CN109389506A - Detection method for transaction data source under super account book multichain scene - Google Patents
Detection method for transaction data source under super account book multichain scene Download PDFInfo
- Publication number
- CN109389506A CN109389506A CN201811235189.7A CN201811235189A CN109389506A CN 109389506 A CN109389506 A CN 109389506A CN 201811235189 A CN201811235189 A CN 201811235189A CN 109389506 A CN109389506 A CN 109389506A
- Authority
- CN
- China
- Prior art keywords
- transaction
- endorsement
- client
- account book
- envelope
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a kind of detection method for transaction data source under super account book multichain scene, specific steps are as follows: client construction transaction motion to endorsement node endorsement;Mock trading returns to endorsement response, and transaction head Hash;Construct transaction request Envelope, request sequence;Verify the signature of client and node of endorsing;Verifying transaction head and corresponding field cryptographic Hash;Original sorting operation is continued to execute, and generates block;The present invention realizes the detection due to the premeditated leakage sensitive information of the insufficient caused malicious client of verifying of the system to locating channel of trading, avoid the sensitive data leakage problem generated due to sequence service because verifying missing leads to trading channel distribution mistake, to ensure the safety of transaction data under multichain scene.
Description
Technical field
The present invention relates to the data isolation guard methods under multichain scene in the super account book of block chain open source projects, especially
A kind of detection method in the multi-channel data source that the improvement based on to super account book common recognition algorithm is realized.
Background technique
Block chain technology allows people can be in not as a kind of Distributed sharing account book technology by cryptographic technique
In the case where entreating authoritative institution's supervision, confidence is set up to coordination with one another, realizes going in distributed network polygon transaction
Centralization.Currently, there are several block chain technology platforms in the whole world, for studying block chain technology and its application.Linux foundation branch
The open source projects Hyperledger Fabric (super account book) held is representative platform therein.
The common recognition algorithm of super account book includes four-stage: (1) first stage, and motion of trading is submitted to endorsement by client
Node;(2) second stage, endorsement node inspection transaction, simulation execute chain code, return to the transaction of endorsement;(3) phase III, visitor
Transaction after endorsement is submitted to ordering joint by family end, and ordering joint is based on kafka sequence service and collects transaction, and generation area
Block;(4) block is distributed to host node by fourth stage, ordering joint, is distributed downwards by host node, and adds area in each node
Block is checked before on block to chain, finally, checks that the block passed through is appended on existing block chain, it is entire to know together
Process is completed.
In 0.6 version of Hyperledger Fabric, all nodes belong to the same chain, and all nodes also can be same
Walk identical data.However, the data volume of each node synchronization and storage increased dramatically, and can not with the increase of portfolio
Realize the isolation of different sensitivity data, there are incipient fault for data security.Therefore, in 1.0 version of Hyperledger Fabric
In, increase the support to multichain.The appearance of multichain is for isolated data, and node can be added to according to demands such as applications
In different chains, to obtain different data.Since intelligent contract is disposed independently of chain, so as to realize the privacy of data
Protection.
Under the scene of multichain, common recognition algorithm also will be independent of chain operation.Super account book passes through in each transaction motion
Comprising exchange chain ID come distinguish exchange chain, so that it is guaranteed that ordering joint transaction is bundled in sequence it is same
In the block of a chain.However, it has been found that once there is the chain user (a corresponding specific client) of malice, deliberating will
Leaking data in the high chain of data sensitive degree (assuming that chain ID is ID_A) is to the low chain of sensitivity (assuming that chain ID is
ID_B), attacker can proceed as follows: the transaction of attacker operates in chain ID_A, and attacker is after to endorsement
Transaction encapsulation (corresponding data structure be Envelope) during, chain ID is deliberately revised as the lower chain of sensitivity
Then the transaction of encapsulation is sent to sequence service node by ID_B, since ordering joint is in transaction packing process, only test
Therefore demonstrate,proving the signature of Envelope structural body and carrying out piecemeal processing to transaction according to the chain ID in transaction should be added originally
The transaction for being added to chain ID_A will be added in chain ID_B by wrong.And at present version block chain will node to trade into
After row checks, entire block is all retained in a manner of not updating world state and is added on block chain, so as to cause
The leakage of sensitive data, has broken the original security target of super account book multichain mechanism.
Summary of the invention
To solve the above problems, the present invention provides one kind for super account book Fabric (1.0 and the above version) multichain field
The detection method in transaction data source under scape.Detection method includes the following steps for this:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will
SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop
In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, in construction motion response
The ChannelHeader structure in SignedProposal is obtained when ProposalResponse and calculates hash value, by the value
It is filled into ProposalResponse.ChannelHeaderHash field;Motion response to building
ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement
Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as
Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got
First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as
Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got
Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe
LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
In above-mentioned steps 2, the ProposalResponse data structure in Fabric source code is modified,
A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure
And field is constant.
The beneficial effects of the present invention are: utilizing the original signature verification system of Hyperledger Fabric and increased chain
Number field hash value is realized due to the premeditated leakage of the insufficient caused malicious client of verifying of the system to locating channel of trading
The detection of sensitive information avoids the sensitive data generated due to sequence service because verifying missing leads to trading channel distribution mistake
Leakage problem.To ensure the safety of transaction data under multichain scene.
Detailed description of the invention
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
Fig. 2 is to be submitted to the process flow diagram for generating block in the super account book Fabric of this programme from transaction.
Specific embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
It (trades in the super account book of this programme in conjunction with Fig. 2 and is submitted to the process flow diagram for generating block), it is improved complete
Transaction executes and sequence comprises the steps of (each node has been turned on completion):
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will
SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop
In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, modifies in Fabric source code
ProposalResponse data structure adds one in ProposalResponse.Payload
ChannelHeaderHash field simultaneously assigns initial value 0, remaining structure and field are constant;Modification endorsement node source code, is generating
To SignedProposal.ProposalBytes.Header.ChannelHeader in ProposalResponse configuration process
Hash value is calculated, and the value is filled into ProposalResponse.ChannelHeaderHash field;To what is built
Motion response ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement
Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as
Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got
First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as
Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got
Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe
LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
Claims (2)
1. a kind of detection method for transaction data source under super account book multichain scene, which is characterized in that the detection method
The following steps are included:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, by SignedProposal
It is sent to endorsement node to endorse, the channel information of transaction has been included in SignedProposal.ProposalBytes.Head
In er.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, when constructing motion response ProposalResponse
It obtains the ChannelHeader structure in SignedProposal and calculates hash value, which is filled into ProposalResp
In onse.ChannelHeaderHash field;It signs to the motion response ProposalResponse built;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse combination structure after receiving transaction endorsement
Envelope structure is caused, a Transaction Information is represented, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through outer layer such as
Signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction.Payl that verifying filtering unserializing is got
First endorsement node signing messages in oad.Action.Endorsement signature array does not pass through endorsement node signature such as
Verifying, terminates this treatment process;
6.4: hash value is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got, and
With Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.ChannelHead
ErHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
2. a kind of detection method for transaction data source under super account book multichain scene according to claim 1,
It is characterized in that, in the step 2, modifies the ProposalResponse data structure in super account book source code,
A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure
And field is constant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811235189.7A CN109389506B (en) | 2018-10-23 | 2018-10-23 | Detection method for transaction data source in multi-chain scene of super account book |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811235189.7A CN109389506B (en) | 2018-10-23 | 2018-10-23 | Detection method for transaction data source in multi-chain scene of super account book |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109389506A true CN109389506A (en) | 2019-02-26 |
CN109389506B CN109389506B (en) | 2020-01-07 |
Family
ID=65427720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811235189.7A Active CN109389506B (en) | 2018-10-23 | 2018-10-23 | Detection method for transaction data source in multi-chain scene of super account book |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109389506B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110223170A (en) * | 2019-05-15 | 2019-09-10 | 北京瑞卓喜投科技发展有限公司 | The distributing method and system of the logical card of security type based on alliance's chain |
CN110365685A (en) * | 2019-07-18 | 2019-10-22 | 恒生电子股份有限公司 | A kind of data processing method, device, equipment and computer readable storage medium |
CN110992030A (en) * | 2019-12-03 | 2020-04-10 | 银清科技有限公司 | Transaction method and system based on super account book fabric |
CN111177766A (en) * | 2020-01-16 | 2020-05-19 | 四川川测研地科技有限公司 | Block chain management system and management method applied to pipeline integrity management |
CN111311410A (en) * | 2020-02-13 | 2020-06-19 | 青岛亿联信息科技股份有限公司 | Community problem multi-department cooperative processing system and method based on block chain |
CN111431960A (en) * | 2020-02-19 | 2020-07-17 | 重庆邮电大学 | Decentralized internet of things heterogeneous identification analysis method based on super account book |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180167217A1 (en) * | 2016-12-14 | 2018-06-14 | International Business Machines Corporation | Container-based Operating System and Method |
-
2018
- 2018-10-23 CN CN201811235189.7A patent/CN109389506B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180167217A1 (en) * | 2016-12-14 | 2018-06-14 | International Business Machines Corporation | Container-based Operating System and Method |
Non-Patent Citations (4)
Title |
---|
网络用户: "https://blog.csdn.net/idsuf698987/article/details/77044436", 《FABRIC源码解析11—PEER的ADMIN和ENDORSER服务》 * |
网络用户: "https://blog.csdn.net/idsuf698987/article/details/78639240", 《FABRIC源码解析23——ORDERER服务 - 609127400的博客 - CSDN博客》 * |
网络用户: "https://blog.csdn.net/idsuf698987/article/details/81677133", 《FABRIC源码解析26—验证体系》 * |
网络用户: "https://blog.csdn.net/xiaohuanglv/article/details/89033512", 《消息协议结构 - XIAOHUANGLV - CSDN博客》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110223170A (en) * | 2019-05-15 | 2019-09-10 | 北京瑞卓喜投科技发展有限公司 | The distributing method and system of the logical card of security type based on alliance's chain |
CN110365685A (en) * | 2019-07-18 | 2019-10-22 | 恒生电子股份有限公司 | A kind of data processing method, device, equipment and computer readable storage medium |
CN110992030A (en) * | 2019-12-03 | 2020-04-10 | 银清科技有限公司 | Transaction method and system based on super account book fabric |
CN111177766A (en) * | 2020-01-16 | 2020-05-19 | 四川川测研地科技有限公司 | Block chain management system and management method applied to pipeline integrity management |
CN111311410A (en) * | 2020-02-13 | 2020-06-19 | 青岛亿联信息科技股份有限公司 | Community problem multi-department cooperative processing system and method based on block chain |
CN111311410B (en) * | 2020-02-13 | 2021-03-26 | 青岛亿联信息科技股份有限公司 | Community problem multi-department cooperative processing system and method based on block chain |
CN111431960A (en) * | 2020-02-19 | 2020-07-17 | 重庆邮电大学 | Decentralized internet of things heterogeneous identification analysis method based on super account book |
CN111431960B (en) * | 2020-02-19 | 2022-04-22 | 重庆邮电大学 | Decentralized internet of things heterogeneous identification analysis method based on super account book |
Also Published As
Publication number | Publication date |
---|---|
CN109389506B (en) | 2020-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109389506A (en) | Detection method for transaction data source under super account book multichain scene | |
CN105871885B (en) | A kind of network penetration test method | |
CN102938767B (en) | The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data | |
CN103227719B (en) | Generate the system and method without key digital multi-signature | |
CN110221977B (en) | Ai-based website penetration test method | |
RU2018129947A (en) | COMPUTER SECURITY SYSTEM BASED ON ARTIFICIAL INTELLIGENCE | |
CN108234127A (en) | A kind of Internet of Things method and device based on block chain | |
CN104993937A (en) | Method for testing integrity of cloud storage data | |
CN103268460A (en) | Integrity verification method of cloud storage data | |
US11270030B2 (en) | System and method for consensus management | |
CN110309587A (en) | Decision model construction method, decision-making technique and decision model | |
CN110264354A (en) | It creates block chain account and verifies the method and device of block chain transaction | |
CN112527912B (en) | Data processing method and device based on block chain network and computer equipment | |
CN110365701A (en) | The management method of customer terminal equipment, calculates equipment and storage medium at device | |
CN107276986B (en) | Method, device and system for protecting website through machine learning | |
CN105207780A (en) | User authentication method and device | |
CN112508566A (en) | Alliance chain-based cross-chain private transaction method and equipment | |
CN105786581A (en) | Multistage server and method for network data operation | |
CN111260470A (en) | Mixed block chain architecture system and processing method | |
CN110958263A (en) | Network attack detection method, device, equipment and storage medium | |
CN110519280A (en) | A kind of crawler recognition methods, device, computer equipment and storage medium | |
CN110855654B (en) | Vulnerability risk quantitative management method and system based on flow mutual access relation | |
Lu et al. | Ranking attack graphs with graph neural networks | |
CN115203684A (en) | Artificial immune system-based federal learning virus attack defense system | |
CN112422540B (en) | Dynamic transformation method for executive body in mimicry WAF |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |