CN110287259A - A kind of audit log tamper resistant method based on block chain - Google Patents

A kind of audit log tamper resistant method based on block chain Download PDF

Info

Publication number
CN110287259A
CN110287259A CN201910564977.9A CN201910564977A CN110287259A CN 110287259 A CN110287259 A CN 110287259A CN 201910564977 A CN201910564977 A CN 201910564977A CN 110287259 A CN110287259 A CN 110287259A
Authority
CN
China
Prior art keywords
log
block
side chain
transaction
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910564977.9A
Other languages
Chinese (zh)
Inventor
宋明明
庞松涛
商广勇
王伟兵
马岩堂
赵树林
姜鑫
陶鑫
刘伟巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Original Assignee
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaozhou Zhuoshu Big Data Industry Development Co Ltd filed Critical Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority to CN201910564977.9A priority Critical patent/CN110287259A/en
Publication of CN110287259A publication Critical patent/CN110287259A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of audit log tamper resistant method based on block chain, belong to audit log technical field of memory, the present invention uses super account book fabric block chain network as basic platform, a block chain log side chain based on relevant database is constructed, guarantees that the audit log in database can not be distorted.The audit log that every sends over is packaged into log transaction in audit log side chain by the log side chain for constructing an audit log in the database, the block that periodically log transaction is bundled in log side chain.It finally needs periodically to be anchored in fabric block chain the block in log side chain, to guarantee really distort.To provide a kind of audit log storage mode efficiently, inexpensive for block chain user.

Description

A kind of audit log tamper resistant method based on block chain
Technical field
The present invention relates to audit log memory technology more particularly to a kind of anti-tamper sides of audit log based on block chain Method.
Background technique
Super account book fabric is a block chain network, and core is a distributed account book, is recorded in this account book The All Activity information occurred in network.Transaction has been ensured using encryption technology once being added in account book, with regard to nothing simultaneously Method is tampered.
Database audit log is mainly used for recording all kinds of operation behaviors to database server, with the side of network bypass Formula works in the network where database host, in real time various operations of the parsing to database server, and carries out audit day The concentration of will collects, and to be inquired, analyzed, to be filtered in the future, realizes the monitoring to the user's operation of target database system And audit.
It is stored since audit log concentration is sent to log server, audit log is easily tampered, and lacks independence With fairness.The requirement of real-time of audit log access is high, and huge original audit log amount is directly as transaction record It is again that block catenary system itself is unaffordable in block chain.It would therefore be desirable to have a kind of i.e. efficient and safe schemes to store Audit log.
Summary of the invention
In order to solve the above technical problems, the invention proposes a kind of audit log tamper resistant method based on block chain, Audit log is stored based on the log side chain of relevant database, side chain block is anchored to super account book fabric block chain again In, on the premise of ensuring performance, that realizes audit log data can not tamper.
The technical scheme is that
The present invention uses super account book fabric block chain network as basic platform, and building one is based on relational data The block chain log side chain in library guarantees that the audit log in database can not be distorted.An audit log is constructed in the database Log side chain, in audit log side chain the audit log that every sends over be packaged into log transaction, periodically log The block that transaction is bundled in log side chain.It finally needs that the block in log side chain is periodically anchored to fabric block chain In, to guarantee really distort.To provide a kind of audit log storage side efficiently, inexpensive for block chain user Formula.
Mainly include the following steps
(1) original audit log generates log transaction;
(2) log transaction is periodically packaged into block by side chain miner;
(3) log side chain block is anchored to super fabric.
Further,
Hash must be carried out to original log object first, carry out Hash using SHA256 algorithm;Then it needs to Hash It is signed using the private key for the user for sending audit log
After log side chain receives the above log transaction containing client private key signature, one can be generated in log side chain Log transaction record.
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log The time sequencing of generation is ranked up transaction.
Hash is carried out to block content, generates a block, it must be understood that then the cryptographic Hash of previous block creates it Remaining required content.
The audit log side chain of generation is all persistence in relevant database, the block sets generated in log side chain Transaction as super account book fabric is anchored in super account book fabric block chain.
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction is not sent toward super account book fabric if log side chain does not have any new block record to generate to ask It asks.
Further,
Workflow are as follows:
1) Hash is carried out to original log information and generates original log transaction after being signed using client private key, Log side chain is traded using the public key sign test original log of client, and sign test generates log transaction after passing through;
2) to being bundled to block after log transaction sequence and being sent to verifying node, verifying node verification passes through miner's process Block submission afterwards is added to log side chain;
3) block on log side chain is as transaction content, by being sent to super account after log side chain private key signature after Hash All block contents on log side chain are anchored on super account book fabric block chain by this fabric block chain, guarantee day Will side chain can not be distorted.
The beneficial effects of the invention are as follows
(1) log side chain is constructed in relevant database based on Cryptography Principles.Each transaction has client application Private key signature, each block pass through block Hash first place be connected and miner's private key signature, guarantee log side chain can not usurp Guarantee high-performance while changing.
(2) anti-tamper, each block in log side chain finally will be anchored to super account book as transaction content On fabric block chain, the anti-tamper of log side chain fundamentally ensure that.Audit log content itself will not be deposited directly simultaneously It is placed on super account book fabric, and in the log side chain based on relevant database, save super account book fabric net Network resource and storage.
Detailed description of the invention
Fig. 1 is workflow schematic diagram of the invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The invention proposes a kind of audit log tamper resistant method based on block chain, technic relization scheme is as follows:
(1) original audit log generates log transaction
Original log transaction (rawTx) is the object of following format:
In order to guarantee the integrality of log transaction data it may first have to carry out Hash to original log object, use SHA256 algorithm carries out Hash.
The generating algorithm of transaction Hash (txhash):
Const txhash=SHA256 (user_id+label+nodeid+createdt+log_txt);
Then it needs to sign to Hash using the private key of user for sending audit log, guarantee audit log can not The property denied.The log transaction format that client will be sent to log side chain is as follows:
After log side chain receives the above log transaction containing client private key signature, one can be generated in log side chain Log transaction record.
(2) log transaction is periodically packaged into block by side chain miner
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log The time sequencing of generation is ranked up transaction.
In order to guarantee the integrality of log side chain block data, it is necessary to carry out Hash to block content.Generate an area Block, it must be understood that the then cryptographic Hash of previous block creates the content needed for remaining.
The generating algorithm of data Hash (datahash) and block Hash (blockhash) is as follows:
Wherein, datahash (data Hash) be log transaction transaction Hash according to the sequence of miner's process with comma What is separated takes Hash.
Block Hash is block height (blocknum), migration block Hash (prehash), block creation time (createdt), Hash is taken after channel Hash (channel_hash), data Hash (datahash) connection.
Signature (signature) is to be signed using the private key of miner's process to block Hash (blockhash).
(3) log side chain block is anchored to super fabric
By step (1), (2) generate audit log side chain be all persistence in relevant database, still it cannot be guaranteed that Data can not tamper.So needing using the block sets generated in log side chain as the transaction anchor of super account book fabric Determine into super account book fabric block chain.
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction is not sent toward super account book fabric if log side chain does not have any new block record to generate to ask It asks.
As shown in Figure 1, carrying out Hash to original log information and being generated after being signed using client private key original Log transaction, log side chain are traded using the public key sign test original log of client, and sign test generates log transaction after passing through.Miner Process to being bundled to block after log transaction sequence and being sent to verifying node, submitted by rear block and be added by verifying node verification To log side chain.
Block on log side chain is as transaction content, by being sent to super account book after log side chain private key signature after Hash All block contents on log side chain are anchored on super account book fabric block chain by fabric block chain, guarantee log Side chain can not be distorted.
Log side chain is based on Cryptography Principles and constructs in relevant database, guarantees daily record data by asymmetric encryption It can not distort, relevant database stores a large amount of original audit log.
Only on super account book fabric block chain record log side chain block content, do not store original audit log To super account book fabric, Internet resources and the storage of super account book fabric are saved.
The foregoing is merely presently preferred embodiments of the present invention, is only used to illustrate the technical scheme of the present invention, and is not intended to limit Determine protection scope of the present invention.Any modification, equivalent substitution, improvement and etc. done all within the spirits and principles of the present invention, It is included within the scope of protection of the present invention.

Claims (8)

1. a kind of audit log tamper resistant method based on block chain, which is characterized in that
The log side chain of an audit log, the audit that every is sended in audit log side chain are constructed in the database Log is packaged into log transaction, the block that periodically log transaction is bundled in log side chain;It finally needs periodically log side Block in chain is anchored in fabric block chain.
2. the method according to claim 1, wherein
Mainly include the following steps
(1) original audit log generates log transaction;
(2) log transaction is periodically packaged into block by side chain miner;
(3) log side chain block is anchored to super fabric.
3. the method according to claim 1, wherein
Hash must be carried out to original log object first, carry out Hash using SHA256 algorithm;Then it needs to use Hash The private key for sending the user of audit log is signed;
After log side chain receives the above log transaction containing client private key signature, a day can be generated in log side chain Will transaction record.
4. according to the method described in claim 3, it is characterized in that,
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log and generate Time sequencing transaction is ranked up.
5. according to the method described in claim 4, it is characterized in that, generating a block to block content progress Hash, it is necessary to Know the cryptographic Hash of previous block, then creates the content needed for remaining.
6. according to the method described in claim 5, it is characterized in that,
The audit log side chain of generation is all persistence in relevant database, using the block sets generated in log side chain as The transaction of super account book fabric is anchored in super account book fabric block chain.
7. according to the method described in claim 6, it is characterized in that,
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction request is not sent toward super account book fabric if log side chain does not have any new block record to generate.
8. the method according to the description of claim 7 is characterized in that
Workflow are as follows:
1) Hash is carried out to original log information and generates original log transaction, log after being signed using client private key Side chain is traded using the public key sign test original log of client, and sign test generates log transaction after passing through;
2) for miner's process to being bundled to block after log transaction sequence and being sent to verifying node, verifying node verification passes through back zone Block submission is added to log side chain;
3) block on log side chain is as transaction content, by being sent to super account book after log side chain private key signature after Hash All block contents on log side chain are anchored on super account book fabric block chain by fabric block chain, guarantee log Side chain can not be distorted.
CN201910564977.9A 2019-06-27 2019-06-27 A kind of audit log tamper resistant method based on block chain Withdrawn CN110287259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910564977.9A CN110287259A (en) 2019-06-27 2019-06-27 A kind of audit log tamper resistant method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910564977.9A CN110287259A (en) 2019-06-27 2019-06-27 A kind of audit log tamper resistant method based on block chain

Publications (1)

Publication Number Publication Date
CN110287259A true CN110287259A (en) 2019-09-27

Family

ID=68007688

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910564977.9A Withdrawn CN110287259A (en) 2019-06-27 2019-06-27 A kind of audit log tamper resistant method based on block chain

Country Status (1)

Country Link
CN (1) CN110287259A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110597926A (en) * 2019-10-10 2019-12-20 山东爱城市网信息技术有限公司 Method and system for establishing block chain side chain based on horizontal extension database
CN111125776A (en) * 2019-12-12 2020-05-08 成都四方伟业软件股份有限公司 Operation data tamper-proofing method based on block chain
CN111143837A (en) * 2019-12-25 2020-05-12 天津南大通用数据技术股份有限公司 Method for storing database security audit record
CN111767168A (en) * 2020-06-23 2020-10-13 江苏荣泽信息科技股份有限公司 Block chain-based storage system convenient for data backtracking
CN112313916A (en) * 2018-09-30 2021-02-02 北京大学深圳研究生院 Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology
CN112508571A (en) * 2020-12-17 2021-03-16 平安国际智慧城市科技股份有限公司 Data processing method and device based on block chain, computer equipment and storage medium
CN112988543A (en) * 2021-04-15 2021-06-18 北京以弈信息技术有限公司 Database audit monitoring system
CN113158227A (en) * 2021-03-08 2021-07-23 重庆邮电大学 Database access log chaining method and system based on Fabric
CN115277734A (en) * 2022-05-23 2022-11-01 浪潮软件股份有限公司 Cross-regional government affair data sharing and business cooperation method and system based on block chain technology

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112313916A (en) * 2018-09-30 2021-02-02 北京大学深圳研究生院 Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology
CN112313916B (en) * 2018-09-30 2023-01-17 北京大学深圳研究生院 Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology
CN110597926A (en) * 2019-10-10 2019-12-20 山东爱城市网信息技术有限公司 Method and system for establishing block chain side chain based on horizontal extension database
CN111125776A (en) * 2019-12-12 2020-05-08 成都四方伟业软件股份有限公司 Operation data tamper-proofing method based on block chain
CN111143837A (en) * 2019-12-25 2020-05-12 天津南大通用数据技术股份有限公司 Method for storing database security audit record
CN111767168A (en) * 2020-06-23 2020-10-13 江苏荣泽信息科技股份有限公司 Block chain-based storage system convenient for data backtracking
CN111767168B (en) * 2020-06-23 2022-07-22 江苏荣泽信息科技股份有限公司 Block chain-based storage system facilitating data backtracking
CN112508571A (en) * 2020-12-17 2021-03-16 平安国际智慧城市科技股份有限公司 Data processing method and device based on block chain, computer equipment and storage medium
CN113158227A (en) * 2021-03-08 2021-07-23 重庆邮电大学 Database access log chaining method and system based on Fabric
CN113158227B (en) * 2021-03-08 2022-10-11 重庆邮电大学 Database access log uplink method and system based on Fabric
CN112988543A (en) * 2021-04-15 2021-06-18 北京以弈信息技术有限公司 Database audit monitoring system
CN115277734A (en) * 2022-05-23 2022-11-01 浪潮软件股份有限公司 Cross-regional government affair data sharing and business cooperation method and system based on block chain technology

Similar Documents

Publication Publication Date Title
CN110287259A (en) A kind of audit log tamper resistant method based on block chain
CN111612455A (en) Power consumption information protection-oriented Byzantine fault-tolerant alliance chain consensus method, system and storage medium
CN108009445B (en) Semi-centralized trusted data management system
CN108280646A (en) Block chain group chain method based on alliance's chain and block catenary system
CN102419809B (en) Safe, efficient and universal method for proving original value of electronic document
CN109509089A (en) A kind of poverty alleviation loan approval system based on block chain
CN111461917B (en) Power system material contract management system based on block chain
CN110675153A (en) Block chain-based data verification method and device, storage medium and electronic equipment
CN108206831A (en) Implementation method and server, the client and readable storage medium storing program for executing of E-seal
CN110163607A (en) The personal reference method of college student number based on block chain intelligence contract
CN112069550B (en) Electronic contract evidence-storing system based on intelligent contract mode
CN109981279A (en) A kind of block catenary system, communication means, device, equipment and medium
CN109714175A (en) Deposit card method, evidence collecting method and deposit system
CN114219490A (en) Transaction behavior data updating method, device, equipment and storage medium
CN114006920A (en) Geological disaster emergency command system based on alliance chain
CN112434342A (en) Electronic certificate storage method and system based on block chain
CN112330443A (en) Public credit information system based on block chain
CN115221380A (en) Method, system and platform for managing urban construction files in batches
CN112101940A (en) Random verifiable sample selection system implemented with block chains
CN110730074A (en) Implementation method and data structure of nested traceable digital twin body
CN113761597A (en) Contract signing method based on verifiable certificate VC and block chain signature
CN113672972A (en) Important asset safety monitoring method based on middleboxes
CN110413697B (en) Public welfare data storage method and system based on block chain
CN109978556A (en) A kind of agricultural product retroactive method, device, electronic equipment and storage medium
CN111639916A (en) Online auditing method, system and readable storage medium based on block chain technology and deep learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20190927

WW01 Invention patent application withdrawn after publication