CN111181894B - Network communication method for enabling block chain nodes to efficiently communicate and safely - Google Patents

Network communication method for enabling block chain nodes to efficiently communicate and safely Download PDF

Info

Publication number
CN111181894B
CN111181894B CN201811332761.1A CN201811332761A CN111181894B CN 111181894 B CN111181894 B CN 111181894B CN 201811332761 A CN201811332761 A CN 201811332761A CN 111181894 B CN111181894 B CN 111181894B
Authority
CN
China
Prior art keywords
node
plaintext
password
ciphertext
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811332761.1A
Other languages
Chinese (zh)
Other versions
CN111181894A (en
Inventor
蔡维德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zeu Crypto Networks Inc
Original Assignee
Zeu Crypto Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zeu Crypto Networks Inc filed Critical Zeu Crypto Networks Inc
Priority to CN201811332761.1A priority Critical patent/CN111181894B/en
Publication of CN111181894A publication Critical patent/CN111181894A/en
Application granted granted Critical
Publication of CN111181894B publication Critical patent/CN111181894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to a network protocol for communication among block chain nodes, which is characterized in that 1 a node N1 monitors a port P (2) to establish connection to N1, N2 encrypts plaintext A by using a password K2 to obtain ciphertext A1, then sends the ciphertext A1 to N1, N1 decrypts the plaintext A by using a password K1 after receiving the A1 to obtain plaintext A2, and simultaneously N1 encrypts plaintext B by using the password K1 to obtain ciphertext B1, and responds to N2 (3) with the A2 just decrypted, N2 receives returned A2 and B1 of N1, and confirms whether N1 is correctly decrypted, namely whether A and A2 are equal, and N2 decrypts ciphertext B1 brought by N1 by using the password K2, and sends the ciphertext B2 to N1 to verify (4) whether the plaintext B2 decrypted by N1 is successful, namely whether B and B2 are equal, and the long-term connection can be carried out (5) is explained, and the invention can be operated with high efficiency.

Description

Network communication method for enabling block chain nodes to efficiently communicate and safely
Technical Field
The invention relates to a network protocol for communication among block chain nodes, in particular to a network communication method which enables the block chain nodes to communicate efficiently and safely.
Technical Field
And establishing connection among all nodes of the block chain to perform network communication so as to complete the common building block process. Two nodes N of block chain 1 And N 2 The steps of inter-communication are as follows:
(1) Node N 1 The open port P is on the network;
(2)N 2 node passes through ports P and N 1 Establishing a connection;
(3) And N 1 After the connection is established, N 2 Node direction N 1 Transmitting data;
(4)N 1 node receives N 2 Data of the node;
(5)N 1 and N 2 The one-time communication ends.
The traditional implementation mode is as follows:
(1) Node N 1 Monitoring a P port by a Serversocket, and waiting for connection establishment;
(2)N 2 socket application and N of node 1 The connection is established, and the connection can be smoothly carried out without any safety measures;
(3)N 1 and N 2 After the connection is established, N 2 Can be directed to N 1 Writing data into a port P of the node;
(4)N 1 and N 2 After the connection is established, monitoring the data flow of the P port, and if written data exist, immediately reading and handing over the data flow to a blockchain system for processing;
(5) When N is 2 After the node transmits the data, the communication is completed once, the connection is closed, and the data is required to be transmitted to N again next time 1 Then the connection needs to be applied for again.
The blockchain technology is continuously promoted to develop by application, from the creation of a bit coin of one block in tens of minutes to the new blockchain of one block in 1 second, the application has higher and higher requirements on the blockchain, and the communication frequency between nodes also has greatly increased. In the conventional communication flow, N 1 And N 2 The need to establish a connection every time a communication occurs, and the use of short links in a blockchain system with frequent communications is clearly an efficiency problem. To solve this efficiency problem, the blockchain should be changed to a long connection, N 1 And N 2 Only one connection is needed for long-term use until the system is stopped.
The use of long connections can well bypass the process of frequently establishing connections, greatly optimizing the efficiency of network communications, but long connections also present a serious security problem: DDOS attacks. If a long-connection port is opened to the network, a hacker can exploit this vulnerability to perform a DDOS attack on the port, which results in system paralysis after running out of blockchain system resources.
Disclosure of Invention
The invention designs a network communication protocol which enables the block chain nodes to communicate efficiently and safely, solves the problem of DDOS attack caused by the open port while using long connection, and enables the block chain system to operate more efficiently and safely. In order to resist hacking while maintaining efficient communication capabilities, the present invention employs a network protocol that establishes long connections based on passwords to complete communications between blockchain nodes. Thus, only the node with the password can enter the blockchain system, which is equivalent to setting a private network channel for the blockchain, and a hacker can not enter the broken blockchain. The method comprises the following specific steps:
(1) Node N 1 The ServerSocket monitoring port P waits for connection establishment;
(2) Node N 2 To node N 1 After the port P applies for establishing connection, N 2 Node uses password K 2 Encrypting the plaintext A to obtain ciphertext A 1 Then send to N 1 ,N 1 Node collectionTo ciphertext A 1 After using the own password K 1 Decrypting it to obtain plaintext A 2 At the same time N 1 Node uses password K 1 Encrypting plaintext B to obtain ciphertext B 1 And the just decrypted plaintext A 2 Respond together to N 2
(3)N 2 Node receives N 1 Is returned to message a of (1) 2 、B 1 And confirm N 1 Whether or not to decrypt correctly, i.e. A and A 2 Whether or not to be equal to each other, while N 2 Also using password K 2 Decrypting N 1 Ciphertext B of the belt 1 Obtaining plaintext B 2 After completion, continue to send to N 1 Verifying;
(4)N 1 received N 2 Decrypted plaintext B 2 And proceed to confirm N 2 Whether decryption was successful, i.e. B and B 2 Whether equal. If equal description N 1 And N 2 Hand held password K 1 And K is equal to 2 Consistent, long connections can be made;
(5)N 1 and N 2 After the long connection is successfully established, the data can be sent at will, and the connection is not required to be established once for every data.
Further, the step (2) specifically comprises:
step 2.1 node N 2 Using password K 2 Encrypting the plaintext A to obtain ciphertext (K) 2 , A)=A 1
Step 2.2 procedure A 1 Sent to N through port P 1
Step 2.3 node N 1 Received ciphertext A 1 After using the own password K 1 Decrypted to obtain plaintext decrypt (K) 1 , A 1 )=A 2
Step 2.4 node N 1 Node uses password K 1 Encrypting the plaintext B to obtain ciphertext (K) 1 , B)=B 1 ;
Step 2.5 node N 1 Will A 2 、B 1 Responding to node N 2
Further, the step (3) specifically comprises:
step 3.1 node N 2 Received N 1 Is a return message a of (1) 2 、B 1
Step 3.2 if a=a 2 The decryption is correct, and the next step can be performed;
step 3.3 if a +|=a 2 Indicating that decryption fails, N 1 And N 2 Disconnection;
step 3.4 node N 2 For N 1 Ciphertext B of node response 1 Decryption is performed to obtain plaintext decrypt (K 2 , B 1 )=B 2
Step 3.5 node N 2 Will B 2 Send to N 1
Further, the step (4) specifically comprises:
step 4.1 node N 1 Receiving node N 2 Transmitted plaintext B 2
Step 4.2 if b=b 2 Then the long connection is correctly established, and K 1 =K 2
Step 4.3 if B +|=b 2 Failure of verification, description N 1 And N 2 The passwords held by the two nodes are inconsistent, N 1 Reject and N 2 The connection is long.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of example and not by way of limitation, with reference to the accompanying drawings;
the same reference numbers in the drawings identify the same or similar elements or parts; it will be appreciated by those skilled in the art that the drawings are not necessarily drawn to scale; the objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings in which:
fig. 1 is a flow chart of a password-based long connection protocol.
The figure assumes that both a and B use passwords: "123", the ciphertext corresponding to plaintext "ABC" is "@ A", and the ciphertext corresponding to plaintext "BCD" is "@ B". Wherein, the connection handshake connection between the A initiative and the B initiative is completed smoothly, and if both the connection handshake connection and the B initiative have the same password, the connection between the A and the B can be established.
FIG. 2 is a block chain diagram of a secure private communication channel using a long connection protocol based on a password, where a hacker cannot enter the block chain system.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, however, one skilled in the art will appreciate that the present application claims are presented in light of the present application without such specific details and with various changes and modifications from the following embodiments.
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The invention relates to a technology which is invented for efficient and safe communication of a block chain system, and is designed to the fields of communication data structures, algorithm design and the like of the block chain. The specific implementation steps are as follows:
assume two nodes A and B in the blockchain system that participate in a consensus, the two nodes hold a password "123". Ciphertext corresponding to encrypting plaintext "ABC" by password "123" is "@ a", ciphertext corresponding to encrypting plaintext "BCD" by password "123" is "@ B":
(1) Node A opens a ServerSocket monitoring 1088 port;
(2) Nodes B and a create a Socket connection and encrypt plaintext "ABC" using their own password "123" to obtain ciphertext "@ a". Encapsulating the ciphertext into a "{ 'cipher_data': '@ A' }" data structure, and writing the ciphertext into an output stream of the A node;
(3) The A node reads the input stream "{ 'cipher_data': '@ A' }" written by the B node, analyzes and obtains the ciphertext therein, and decrypts the ciphertext by using the held password "123" to obtain plaintext "ABC". At the moment, the node A encrypts a new group of plaintext BCD by using the password 123 to obtain ciphertext @ B ', encapsulates the ciphertext @ B into a {' cipher_data: '@ B', 'data:' ABC '}' data structure and writes the ciphertext @ B back to the node B through IO;
(4) The node B reads the output stream written back by the node A to obtain a data structure: "{ ' cipher_data ': ' @ B ', ' data ': ABC '. Removing the plaintext data attribute in the data structure results in "ABC" and verifies if it is consistent with the plaintext used for encryption in step 3. The inconsistency indicates that the passwords A and B are inconsistent, namely connection failure; the agreement specification initially considers the a and B passwords to be agreement, but in order to prevent fraud, the node B also needs to perform reverse decryption verification. B decrypts "@ B" by using a self password "123" to obtain a plaintext "BCD", encapsulates the plaintext into a "{ ' data ': BCD ' }" data structure, and then immediately outputs the plaintext to the A node through an IO output stream;
(5) The node A receives the data structure sent by the node B: "{ ' data ': BCD ' }. The plaintext "BCD" is parsed and derived and used to compare whether it is consistent with the plaintext used for encryption in step 4. The inconsistency indicates that the passwords of the two nodes A and B are inconsistent, and the connection fails; the consistency indicates that the passwords of the two nodes A and B are consistent, and long connection can be established.
To this end, a and B walk through the long connection protocol to the password, successfully establish a secure private network communication channel.

Claims (1)

1. A network communication method for efficient and secure communication between blockchain nodes, comprising the steps of:
(1) Node N 1 The ServerSocket monitoring port P waits for connection establishment;
(2) Node N 2 To node N 1 After the port P applies for establishing connection, N 2 Node uses password K 2 Encrypting the plaintext A to obtain ciphertext A 1 Then send to N 1 ,N 1 Node receives ciphertext A 1 After using the own password K 1 Decrypting it to obtain plaintext A 2 At the same time N 1 Node uses password K 1 Encrypting plaintext B to obtain ciphertext B 1 And the just decrypted plaintext A 2 Respond together to N 2
(3)N 2 Node receives N 1 Is returned to message a of (1) 2 、B 1 And confirm N 1 Whether or not to decrypt correctly, i.e. A and A 2 Whether or not to be equal to each other, while N 2 Also using password K 2 Decrypting N 1 Ciphertext B of the belt 1 Obtaining plaintext B 2 After completion, continue to send to N 1 Verifying;
(4)N 1 received N 2 Decrypted plaintext B 2 And proceed to confirm N 2 Whether decryption was successful, i.e. B and B 2 Whether or not they are equal; if equal description N 1 And N 2 Hand held password K 1 And K is equal to 2 Consistent, long connections can be made;
(5)N 1 and N 2 After the long connection is successfully established, the data can be randomly sent, and the connection is not required to be established once for every data;
the step (2) specifically comprises the following steps:
step 2.1 node N 2 Using password K 2 Encrypting the plaintext A to obtain ciphertext (K) 2 , A)=A 1
Step 2.2 procedure A 1 Sent to N through port P 1
Step 2.3 node N 1 Received ciphertext A 1 After using the own password K 1 Decrypted to obtain plaintext decrypt (K) 1 ,A 1 )=A 2
Step 2.4 node N 1 Node uses password K 1 Encrypting the plaintext B to obtain ciphertext (K) 1 , B)=B 1 ;
Step 2.5 node N 1 Will A 2 、B 1 Responding to node N 2
The step (3) specifically comprises the following steps:
step 3.1 node N 2 Received N 1 Is a return message a of (1) 2 、B 1
Step 3.2 if a=a 2 The decryption is correct, and the next step can be performed;
step 3.3 if a +|=a 2 Indicating that decryption fails, N 1 And N 2 Disconnection;
step 3.4 node N 2 For N 1 Ciphertext B of node response 1 Decryption is performed to obtain plaintext decrypt (K 2 , B 1 )=B 2
Step 3.5 node N 2 Will B 2 Send to N 1
The step (4) specifically comprises the following steps:
step 4.1 node N 1 Receiving node N 2 Transmitted plaintext B 2
Step 4.2 if b=b 2 Then the long connection is correctly established, and K 1 =K 2
Step 4.3 if B +|=b 2 Failure of verification, description N 1 And N 2 The passwords held by the two nodes are inconsistent, N 1 Reject and N 2 The connection is long.
CN201811332761.1A 2018-11-09 2018-11-09 Network communication method for enabling block chain nodes to efficiently communicate and safely Active CN111181894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811332761.1A CN111181894B (en) 2018-11-09 2018-11-09 Network communication method for enabling block chain nodes to efficiently communicate and safely

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811332761.1A CN111181894B (en) 2018-11-09 2018-11-09 Network communication method for enabling block chain nodes to efficiently communicate and safely

Publications (2)

Publication Number Publication Date
CN111181894A CN111181894A (en) 2020-05-19
CN111181894B true CN111181894B (en) 2023-06-06

Family

ID=70647950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811332761.1A Active CN111181894B (en) 2018-11-09 2018-11-09 Network communication method for enabling block chain nodes to efficiently communicate and safely

Country Status (1)

Country Link
CN (1) CN111181894B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112055067B (en) * 2020-08-28 2023-04-18 杭州复杂美科技有限公司 Node connection method, device and storage medium
CN114489995B (en) * 2022-02-15 2022-09-30 北京永信至诚科技股份有限公司 Distributed scheduling processing method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964805A (en) * 2010-10-28 2011-02-02 北京握奇数据系统有限公司 Method, equipment and system for safely sending and receiving data
CN102664739A (en) * 2012-04-26 2012-09-12 杜丽萍 PKI (Public Key Infrastructure) implementation method based on safety certificate
CN105812416A (en) * 2014-12-29 2016-07-27 金蝶软件(中国)有限公司 Method and system for transmitting files between different networks
CN106850502A (en) * 2015-12-04 2017-06-13 阿里巴巴集团控股有限公司 Service request retransmission method, storage method, apparatus and system based on connection long
CN107733890A (en) * 2017-10-17 2018-02-23 广州亦云信息技术股份有限公司 The inter-network means of communication, electronic equipment, storage medium, system based on web protocol
CN108282329A (en) * 2017-01-06 2018-07-13 中国移动通信有限公司研究院 A kind of Bidirectional identity authentication method and device
CN108492154A (en) * 2018-04-24 2018-09-04 仝相宝 A kind of intelligent projection mapping method and its system based on the storage of block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964805A (en) * 2010-10-28 2011-02-02 北京握奇数据系统有限公司 Method, equipment and system for safely sending and receiving data
CN102664739A (en) * 2012-04-26 2012-09-12 杜丽萍 PKI (Public Key Infrastructure) implementation method based on safety certificate
CN105812416A (en) * 2014-12-29 2016-07-27 金蝶软件(中国)有限公司 Method and system for transmitting files between different networks
CN106850502A (en) * 2015-12-04 2017-06-13 阿里巴巴集团控股有限公司 Service request retransmission method, storage method, apparatus and system based on connection long
CN108282329A (en) * 2017-01-06 2018-07-13 中国移动通信有限公司研究院 A kind of Bidirectional identity authentication method and device
CN107733890A (en) * 2017-10-17 2018-02-23 广州亦云信息技术股份有限公司 The inter-network means of communication, electronic equipment, storage medium, system based on web protocol
CN108492154A (en) * 2018-04-24 2018-09-04 仝相宝 A kind of intelligent projection mapping method and its system based on the storage of block chain

Also Published As

Publication number Publication date
CN111181894A (en) 2020-05-19

Similar Documents

Publication Publication Date Title
US7581100B2 (en) Key generation method for communication session encryption and authentication system
US9590954B2 (en) Transferring encrypted and unencrypted data between processing devices
US7506161B2 (en) Communication session encryption and authentication system
US7299356B2 (en) Key conversion method for communication session encryption and authentication system
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
WO2022021992A1 (en) Data transmission method and system based on nb-iot communication, and medium
US20070260871A1 (en) Inspecting encrypted communications with end-to-end integrity
US20080123852A1 (en) Method and system for managing a wireless network
US8417949B2 (en) Total exchange session security
CN110995414B (en) Method for establishing channel in TLS1_3 protocol based on cryptographic algorithm
Haakegaard et al. The elliptic curve diffie-hellman (ecdh)
CN111181894B (en) Network communication method for enabling block chain nodes to efficiently communicate and safely
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
JP4550759B2 (en) Communication system and communication apparatus
US20020078352A1 (en) Secure communication by modification of security codes
CN109587149A (en) A kind of safety communicating method and device of data
JPH10242957A (en) User authentication method, system therefor and storage medium for user authentication
TW202231014A (en) Message transmitting system, user device and hardware security module for use therein
CN102694652B (en) A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
Dey et al. An efficient dynamic key based EAP authentication framework for future IEEE 802.1 x Wireless LANs
CN114707158A (en) Network communication authentication method and network communication authentication system based on TEE
CN109088728B (en) Electric power system debugging tool encrypted communication method based on shared secret key
WO2016045307A1 (en) Ike authentication method, ike initiating terminal, ike response terminal, and ike authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant