CN109389506A - Detection method for transaction data source under super account book multichain scene - Google Patents

Detection method for transaction data source under super account book multichain scene Download PDF

Info

Publication number
CN109389506A
CN109389506A CN201811235189.7A CN201811235189A CN109389506A CN 109389506 A CN109389506 A CN 109389506A CN 201811235189 A CN201811235189 A CN 201811235189A CN 109389506 A CN109389506 A CN 109389506A
Authority
CN
China
Prior art keywords
transaction
endorsement
client
envelope
proposalresponse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811235189.7A
Other languages
Chinese (zh)
Other versions
CN109389506B (en
Inventor
兰晓
金泓键
张红霞
曹琪
陈兴蜀
罗永刚
王文贤
殷明勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University
Original Assignee
Sichuan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University filed Critical Sichuan University
Priority to CN201811235189.7A priority Critical patent/CN109389506B/en
Publication of CN109389506A publication Critical patent/CN109389506A/en
Application granted granted Critical
Publication of CN109389506B publication Critical patent/CN109389506B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种用于超级账本多链场景下交易数据来源的检测方法,具体步骤为:客户端构造交易提案到背书节点背书;模拟交易,返回背书响应,以及交易头哈希;构造交易请求Envelope,请求排序;验证客户端和背书节点的签名;验证交易头与对应字段哈希值;继续执行原有的排序操作,并生成区块;本发明实现由于系统对交易所处通道的验证不充分导致的恶意客户端蓄意泄露敏感信息的检测,避免由于排序服务因验证缺失导致交易通道分发错误而产生的敏感数据泄露问题,从而,保障了多链场景下交易数据的安全性。

The invention discloses a method for detecting the source of transaction data in a hyperledger multi-chain scenario. The specific steps are: a client constructs a transaction proposal to endorse by an endorsement node; simulates a transaction, returns an endorsement response, and a hash of a transaction header; constructs a transaction Request Envelope, request sorting; verify the signature of the client and the endorsement node; verify the transaction header and the corresponding field hash value; continue to perform the original sorting operation, and generate blocks; Insufficient detection of malicious clients intentionally leaking sensitive information, avoiding sensitive data leakage caused by transaction channel distribution errors due to lack of verification in ordering services, thus ensuring the security of transaction data in multi-chain scenarios.

Description

Detection method for transaction data source under super account book multichain scene
Technical field
The present invention relates to the data isolation guard methods under multichain scene in the super account book of block chain open source projects, especially A kind of detection method in the multi-channel data source that the improvement based on to super account book common recognition algorithm is realized.
Background technique
Block chain technology allows people can be in not as a kind of Distributed sharing account book technology by cryptographic technique In the case where entreating authoritative institution's supervision, confidence is set up to coordination with one another, realizes going in distributed network polygon transaction Centralization.Currently, there are several block chain technology platforms in the whole world, for studying block chain technology and its application.Linux foundation branch The open source projects Hyperledger Fabric (super account book) held is representative platform therein.
The common recognition algorithm of super account book includes four-stage: (1) first stage, and motion of trading is submitted to endorsement by client Node;(2) second stage, endorsement node inspection transaction, simulation execute chain code, return to the transaction of endorsement;(3) phase III, visitor Transaction after endorsement is submitted to ordering joint by family end, and ordering joint is based on kafka sequence service and collects transaction, and generation area Block;(4) block is distributed to host node by fourth stage, ordering joint, is distributed downwards by host node, and adds area in each node Block is checked before on block to chain, finally, checks that the block passed through is appended on existing block chain, it is entire to know together Process is completed.
In 0.6 version of Hyperledger Fabric, all nodes belong to the same chain, and all nodes also can be same Walk identical data.However, the data volume of each node synchronization and storage increased dramatically, and can not with the increase of portfolio Realize the isolation of different sensitivity data, there are incipient fault for data security.Therefore, in 1.0 version of Hyperledger Fabric In, increase the support to multichain.The appearance of multichain is for isolated data, and node can be added to according to demands such as applications In different chains, to obtain different data.Since intelligent contract is disposed independently of chain, so as to realize the privacy of data Protection.
Under the scene of multichain, common recognition algorithm also will be independent of chain operation.Super account book passes through in each transaction motion Comprising exchange chain ID come distinguish exchange chain, so that it is guaranteed that ordering joint transaction is bundled in sequence it is same In the block of a chain.However, it has been found that once there is the chain user (a corresponding specific client) of malice, deliberating will Leaking data in the high chain of data sensitive degree (assuming that chain ID is ID_A) is to the low chain of sensitivity (assuming that chain ID is ID_B), attacker can proceed as follows: the transaction of attacker operates in chain ID_A, and attacker is after to endorsement Transaction encapsulation (corresponding data structure be Envelope) during, chain ID is deliberately revised as the lower chain of sensitivity Then the transaction of encapsulation is sent to sequence service node by ID_B, since ordering joint is in transaction packing process, only test Therefore demonstrate,proving the signature of Envelope structural body and carrying out piecemeal processing to transaction according to the chain ID in transaction should be added originally The transaction for being added to chain ID_A will be added in chain ID_B by wrong.And at present version block chain will node to trade into After row checks, entire block is all retained in a manner of not updating world state and is added on block chain, so as to cause The leakage of sensitive data, has broken the original security target of super account book multichain mechanism.
Summary of the invention
To solve the above problems, the present invention provides one kind for super account book Fabric (1.0 and the above version) multichain field The detection method in transaction data source under scape.Detection method includes the following steps for this:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, in construction motion response The ChannelHeader structure in SignedProposal is obtained when ProposalResponse and calculates hash value, by the value It is filled into ProposalResponse.ChannelHeaderHash field;Motion response to building ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
In above-mentioned steps 2, the ProposalResponse data structure in Fabric source code is modified, A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure And field is constant.
The beneficial effects of the present invention are: utilizing the original signature verification system of Hyperledger Fabric and increased chain Number field hash value is realized due to the premeditated leakage of the insufficient caused malicious client of verifying of the system to locating channel of trading The detection of sensitive information avoids the sensitive data generated due to sequence service because verifying missing leads to trading channel distribution mistake Leakage problem.To ensure the safety of transaction data under multichain scene.
Detailed description of the invention
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
Fig. 2 is to be submitted to the process flow diagram for generating block in the super account book Fabric of this programme from transaction.
Specific embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is to be submitted to the process flow diagram for generating block in original super account book Fabric from transaction;
It (trades in the super account book of this programme in conjunction with Fig. 2 and is submitted to the process flow diagram for generating block), it is improved complete Transaction executes and sequence comprises the steps of (each node has been turned on completion):
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, will SignedProposal is sent to endorsement node and endorses, and the channel information of transaction has been included in SignedProposal.Prop In osalBytes.Header.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, modifies in Fabric source code ProposalResponse data structure adds one in ProposalResponse.Payload ChannelHeaderHash field simultaneously assigns initial value 0, remaining structure and field are constant;Modification endorsement node source code, is generating To SignedProposal.ProposalBytes.Header.ChannelHeader in ProposalResponse configuration process Hash value is calculated, and the value is filled into ProposalResponse.ChannelHeaderHash field;To what is built Motion response ProposalResponse signs;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse group after receiving transaction endorsement Conjunction is configured to Envelope structure, represents a Transaction Information, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through such as Outer layer signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction. that verifying filtering unserializing is got First endorsement node signing messages in Payload.Action.Endorsement signature array, does not pass through endorsement node such as Signature verification terminates this treatment process;
6.4: Hash is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got Value, and with Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.Channe LHeaderHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.

Claims (2)

1. a kind of detection method for transaction data source under super account book multichain scene, which is characterized in that the detection method The following steps are included:
Step 1: client generates transaction motion, is signed to obtain SignedProposal to it, by SignedProposal It is sent to endorsement node to endorse, the channel information of transaction has been included in SignedProposal.ProposalBytes.Head In er.ChannelHeader;
Step 2: simulation executes transaction after endorsement node receives motion request, when constructing motion response ProposalResponse It obtains the ChannelHeader structure in SignedProposal and calculates hash value, which is filled into ProposalResp In onse.ChannelHeaderHash field;It signs to the motion response ProposalResponse built;
Step 3: endorsement node returns to the motion constructed to client and responds ProposalResponse;
Step 4: client will transaction motion and motion response ProposalResponse combination structure after receiving transaction endorsement Envelope structure is caused, a Transaction Information is represented, wherein endorsement number of responses is not less than 1;
Step 5: Envelope structure is sent to ordering joint requests transaction and sorted by client;
Step 6: ordering joint is verified after receiving Envelope structure:
6.1: unserializing obtains each class formation and signing messages;
6.2: the Envelope structure outermost layer client signature information that verifying filtering unserializing is got does not pass through outer layer such as Signature verification terminates this treatment process;
6.3: the Envelope.Payload.Data.TransactionAction.Payl that verifying filtering unserializing is got First endorsement node signing messages in oad.Action.Endorsement signature array does not pass through endorsement node signature such as Verifying, terminates this treatment process;
6.4: hash value is calculated to the Envelope.Payload.Header.ChannelHeader that unserializing is got, and With Envelope.Payload.Data.TransactionAction.Payload.Action.P ayload.ChannelHead ErHash value compares verifying;If the two is inconsistent, terminate this treatment process;
Step 7: it is all to be verified, continue the sorting operation of super account book Fabric, generates block;
Step 8: returning to ranking results.
2. a kind of detection method for transaction data source under super account book multichain scene according to claim 1, It is characterized in that, in the step 2, modifies the ProposalResponse data structure in super account book source code, A ChannelHeaderHash field is added in ProposalResponse.Payload and assigns initial value 0, remaining structure And field is constant.
CN201811235189.7A 2018-10-23 2018-10-23 Detection method for transaction data source in hyperledger multi-chain scenario Active CN109389506B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811235189.7A CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in hyperledger multi-chain scenario

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811235189.7A CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in hyperledger multi-chain scenario

Publications (2)

Publication Number Publication Date
CN109389506A true CN109389506A (en) 2019-02-26
CN109389506B CN109389506B (en) 2020-01-07

Family

ID=65427720

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811235189.7A Active CN109389506B (en) 2018-10-23 2018-10-23 Detection method for transaction data source in hyperledger multi-chain scenario

Country Status (1)

Country Link
CN (1) CN109389506B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109978546A (en) * 2019-04-08 2019-07-05 北京邮电大学 A kind of alliance's block chain framework and its classification storage and transaction method for punching
CN110223170A (en) * 2019-05-15 2019-09-10 北京瑞卓喜投科技发展有限公司 The distributing method and system of the logical card of security type based on alliance's chain
CN110365685A (en) * 2019-07-18 2019-10-22 恒生电子股份有限公司 A kind of data processing method, device, equipment and computer readable storage medium
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
CN111177766A (en) * 2020-01-16 2020-05-19 四川川测研地科技有限公司 Block chain management system and management method applied to pipeline integrity management
CN111311410A (en) * 2020-02-13 2020-06-19 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111431960A (en) * 2020-02-19 2020-07-17 重庆邮电大学 Decentralized internet of things heterogeneous identification analysis method based on super account book
CN112036876A (en) * 2019-06-04 2020-12-04 国际商业机器公司 Metadata-based endorsement
CN114240434A (en) * 2021-12-07 2022-03-25 中信银行股份有限公司 Fabric-based transaction concurrency control method and system
CN114297723A (en) * 2021-11-29 2022-04-08 之江实验室 A Consensus Method and System Supporting Parallel Processing of Computational Verification

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180167217A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Container-based Operating System and Method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180167217A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Container-based Operating System and Method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
网络用户: "https://blog.csdn.net/idsuf698987/article/details/77044436", 《FABRIC源码解析11—PEER的ADMIN和ENDORSER服务》 *
网络用户: "https://blog.csdn.net/idsuf698987/article/details/78639240", 《FABRIC源码解析23——ORDERER服务 - 609127400的博客 - CSDN博客》 *
网络用户: "https://blog.csdn.net/idsuf698987/article/details/81677133", 《FABRIC源码解析26—验证体系》 *
网络用户: "https://blog.csdn.net/xiaohuanglv/article/details/89033512", 《消息协议结构 - XIAOHUANGLV - CSDN博客》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109978546A (en) * 2019-04-08 2019-07-05 北京邮电大学 A kind of alliance's block chain framework and its classification storage and transaction method for punching
CN109978546B (en) * 2019-04-08 2024-11-29 北京邮电大学 Alliance block chain architecture and hierarchical storage and transaction perforation method thereof
CN110223170A (en) * 2019-05-15 2019-09-10 北京瑞卓喜投科技发展有限公司 The distributing method and system of the logical card of security type based on alliance's chain
CN112036876B (en) * 2019-06-04 2024-07-26 国际商业机器公司 Endorsement based on metadata
CN112036876A (en) * 2019-06-04 2020-12-04 国际商业机器公司 Metadata-based endorsement
CN110365685A (en) * 2019-07-18 2019-10-22 恒生电子股份有限公司 A kind of data processing method, device, equipment and computer readable storage medium
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
CN111177766A (en) * 2020-01-16 2020-05-19 四川川测研地科技有限公司 Block chain management system and management method applied to pipeline integrity management
CN111311410A (en) * 2020-02-13 2020-06-19 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111311410B (en) * 2020-02-13 2021-03-26 青岛亿联信息科技股份有限公司 Community problem multi-department cooperative processing system and method based on block chain
CN111431960A (en) * 2020-02-19 2020-07-17 重庆邮电大学 Decentralized internet of things heterogeneous identification analysis method based on super account book
CN111431960B (en) * 2020-02-19 2022-04-22 重庆邮电大学 A Decentralized IoT Heterogeneous Identifier Resolution Method Based on Hyperledger
CN114297723A (en) * 2021-11-29 2022-04-08 之江实验室 A Consensus Method and System Supporting Parallel Processing of Computational Verification
CN114240434B (en) * 2021-12-07 2024-10-01 中信银行股份有限公司 Fabric-based transaction concurrency control method and system
CN114240434A (en) * 2021-12-07 2022-03-25 中信银行股份有限公司 Fabric-based transaction concurrency control method and system

Also Published As

Publication number Publication date
CN109389506B (en) 2020-01-07

Similar Documents

Publication Publication Date Title
CN109389506A (en) Detection method for transaction data source under super account book multichain scene
US10929275B2 (en) Automatic test stack creation via production system replication
CN112508566B (en) Cross-link privacy transaction method and device based on alliance links
CN108960830B (en) Intelligent contract deployment method, device, equipment and storage medium
WO2022166637A1 (en) Blockchain network-based method and apparatus for data processing, and computer device
US8332457B2 (en) Tile architectural style for privacy-preserved distributed computing
JP2021533638A (en) Node group management device and computing device that make up the double signature transaction structure of the group key infrastructure on the blockchain network
CN110365701A (en) The management method of customer terminal equipment, calculates equipment and storage medium at device
CN108400979B (en) Communication method applied to client and server and electronic equipment
CN110599174A (en) Block chain information processing method and related equipment
CN111090581A (en) Intelligent contract testing method and device, computer equipment and storage medium
CN109886810B (en) Crowdsourcing transaction method and system, readable storage medium and terminal
CN117610026B (en) Honey point vulnerability generation method based on large language model
CN111367821A (en) A software testing method and system
CN107038050B (en) Game configuration loading method based on virtual server
CN113206741A (en) Anti-machine learning security authentication method and device based on strong PUF
CN111260470A (en) Mixed block chain architecture system and processing method
CN104375935B (en) The test method and device of SQL injection attack
CN111045722B (en) Intelligent contract packaging method, device, system, computer equipment and storage medium
Baiardi et al. Twin based continuous patching to minimize cyber risk
CN111147477A (en) Verification method and device based on block chain network
CN111367528B (en) Compiling method and device of software development kit, software development system and server
CN114745216B (en) Dynamic access method and device
CN106557859A (en) A kind of verification method and equipment
CN115862417A (en) A virtual simulation system and simulation method integrating attack and defense drill learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant