CN109389506A - Detection method for transaction data source under super account book multichain scene - Google Patents

Detection method for transaction data source under super account book multichain scene Download PDF

Info

Publication number
CN109389506A
CN109389506A CN201811235189.7A CN201811235189A CN109389506A CN 109389506 A CN109389506 A CN 109389506A CN 201811235189 A CN201811235189 A CN 201811235189A CN 109389506 A CN109389506 A CN 109389506A
Authority
CN
China
Prior art keywords
transaction
endorsement
client
account book
envelope
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811235189.7A
Other languages
Chinese (zh)
Other versions
CN109389506B (en
Inventor
兰晓
金泓键
张红霞
曹琪
陈兴蜀
罗永刚
王文贤
殷明勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University
Original Assignee
Sichuan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University filed Critical Sichuan University
Priority to CN201811235189.7A priority Critical patent/CN109389506B/en
Publication of CN109389506A publication Critical patent/CN109389506A/en
Application granted granted Critical
Publication of CN109389506B publication Critical patent/CN109389506B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of detection method for transaction data source under super account book multichain scene, specific steps are as follows: client construction transaction motion to endorsement node endorsement;Mock trading returns to endorsement response, and transaction head Hash;Construct transaction request Envelope, request sequence;Verify the signature of client and node of endorsing;Verifying transaction head and corresponding field cryptographic Hash;Original sorting operation is continued to execute, and generates block;The present invention realizes the detection due to the premeditated leakage sensitive information of the insufficient caused malicious client of verifying of the system to locating channel of trading, avoid the sensitive data leakage problem generated due to sequence service because verifying missing leads to trading channel distribution mistake, to ensure the safety of transaction data under multichain scene.

Description

Detection method for transaction data source under super account book multichain scene
Technical field
The present invention relates to the data isolation guard methods under multichain scene in the super account book of block chain open source projects, especially A kind of detection method in the multi-channel data source that the improvement based on to super account book common recognition algorithm is realized.
Background technique
Block chain technology allows people can be in not as a kind of Distributed sharing account book technology by cryptographic technique In the case where entreating authoritative institution's supervision, confidence is set up to coordination with one another, realizes going in distributed network polygon transaction Centralization.Currently, there are several block chain technology platforms in the whole world, for studying block chain technology and its application.Linux foundation branch The open source projects Hyperledger Fabric (super account book) held is representative platform therein.
The common recognition algorithm of super account book includes four-stage: (1) first stage, and motion of trading is submitted to endorsement by client Node;(2) second stage, endorsement node inspection transaction, simulation execute chain code, return to the transaction of endorsement;(3) phase III, visitor Transaction after endorsement is submitted to ordering joint by family end, and ordering joint is based on kafka sequence service and collects transaction, and generation area Block;(4) block is distributed to host node by fourth stage, ordering joint, is distributed downwards by host node, and adds area in each node Block is checked before on block to chain, finally, checks that the block passed through is appended on existing block chain, it is entire to know together Process is completed.
In 0.6 version of Hyperledger Fabric, all nodes belong to the same chain, and all nodes also can be same Walk identical data.However, the data volume of each node synchronization and storage increased dramatically, and can not with the increase of portfolio Realize the isolation of different sensitivity data, there are incipient fault for data security.Therefore, in 1.0 version of Hyperledger Fabric In, increase the support to multichain.The appearance of multichain is for isolated data, and node can be added to according to demands such as applications In different chains, to obtain different data.Since intelligent contract is disposed independently of chain, so as to realize the privacy of data Protection.
Under the scene of multichain, common recognition algorithm also will be independent of chain operation.Super account book passes through in each transaction motion Comprising exchange chain ID come distinguish exchange chain, so that it is guaranteed that ordering joint transaction is bundled in sequence it is same In the block of a chain.However, it has been found that once there is the chain user (a corresponding specific client) of malice, deliberating will Leaking data in the high chain of data sensitive degree (assuming that chain ID is ID_A) is to the low chain of sensitivity (assuming that chain ID is ID_B), attacker can proceed as follows: the transaction of attacker operates in chain ID_A, and attacker is after to endorsement Transaction encapsulation (corresponding data structure be Envelope) during, chain ID is deliberately revised as the lower chain of sensitivity Then the transaction of encapsulation is sent to sequence service node by ID_B, since ordering joint is in transaction packing process, only test Therefore demonstrate,proving the signature of Envelope structural body and carrying out piecemeal processing to transaction according to the chain ID in transaction should be added originally The transaction for being added to chain ID_A will be added in chain ID_B by wrong.And at present version block chain will node to trade into After row checks, entire block is all retained in a manner of not updating world state and is added on block chain, so as to cause The leakage of sensitive data, has broken the original security target of super account book multichain mechanism.
Summary of the invention
To solve the above problems, the present invention provides one kind for super account book Fabric (1.0 and the above version) multichain field The detection method in transaction data source under scape.Detection method includes the following steps for this:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, in construction motion response The ChannelHeader structure in SignedProposal is obtained when ProposalResponse and calculates hash value, by the value It is filled into ProposalResponse.ChannelHeaderHash field;Motion response to building ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
In above-mentioned steps 2, the ProposalResponse data structure in Fabric source code is modified, A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure And field is constant.
The beneficial effects of the present invention are: utilizing the original signature verification system of Hyperledger Fabric and increased chain Number field hash value is realized due to the premeditated leakage of the insufficient caused malicious client of verifying of the system to locating channel of trading The detection of sensitive information avoids the sensitive data generated due to sequence service because verifying missing leads to trading channel distribution mistake Leakage problem.To ensure the safety of transaction data under multichain scene.
Detailed description of the invention
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
Fig. 2 is to be submitted to the process flow diagram for generating block in the super account book Fabric of this programme from transaction.
Specific embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
It (trades in the super account book of this programme in conjunction with Fig. 2 and is submitted to the process flow diagram for generating block), it is improved complete Transaction executes and sequence comprises the steps of (each node has been turned on completion):
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, modifies in Fabric source code ProposalResponse data structure adds one in ProposalResponse.Payload ChannelHeaderHash field simultaneously assigns initial value 0, remaining structure and field are constant;Modification endorsement node source code, is generating To SignedProposal.ProposalBytes.Header.ChannelHeader in ProposalResponse configuration process Hash value is calculated, and the value is filled into ProposalResponse.ChannelHeaderHash field;To what is built Motion response ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.

Claims (2)

1. a kind of detection method for transaction data source under super account book multichain scene, which is characterized in that the detection method The following steps are included:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, by SignedProposal It is sent to endorsement node to endorse, the channel information of transaction has been included in SignedProposal.ProposalBytes.Head In er.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, when constructing motion response ProposalResponse It obtains the ChannelHeader structure in SignedProposal and calculates hash value, which is filled into ProposalResp In onse.ChannelHeaderHash field;It signs to the motion response ProposalResponse built;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse combination structure after receiving transaction endorsement Envelope structure is caused, a Transaction Information is represented, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through outer layer such as Signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction.Payl that verifying filtering unserializing is got First endorsement node signing messages in oad.Action.Endorsement signature array does not pass through endorsement node signature such as Verifying, terminates this treatment process;
6.4: hash value is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got, and With Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.ChannelHead ErHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
2. a kind of detection method for transaction data source under super account book multichain scene according to claim 1, It is characterized in that, in the step 2, modifies the ProposalResponse data structure in super account book source code, A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure And field is constant.
CN201811235189.7A 2018-10-23 2018-10-23 Detection method for transaction data source in multi-chain scene of super account book Active CN109389506B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811235189.7A CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in multi-chain scene of super account book

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811235189.7A CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in multi-chain scene of super account book

Publications (2)

Publication Number Publication Date
CN109389506A true CN109389506A (en) 2019-02-26
CN109389506B CN109389506B (en) 2020-01-07

Family

ID=65427720

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811235189.7A Active CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in multi-chain scene of super account book

Country Status (1)

Country Link
CN (1) CN109389506B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110223170A (en) * 2019-05-15 2019-09-10 北京瑞卓喜投科技发展有限公司 The distributing method and system of the logical card of security type based on alliance's chain
CN110365685A (en) * 2019-07-18 2019-10-22 恒生电子股份有限公司 A kind of data processing method, device, equipment and computer readable storage medium
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
CN111177766A (en) * 2020-01-16 2020-05-19 四川川测研地科技有限公司 Block chain management system and management method applied to pipeline integrity management
CN111311410A (en) * 2020-02-13 2020-06-19 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111431960A (en) * 2020-02-19 2020-07-17 重庆邮电大学 Decentralized internet of things heterogeneous identification analysis method based on super account book
CN112036876A (en) * 2019-06-04 2020-12-04 国际商业机器公司 Metadata-based endorsement

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180167217A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Container-based Operating System and Method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180167217A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Container-based Operating System and Method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
网络用户: "https://blog.csdn.net/idsuf698987/article/details/77044436", 《FABRIC源码解析11—PEER的ADMIN和ENDORSER服务》 *
网络用户: "https://blog.csdn.net/idsuf698987/article/details/78639240", 《FABRIC源码解析23——ORDERER服务 - 609127400的博客 - CSDN博客》 *
网络用户: "https://blog.csdn.net/idsuf698987/article/details/81677133", 《FABRIC源码解析26—验证体系》 *
网络用户: "https://blog.csdn.net/xiaohuanglv/article/details/89033512", 《消息协议结构 - XIAOHUANGLV - CSDN博客》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110223170A (en) * 2019-05-15 2019-09-10 北京瑞卓喜投科技发展有限公司 The distributing method and system of the logical card of security type based on alliance's chain
CN112036876A (en) * 2019-06-04 2020-12-04 国际商业机器公司 Metadata-based endorsement
CN110365685A (en) * 2019-07-18 2019-10-22 恒生电子股份有限公司 A kind of data processing method, device, equipment and computer readable storage medium
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
CN111177766A (en) * 2020-01-16 2020-05-19 四川川测研地科技有限公司 Block chain management system and management method applied to pipeline integrity management
CN111311410A (en) * 2020-02-13 2020-06-19 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111311410B (en) * 2020-02-13 2021-03-26 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111431960A (en) * 2020-02-19 2020-07-17 重庆邮电大学 Decentralized internet of things heterogeneous identification analysis method based on super account book
CN111431960B (en) * 2020-02-19 2022-04-22 重庆邮电大学 Decentralized internet of things heterogeneous identification analysis method based on super account book

Also Published As

Publication number Publication date
CN109389506B (en) 2020-01-07

Similar Documents

Publication Publication Date Title
CN109389506A (en) Detection method for transaction data source under super account book multichain scene
CN106161372B (en) A kind of Risk Identification Method and device based on address matching
CN108960830B (en) Intelligent contract deployment method, device, equipment and storage medium
CN111816252A (en) Drug screening method and device and electronic equipment
CN108234127A (en) A kind of Internet of Things method and device based on block chain
Luo et al. Blockchain-based task offloading in drone-aided mobile edge computing
Amoah et al. Formal modelling and analysis of DNP3 secure authentication
CN109493052B (en) Cross-chain contract system based on main chain and parallel multiple sub-chains
CN111090581B (en) Intelligent contract testing method, intelligent contract testing device, computer equipment and storage medium
CN110309587A (en) Decision model construction method, decision-making technique and decision model
CN110264354A (en) It creates block chain account and verifies the method and device of block chain transaction
CN109886810B (en) Crowdsourcing transaction method and system, readable storage medium and terminal
CN110958263B (en) Network attack detection method, device, equipment and storage medium
CN117610026B (en) Honey point vulnerability generation method based on large language model
CN110766410A (en) Method and equipment for constructing and verifying credible cross-chain event based on Mercker tree
CN106972917A (en) The safe verification method of user's running orbit
CN113886817A (en) Host intrusion detection method and device, electronic equipment and storage medium
Lu et al. Ranking attack graphs with graph neural networks
Shakya et al. Intrusion detection system using back propagation algorithm and compare its performance with self organizing map
CN115203684A (en) Artificial immune system-based federal learning virus attack defense system
Yeom et al. An immune system inspired approach of collaborative intrusion detection system using mobile agents in wireless ad hoc networks
CN112217830B (en) Method for identifying cloned blocks in edge computing system based on block chain
CN112134833B (en) Virtual-real fused stream deception defense method
CN112579987B (en) Migration deployment method and operation identity verification method of remote sensing program in hybrid cloud
CN111786793B (en) Signature information verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant