CN111181894B - Network communication method for enabling block chain nodes to efficiently communicate and safely - Google Patents
Network communication method for enabling block chain nodes to efficiently communicate and safely Download PDFInfo
- Publication number
- CN111181894B CN111181894B CN201811332761.1A CN201811332761A CN111181894B CN 111181894 B CN111181894 B CN 111181894B CN 201811332761 A CN201811332761 A CN 201811332761A CN 111181894 B CN111181894 B CN 111181894B
- Authority
- CN
- China
- Prior art keywords
- node
- plaintext
- password
- ciphertext
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to a network protocol for communication among block chain nodes, which is characterized in that 1 a node N1 monitors a port P (2) to establish connection to N1, N2 encrypts plaintext A by using a password K2 to obtain ciphertext A1, then sends the ciphertext A1 to N1, N1 decrypts the plaintext A by using a password K1 after receiving the A1 to obtain plaintext A2, and simultaneously N1 encrypts plaintext B by using the password K1 to obtain ciphertext B1, and responds to N2 (3) with the A2 just decrypted, N2 receives returned A2 and B1 of N1, and confirms whether N1 is correctly decrypted, namely whether A and A2 are equal, and N2 decrypts ciphertext B1 brought by N1 by using the password K2, and sends the ciphertext B2 to N1 to verify (4) whether the plaintext B2 decrypted by N1 is successful, namely whether B and B2 are equal, and the long-term connection can be carried out (5) is explained, and the invention can be operated with high efficiency.
Description
Technical Field
The invention relates to a network protocol for communication among block chain nodes, in particular to a network communication method which enables the block chain nodes to communicate efficiently and safely.
Technical Field
And establishing connection among all nodes of the block chain to perform network communication so as to complete the common building block process. Two nodes N of block chain 1 And N 2 The steps of inter-communication are as follows:
(1) Node N 1 The open port P is on the network;
(2)N 2 node passes through ports P and N 1 Establishing a connection;
(3) And N 1 After the connection is established, N 2 Node direction N 1 Transmitting data;
(4)N 1 node receives N 2 Data of the node;
(5)N 1 and N 2 The one-time communication ends.
The traditional implementation mode is as follows:
(1) Node N 1 Monitoring a P port by a Serversocket, and waiting for connection establishment;
(2)N 2 socket application and N of node 1 The connection is established, and the connection can be smoothly carried out without any safety measures;
(3)N 1 and N 2 After the connection is established, N 2 Can be directed to N 1 Writing data into a port P of the node;
(4)N 1 and N 2 After the connection is established, monitoring the data flow of the P port, and if written data exist, immediately reading and handing over the data flow to a blockchain system for processing;
(5) When N is 2 After the node transmits the data, the communication is completed once, the connection is closed, and the data is required to be transmitted to N again next time 1 Then the connection needs to be applied for again.
The blockchain technology is continuously promoted to develop by application, from the creation of a bit coin of one block in tens of minutes to the new blockchain of one block in 1 second, the application has higher and higher requirements on the blockchain, and the communication frequency between nodes also has greatly increased. In the conventional communication flow, N 1 And N 2 The need to establish a connection every time a communication occurs, and the use of short links in a blockchain system with frequent communications is clearly an efficiency problem. To solve this efficiency problem, the blockchain should be changed to a long connection, N 1 And N 2 Only one connection is needed for long-term use until the system is stopped.
The use of long connections can well bypass the process of frequently establishing connections, greatly optimizing the efficiency of network communications, but long connections also present a serious security problem: DDOS attacks. If a long-connection port is opened to the network, a hacker can exploit this vulnerability to perform a DDOS attack on the port, which results in system paralysis after running out of blockchain system resources.
Disclosure of Invention
The invention designs a network communication protocol which enables the block chain nodes to communicate efficiently and safely, solves the problem of DDOS attack caused by the open port while using long connection, and enables the block chain system to operate more efficiently and safely. In order to resist hacking while maintaining efficient communication capabilities, the present invention employs a network protocol that establishes long connections based on passwords to complete communications between blockchain nodes. Thus, only the node with the password can enter the blockchain system, which is equivalent to setting a private network channel for the blockchain, and a hacker can not enter the broken blockchain. The method comprises the following specific steps:
(1) Node N 1 The ServerSocket monitoring port P waits for connection establishment;
(2) Node N 2 To node N 1 After the port P applies for establishing connection, N 2 Node uses password K 2 Encrypting the plaintext A to obtain ciphertext A 1 Then send to N 1 ,N 1 Node collectionTo ciphertext A 1 After using the own password K 1 Decrypting it to obtain plaintext A 2 At the same time N 1 Node uses password K 1 Encrypting plaintext B to obtain ciphertext B 1 And the just decrypted plaintext A 2 Respond together to N 2 ;
(3)N 2 Node receives N 1 Is returned to message a of (1) 2 、B 1 And confirm N 1 Whether or not to decrypt correctly, i.e. A and A 2 Whether or not to be equal to each other, while N 2 Also using password K 2 Decrypting N 1 Ciphertext B of the belt 1 Obtaining plaintext B 2 After completion, continue to send to N 1 Verifying;
(4)N 1 received N 2 Decrypted plaintext B 2 And proceed to confirm N 2 Whether decryption was successful, i.e. B and B 2 Whether equal. If equal description N 1 And N 2 Hand held password K 1 And K is equal to 2 Consistent, long connections can be made;
(5)N 1 and N 2 After the long connection is successfully established, the data can be sent at will, and the connection is not required to be established once for every data.
Further, the step (2) specifically comprises:
step 2.1 node N 2 Using password K 2 Encrypting the plaintext A to obtain ciphertext (K) 2 , A)=A 1 ;
Step 2.2 procedure A 1 Sent to N through port P 1 ;
Step 2.3 node N 1 Received ciphertext A 1 After using the own password K 1 Decrypted to obtain plaintext decrypt (K) 1 , A 1 )=A 2 ;
Step 2.4 node N 1 Node uses password K 1 Encrypting the plaintext B to obtain ciphertext (K) 1 , B)=B 1 ;
Step 2.5 node N 1 Will A 2 、B 1 Responding to node N 2 。
Further, the step (3) specifically comprises:
step 3.1 node N 2 Received N 1 Is a return message a of (1) 2 、B 1 ;
Step 3.2 if a=a 2 The decryption is correct, and the next step can be performed;
step 3.3 if a +|=a 2 Indicating that decryption fails, N 1 And N 2 Disconnection;
step 3.4 node N 2 For N 1 Ciphertext B of node response 1 Decryption is performed to obtain plaintext decrypt (K 2 , B 1 )=B 2 ;
Step 3.5 node N 2 Will B 2 Send to N 1 。
Further, the step (4) specifically comprises:
step 4.1 node N 1 Receiving node N 2 Transmitted plaintext B 2 ;
Step 4.2 if b=b 2 Then the long connection is correctly established, and K 1 =K 2 ;
Step 4.3 if B +|=b 2 Failure of verification, description N 1 And N 2 The passwords held by the two nodes are inconsistent, N 1 Reject and N 2 The connection is long.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of example and not by way of limitation, with reference to the accompanying drawings;
the same reference numbers in the drawings identify the same or similar elements or parts; it will be appreciated by those skilled in the art that the drawings are not necessarily drawn to scale; the objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings in which:
fig. 1 is a flow chart of a password-based long connection protocol.
The figure assumes that both a and B use passwords: "123", the ciphertext corresponding to plaintext "ABC" is "@ A", and the ciphertext corresponding to plaintext "BCD" is "@ B". Wherein, the connection handshake connection between the A initiative and the B initiative is completed smoothly, and if both the connection handshake connection and the B initiative have the same password, the connection between the A and the B can be established.
FIG. 2 is a block chain diagram of a secure private communication channel using a long connection protocol based on a password, where a hacker cannot enter the block chain system.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, however, one skilled in the art will appreciate that the present application claims are presented in light of the present application without such specific details and with various changes and modifications from the following embodiments.
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The invention relates to a technology which is invented for efficient and safe communication of a block chain system, and is designed to the fields of communication data structures, algorithm design and the like of the block chain. The specific implementation steps are as follows:
assume two nodes A and B in the blockchain system that participate in a consensus, the two nodes hold a password "123". Ciphertext corresponding to encrypting plaintext "ABC" by password "123" is "@ a", ciphertext corresponding to encrypting plaintext "BCD" by password "123" is "@ B":
(1) Node A opens a ServerSocket monitoring 1088 port;
(2) Nodes B and a create a Socket connection and encrypt plaintext "ABC" using their own password "123" to obtain ciphertext "@ a". Encapsulating the ciphertext into a "{ 'cipher_data': '@ A' }" data structure, and writing the ciphertext into an output stream of the A node;
(3) The A node reads the input stream "{ 'cipher_data': '@ A' }" written by the B node, analyzes and obtains the ciphertext therein, and decrypts the ciphertext by using the held password "123" to obtain plaintext "ABC". At the moment, the node A encrypts a new group of plaintext BCD by using the password 123 to obtain ciphertext @ B ', encapsulates the ciphertext @ B into a {' cipher_data: '@ B', 'data:' ABC '}' data structure and writes the ciphertext @ B back to the node B through IO;
(4) The node B reads the output stream written back by the node A to obtain a data structure: "{ ' cipher_data ': ' @ B ', ' data ': ABC '. Removing the plaintext data attribute in the data structure results in "ABC" and verifies if it is consistent with the plaintext used for encryption in step 3. The inconsistency indicates that the passwords A and B are inconsistent, namely connection failure; the agreement specification initially considers the a and B passwords to be agreement, but in order to prevent fraud, the node B also needs to perform reverse decryption verification. B decrypts "@ B" by using a self password "123" to obtain a plaintext "BCD", encapsulates the plaintext into a "{ ' data ': BCD ' }" data structure, and then immediately outputs the plaintext to the A node through an IO output stream;
(5) The node A receives the data structure sent by the node B: "{ ' data ': BCD ' }. The plaintext "BCD" is parsed and derived and used to compare whether it is consistent with the plaintext used for encryption in step 4. The inconsistency indicates that the passwords of the two nodes A and B are inconsistent, and the connection fails; the consistency indicates that the passwords of the two nodes A and B are consistent, and long connection can be established.
To this end, a and B walk through the long connection protocol to the password, successfully establish a secure private network communication channel.
Claims (1)
1. A network communication method for efficient and secure communication between blockchain nodes, comprising the steps of:
(1) Node N 1 The ServerSocket monitoring port P waits for connection establishment;
(2) Node N 2 To node N 1 After the port P applies for establishing connection, N 2 Node uses password K 2 Encrypting the plaintext A to obtain ciphertext A 1 Then send to N 1 ,N 1 Node receives ciphertext A 1 After using the own password K 1 Decrypting it to obtain plaintext A 2 At the same time N 1 Node uses password K 1 Encrypting plaintext B to obtain ciphertext B 1 And the just decrypted plaintext A 2 Respond together to N 2 ;
(3)N 2 Node receives N 1 Is returned to message a of (1) 2 、B 1 And confirm N 1 Whether or not to decrypt correctly, i.e. A and A 2 Whether or not to be equal to each other, while N 2 Also using password K 2 Decrypting N 1 Ciphertext B of the belt 1 Obtaining plaintext B 2 After completion, continue to send to N 1 Verifying;
(4)N 1 received N 2 Decrypted plaintext B 2 And proceed to confirm N 2 Whether decryption was successful, i.e. B and B 2 Whether or not they are equal; if equal description N 1 And N 2 Hand held password K 1 And K is equal to 2 Consistent, long connections can be made;
(5)N 1 and N 2 After the long connection is successfully established, the data can be randomly sent, and the connection is not required to be established once for every data;
the step (2) specifically comprises the following steps:
step 2.1 node N 2 Using password K 2 Encrypting the plaintext A to obtain ciphertext (K) 2 , A)=A 1 ;
Step 2.2 procedure A 1 Sent to N through port P 1 ;
Step 2.3 node N 1 Received ciphertext A 1 After using the own password K 1 Decrypted to obtain plaintext decrypt (K) 1 ,A 1 )=A 2 ;
Step 2.4 node N 1 Node uses password K 1 Encrypting the plaintext B to obtain ciphertext (K) 1 , B)=B 1 ;
Step 2.5 node N 1 Will A 2 、B 1 Responding to node N 2 ;
The step (3) specifically comprises the following steps:
step 3.1 node N 2 Received N 1 Is a return message a of (1) 2 、B 1 ;
Step 3.2 if a=a 2 The decryption is correct, and the next step can be performed;
step 3.3 if a +|=a 2 Indicating that decryption fails, N 1 And N 2 Disconnection;
step 3.4 node N 2 For N 1 Ciphertext B of node response 1 Decryption is performed to obtain plaintext decrypt (K 2 , B 1 )=B 2 ;
Step 3.5 node N 2 Will B 2 Send to N 1 ;
The step (4) specifically comprises the following steps:
step 4.1 node N 1 Receiving node N 2 Transmitted plaintext B 2 ;
Step 4.2 if b=b 2 Then the long connection is correctly established, and K 1 =K 2 ;
Step 4.3 if B +|=b 2 Failure of verification, description N 1 And N 2 The passwords held by the two nodes are inconsistent, N 1 Reject and N 2 The connection is long.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811332761.1A CN111181894B (en) | 2018-11-09 | 2018-11-09 | Network communication method for enabling block chain nodes to efficiently communicate and safely |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811332761.1A CN111181894B (en) | 2018-11-09 | 2018-11-09 | Network communication method for enabling block chain nodes to efficiently communicate and safely |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111181894A CN111181894A (en) | 2020-05-19 |
CN111181894B true CN111181894B (en) | 2023-06-06 |
Family
ID=70647950
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811332761.1A Active CN111181894B (en) | 2018-11-09 | 2018-11-09 | Network communication method for enabling block chain nodes to efficiently communicate and safely |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111181894B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112055067B (en) * | 2020-08-28 | 2023-04-18 | 杭州复杂美科技有限公司 | Node connection method, device and storage medium |
CN114489995B (en) * | 2022-02-15 | 2022-09-30 | 北京永信至诚科技股份有限公司 | Distributed scheduling processing method and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964805A (en) * | 2010-10-28 | 2011-02-02 | 北京握奇数据系统有限公司 | Method, equipment and system for safely sending and receiving data |
CN102664739A (en) * | 2012-04-26 | 2012-09-12 | 杜丽萍 | PKI (Public Key Infrastructure) implementation method based on safety certificate |
CN105812416A (en) * | 2014-12-29 | 2016-07-27 | 金蝶软件(中国)有限公司 | Method and system for transmitting files between different networks |
CN106850502A (en) * | 2015-12-04 | 2017-06-13 | 阿里巴巴集团控股有限公司 | Service request retransmission method, storage method, apparatus and system based on connection long |
CN107733890A (en) * | 2017-10-17 | 2018-02-23 | 广州亦云信息技术股份有限公司 | The inter-network means of communication, electronic equipment, storage medium, system based on web protocol |
CN108282329A (en) * | 2017-01-06 | 2018-07-13 | 中国移动通信有限公司研究院 | A kind of Bidirectional identity authentication method and device |
CN108492154A (en) * | 2018-04-24 | 2018-09-04 | 仝相宝 | A kind of intelligent projection mapping method and its system based on the storage of block chain |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
-
2018
- 2018-11-09 CN CN201811332761.1A patent/CN111181894B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964805A (en) * | 2010-10-28 | 2011-02-02 | 北京握奇数据系统有限公司 | Method, equipment and system for safely sending and receiving data |
CN102664739A (en) * | 2012-04-26 | 2012-09-12 | 杜丽萍 | PKI (Public Key Infrastructure) implementation method based on safety certificate |
CN105812416A (en) * | 2014-12-29 | 2016-07-27 | 金蝶软件(中国)有限公司 | Method and system for transmitting files between different networks |
CN106850502A (en) * | 2015-12-04 | 2017-06-13 | 阿里巴巴集团控股有限公司 | Service request retransmission method, storage method, apparatus and system based on connection long |
CN108282329A (en) * | 2017-01-06 | 2018-07-13 | 中国移动通信有限公司研究院 | A kind of Bidirectional identity authentication method and device |
CN107733890A (en) * | 2017-10-17 | 2018-02-23 | 广州亦云信息技术股份有限公司 | The inter-network means of communication, electronic equipment, storage medium, system based on web protocol |
CN108492154A (en) * | 2018-04-24 | 2018-09-04 | 仝相宝 | A kind of intelligent projection mapping method and its system based on the storage of block chain |
Also Published As
Publication number | Publication date |
---|---|
CN111181894A (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7581100B2 (en) | Key generation method for communication session encryption and authentication system | |
US9590954B2 (en) | Transferring encrypted and unencrypted data between processing devices | |
US7506161B2 (en) | Communication session encryption and authentication system | |
US7299356B2 (en) | Key conversion method for communication session encryption and authentication system | |
JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
WO2022021992A1 (en) | Data transmission method and system based on nb-iot communication, and medium | |
US20070260871A1 (en) | Inspecting encrypted communications with end-to-end integrity | |
US20080123852A1 (en) | Method and system for managing a wireless network | |
US8417949B2 (en) | Total exchange session security | |
CN110995414B (en) | Method for establishing channel in TLS1_3 protocol based on cryptographic algorithm | |
Haakegaard et al. | The elliptic curve diffie-hellman (ecdh) | |
CN111181894B (en) | Network communication method for enabling block chain nodes to efficiently communicate and safely | |
TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
JP4550759B2 (en) | Communication system and communication apparatus | |
US20020078352A1 (en) | Secure communication by modification of security codes | |
CN109587149A (en) | A kind of safety communicating method and device of data | |
JPH10242957A (en) | User authentication method, system therefor and storage medium for user authentication | |
TW202231014A (en) | Message transmitting system, user device and hardware security module for use therein | |
CN102694652B (en) | A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption | |
CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security | |
Dey et al. | An efficient dynamic key based EAP authentication framework for future IEEE 802.1 x Wireless LANs | |
CN114707158A (en) | Network communication authentication method and network communication authentication system based on TEE | |
CN109088728B (en) | Electric power system debugging tool encrypted communication method based on shared secret key | |
WO2016045307A1 (en) | Ike authentication method, ike initiating terminal, ike response terminal, and ike authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |