CN110287259A - A kind of audit log tamper resistant method based on block chain - Google Patents
A kind of audit log tamper resistant method based on block chain Download PDFInfo
- Publication number
- CN110287259A CN110287259A CN201910564977.9A CN201910564977A CN110287259A CN 110287259 A CN110287259 A CN 110287259A CN 201910564977 A CN201910564977 A CN 201910564977A CN 110287259 A CN110287259 A CN 110287259A
- Authority
- CN
- China
- Prior art keywords
- log
- block
- side chain
- transaction
- chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of audit log tamper resistant method based on block chain, belong to audit log technical field of memory, the present invention uses super account book fabric block chain network as basic platform, a block chain log side chain based on relevant database is constructed, guarantees that the audit log in database can not be distorted.The audit log that every sends over is packaged into log transaction in audit log side chain by the log side chain for constructing an audit log in the database, the block that periodically log transaction is bundled in log side chain.It finally needs periodically to be anchored in fabric block chain the block in log side chain, to guarantee really distort.To provide a kind of audit log storage mode efficiently, inexpensive for block chain user.
Description
Technical field
The present invention relates to audit log memory technology more particularly to a kind of anti-tamper sides of audit log based on block chain
Method.
Background technique
Super account book fabric is a block chain network, and core is a distributed account book, is recorded in this account book
The All Activity information occurred in network.Transaction has been ensured using encryption technology once being added in account book, with regard to nothing simultaneously
Method is tampered.
Database audit log is mainly used for recording all kinds of operation behaviors to database server, with the side of network bypass
Formula works in the network where database host, in real time various operations of the parsing to database server, and carries out audit day
The concentration of will collects, and to be inquired, analyzed, to be filtered in the future, realizes the monitoring to the user's operation of target database system
And audit.
It is stored since audit log concentration is sent to log server, audit log is easily tampered, and lacks independence
With fairness.The requirement of real-time of audit log access is high, and huge original audit log amount is directly as transaction record
It is again that block catenary system itself is unaffordable in block chain.It would therefore be desirable to have a kind of i.e. efficient and safe schemes to store
Audit log.
Summary of the invention
In order to solve the above technical problems, the invention proposes a kind of audit log tamper resistant method based on block chain,
Audit log is stored based on the log side chain of relevant database, side chain block is anchored to super account book fabric block chain again
In, on the premise of ensuring performance, that realizes audit log data can not tamper.
The technical scheme is that
The present invention uses super account book fabric block chain network as basic platform, and building one is based on relational data
The block chain log side chain in library guarantees that the audit log in database can not be distorted.An audit log is constructed in the database
Log side chain, in audit log side chain the audit log that every sends over be packaged into log transaction, periodically log
The block that transaction is bundled in log side chain.It finally needs that the block in log side chain is periodically anchored to fabric block chain
In, to guarantee really distort.To provide a kind of audit log storage side efficiently, inexpensive for block chain user
Formula.
Mainly include the following steps
(1) original audit log generates log transaction;
(2) log transaction is periodically packaged into block by side chain miner;
(3) log side chain block is anchored to super fabric.
Further,
Hash must be carried out to original log object first, carry out Hash using SHA256 algorithm;Then it needs to Hash
It is signed using the private key for the user for sending audit log
After log side chain receives the above log transaction containing client private key signature, one can be generated in log side chain
Log transaction record.
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log
The time sequencing of generation is ranked up transaction.
Hash is carried out to block content, generates a block, it must be understood that then the cryptographic Hash of previous block creates it
Remaining required content.
The audit log side chain of generation is all persistence in relevant database, the block sets generated in log side chain
Transaction as super account book fabric is anchored in super account book fabric block chain.
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction is not sent toward super account book fabric if log side chain does not have any new block record to generate to ask
It asks.
Further,
Workflow are as follows:
1) Hash is carried out to original log information and generates original log transaction after being signed using client private key,
Log side chain is traded using the public key sign test original log of client, and sign test generates log transaction after passing through;
2) to being bundled to block after log transaction sequence and being sent to verifying node, verifying node verification passes through miner's process
Block submission afterwards is added to log side chain;
3) block on log side chain is as transaction content, by being sent to super account after log side chain private key signature after Hash
All block contents on log side chain are anchored on super account book fabric block chain by this fabric block chain, guarantee day
Will side chain can not be distorted.
The beneficial effects of the invention are as follows
(1) log side chain is constructed in relevant database based on Cryptography Principles.Each transaction has client application
Private key signature, each block pass through block Hash first place be connected and miner's private key signature, guarantee log side chain can not usurp
Guarantee high-performance while changing.
(2) anti-tamper, each block in log side chain finally will be anchored to super account book as transaction content
On fabric block chain, the anti-tamper of log side chain fundamentally ensure that.Audit log content itself will not be deposited directly simultaneously
It is placed on super account book fabric, and in the log side chain based on relevant database, save super account book fabric net
Network resource and storage.
Detailed description of the invention
Fig. 1 is workflow schematic diagram of the invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The invention proposes a kind of audit log tamper resistant method based on block chain, technic relization scheme is as follows:
(1) original audit log generates log transaction
Original log transaction (rawTx) is the object of following format:
In order to guarantee the integrality of log transaction data it may first have to carry out Hash to original log object, use
SHA256 algorithm carries out Hash.
The generating algorithm of transaction Hash (txhash):
Const txhash=SHA256 (user_id+label+nodeid+createdt+log_txt); |
Then it needs to sign to Hash using the private key of user for sending audit log, guarantee audit log can not
The property denied.The log transaction format that client will be sent to log side chain is as follows:
After log side chain receives the above log transaction containing client private key signature, one can be generated in log side chain
Log transaction record.
(2) log transaction is periodically packaged into block by side chain miner
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log
The time sequencing of generation is ranked up transaction.
In order to guarantee the integrality of log side chain block data, it is necessary to carry out Hash to block content.Generate an area
Block, it must be understood that the then cryptographic Hash of previous block creates the content needed for remaining.
The generating algorithm of data Hash (datahash) and block Hash (blockhash) is as follows:
Wherein, datahash (data Hash) be log transaction transaction Hash according to the sequence of miner's process with comma
What is separated takes Hash.
Block Hash is block height (blocknum), migration block Hash (prehash), block creation time
(createdt), Hash is taken after channel Hash (channel_hash), data Hash (datahash) connection.
Signature (signature) is to be signed using the private key of miner's process to block Hash (blockhash).
(3) log side chain block is anchored to super fabric
By step (1), (2) generate audit log side chain be all persistence in relevant database, still it cannot be guaranteed that
Data can not tamper.So needing using the block sets generated in log side chain as the transaction anchor of super account book fabric
Determine into super account book fabric block chain.
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction is not sent toward super account book fabric if log side chain does not have any new block record to generate to ask
It asks.
As shown in Figure 1, carrying out Hash to original log information and being generated after being signed using client private key original
Log transaction, log side chain are traded using the public key sign test original log of client, and sign test generates log transaction after passing through.Miner
Process to being bundled to block after log transaction sequence and being sent to verifying node, submitted by rear block and be added by verifying node verification
To log side chain.
Block on log side chain is as transaction content, by being sent to super account book after log side chain private key signature after Hash
All block contents on log side chain are anchored on super account book fabric block chain by fabric block chain, guarantee log
Side chain can not be distorted.
Log side chain is based on Cryptography Principles and constructs in relevant database, guarantees daily record data by asymmetric encryption
It can not distort, relevant database stores a large amount of original audit log.
Only on super account book fabric block chain record log side chain block content, do not store original audit log
To super account book fabric, Internet resources and the storage of super account book fabric are saved.
The foregoing is merely presently preferred embodiments of the present invention, is only used to illustrate the technical scheme of the present invention, and is not intended to limit
Determine protection scope of the present invention.Any modification, equivalent substitution, improvement and etc. done all within the spirits and principles of the present invention,
It is included within the scope of protection of the present invention.
Claims (8)
1. a kind of audit log tamper resistant method based on block chain, which is characterized in that
The log side chain of an audit log, the audit that every is sended in audit log side chain are constructed in the database
Log is packaged into log transaction, the block that periodically log transaction is bundled in log side chain;It finally needs periodically log side
Block in chain is anchored in fabric block chain.
2. the method according to claim 1, wherein
Mainly include the following steps
(1) original audit log generates log transaction;
(2) log transaction is periodically packaged into block by side chain miner;
(3) log side chain block is anchored to super fabric.
3. the method according to claim 1, wherein
Hash must be carried out to original log object first, carry out Hash using SHA256 algorithm;Then it needs to use Hash
The private key for sending the user of audit log is signed;
After log side chain receives the above log transaction containing client private key signature, a day can be generated in log side chain
Will transaction record.
4. according to the method described in claim 3, it is characterized in that,
Miner's process can be packaged into the transaction in log side chain block, and log side chain miner process can trade according to log and generate
Time sequencing transaction is ranked up.
5. according to the method described in claim 4, it is characterized in that, generating a block to block content progress Hash, it is necessary to
Know the cryptographic Hash of previous block, then creates the content needed for remaining.
6. according to the method described in claim 5, it is characterized in that,
The audit log side chain of generation is all persistence in relevant database, using the block sets generated in log side chain as
The transaction of super account book fabric is anchored in super account book fabric block chain.
7. according to the method described in claim 6, it is characterized in that,
Anchoring rule:
1), the sum of newly generated block record strip number of log side chain runs up to the upper limit 100 of agreement;
2) or anchoring time interval reaches the time span of agreement, and 5 seconds;
3), transaction request is not sent toward super account book fabric if log side chain does not have any new block record to generate.
8. the method according to the description of claim 7 is characterized in that
Workflow are as follows:
1) Hash is carried out to original log information and generates original log transaction, log after being signed using client private key
Side chain is traded using the public key sign test original log of client, and sign test generates log transaction after passing through;
2) for miner's process to being bundled to block after log transaction sequence and being sent to verifying node, verifying node verification passes through back zone
Block submission is added to log side chain;
3) block on log side chain is as transaction content, by being sent to super account book after log side chain private key signature after Hash
All block contents on log side chain are anchored on super account book fabric block chain by fabric block chain, guarantee log
Side chain can not be distorted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910564977.9A CN110287259A (en) | 2019-06-27 | 2019-06-27 | A kind of audit log tamper resistant method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910564977.9A CN110287259A (en) | 2019-06-27 | 2019-06-27 | A kind of audit log tamper resistant method based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110287259A true CN110287259A (en) | 2019-09-27 |
Family
ID=68007688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910564977.9A Withdrawn CN110287259A (en) | 2019-06-27 | 2019-06-27 | A kind of audit log tamper resistant method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110287259A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110597926A (en) * | 2019-10-10 | 2019-12-20 | 山东爱城市网信息技术有限公司 | Method and system for establishing block chain side chain based on horizontal extension database |
CN111125776A (en) * | 2019-12-12 | 2020-05-08 | 成都四方伟业软件股份有限公司 | Operation data tamper-proofing method based on block chain |
CN111143837A (en) * | 2019-12-25 | 2020-05-12 | 天津南大通用数据技术股份有限公司 | Method for storing database security audit record |
CN111767168A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Block chain-based storage system convenient for data backtracking |
CN112313916A (en) * | 2018-09-30 | 2021-02-02 | 北京大学深圳研究生院 | Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology |
CN112508571A (en) * | 2020-12-17 | 2021-03-16 | 平安国际智慧城市科技股份有限公司 | Data processing method and device based on block chain, computer equipment and storage medium |
CN112988543A (en) * | 2021-04-15 | 2021-06-18 | 北京以弈信息技术有限公司 | Database audit monitoring system |
CN113158227A (en) * | 2021-03-08 | 2021-07-23 | 重庆邮电大学 | Database access log chaining method and system based on Fabric |
CN115277734A (en) * | 2022-05-23 | 2022-11-01 | 浪潮软件股份有限公司 | Cross-regional government affair data sharing and business cooperation method and system based on block chain technology |
-
2019
- 2019-06-27 CN CN201910564977.9A patent/CN110287259A/en not_active Withdrawn
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112313916A (en) * | 2018-09-30 | 2021-02-02 | 北京大学深圳研究生院 | Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology |
CN112313916B (en) * | 2018-09-30 | 2023-01-17 | 北京大学深圳研究生院 | Method and system for pseudo-storage of anti-tampering logs by fusing block chain technology |
CN110597926A (en) * | 2019-10-10 | 2019-12-20 | 山东爱城市网信息技术有限公司 | Method and system for establishing block chain side chain based on horizontal extension database |
CN111125776A (en) * | 2019-12-12 | 2020-05-08 | 成都四方伟业软件股份有限公司 | Operation data tamper-proofing method based on block chain |
CN111143837A (en) * | 2019-12-25 | 2020-05-12 | 天津南大通用数据技术股份有限公司 | Method for storing database security audit record |
CN111767168A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Block chain-based storage system convenient for data backtracking |
CN111767168B (en) * | 2020-06-23 | 2022-07-22 | 江苏荣泽信息科技股份有限公司 | Block chain-based storage system facilitating data backtracking |
CN112508571A (en) * | 2020-12-17 | 2021-03-16 | 平安国际智慧城市科技股份有限公司 | Data processing method and device based on block chain, computer equipment and storage medium |
CN113158227A (en) * | 2021-03-08 | 2021-07-23 | 重庆邮电大学 | Database access log chaining method and system based on Fabric |
CN113158227B (en) * | 2021-03-08 | 2022-10-11 | 重庆邮电大学 | Database access log uplink method and system based on Fabric |
CN112988543A (en) * | 2021-04-15 | 2021-06-18 | 北京以弈信息技术有限公司 | Database audit monitoring system |
CN115277734A (en) * | 2022-05-23 | 2022-11-01 | 浪潮软件股份有限公司 | Cross-regional government affair data sharing and business cooperation method and system based on block chain technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110287259A (en) | A kind of audit log tamper resistant method based on block chain | |
CN111612455A (en) | Power consumption information protection-oriented Byzantine fault-tolerant alliance chain consensus method, system and storage medium | |
CN108009445B (en) | Semi-centralized trusted data management system | |
CN108280646A (en) | Block chain group chain method based on alliance's chain and block catenary system | |
CN102419809B (en) | Safe, efficient and universal method for proving original value of electronic document | |
CN109509089A (en) | A kind of poverty alleviation loan approval system based on block chain | |
CN111461917B (en) | Power system material contract management system based on block chain | |
CN110675153A (en) | Block chain-based data verification method and device, storage medium and electronic equipment | |
CN108206831A (en) | Implementation method and server, the client and readable storage medium storing program for executing of E-seal | |
CN110163607A (en) | The personal reference method of college student number based on block chain intelligence contract | |
CN112069550B (en) | Electronic contract evidence-storing system based on intelligent contract mode | |
CN109981279A (en) | A kind of block catenary system, communication means, device, equipment and medium | |
CN109714175A (en) | Deposit card method, evidence collecting method and deposit system | |
CN114219490A (en) | Transaction behavior data updating method, device, equipment and storage medium | |
CN114006920A (en) | Geological disaster emergency command system based on alliance chain | |
CN112434342A (en) | Electronic certificate storage method and system based on block chain | |
CN112330443A (en) | Public credit information system based on block chain | |
CN115221380A (en) | Method, system and platform for managing urban construction files in batches | |
CN112101940A (en) | Random verifiable sample selection system implemented with block chains | |
CN110730074A (en) | Implementation method and data structure of nested traceable digital twin body | |
CN113761597A (en) | Contract signing method based on verifiable certificate VC and block chain signature | |
CN113672972A (en) | Important asset safety monitoring method based on middleboxes | |
CN110413697B (en) | Public welfare data storage method and system based on block chain | |
CN109978556A (en) | A kind of agricultural product retroactive method, device, electronic equipment and storage medium | |
CN111639916A (en) | Online auditing method, system and readable storage medium based on block chain technology and deep learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190927 |
|
WW01 | Invention patent application withdrawn after publication |