block chain technology arouses subversive innovation in numerous fields such as finance, economy, military, science and technology, society and life and the like, and a new round of information technology revolution and application are initiated.
According to the actual combat situation, the maritime combat formation has the characteristics of unfixed organization network, flexible and changeable topological structure and the like. Under the complex and changeable marine combat environment, the multi-information processing needs more flexible data system structure support, and the safety and the reliability of information transmission are ensured. In a traditional central data system, data are processed and verified by a central node, and once the central node fails in the marine battle or is intercepted and damaged by an enemy, the safety and reliability of the whole marine formation information system are fatally affected.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art.
To this end, an object of the present invention is to provide a block chain-based method for securing marine operational data. The method aims at the requirements of distributed credible storage, privacy protection, attack traceability and the like of the maritime formation combat data, a private chain platform architecture model of the maritime formation combat data is built, and the safety and the reliability of a maritime combat data safety protection system are improved.
Another object of the present invention is to provide a safety device for maritime combat data based on a block chain.
In order to achieve the above object, an embodiment of the present invention provides a block chain-based safety protection method for maritime combat data, including the following steps: constructing a block chain-based marine military information system model; the PoS consensus mechanism can be verified efficiently by stepwise design from static state to dynamic state; constructing a trusted data storage mechanism with high dynamic network characteristics; constructing an attack tracing and tracing mechanism; and constructing a privacy protection mechanism for the trusted storage of the data.
The block chain-based maritime combat data security protection method of the embodiment of the invention applies a verifiable anti-bias distributed random number generator in a block chain system through a private chain security model construction technology, a private chain consensus technology, a zero-knowledge proof technology and the like, ensures the requirements of efficiency, security and reliability under the premise of ensuring throughput and network scale, breaks through a fine-grained dynamic management and cross-domain authentication technology based on an ABE hierarchical multi-center on-chain data access control scheme and a traceable and traceable group anonymity authentication technology, combines the whole network public characteristic of a block chain model to form a set of trusted data storage mechanism supporting the functions of multiple security levels, cross-trust domain, attack traceable and the like, effectively meets the actual requirements of cross-regional interconnection among multi-level traceability information systems, and realizes effective tracing of a stored data entity, and the dependence of the system on the central node can be weakened, and the robustness and the safety of the offshore formation data safety system are enhanced.
In addition, the safety protection method for maritime combat data based on the block chain according to the above embodiment of the invention may further have the following additional technical features:
further, in an embodiment of the present invention, the building a block chain-based marine military information system model further includes: according to the user layer of the user and the client main body, the lower layer data is read and written and the target function is realized by operating the lower layer information management system; taking a management system layer of a centralized service node as a main interface of the whole system to manage and supervise a lower-layer distributed block chain data structure; according to a super node network layer of a block chain, all nodes are distributed on each main communication base station and a ship on the sea according to the current requirement, the data of the whole lower layer is maintained in a consensus mode through PoS, the support of an intelligent contract is provided, and the identity recognition and account management of the upper layer are achieved; and constructing a data layer based on the block chain structure according to the current functional requirements, wherein the data layer further comprises background data of the offshore military system, position information data of each unit of the offshore operation and high-security requirement data.
Further, in an embodiment of the present invention, the designing the efficient verifiable PoS consensus mechanism further includes: designing a consensus algorithm under the fixed state of committee members and the leader to ensure that other normal nodes are not influenced when partial nodes are in failure; determining a committee establishment mode in the consensus network, wherein the committee membership acquisition mode and the leader election mode are included. The external verification protocol is designed to provide the ability to detect the correctness of the consensus result.
Further, in an embodiment of the present invention, the constructing the trusted data storage mechanism with high dynamic network characteristics further includes: generating a first access control scheme according to a battlefield intelligence fine granularity of a multi-center CP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000021
Figure BDA0001838546930000031
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () manages the private key ask of the center itselfkFor input, the GID is a global identifier,
Figure BDA0001838546930000032
in order to be a collection of attributes,
Figure BDA0001838546930000033
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000034
Figure BDA0001838546930000035
Dec(C,uskk)→M or NULL;
integrity of the stored in-chain data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification.
Further, in an embodiment of the present invention, the constructing the attack tracing and tracing responsibility mechanism further includes: analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain; aiming at the safety audit and supervision problems stored on a combat data chain, on the basis of the block chain consensus network, a group signature general structure suitable for the existing block chain system is designed by using a short random signature technology to realize the audit and supervision of the credible storage of the combat data.
Further, in an embodiment of the present invention, the constructing a privacy protection mechanism for trusted storage of data further includes: concealing participant identities and data by non-interactive zero-knowledge proof, comprising:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
In order to achieve the above object, an embodiment of another aspect of the present invention provides a safety protection device for maritime combat data based on a blockchain, including: the building module is used for building a block chain-based marine military information system model; a design module for progressively designing a highly efficient verifiable PoS consensus mechanism from static to dynamic; the storage module is used for constructing a trusted data storage mechanism with high dynamic network characteristics; the tracking module is used for constructing an attack tracing and tracing mechanism; and the protection module is used for constructing a privacy protection mechanism of the trusted data storage.
The block chain-based maritime combat data safety protection device of the embodiment of the invention applies a verifiable anti-bias distributed random number generator in a block chain system through a private chain safety model construction technology, a private chain consensus technology, a zero-knowledge proof technology and the like, ensures the requirements of efficiency, safety and reliability under the premise of ensuring throughput and network scale, breaks through a fine-grained dynamic management and cross-domain authentication technology based on an ABE hierarchical multi-center on-chain data access control scheme and a traceable group anonymous authentication technology, combines the whole-network public characteristic of a block chain model to form a set of trusted data storage mechanism supporting the functions of multiple safety levels, cross trust domain, attack traceable sources and the like, effectively meets the actual requirements of cross-region interconnection among multi-level traceability information systems, and realizes effective tracing of a stored data entity, and the dependence of the system on the central node can be weakened, and the robustness and the safety of the offshore formation data safety system are enhanced.
In addition, the safety protection device based on block chain marine combat data according to the above embodiment of the invention can also have the following additional technical features:
further, in an embodiment of the present invention, the building module further includes: the read-write unit is used for realizing the read-write and target functions of the lower layer data by operating the lower layer information management system according to the user and the user layer of the client main body; the management unit is used for taking a management system layer of the centralized service node as a main interface of the whole system so as to manage and supervise a lower-layer distributed block chain data structure; the distribution unit is used for distributing all the nodes on each main communication base station and ship on the sea in a distributed manner according to the current requirements according to the super node network layer of the block chain, realizing consensus maintenance of the whole lower-layer data through PoS, providing support of an intelligent contract and realizing identity recognition and account management of the upper layer; and the processing unit is used for constructing a data layer according to the current functional requirement based on the block chain structure.
Further, in an embodiment of the present invention, the design module is further configured to design a consensus algorithm in a fixed state of committee membership and leader, so as to ensure that when some nodes fail, other normal nodes are not affected, determine a formation mode of the committee in the consensus network, including committee membership acquisition and leader election, and design an external verification protocol to provide an ability to detect the correctness of the consensus result.
Further, in an embodiment of the present invention, the storage module is further configured to generate a first access control scheme according to battlefield intelligence granularity of the multi-center CP-ABE, including:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000041
Figure BDA0001838546930000042
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () manages the private key ask of the center itselfkFor input, the GID is a global identifier,
Figure BDA0001838546930000051
in order to be a collection of attributes,
Figure BDA0001838546930000052
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000053
Figure BDA0001838546930000054
Dec(C,uskk)→M or NULL;
and the integrity of the stored in-chain data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification.
Further, in an embodiment of the present invention, the tracking module further includes: the analysis unit is used for analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain; and the auditing unit is used for designing a group signature general structure suitable for the existing block chain system by using a short random signature technology on the basis of the block chain consensus network aiming at the safety auditing and monitoring problems stored on the operational data chain so as to realize the auditing and monitoring of the credible storage of the operational data.
Further, in one embodiment of the present invention, the protection module is further configured to verify hiding participant identities and data through non-interactive zero knowledge, comprising:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart of a block chain based method for securing marine operational data according to one embodiment of the present invention;
FIG. 2 is a block diagram of a technical solution of a block chain-based method for securing marine combat data according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating the overall design of the safety protection method for marine combat data based on block chains according to an embodiment of the present invention;
FIG. 4 is a data main chain structure diagram of a block chain-based safety protection method for maritime combat data according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an onboard subchain of a safety protection method for maritime combat data based on a block chain according to an embodiment of the invention;
fig. 6 is a schematic structural diagram of a safety device for marine combat data based on a block chain according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The method and the device for safeguarding marine combat data based on a block chain according to an embodiment of the present invention will be described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a safety protection method for marine combat data based on a block chain according to an embodiment of the present invention.
As shown in fig. 1, the safety protection method for maritime combat data based on the block chain comprises the following steps:
in step S101, a block chain-based marine military information system model is constructed.
Further, in an embodiment of the present invention, constructing a block chain-based marine military information system model further includes: according to the user layer of the user and the client main body, the lower layer data is read and written and the target function is realized by operating the lower layer information management system; taking a management system layer of a centralized service node as a main interface of the whole system to manage and supervise a lower-layer distributed block chain data structure; according to a super node network layer of a block chain, all nodes are distributed on each main communication base station and a ship on the sea according to the current requirement, the common identification maintenance of the whole lower-layer data is realized through a rights and interests certification algorithm (PoS), the support of an intelligent contract is provided, and the identity recognition and account management of the upper layer are realized;
based on the block chain structure, a data layer is constructed according to the current functional requirements, including but not limited to background data of a marine military system, position information data of each unit of marine operation, high-security-level requirement data and the like.
Specifically, as shown in fig. 2, the building block chain-based marine military information system model proposed by the present invention can be divided into four layers:
1) based on the user and the user layer of the client main body, reading and writing the lower layer data and realizing partial functions by operating the lower layer information management system;
2) a management system layer based on a centralized service node is used as a main interface of the whole system to manage and supervise a lower-layer distributed block chain data structure;
3) all nodes can be distributed on each main communication base station and a ship on the sea according to actual requirements, common identification maintenance of the whole lower-layer data is realized through PoS, support of an intelligent contract is provided, and functions of identity recognition, account management and the like of an upper layer are realized;
4) the data layer based on the block chain structure comprises, but is not limited to, background data of a marine military system, position information data of units in marine operation, high-security requirement data and the like according to specific functional requirements.
The user layer is a user group consisting of different security personnel, a service request is sent to the system layer through a designated interface, and account management is realized through an ABE encryption and access control mechanism of block chain data. By means of the data storage mode of the block chain distributed system architecture, the attack to the centralized node is avoided, meanwhile, the robustness and the safety of the information system are enhanced, and the performance of communication load and single point fault is improved. The system layer is only used as an interface of a user with the network layer and the data layer and is responsible for centralized auditing of the whole block chain, and most functions are realized by a private chain node network in a P2P form through a standardized intelligent contract.
Secondly, the block chain-based marine combat data security protection method deeply analyzes the security strategy and security target of the marine combat information network, performs security analysis according to the security requirements of the marine combat information network and other security attributes such as a user domain and a network domain, and establishes a block chain-based marine military information system security model comprising a marine combat information network security function formalization model, an attacker model, a security certification method and technology. For complex information systems, the following provable security theories and methods are mainly used in the fields of information and network security:
1) the first is a symbol calculation method, which is mainly used for detecting whether a system has a bug or not, and the method does not ensure that the system is safe when the bug is not detected, and is suitable for performing system security analysis on a macroscopic level on the premise that the system adopts a basic algorithm and a protocol with known security;
2) the second one is a theorem proving method based on game, which can be used to deepen the safety of the basic safety algorithm and protocol used by the system, and is suitable for safety analysis of the system at the microscopic level, especially for safety analysis of the safety algorithm and protocol;
3) the third method is a combined security certification method, which proves that a secure system is still secure after being combined with other systems with the same security into a more advanced system, and thus is a strong guarantee of the security of a complex system, but some systems which are actually secure in practice may not be able to certify the security under the method. Because each method has respective advantages and application range, the embodiment of the invention improves and deepens according to the specific situation of the designed system and scheme, provides a formalized security model of the maritime combat information network, and further provides a formalized security definition of the system.
In step S102, the PoS consensus mechanism is validated efficiently in a static to dynamic stepwise design.
Further, in an embodiment of the present invention, constructing a block chain-based marine military information system model further includes: according to the user layer of the user and the client main body, the lower layer data is read and written and the target function is realized by operating the lower layer information management system; taking a management system layer of a centralized service node as a main interface of the whole system to manage and supervise a lower-layer distributed block chain data structure; according to a super node network layer of a block chain, all nodes are distributed on each main communication base station and a ship on the sea according to the current requirement, the data of the whole lower layer is maintained in a consensus mode through PoS, the support of an intelligent contract is provided, and the identity recognition and account management of the upper layer are achieved; and constructing according to the data layer of the block chain structure and the current functional requirement.
Specifically, a consensus mechanism is designed step by step in a static to dynamic sequence to realize efficient and verifiable characteristics and finally meet the requirements of network scale and throughput index, and the consensus mechanism comprises the following steps:
1) and a consensus algorithm under the fixed state of the design committee members and the leader ensures that other normal nodes are not influenced when partial nodes fail. Based on PoS, a new block generation protocol is designed, and blocks proposed by a leader can be accepted by all honest nodes in the committee when the committee fault node does not exceed 1/3, so that a block chain generation protocol under a committee structure fixed scene is constructed.
2) Determining a committee establishment mode in the consensus network, wherein the committee membership acquisition mode and the leader election mode are included. In order to adapt to the continuously enlarged network scale, a selection mode of a committee is designed, the communication cost among nodes is prevented from increasing too fast, a bias-resistant distributed random number algorithm is analyzed, the committee members are ensured to select randomly from all consensus nodes, and the selection result cannot be influenced by any participant, so that the selection process of an adversary control committee is avoided. In order to start the consensus protocol, one leader is needed to generate and distribute blocks in each round, reasonable leader election rules are designed, and the probability of enemies continuously electing the leader is reduced, so that the influence of attacks on the network performance is weakened.
On the basis, in order to improve the flexibility of the consensus network and support the nodes to dynamically join/leave the network, the system reconfigures the committee at regular time, so that the newly joined nodes can fully participate in the consensus and the influence of node leaving is eliminated. The reconfiguration protocol guided internally at the end of the design period focuses on the operating efficiency of the protocol, reduces the influence of reconfiguration on performance, and meanwhile, in order to avoid the internal nodes of the selective corruption committee of enemies and destroy the network consensus, analyzes the dynamic reconfiguration triggering conditions, designs the reconfiguration protocol guided externally, focuses on the safety, and ensures that the reconfiguration process cannot damage the network consensus.
3) And designing an external verification protocol to provide the capability of detecting the correctness of the consensus result. The embodiment of the invention can generate the correctness certificate when outputting the random number by the externally verified distributed random number generation algorithm, and applies the new random number algorithm to the committee building process to ensure that a supervisor can confirm that the committee building process is not attacked through the correctness certificate. The consensus result check protocol is designed so that the supervisor can confirm that the consensus agreement is working correctly and that the result is at least confirmed by node 2/3, the block is valid.
In step S103, a trusted data storage mechanism with high dynamic network characteristics is constructed.
Further, in an embodiment of the present invention, constructing a trusted data storage mechanism with high dynamic network characteristics further includes: generating a first access control scheme according to a battlefield intelligence fine granularity of a multi-center CP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000091
Figure BDA0001838546930000092
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () manages the private key ask of the center itselfkFor input, the GID is a global identifier,
Figure BDA0001838546930000093
in order to be a collection of attributes,
Figure BDA0001838546930000094
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000095
Figure BDA0001838546930000096
Dec(C,uskk)→M or NULL;
and the integrity of the stored in-chain data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification.
Specifically, in order to adapt to the characteristics of dynamic change of a military information network node topology structure, high fusion degree of a heterogeneous network and diversified communication modes and guarantee data security access and authority management in a military environment, the embodiment of the invention provides a multi-center-chain data access control strategy based on ABE and a data integrity verification method based on aggregation signature. The command center and each level command system of the system are responsible for distributing encryption keys for each level of combat unit members, the combat members are responsible for collecting battlefield information, setting access control authority aiming at contents and carrying out encryption processing and data integrity certification on data, block chain link points receive ciphertext information to complete cochain processing, and information receivers read the information according to self authority to complete combat deployment.
First, in order to adapt to different access environments in a battlefield, the embodiment of the invention adopts two sets of access control methods.
1) Battlefield information fine-grained access control scheme based on multi-center CP-ABE
In general information transmission, the identity of an information receiver is difficult to determine in consideration of the complex membership of a combat unit, and an information sender needs to ensure that only a receiver meeting conditions can correctly acquire detailed file information. Thus, embodiments of the present invention propose a multi-centric CP-ABE based battlefield intelligence fine-grained access control scheme. The scheme mainly consists of the following algorithms.
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]): the Setup () algorithm takes the public security parameter lambda as input, and outputs the system parameter Params necessary for accessing the control system, and the system attribute public and private key pairs (apk) of N management centersk,askk). Each management center has Params as system parameter input of its own system.
Figure BDA0001838546930000101
AkeyGen () to manage the central own private key, askkFor input, according to different GIDs and attribute sets
Figure BDA0001838546930000102
Private key usk for outputting request attribute for userk. AkeyGen () is independently operated by different authorities.
Figure BDA0001838546930000103
The Enc () algorithm takes the required access control policy and the message itself as input and outputs the encrypted ciphertext information. The algorithm may be executed by any member of the system and generate the necessary ciphertext information.
Dec(C,uskk) The → M or NU LL:dec () algorithm takes the encrypted message and the user's attribute private key as input, and if the user's private key meets the decrypted access control requirement, the algorithm outputs the decrypted clear text information, otherwise the algorithm outputs NU LL.
Through the algorithm, any member in the system can freely and safely share the information as required without worrying about the decryption of the information by members which do not meet the requirements, and the safety and the privacy of information transmission are ensured.
2) Battlefield instruction fine-grained access control scheme based on multi-center KP-ABE
Aiming at special battlefield command issuing and commanding, the situation that a long officer sacrifices, goes missing and the like exists in a battlefield environment is considered, and a command information receiver is uncertain, so that a battlefield command fine-grained access control scheme of multi-center KP-ABE is provided for ensuring command confidentiality and enabling combat members meeting preset conditions to acquire and execute commands. The scheme mainly comprises the following algorithms:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]): the Setup () algorithm takes the public security parameter lambda as input, and outputs the system parameter Params necessary for accessing the control system, and the system attribute public and private key pairs (apk) of N management centersk,askk). Each management center takes Params as system parameter input of the own system.
Figure BDA0001838546930000104
AkeyGen () algorithm manages the private key, ask, of the center itselfkFor input, based on different GIDs and access control policies
Figure BDA0001838546930000105
Private key usk for outputting request attribute for userk. AkeyGen () is independently operated by different authorities.
Figure BDA0001838546930000106
And the Enc () algorithm takes the attribute requirements of members which can be decrypted by the message and the message as input and outputs encrypted ciphertext information. The algorithm may be executed by any member of the system and generate the necessary ciphertext information.
Dec(C,uskk) The → M or NU LL:dec () algorithm takes the encrypted message and the user's attribute private key as input, and if the attribute requirement contained in the ciphertext meets the access control requirement embedded by the user's private key, the algorithm outputs the decrypted plaintext information, otherwise, the algorithm outputs NU LL.
Further, in contrast to the first scheme, in the second scheme, the recipient's private key defines the category of decryption information and, therefore, may be used to ensure secure, targeted delivery of battlefield instructions in a battlefield environment.
Secondly, the integrity of the stored in-chain data is ensured by using a data integrity verification technology based on the aggregated signature and a remote data holding and proving method. Data integrity verification is one of methods for ensuring data integrity, and focuses on ensuring the authenticity and availability of data itself, so that data can be prevented from being arbitrarily tampered. The embodiment of the invention adopts the identity-based aggregated signature to improve the existing signature scheme for ensuring the data integrity, and provides an efficient data integrity verification scheme by using batch verification of the aggregated signature, thereby improving the credibility and the safety of the data integrity verification, and simultaneously provides a heterogeneous data consistency verification method capable of supporting dynamic operations such as data modification, insertion, deletion and the like based on remote data holding certification.
In step S104, an attack tracing and tracing mechanism is constructed.
Further, in an embodiment of the present invention, the constructing an attack tracing and tracing responsibility mechanism further includes: analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain; aiming at the problems of safety audit and supervision stored on a combat data chain, on the basis of a block chain consensus network, a group signature general structure suitable for the existing block chain system is designed by using a short random signature technology to realize the audit and supervision of the credible storage of the combat data.
That is, in the combat data information system, the metadata of the combat data is highly sensitive, the accuracy requirement on the records of the combat data is extremely high, and at the same time, a perfect audit supervision and tracking responsibility tracing mechanism is required. The anonymous authentication and tracing responsibility scheme is an important mechanism for ensuring the anonymity, accuracy and traceability of the combat data. Therefore, the embodiment of the invention starts from the requirement of military information systems, and combines the characteristics of the combat data with the password schemes such as group signature and linkable ring signature to determine the anonymous authentication and tracking pursuit scheme according to the following introduced route.
Firstly, the operation data information system architecture based on the private chain and cryptographic technologies such as group signature and linkable ring signature are analyzed. The group signature has the characteristics of completeness, unforgeability, anonymity, traceability, irrelevance, frameless, unforgeable tracking verification, collusion attack resistance and the like, and in the linkable ring signature scheme, a plurality of signatures generated by the same signer have the linkable property. The two types of signature schemes are important password schemes for current anonymous authentication, but the two types of signature schemes cannot well meet the requirements of the system, the group signature scheme is difficult to support public deduplication of combat data, and the linkable ring signature scheme does not support identity tracking of a signer. The embodiment of the invention deeply analyzes the intrinsic reason of realizing the linkability of the group signature scheme and the linkability ring signature scheme, provides the link-traceable group anonymous authentication technology on the basis, and designs the anonymous authentication and tracing responsibility scheme suitable for the private chain combat data information system.
Secondly, aiming at the safety audit and supervision problems stored in a combat data chain, on the basis of the block chain consensus network, a group signature general structure suitable for the existing block chain system is designed by using a short random signature technology to realize the audit and supervision of the credible storage of the combat data, and on the premise of not changing the original block chain user certificate, the short random signature with user identity information is added as a tracking parameter to implement supervision operation. In addition to providing anonymous protection for users, group administrators can track the identity of signers with a held private key, if necessary. If the log content of the block chain is found to have recording abnormity, such as long-term mass data storage transaction of a specific user account, or external investigation shows that storage in a certain area for a certain period of time is suspicious, the signature of the sender is traceable to the monitoring authority, so the monitoring authority can correlate all transactions of the user, temporarily freeze the related account, and further request an authority with responsibility confirmation capability to intervene investigation, thereby completing responsibility judgment work. Therefore, the group signature technology is suitable for the centralized supervision of the private chain, and the penetrating attack tracing of the tracing mechanism to the data storage activity can be realized.
In step S105, a privacy protection mechanism for trusted storage of data is constructed.
Further, in an embodiment of the present invention, constructing a privacy protection mechanism for trusted storage of data further includes: concealing participant identities and data by non-interactive zero-knowledge proof, comprising:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
First, for a cryptographic method for security and privacy protection in a combat data storage system, embodiments of the present invention focus on the sensitive characteristics of the combat data itself and provide privacy protection policies for recorded data and user identities. In particular, privacy protection includes recording data, confidentiality of user identity, and organizational structure information of network authentication nodes, preventing such information from being obtained by external attackers, other users, or unauthorized access network nodes, to protect the information of the battle against confidentiality. To address the above privacy protection needs, embodiments of the present invention propose a key technique of non-interactive zero-knowledge proof for concealing participant identities and data. Zero-Knowledge Proof (Zero-Knowledge Proof) refers to a prover that can convince a verifier that a certain argument is correct without providing the verifier with any useful information, while not revealing any information about the provable message to the verifier. Compared with the interactive zero knowledge proof, the non-interactive zero knowledge proof does not need any interaction, only uses a short random string to replace the interaction process, and the prover P can publish the protocol, so that the person who takes any time to verify the protocol is effective, and the informal definition is as follows.
For the declaration s ∈L, the evidence w and the relationship R, (s, w) ∈ R, a non-interactive zero knowledge proof of knowledge protocol NIZK { s | (s, w) ∈ R } is mainly composed of the following algorithms.
c←KGen(1k),: the KGen () algorithm takes the public security parameter k λ as input and outputs a common character string c.
Pi ← Prove (c, s, w),: the save () algorithm is output by the participants for proof.
1/0 ← Verify (c, s, pi),: the Verify () algorithm is verified by the verifier. If the certification of the participant is accepted, 1 is output, otherwise 0 is output.
The zero knowledge proof protocol has the following three properties:
1) completeness is achieved. If both the proving party and the verifying party are honest and correct calculations are performed following each step of the proving process, the proving must be successful and the verifying party must be able to accept the proving party.
2) And (6) reliability. Nobody can impersonate the proving party, making this proof successful.
3) And zero knowledge. After the certification process is performed, the verifier only obtains the information that the certifier has this knowledge, but does not obtain any information about this knowledge itself.
Further, based on the zero-knowledge proof protocol, by combining with the existing group signature, ring signature or group encryption technology in cryptography, the unique anonymity of schemes such as group signature and the like is utilized, and the identity privacy protection of combat data storage and access users can be realized.
According to the development current situation and trend of a military data security and confidentiality mechanism and a block chain technology and oriented to the national strategic requirements, the block chain-based marine combat data security protection method carries out researches such as the system construction of a marine formation combat data private chain, an combat data private chain consensus mechanism, combat data private chain credible data storage, combat data private chain attack traceability, an combat data private chain privacy protection mechanism and the like, and solves the bottleneck problems of combat data private chain consensus based on rights and interests, private chain data model construction based on an account model, private chain combat data intelligent contract based on image completeness, private chain privacy protection based on zero-knowledge proof and the like, so that the block chain-based marine formation combat data application system is finally constructed.
In other words, the block chain-based method for safeguarding maritime combat data according to the embodiment of the present invention relates to the following main technologies:
first, a technique for constructing a private chain security model of combat data based on formal security certification. And accurately defining a system security model based on a formalized security certification method. The method comprises the steps of establishing a security model, accurately defining the function service, privacy information, activity time, computing capacity, the bearing range of a storage space and the like obtained by an attacker and a malicious node from a system, accurately defining an encryption algorithm and a security function used by data on a chain, namely a security level target to be achieved by the system, accurately defining a standardization standard and a code security audit mode under an intelligent constraint scene, and accurately defining a fault removal mechanism and a data fault tolerance mechanism aiming at the private chain node. A formalized safety certification method is used for providing theoretical support for the system and ensuring that the system has higher safety.
Second, a rights and interests certification based combat data private chain consensus technique. An efficient consensus protocol is crucial to system throughput. The traditional workload certification consensus protocol consumes a lot of resources, and the network can only achieve probabilistic consensus, so as to ensure the security, it needs to wait for a long confirmation time, and severely limits the number of transactions processed per second. The application of the research certainty consensus protocol in the block chain system is based on the rights and interests proving technology, and an efficient consensus scheme which can be verified, supervised and audited is supported.
Third, a private chain data model based on the account model is built. Due to the fact that identity identification attributes of the maritime combat data entities are diversified, the positions of the maritime combat data entities move across areas, multi-mode and multi-scene application environments with frequent attribute replacement and dynamically changed network topology are prone to being caused, and great difficulty is brought to safe and reliable storage of maritime combat data. Therefore, the block chain-based safety protection method for the maritime operational data realizes entity identity authentication and data integrity verification of the maritime operational data by adopting the account model-based private chain data model, so that the key scientific problem of identity authentication of data entities and integrity verification of credible data in multiple modes and multiple scenes is solved.
And fourthly, the intelligent contract is based on the smart private chain combat data. An intelligent contract is a computer protocol that propagates, validates, or executes contracts in an informational manner, and is the basis for implementing flexible programming and manipulation data for a blockchain system. Initially, the blockchain architecture employs simple script codes that are not graphically complete to program and control the transaction process, and with the development of technology, more complex and flexible intelligent contract-implementing scripting languages, such as etherhouses, have emerged. The research and design of the complete-picture private chain intelligent contract applicable to the maritime operational data safety protection system provides a safe and credible operational data storage environment, and is one of key technologies solved by the invention.
Fifth, privacy protection based on zero knowledge proof of knowledge. The privacy protection problem has become a key to the application of blockchain techniques to a variety of scenarios. Common blockchain applications provide privacy protection of participant identities with public keys as user pseudonyms and accounts. Because the account book of the whole network can be obtained in a public mode, an attacker can track the whole historical chain by the user address in the data record, the identity information of the user is revealed, and the privacy protection capability of the user is greatly weakened. The block chain-based marine combat data safety protection method in the embodiment of the invention adopts a zero-knowledge proof technology and combines other cryptographic schemes such as blind signature, group signature and ring signature to realize safety and privacy protection in the marine combat data trusted storage system.
Further, the embodiment of the invention provides a battle data private chain security model based on formal security certification, a battle data private chain common recognition mechanism based on rights and interests certification, a private chain data model based on an account model, a private chain battle data intelligent contract based on image completeness and private chain privacy protection based on zero knowledge certification aiming at the requirements of distributed trusted storage, privacy protection, attack traceability and the like of maritime formation battle data, so that a maritime formation battle data private chain platform architecture model is built.
In order to achieve the above object, the block chain-based safety protection method for maritime combat data according to the embodiment of the present invention combines the private chain-based safety model construction technology, the private chain consensus technology, the zero-knowledge proof technology, and other technologies, as shown in fig. 3, 4, and 5, and the technical solutions thereof are as follows:
1) and constructing a military private chain marine combat data safety protection system. Aiming at the functional requirements of the system, the embodiment of the invention provides an efficient and verifiable consensus protocol, a tracking mechanism capable of carrying out multi-stage encryption and monitoring anonymity, data storage capable of attacking traceability and a privacy protection scheme capable of proving safety, adopts a formalized proving mode to verify the system scheme, utilizes various evolution schemes to verify the reliability of the system, and is built under an untrusted environment, and efficient and reliable execution of distributed credible recording, hierarchical encryption storage, data and node privacy protection, attack traceability and intelligent decision of maritime military data is realized.
2) A highly efficient verifiable PoS consensus protocol. The block chain of the embodiment of the invention needs to be generated through an efficient consensus protocol so as to improve the throughput rate of the system. In order to avoid the pressure of network scale increase on network bandwidth and node computing power, a fixed node committee mechanism can be used for improving network expandability. The nodes with constant number are randomly selected in the whole consensus network to form a consensus committee, wherein during block generation, consensus only needs to be achieved in the committee, and the consensus is irrelevant to the network scale, so that the network expandability is greatly improved. In order to ensure the safety of the block chain, an attacker is prevented from intensively entering a committee or a key attack committee member, a committee reconfiguration protocol needs to be designed, committee recombination is carried out periodically, and the randomness in the process of committee establishment is ensured. Before the committee is established, committee seeds are obtained through a distributed random number generation algorithm, committee members and a leader are selected according to the committee seeds, the system enters a new period, and consensus is started to continue generating new blocks.
3) Attribute-based private chain data fine-grained access control. Aiming at the current situation that the existing block chain technology cannot support fine-grained access control on data while ensuring data transparency and confidentiality, the embodiment of the invention focuses on a security data access control mechanism facing military data, mainly adopts a node attribute-based military on-chain data security fine-grained access control technology and a ciphertext attribute-based military on-chain data security fine-grained access control technology, and particularly relates to an access control scheme supporting data on a hierarchical multi-center chain. In the actual deployment process, the access control scheme based on account attributes, which can be revoked, multi-center and publicly verified, is provided, fine-grained access control of data can be more flexibly realized, and meanwhile, smaller extra calculation amount is needed, so that the safety of the maritime combat data safety protection system is greatly improved.
4) And (4) verifying consistency of the private chain operational data intelligent contract. The maritime combat data safety protection system is based on a block chain distributed architecture, and can store and verify data by using a block chain data structure, generate and update data by using a distributed node consensus algorithm, ensure data transmission and safety access by using a cryptology mode, and program and operate the data by using an intelligent contract consisting of automatic script codes. Aiming at the problem of consistency of contract texts and contract codes in the running process of intelligent contracts, the safety and consistency of a system are guaranteed by adopting random numbers with anti-bias characteristics. The anti-bias characteristic of the distributed random number generator can ensure that malicious nodes cannot influence the distribution characteristic of the random number, so that system faults caused by the fact that the malicious nodes manipulate the random number are avoided. By combining the attack tracing and tracing mechanisms, the supervisor can further confirm the correctness of the random number generation process.
5) The theory may validate a secure private chain privacy protection scheme. In order to improve the theoretical verifiable security of the proposed privacy protection scheme, the block chain-based marine combat data security protection method of the embodiment of the invention proposes a formal security model of a combat data privacy protection mechanism, which comprises a user formal model, an internal attacker model, an external attacker model and a security certification method. Aiming at specific situations, the scheme, algorithm and protocol constructed by the invention adopt the following security certification technology: firstly, a difficult problem protocol-based proving technology associates the safety of a system with a difficult problem which cannot be solved effectively within a certain polynomial time; secondly, a safety certification technology is combined to ensure that a plurality of systems which are certified to be safe are still safe after being combined into a system with stronger functions; and thirdly, a security certification technology based on game theory analyzes the security of the proposed scheme and protocol aiming at the role played by the rational and self-benefited participating users in the system.
The invention applies a verifiable anti-bias distributed random number generator in a blockchain system based on the private chain security model construction technology, the private chain consensus technology, the zero knowledge proof and other technologies, ensures the requirements of efficiency, safety and reliability under the premise of ensuring throughput and network scale, and breaks through the fine-grained dynamic management and cross-domain authentication technology based on the data access control scheme on the hierarchical multi-center chain of the ABE and the traceable and traceable group anonymity authentication technology, and combines the whole network public characteristic of the blockchain model to form a set of credible data storage mechanism supporting the functions of multi-security level, cross-trust domain, attack traceable and the like, thereby effectively meeting the actual requirement of cross-region interconnection among multi-level security network information systems, realizing the effective tracing of stored data entities, and simultaneously providing a method of combining the anonymous schemes such as group signature, homomorphic encryption and the like by using the zero knowledge proof, and further abstracting a formal model capable of proving safety to analyze the safety and the user privacy of the system, deepening and developing the traditional homomorphic encryption and safety multi-party computing technology, and innovating a cryptography method and a block chain technology.
According to the block chain-based marine combat data safety protection method provided by the embodiment of the invention, the verifiable anti-bias distributed random number generator is applied to the block chain system through the private chain safety model construction technology, the private chain consensus technology, the zero-knowledge proof technology and the like, so that the requirements on efficiency, safety and reliability are considered on the premise of ensuring the throughput rate and the network scale. And the data access control scheme on the hierarchical multi-center chain based on the ABE and the traceable and traceable group anonymous authentication technology break through the fine-grained dynamic management and cross-domain authentication technology, and simultaneously, a set of trusted data storage mechanism supporting the functions of multi-security level, cross-trust domain, attack traceable source and the like is formed by combining the whole network public characteristic of the block chain model, so that the actual cross-regional interconnection requirement among the multi-level secure network information systems is effectively met, and the effective tracing of the stored data entity is realized.
Next, a safety protection device for marine combat data based on a block chain according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Fig. 6 is a schematic structural diagram of a safety protection device based on block chain marine operational data according to an embodiment of the present invention.
As shown in fig. 6, the safety device 10 for block chain based maritime combat data comprises: build module 100, design module 200, storage module 300, tracking module 400, and guard module 500.
The building module 100 is used for building a block chain-based marine military information system model. Design module 200 is used to efficiently validate PoS consensus mechanisms in a static to dynamic stepwise design. The storage module 300 is used to build a trusted data storage mechanism with highly dynamic network characteristics. The tracing module 400 is used to construct an attack tracing and tracing mechanism. Guard module 500 is used to build privacy protection mechanisms for trusted storage of data. The safety protection device 10 for marine combat data based on the block chain is used for building a private chain platform architecture model of marine formation combat data aiming at the requirements of distributed credible storage, privacy protection, attack traceability and the like of the marine formation combat data, effectively meeting the actual requirement of cross-region interconnection among multi-stage secure network information systems, and improving the safety and reliability of the marine combat data safety protection system.
Further, in an embodiment of the present invention, the building module 100 further comprises: the read-write unit is used for realizing the read-write and target functions of the lower layer data by operating the lower layer information management system according to the user and the user layer of the client main body; the management unit is used for taking a management system layer of the centralized service node as a main interface of the whole system so as to manage and supervise a lower-layer distributed block chain data structure; the distribution unit is used for distributing all the nodes on each main communication base station and ship on the sea in a distributed manner according to the current requirements according to the super node network layer of the block chain, realizing consensus maintenance of the whole lower-layer data through PoS, providing support of an intelligent contract and realizing identity recognition and account management of the upper layer; and the processing unit is used for constructing a data layer according to the current functional requirement based on the block chain structure. Further, in an embodiment of the present invention, the design module 200 is further configured to design a consensus algorithm in a fixed state of the committee members and the leader to ensure that when some nodes fail, other normal nodes are not affected, to determine a way of establishing the committee in the consensus network, including committee membership acquisition and leader election, and to design an external verification protocol to provide the capability of detecting the correctness of the consensus result.
Further, in an embodiment of the present invention, the storage module 300 is further configured to generate a first access control scheme according to battlefield intelligence granularity of the multi-center CP-ABE, including:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000171
Figure BDA0001838546930000172
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () manages the private key ask of the center itselfkFor input, the GID is a global identifier,
Figure BDA0001838546930000173
in order to be a collection of attributes,
Figure BDA0001838546930000174
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure BDA0001838546930000175
Figure BDA0001838546930000176
Dec(C,uskk)→M or NULL;
and the integrity of the stored in-chain data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification.
Further, in an embodiment of the present invention, the tracking module 400 further comprises: the analysis unit is used for analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain; and the auditing unit is used for designing a group signature general structure suitable for the existing block chain system to realize auditing and supervision of credible storage of the combat data by utilizing a short random signature technology on the basis of a block chain consensus network aiming at the safety auditing and supervision problems stored on the combat data chain.
Further, in one embodiment of the present invention, the guard module 500 is further configured to verify hiding participant identities and data through non-interactive zero knowledge, including:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
It should be noted that the above explanation of the embodiment of the safety protection method for maritime combat data based on a block chain is also applicable to the device of the embodiment, and is not repeated here.
According to the block chain-based marine combat data safety protection device provided by the embodiment of the invention, a verifiable anti-bias distributed random number generator is applied to a block chain system through a private chain safety model construction technology, a private chain consensus technology, a zero-knowledge proof technology and other technologies, so that the requirements of efficiency, safety and reliability are met on the premise of ensuring throughput and network scale, a method for combining the zero-knowledge proof with anonymous schemes such as group signature and homomorphic encryption is provided, and a provable safety formalized model is further abstracted to analyze the safety and the privacy of users of the system, so that the block chain-based marine combat data safety protection device is deepened and developed for the traditional homomorphic encryption and safety multi-party computing technology, and is an innovation for a cryptography method and the block chain technology.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (2)

1. A safety protection method for maritime combat data based on a block chain is characterized by comprising the following steps:
constructing a block chain-based marine military information system model; the building of the block chain-based marine military information system model further comprises the following steps:
according to the user layer of the user and the client main body, the lower layer data is read and written and the target function is realized by operating the lower layer information management system;
taking a management system layer of a centralized service node as a main interface of the whole system to manage and supervise a lower-layer distributed block chain data structure;
according to a super node network layer of a block chain, all nodes are distributed on each main communication base station and a ship on the sea according to the current requirement, the data of the whole lower layer is maintained in a consensus mode through PoS, the support of an intelligent contract is provided, and the identity recognition and account management of the upper layer are achieved;
constructing a data layer according to the current functional requirements based on a block chain structure, wherein the data layer further comprises background data of a marine military system, position information data of each unit of marine operation and high-security requirement data;
the PoS consensus mechanism can be verified efficiently by stepwise design from static state to dynamic state; designing a consensus algorithm under the fixed state of committee members and the leader to ensure that other normal nodes are not influenced when partial nodes are in failure;
determining a committee establishment mode in the consensus network, wherein the committee establishment mode comprises committee membership acquisition and leader election;
designing an external verification protocol to provide the capability of detecting the correctness of the consensus result;
constructing a trusted data storage mechanism with high dynamic network characteristics; the trusted data storage mechanism for constructing the high dynamic network characteristic further comprises:
generating a first access control scheme according to a battlefield intelligence fine granularity of a multi-center CP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure FDA0002383618130000011
Figure FDA0002383618130000012
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () is a private key ask of the management centerkFor input, the GID is a global identifier,
Figure FDA0002383618130000013
in order to be a collection of attributes,
Figure FDA0002383618130000014
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure FDA0002383618130000021
Figure FDA0002383618130000022
Dec(C,uskk)→M or NULL;
the integrity of the stored linked data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification;
constructing an attack tracing and tracing mechanism; the constructing of the attack tracing and tracing mechanism further comprises:
analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain;
aiming at the safety audit and supervision problems stored on a combat data chain, on the basis of the block chain consensus network, a group signature general structure suitable for the existing block chain system is designed by using a short random signature technology to realize the audit and supervision of the credible storage of the combat data; and
constructing a privacy protection mechanism for trusted storage of data; the privacy protection mechanism for establishing the trusted data storage further comprises:
concealing participant identities and data by non-interactive zero-knowledge proof, comprising:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
2. The utility model provides a safety device of marine operational data based on block chain which characterized in that includes following module:
the building module is used for building a block chain-based marine military information system model; the building block further comprises:
the read-write unit is used for realizing the read-write and target functions of the lower layer data by operating the lower layer information management system according to the user and the user layer of the client main body;
the management unit is used for taking a management system layer of the centralized service node as a main interface of the whole system so as to manage and supervise a lower-layer distributed block chain data structure;
the distribution unit is used for distributing all the nodes on each main communication base station and ship on the sea in a distributed manner according to the current requirements according to the super node network layer of the block chain, realizing consensus maintenance of the whole lower-layer data through PoS, providing support of an intelligent contract and realizing identity recognition and account management of the upper layer;
the processing unit is used for constructing a data layer according to the current functional requirement based on the block chain structure;
a design module for progressively designing a highly efficient verifiable PoS consensus mechanism from static to dynamic; the design module is further used for designing a consensus algorithm under the fixed state of the committee members and the leader so as to ensure that other normal nodes are not influenced when part of the nodes are in fault, determining a construction mode of the committee in the consensus network, including committee membership acquisition and leader election, and designing an external verification protocol so as to provide the capability of detecting the correctness of the consensus result;
the storage module is used for constructing a trusted data storage mechanism with high dynamic network characteristics; the storage module is further configured to generate a first access control scheme based on the battlefield intelligence granularity of the multi-centric CP-ABE, including:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure FDA0002383618130000031
Figure FDA0002383618130000032
Dec(C,uskk)→M or NULL,
the public security parameter lambda is the input of Setup () algorithm, the system parameter Params, and the system attribute public and private key pair (apk) of N management centersk,askk) K is a count integer, AkeyGen () is a private key ask of the management centerkFor input, the GID is a global identifier,
Figure FDA0002383618130000033
in order to be a collection of attributes,
Figure FDA0002383618130000034
for access control policy, uskkThe method comprises the steps that a private key of a request attribute is output for a user, Enc () is an algorithm, C is encrypted ciphertext information, Dec () is an algorithm, and M is decrypted plaintext information;
generating a second access control scheme according to the battlefield instruction fine granularity of the multi-center KP-ABE, comprising:
Setup(1λ,N)→(Params,{(apkk,askk)}k∈[1,n]),
Figure FDA0002383618130000035
Figure FDA0002383618130000036
Dec(C,uskk)→M or NULL;
and the integrity of the stored in-chain data is guaranteed by using data integrity verification based on the aggregated signature and remote data holding certification;
the tracking module is used for constructing an attack tracing and tracing mechanism; the tracking module further comprises:
the analysis unit is used for analyzing the operation data information system architecture based on the private chain, the group signature and the linkable ring signature so as to design an anonymous authentication and tracking responsibility-pursuing scheme suitable for the operation data information system based on the private chain;
the auditing unit is used for designing a group signature general structure suitable for the existing block chain system to realize auditing and supervision on credible storage of the combat data by utilizing a short random signature technology on the basis of the block chain consensus network aiming at the safety auditing and supervision problems stored on the combat data chain; and
the protection module is used for constructing a privacy protection mechanism of the trusted data storage; the protection module is further used for concealing participant identities and data through non-interactive zero-knowledge proof, comprising:
c←KGen(1k),
π←Prove(c,s,w),
1/0←Verify(c,s,π),
the non-interactive zero knowledge proof protocol NIZK { s | (s, w) ∈ R }, c is an output public character string, KGen () is an algorithm, k is a public safety parameter, Prove () is an algorithm, and Verify () is an algorithm.
CN201811237478.0A 2018-10-23 2018-10-23 Block chain-based safety protection method and device for maritime combat data Active CN109246137B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811237478.0A CN109246137B (en) 2018-10-23 2018-10-23 Block chain-based safety protection method and device for maritime combat data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811237478.0A CN109246137B (en) 2018-10-23 2018-10-23 Block chain-based safety protection method and device for maritime combat data

Publications (2)

Publication Number Publication Date
CN109246137A CN109246137A (en) 2019-01-18
CN109246137B true CN109246137B (en) 2020-08-04

Family

ID=65081562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811237478.0A Active CN109246137B (en) 2018-10-23 2018-10-23 Block chain-based safety protection method and device for maritime combat data

Country Status (1)

Country Link
CN (1) CN109246137B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831501B (en) * 2019-01-30 2020-09-29 京东数字科技控股有限公司 Information distribution method and system based on block chain
CN109948352B (en) * 2019-03-06 2023-01-10 中国人民解放军联勤保障部队第九八八医院 Battlefield application-based data reading and writing system of adaptive intelligent protection earplug
CN110069475B (en) * 2019-04-25 2021-04-20 中国科学院信息工程研究所 Manufacturing industry cross-data entity tracing method based on block chain multi-party self-maintenance
CN110113148B (en) * 2019-04-28 2020-06-23 武汉理工大学 Software defined opportunistic network node identity verification method based on block chain
CN110096542A (en) * 2019-04-29 2019-08-06 百度在线网络技术(北京)有限公司 Data verification processing method, device, system and the medium of decentralization
CN110263088B (en) * 2019-05-20 2021-04-02 创新先进技术有限公司 Conditional receipt storage method and node combining code labeling and event type
CN110351093B (en) * 2019-06-14 2021-08-03 西南交通大学 Linkable network ring signature method based on attributes
EP3828748B1 (en) 2019-11-27 2024-06-26 AO Kaspersky Lab System and method for access control in electronic control units of vehicles
RU2750626C2 (en) 2019-11-27 2021-06-30 Акционерное общество "Лаборатория Касперского" System and method for access control in electronic units of vehicle control
CN111399987B (en) * 2020-03-26 2023-04-18 海口海辰宇信息科技有限公司 Universal block chain sandbox supervision technology
CN111538786B (en) * 2020-04-24 2021-01-05 上海简苏网络科技有限公司 Block chain data desensitization and tracing storage method and device
CN111752246B (en) * 2020-07-02 2023-03-10 中国科学技术大学 Unmanned aerial vehicle bee colony cooperative work platform based on block chain and artificial intelligence drive
CN112150161B (en) * 2020-09-30 2023-08-08 重庆市科学技术研究院 Electronic ticket transaction risk management and control system and method
CN112487443A (en) * 2020-11-11 2021-03-12 昆明理工大学 Energy data fine-grained access control method based on block chain
CN112448950B (en) * 2020-11-13 2023-03-03 中国电子科技集团公司第二十八研究所 Dynamic construction method for information link between heterogeneous military information systems
CN112417502B (en) * 2020-11-18 2022-03-18 中国电子科技集团公司第三十研究所 Distributed instant messaging system and method based on block chain and decentralized deployment
CN114065283B (en) * 2020-11-20 2024-05-28 北京邮电大学 Lightweight circularly regenerated blockchain storage method and device
CN112989392B (en) * 2021-04-19 2022-08-30 河北科技大学 Battlefield situation perception method, system and terminal equipment
CN116800435B (en) * 2023-08-21 2023-12-19 成都信息工程大学 Access control method, system and storage medium based on zero knowledge proof and cross-chain
CN116825264B (en) * 2023-08-30 2023-11-21 青岛市妇女儿童医院(青岛市妇幼保健院、青岛市残疾儿童医疗康复中心、青岛市新生儿疾病筛查中心) Gynaecology and obstetrics information processing method and system based on Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911513A (en) * 2016-12-14 2017-06-30 中国电子科技集团公司第三十研究所 A kind of credible equipment management method based on decentralization network
CN108108487A (en) * 2018-01-10 2018-06-01 杭州复杂美科技有限公司 A kind of common recognition method of block chain
CN108152837A (en) * 2018-01-04 2018-06-12 北京众享比特科技有限公司 Navigation signal backs up and anti-fraud method and device, equipment and storage medium
KR101897032B1 (en) * 2018-04-26 2018-09-10 이준엽 Apparatus and method for digital rights management using block chain
EP3382616A1 (en) * 2017-03-31 2018-10-03 Siemens Aktiengesellschaft Method and device for computer-assisted provision of a secure digital twin

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911513A (en) * 2016-12-14 2017-06-30 中国电子科技集团公司第三十研究所 A kind of credible equipment management method based on decentralization network
EP3382616A1 (en) * 2017-03-31 2018-10-03 Siemens Aktiengesellschaft Method and device for computer-assisted provision of a secure digital twin
CN108152837A (en) * 2018-01-04 2018-06-12 北京众享比特科技有限公司 Navigation signal backs up and anti-fraud method and device, equipment and storage medium
CN108108487A (en) * 2018-01-10 2018-06-01 杭州复杂美科技有限公司 A kind of common recognition method of block chain
KR101897032B1 (en) * 2018-04-26 2018-09-10 이준엽 Apparatus and method for digital rights management using block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于区块链的军事数据安全研究";孙岩;雷震;詹国勇;《指挥与控制学报》;20180915;全文 *

Also Published As

Publication number Publication date
CN109246137A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246137B (en) Block chain-based safety protection method and device for maritime combat data
Leng et al. Blockchain security: A survey of techniques and research directions
Zhang et al. Security and trust in blockchains: Architecture, key technologies, and open issues
US11336455B2 (en) Consensus protocol for blockchain DAG structure
Zhu et al. Cooperative provable data possession for integrity verification in multicloud storage
Wei et al. Securemr: A service integrity assurance framework for mapreduce
Homoliak et al. A security reference architecture for blockchains
Miao et al. Decentralized and privacy-preserving public auditing for cloud storage based on blockchain
JP2023504492A (en) Efficient threshold storage of data objects
Lu Privacy-enhancing aggregation techniques for smart grid communications
Rui et al. Research on secure transmission and storage of energy IoT information based on Blockchain
Kamal et al. A review study on blockchain-based IoT security and forensics
Zhang et al. A blockchain-based authentication scheme and secure architecture for IoT-enabled maritime transportation systems
CN117040896A (en) Internet of things management method and Internet of things management platform
Faheem et al. A lightweight smart contracts framework for blockchain‐based secure communication in smart grid applications
Le et al. A hybrid blockchain-based log management scheme with nonrepudiation for smart grids
Liu et al. A blockchain-based privacy preservation scheme in multimedia network
Bansod et al. Challenges in making blockchain privacy compliant for the digital world: some measures
Zhao et al. Secure hierarchical processing and logging of sensing data and IoT events with blockchain
Alsammak et al. A model for blockchain-based privacy-preserving for big data users on the internet of thing
Deng et al. LSBlocFL: A secure federated learning model combining blockchain and lightweight cryptographic solutions
CN114124392B (en) Data controlled circulation method, system, device and medium supporting access control
Martinez et al. Mobile encounter-based social Sybil control
Katal et al. Blockchain consensus algorithms: study and challenges
NS et al. Security Attacks and Key Challenges in Blockchain Technology: A survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant