CN111724164A - Method and device for preventing replay attack - Google Patents
Method and device for preventing replay attack Download PDFInfo
- Publication number
- CN111724164A CN111724164A CN202010568383.8A CN202010568383A CN111724164A CN 111724164 A CN111724164 A CN 111724164A CN 202010568383 A CN202010568383 A CN 202010568383A CN 111724164 A CN111724164 A CN 111724164A
- Authority
- CN
- China
- Prior art keywords
- broadcast information
- signature
- node
- transfer
- alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for preventing replay attack. The method comprises the steps of responding to a bifurcation warning broadcast message, and stopping the transfer operation; the branch alarm broadcast information comprises a branch generation timestamp and a broadcast information generation timestamp of a branch chain; setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp; receiving transfer broadcast information from a common node; the transfer broadcast information is broadcast information generated and sent by a common node when the common node is transferred to the property of a new storage address in a cross chain; and when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold, performing transfer operation according to the transfer broadcast information. The method can improve the safety of the block chain network and guarantee the user experience of the block chain network users.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for preventing replay attack.
Background
In recent years, blockchain networks have grown rapidly, with an increasing impact on global commerce. During the formation of a blockchain network, a "bifurcation" phenomenon often occurs: the consensus algorithm between the block chain link points partially upgraded to the new version and the block chain link points not upgraded to the new version is not completely consistent, and when facing a newly excavated block, the upgraded block chain link points and the block chain link nodes not upgraded can bring the blocks considered legal by themselves into the main chain according to the requirements of the respective consensus algorithms, so that different main chains can appear in the block chain network. When a blockchain network is branched, a common user on a blockchain will have properties on two blockchains at the same time.
However, after a branch occurs in the blockchain network, if the codes of the two blockchains are not modified in time or are not modified enough, a replay attack may be caused, that is, an attacker copies the transaction information of the ordinary user on one of the blockchains to the other blockchain, and also obtains the approval of the blockchain network, thereby causing the property of the ordinary user on the other blockchain to be stolen, and reducing the security of the blockchain network.
Disclosure of Invention
Therefore, the invention provides a method and a device for preventing replay attack, which are used for solving the problem that a blockchain network is subjected to replay attack in the prior art because codes of two blockchains after forking in the blockchain network are not modified in time or are not modified enough.
In order to achieve the above object, a first aspect of the present invention provides a method for preventing replay attack, the method comprising:
responding to the bifurcation alarm broadcast message, and stopping the transfer operation; the branch alarm broadcast information comprises a branch generation timestamp and a broadcast information generation timestamp of a branch chain;
setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp;
receiving transfer broadcast information from a common node; the transfer broadcast information is broadcast information generated and sent by a common node when the common node is transferred to the property of a new storage address in a cross chain;
and when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold, performing transfer operation according to the transfer broadcast information.
Preferably, after the step of stopping the transfer operation in response to the bifurcated alert broadcast message, the method further comprises:
modifying codes of the branch chains, and generating code modification broadcast information based on the modified codes of the branch chains;
sending the code modification broadcast information to a block chain network;
receiving second signature approval broadcast information broadcast by an originator node in the blockchain network; wherein the second signature approval broadcast information comprises the originator node private key signature and second approval broadcast information; the second signature approval broadcast information is information sent by the originator node according to first signature approval broadcast information, and the first signature approval broadcast information is information generated by the accounting node in the blockchain network based on the code modification broadcast information;
and executing the modified code according to the second signature approval broadcast information.
Preferably, the step of executing the modified code according to the second signature approval broadcast information includes:
inquiring a block chain account book to obtain a public key of a originator node;
verifying the private key signature of the originator node by using the originator node public key;
and executing the modified code after the originator node private key signature passes verification.
Preferably, before stopping the transfer operation in response to the bifurcated alert broadcast message, the method further includes:
receiving a first signed-fork alarm broadcast message from a first accounting node from a blockchain network; the first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information;
inquiring a block chain account book to obtain a first accounting node public key;
verifying the first accounting node private key signature by using the first accounting node public key;
and when the signature of the private key of the first accounting node passes the verification, extracting the branched alarm broadcast information.
Preferably, before stopping the transfer operation in response to the bifurcated alert broadcast message, the method further includes:
receiving second signed bifurcated alert broadcast information from an originator node from the blockchain network; the second signature bifurcation alarm broadcast information comprises an originator node private key signature and bifurcation alarm broadcast information;
inquiring a block chain account book to obtain a public key of a originator node;
verifying the originator node private key signature by using the originator node public key;
and after the originator node private key signature passes verification, extracting the branched alarm broadcast information.
Preferably, before the receiving the first signed and forked alarm broadcast message from the first accounting node in the blockchain network or the receiving the second signed and forked alarm broadcast message from the originator node in the blockchain network, the method further includes:
detecting whether the branch chain appears in a block chain network;
when the block chain network is detected to have the branch chain, generating branch alarm broadcast information;
carrying out private key signature on the branched alarm broadcast information by using a second accounting node private key to generate second signature branched alarm broadcast information;
and sending the second signature bifurcation alarm broadcast information to a block chain network so that other nodes in the block chain network respond to the second signature bifurcation alarm broadcast information and stop the transfer operation.
Preferably, before the step of receiving the transfer broadcast information from the general node, the method further comprises:
and updating the transfer time threshold in real time.
A second aspect of the present invention provides an apparatus for preventing replay attacks, the apparatus comprising:
the first information processing module is used for responding to the bifurcation alarm broadcast message and stopping the transfer operation; the branch alarm broadcast information comprises a branch generation timestamp and a broadcast information generation timestamp of a branch chain;
the setting module is used for setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp;
the first receiving module is used for receiving the transfer broadcast information from the common node; the transfer broadcast information is broadcast information generated and sent by a common node when trading the property transferred to the new storage address in the branch chain;
and the second information processing module is used for carrying out transfer operation according to the transfer broadcast information when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold value.
Preferably, the apparatus further comprises:
a code processing module for modifying the code of the fork chain;
a first generation module, configured to generate code modification broadcast information based on the modified code of the branch chain;
a first sending module, configured to send the code modification broadcast information to a blockchain network;
the second receiving module is used for receiving second signature approval broadcast information broadcast by an originator node in the block chain network; wherein the second signature approval broadcast information comprises the originator node private key signature and second approval broadcast information; the second signature approval broadcast information is information sent by the originator node according to first signature approval broadcast information, and the first signature approval broadcast information is information generated by the accounting node in the blockchain network based on the code modification broadcast information;
and the code execution module is used for executing the modified code according to the second signature approval broadcast information.
Preferably, the apparatus further comprises:
a third receiving module, configured to receive the first signed-fork alarm broadcast message from the first accounting node from the blockchain network; the first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information;
the first query module is used for querying a block chain account book and acquiring a first accounting node public key;
the first verification module is used for verifying the signature of the private key of the first accounting node by utilizing the public key of the first accounting node;
and the first extraction module is used for extracting the branched alarm broadcast information after the signature of the private key of the first accounting node passes the verification.
The invention has the following advantages:
the invention provides a method for preventing replay attack, which firstly stops the transfer operation by responding to a bifurcation alarm broadcast message and avoids the block chain network from being subjected to replay attack when a bifurcation chain appears. It should be noted that the bifurcation alarm broadcast information includes a bifurcation generation timestamp and a broadcast information generation timestamp of a bifurcation chain, and a transfer time threshold is set according to the bifurcation generation timestamp and the broadcast information generation timestamp; then, transfer broadcast information is received from the common node, wherein the transfer broadcast information is broadcast information generated and transmitted by the common node when the common node is transferred to the property of the new storage address in the cross-linked split chain. When the waiting time after receiving the transfer broadcast information reaches a transfer time threshold, transfer operation is carried out according to the transfer broadcast information, and the second accounting node can be guaranteed not to be subjected to replay attack because the second accounting node misses the branched chain alarm broadcast information in the block chain network when the waiting time reaches the transfer time threshold, so that the safety of the block chain network is improved, and the user experience of a user of the block chain network is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of a method provided by an embodiment of the present invention;
fig. 2 is a flowchart of a method for acquiring a bifurcated alarm broadcast message according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for acquiring a bifurcated alarm broadcast message according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for preventing replay attack according to an embodiment of the present invention.
In the drawings:
41: the first information processing module 42: setting module
43: the first receiving module 44: second information processing module
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The block chain is a distributed shared account book and a database, and has the characteristics of decentralization, no tampering, trace retaining in the whole process, traceability, collective maintenance, openness and transparency and the like. The characteristics ensure the honesty and the transparency of the block chain and lay a foundation for creating trust for the block chain. In recent years, blockchain networks have grown rapidly, with an increasing impact on global commerce.
However, during the formation of the blockchain network, sometimes a "bifurcation" phenomenon occurs: the consensus algorithm between the block chain link points partially upgraded to the new version and the block chain link points not upgraded to the new version is not completely consistent, and when facing a newly excavated block, the upgraded block chain link points and the block chain link nodes not upgraded can bring the blocks considered legal by themselves into the main chain according to the requirements of the respective consensus algorithms, so that different main chains can appear in the block chain network. When a blockchain network is branched, a common user on a blockchain will have properties on two blockchains at the same time.
After the block chain network is forked, if the codes of the two block chains are not modified in time or are not modified enough, replay attack may be caused, that is, an attacker copies the transaction information of the ordinary user on one block chain to the other block chain and can also obtain the approval of the block chain network, so that the property of the ordinary user on the other block chain is stolen, and the security of the block chain network is reduced.
To this end, the present embodiment provides a method for preventing replay attack, which is applied to the second accounting node, and as shown in fig. 1, the method includes the following steps:
and step S101, responding to the bifurcation warning broadcast message, and stopping the transfer operation.
The branch alarm broadcast information comprises a branch generation time stamp of a branch chain and a broadcast information generation time stamp. It should be noted that, because the source of the bifurcated alert broadcast information is wide, in different embodiments, the manner of obtaining the bifurcated alert broadcast information by the second accounting node before the transfer operation is stopped in response to the bifurcated alert broadcast information is different.
In one embodiment, when the bifurcated alarm broadcast information comes from a first accounting node in a blockchain network, as shown in fig. 2, the steps of the method for acquiring the bifurcated alarm broadcast information by a second accounting node include:
s201, first signature bifurcation warning broadcast information from a first accounting node is received from a blockchain network.
The first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information.
S202, inquiring a block chain account book and acquiring a first accounting node public key.
S203, the first account-keeping node private key signature is verified by the first account-keeping node public key.
And S204, after the private key signature of the first accounting node passes the verification, extracting the branched alarm broadcast information.
In another embodiment, when the bifurcated alert broadcast information is from an originator node in a blockchain network, as shown in fig. 3, the step of the second accounting node obtaining the bifurcated alert broadcast information includes:
s301, receiving a second signed bifurcated alert broadcast message from the originator node from the blockchain network. And the second signature bifurcation alarm broadcast information comprises the originator node private key signature and bifurcation alarm broadcast information.
S302, inquiring a block chain account book and acquiring a public key of the originator node.
S303, verifying the private key signature of the originator node by using the public key of the originator node.
And S304, after the originator node private key signature passes verification, extracting the branched alarm broadcast information.
In yet another embodiment, before the second accounting node receives the first signed and forked alarm broadcast message from the first accounting node from the blockchain network or receives the second signed and forked alarm broadcast message from the originator node from the blockchain network, the second accounting node detects whether a forked chain occurs in the blockchain network by itself to generate and broadcast the second signed and forked alarm broadcast message to the blockchain network to warn other nodes. Specifically, the second accounting node detects whether a branch chain occurs in the blockchain network, and when the second accounting node detects that a branch chain occurs in the blockchain network, generates branched alarm broadcast information, wherein the branch chain is two blockchains generated when the blockchain network is branched. Secondly, the second accounting node performs private key signature on the forked alarm broadcast information by using a private key of the second accounting node to generate second signature forked alarm broadcast information. And finally, the second accounting node sends the second signature bifurcation alarm broadcast information to the block chain network, so that other nodes in the block chain network respond to the second signature bifurcation alarm broadcast information and stop the transfer operation, wherein the other nodes comprise a common node and other accounting nodes.
It should be noted that, because the source of the bifurcated alarm broadcast information is wide, when a bifurcated chain occurs in the blockchain network, the bifurcated alarm broadcast information can be broadcasted into the blockchain network most quickly, and the second accounting node can also obtain the bifurcated alarm broadcast information most quickly, and respond to the bifurcated alarm broadcast information, so that the risk that the blockchain network is subjected to replay attack is reduced, the security of the blockchain network is increased, and the user experience of users of the blockchain network is improved.
In this embodiment, after the second accounting node responds to the bifurcated alarm broadcast message and stops the transfer operation, the second accounting node needs to modify the codes of the bifurcated chains sufficiently, so that the transaction information of the two bifurcated chains is not intercommunicated, and the blockchain network is prevented from being attacked by replay after normal transaction is resumed. Specifically, the step of modifying the code of the branch chain and performing the authentication of the block chain network consensus mechanism by the second accounting node comprises:
first, the second accounting node modifies codes of the forkchain and generates code modification broadcast information based on the modified codes of the forkchain.
Second, code modification broadcast information is sent to the blockchain network.
Then, a second signature approval broadcast message broadcast by the originator node in the blockchain network is received. The second signature approval broadcast information comprises the originator node private key signature and the second approval broadcast information; the second signature endorsement broadcast message is a message sent by the originator node based on the first signature endorsement broadcast message generated by the accounting node in the blockchain network based on the code modification broadcast message. In one embodiment, when the number of all accounting nodes in the blockchain network is 2N (N is an integer greater than 1), the originator node receives the first signature approval broadcast message sent by more than N accounting nodes, and then sends the second signature approval broadcast message to the blockchain network according to the first signature approval broadcast message.
Finally, the modified code is executed according to the second signature approval broadcast information. Specifically, the second accounting node queries the block chain ledger, after acquiring the originator node public key, verifies the originator node private key signature by using the originator node public key, and after the originator node private key signature passes verification, the second accounting node executes the modified code.
It should be noted that the second accounting node modifies the codes of the forking chains and then performs consensus mechanism authentication on the blockchain network, so that all nodes in the blockchain network can approve the modification of the codes of the forking chains in the blockchain network, and the security of the blockchain network is improved.
It should be further noted that, in order to avoid that the time for the second accounting node to perform authentication of the block chain network consensus mechanism after modifying the codes of the branch chains is too long, so that a user of the block chain network loses due to too long transaction dead time, after all nodes in the block chain network obtain the branch warning broadcast information, the property stored on the branch chains needs to be transferred, that is, the property stored on the branch chains needs to be transferred to new storage addresses on the branch chains. In some embodiments, the common node may transfer the property on its own or may be replaced by the accounting node. When the property stored on the branch chain is transferred to a new storage address on the branch chain, even if the authentication of the block chain network consensus mechanism is not completed after the second accounting node modifies the code of the branch chain, the transaction can be started between the common nodes, so that the safety of the block chain network is improved, and the user experience of a user of the block chain network is guaranteed.
And S102, setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp.
Wherein the transfer time threshold is the time preset by the second accounting node and required to wait before the transfer operation is carried out. In one embodiment, the transfer time threshold is determined by the maximum value of the difference between the branch chain generation time corresponding to the branch generation timestamp of the branch chain and the broadcast information generation time corresponding to the broadcast information generation timestamp.
In another embodiment, after the second accounting node sets the transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp of the bifurcation chain, the transfer time threshold is updated in real time, the second accounting node is prevented from being attacked by replay because the wait time is too short and the bifurcation chain alarm broadcast information is not received in time before the transfer operation is carried out, the safety of the block chain network is improved, and the user experience of a user of the block chain network is guaranteed.
And step S103, receiving transfer broadcast information from the common node.
Wherein, the transfer broadcast information is the broadcast information generated and sent by the common node when trading the property transferred to the new storage address in the branch chain.
And step S104, when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold, performing transfer operation according to the transfer broadcast information.
And the transfer operation of the second accounting node is an operation of packaging legal transaction information into a blockchain network. In one embodiment, when the waiting time after receiving the transfer broadcast information reaches a transfer time threshold value, the second accounting node extracts legal transaction information from the transfer broadcast information, packs the legal transaction information and puts the legal transaction information into a block chain network.
It should be noted that the second accounting node performs the account transfer operation when reaching the account transfer time threshold, so that the second accounting node is ensured not to be attacked by replay because the second accounting node misses new bifurcated alarm broadcast information, the security of the blockchain network is improved, and the user experience of users of the blockchain network is ensured.
The embodiment provides a method for preventing replay attack, which firstly stops the transfer operation by responding to the bifurcation alarm broadcast message and avoids the block chain network from being attacked by replay attack when the bifurcation chain appears. It should be noted that the bifurcation alarm broadcast information includes a bifurcation generation timestamp and a broadcast information generation timestamp of a bifurcation chain, and a transfer time threshold is set according to the bifurcation generation timestamp and the broadcast information generation timestamp; then, transfer broadcast information is received from the common node, wherein the transfer broadcast information is broadcast information generated and transmitted by the common node when the common node is transferred to the property of the new storage address in the cross-linked split chain. When the waiting time after receiving the transfer broadcast information reaches a transfer time threshold value, transfer operation is carried out according to the transfer broadcast information, the transfer time threshold value can ensure that the second accounting node cannot be subjected to replay attack because the branch chain alarm broadcast information in the block chain network is missed, the safety of the block chain network is improved, and the user experience of a user of the block chain network is guaranteed.
The present embodiment provides an apparatus for preventing replay attack, which includes, as shown in fig. 4: a first information processing module 41, a setting module 42, a first receiving module 43, and a second information processing module 44.
Wherein, the first information processing module 41 is configured to respond to the bifurcation alert broadcast message and stop the transfer operation. The branch alarm broadcast information comprises a branch generation time stamp of a branch chain and a broadcast information generation time stamp. It should be noted that, because the source of the bifurcated alert broadcast information is wide, in different embodiments, the manner of acquiring the bifurcated alert broadcast information before the transfer operation is stopped in response to the bifurcated alert broadcast information in the replay attack prevention apparatus is different.
In one embodiment, when the bifurcated alert broadcast message is from a first billing node in a blockchain network, the apparatus for preventing replay attacks further comprises:
and the third receiving module is used for receiving the first signed bifurcation warning broadcasting information from the first accounting node from the blockchain network. The first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information.
And the first query module is used for querying the block chain account book and acquiring the public key of the first accounting node.
And the first verification module is used for verifying the signature of the private key of the first accounting node by utilizing the public key of the first accounting node.
The first extraction module is used for extracting the branched alarm broadcast information after the private key signature of the first accounting node passes the verification
In another embodiment, when the bifurcated alert broadcast message is from an originator node in a blockchain network, the apparatus for preventing replay attack further comprises:
and the fourth receiving module receives the second signature bifurcation warning broadcasting information from the originator node from the block chain network. And the second signature bifurcation alarm broadcast information comprises the originator node private key signature and bifurcation alarm broadcast information.
And the second query module is used for querying the block chain account book and acquiring the public key of the originator node.
And the second verification module is used for verifying the private key signature of the originator node by using the originator node public key.
And the second extraction module is used for extracting the branched alarm broadcast information after the originator node private key signature passes verification.
In yet another embodiment, the apparatus for preventing replay attacks detects the presence of a branch chain in a blockchain network before receiving a first signed branch warning broadcast message from a first accounting node in the blockchain network or before receiving a second signed branch warning broadcast message from an originator node in the blockchain network, and generates and broadcasts the second signed branch warning broadcast message to other nodes for early warning. Specifically, the apparatus for preventing replay attack further includes: the device comprises a bifurcation chain detection module, a second generation module, a first signature generation module and a second sending module.
The block chain network branching detection module is used for detecting whether a branching chain occurs in the block chain network or not, and when the branching chain detection module detects that the branching chain occurs in the block chain network, the second generation module generates branching alarm broadcast information, wherein the branching chain is two block chains generated when the block chain network branches. Secondly, the first signature generation module carries out private key signature on the forked alarm broadcast information by using a private key of the second accounting node to generate second signature forked alarm broadcast information. And finally, the second sending module sends the second signature bifurcation alarm broadcast information to the block chain network so as to enable other nodes in the block chain network to respond to the second signature bifurcation alarm broadcast information and stop the transfer operation, wherein the other nodes comprise common nodes and other accounting nodes.
It should be noted that, because the source of the bifurcated alarm broadcast information is wide, when a bifurcated chain occurs in the blockchain network, the bifurcated alarm broadcast information can be broadcasted into the blockchain network most quickly, and the device for preventing replay attack can also obtain the bifurcated alarm broadcast information most quickly, and respond to the bifurcated alarm broadcast information, thereby reducing the risk of the blockchain network suffering replay attack, increasing the security of the blockchain network, and improving the user experience of users of the blockchain network.
In this embodiment, after the apparatus for preventing replay attack responds to the forking alarm broadcast message and stops the transfer operation, the apparatus needs to modify the codes of the forking chains sufficiently to prevent the transaction information of the two forking chains from intercommunicating so as to prevent the blockchain network from being subjected to replay attack after normal transaction is resumed. Specifically, the apparatus for preventing replay attack further includes: the device comprises a code processing module, a first generating module, a first sending module, a second receiving module and a code executing module. And the code processing module is used for modifying the codes of the fork chain by the second accounting node.
A first generating module for modifying the broadcast information based on the modified code-in code of the branch chain.
The first sending module is used for sending the code modification broadcast information to the block chain network.
The second receiving module receives a second signature approval broadcast message broadcast by the originator node in the blockchain network. The second signature approval broadcast information comprises the originator node private key signature and the second approval broadcast information; the second signature endorsement broadcast message is a message sent by the originator node based on the first signature endorsement broadcast message generated by the accounting node in the blockchain network based on the code modification broadcast message. In one embodiment, when the number of all accounting nodes in the blockchain network is 2N (N is an integer greater than 1), the originator node receives the first signature approval broadcast message sent by more than N accounting nodes, and then sends the second signature approval broadcast message to the blockchain network according to the first signature approval broadcast message.
And the code execution module executes the modified code according to the second signature approval broadcast information. Specifically, the second accounting node queries the block chain ledger, after acquiring the originator node public key, verifies the originator node private key signature by using the originator node public key, and after the originator node private key signature passes verification, the second accounting node executes the modified code.
It should be noted that, after modifying the code of the branch chain, the apparatus for preventing replay attack performs consensus mechanism authentication on the blockchain network, so as to ensure that all nodes in the blockchain network approve modification of the code of the branch chain in the blockchain network, and improve the security of the blockchain network.
And the setting module 42 is used for setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp. Wherein the transfer time threshold is the time preset by the second accounting node and required to wait before the transfer operation is carried out. In one embodiment, the transfer time threshold is determined by the maximum value of the difference between the branch chain generation time corresponding to the branch generation timestamp of the branch chain and the broadcast information generation time corresponding to the broadcast information generation timestamp.
And a first receiving module 43 for receiving the transfer broadcast information from the general node. Wherein, the transfer broadcast information is the broadcast information generated and sent by the common node when trading the property transferred to the new storage address in the branch chain.
And the second information processing module 44 is configured to perform a transfer operation according to the transfer broadcast information when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold. It should be noted that the second information processing module 44 performs the transfer operation when the transfer time threshold is reached, so as to ensure that the second accounting node is not subjected to replay attack due to missing the forked chain alarm broadcast information, improve the security of the blockchain network, and ensure the user experience of users of the blockchain network.
The operation of each module for preventing replay attack provided by this embodiment corresponds to each step in the method for preventing replay attack, and therefore, for the detailed operation of each module in the apparatus for preventing replay attack, reference may be made to the method for preventing replay attack provided by this embodiment.
The present embodiment provides an apparatus for preventing replay attack, which first stops the transfer operation in response to the forking alert broadcast message through the first information processing module 41, and prevents the block chain network from being attacked by replay attack when the forking chain occurs. It should be noted that the branch alarm broadcast information includes a branch generation timestamp and a broadcast information generation timestamp of the branch chain. The setting module 42 sets a transfer time threshold according to the branch generation time stamp of the branch chain and the broadcast information generation time stamp; then, the first receiving module 43 receives transfer broadcast information from the general node, wherein the transfer broadcast information is broadcast information generated and transmitted by the general node when the general node is transferred to the property of the new storage address in the cross-linked branch. When the waiting time after receiving the transfer broadcast information reaches the transfer time threshold, the second information processing module 44 performs transfer operation according to the transfer broadcast information, and the transfer time threshold can ensure that the device for preventing replay attack is not subjected to replay attack because the device misses the branch chain alarm broadcast information in the blockchain network, thereby improving the security of the blockchain network and ensuring the user experience of users of the blockchain network.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. A method of preventing replay attacks, the method comprising:
responding to the bifurcation alarm broadcast message, and stopping the transfer operation; the branch alarm broadcast information comprises a branch generation timestamp and a broadcast information generation timestamp of a branch chain;
setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp;
receiving transfer broadcast information from a common node; the transfer broadcast information is broadcast information generated and sent by a common node when the common node is transferred to the property of a new storage address in a cross chain;
and when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold, performing transfer operation according to the transfer broadcast information.
2. The method of claim 1, wherein after the step of stopping the transfer operation in response to the bifurcated alert broadcast message, further comprising:
modifying codes of the branch chains, and generating code modification broadcast information based on the modified codes of the branch chains;
sending the code modification broadcast information to a block chain network;
receiving second signature approval broadcast information broadcast by an originator node in the blockchain network; wherein the second signature approval broadcast information comprises the originator node private key signature and second approval broadcast information; the second signature approval broadcast information is information sent by the originator node according to first signature approval broadcast information, and the first signature approval broadcast information is information generated by the accounting node in the blockchain network based on the code modification broadcast information;
and executing the modified code according to the second signature approval broadcast information.
3. The method of claim 2, wherein said step of executing said modified code based on said second signature approval broadcast message comprises:
inquiring a block chain account book to obtain a public key of a originator node;
verifying the private key signature of the originator node by using the originator node public key;
and executing the modified code after the originator node private key signature passes verification.
4. The method of claim 1, wherein before stopping the transfer operation in response to the bifurcated alert broadcast message, further comprising:
receiving a first signed-fork alarm broadcast message from a first accounting node from a blockchain network; the first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information;
inquiring a block chain account book to obtain a first accounting node public key;
verifying the first accounting node private key signature by using the first accounting node public key;
and when the signature of the private key of the first accounting node passes the verification, extracting the branched alarm broadcast information.
5. The method of claim 1, wherein before stopping the transfer operation in response to the bifurcated alert broadcast message, further comprising:
receiving second signed bifurcated alert broadcast information from an originator node from the blockchain network; the second signature bifurcation alarm broadcast information comprises an originator node private key signature and bifurcation alarm broadcast information;
inquiring a block chain account book to obtain a public key of a originator node;
verifying the originator node private key signature by using the originator node public key;
and after the originator node private key signature passes verification, extracting the branched alarm broadcast information.
6. The method of any of claims 4 and 5, wherein prior to receiving the first signed bifurcated alert broadcast message from the first accounting node from the blockchain network or receiving the second signed bifurcated alert broadcast message from the originator node from the blockchain network, further comprising:
detecting whether the branch chain appears in a block chain network;
when the block chain network is detected to have the branch chain, generating branch alarm broadcast information;
carrying out private key signature on the branched alarm broadcast information by using a second accounting node private key to generate second signature branched alarm broadcast information;
and sending the second signature bifurcation alarm broadcast information to a block chain network so that other nodes in the block chain network respond to the second signature bifurcation alarm broadcast information and stop the transfer operation.
7. The method as recited in claim 1, further comprising, prior to the step of receiving the transfer broadcast information from the common node:
and updating the transfer time threshold in real time.
8. An apparatus for preventing replay attacks, the apparatus comprising:
the first information processing module is used for responding to the bifurcation alarm broadcast message and stopping the transfer operation; the branch alarm broadcast information comprises a branch generation timestamp and a broadcast information generation timestamp of a branch chain;
the setting module is used for setting a transfer time threshold according to the bifurcation generation timestamp and the broadcast information generation timestamp;
the first receiving module is used for receiving the transfer broadcast information from the common node; the transfer broadcast information is broadcast information generated and sent by a common node when trading the property transferred to the new storage address in the branch chain;
and the second information processing module is used for carrying out transfer operation according to the transfer broadcast information when the waiting time after receiving the transfer broadcast information reaches the transfer time threshold value.
9. The apparatus of claim 8, further comprising:
a code processing module for modifying the code of the fork chain;
a first generation module, configured to generate code modification broadcast information based on the modified code of the branch chain;
a first sending module, configured to send the code modification broadcast information to a blockchain network;
the second receiving module is used for receiving second signature approval broadcast information broadcast by an originator node in the block chain network; wherein the second signature approval broadcast information comprises the originator node private key signature and second approval broadcast information; the second signature approval broadcast information is information sent by the originator node according to first signature approval broadcast information, and the first signature approval broadcast information is information generated by the accounting node in the blockchain network based on the code modification broadcast information;
and the code execution module is used for executing the modified code according to the second signature approval broadcast information.
10. The apparatus of claim 8, further comprising:
a third receiving module, configured to receive the first signed-fork alarm broadcast message from the first accounting node from the blockchain network; the first signature bifurcation alarm broadcast information comprises a first accounting node private key signature and bifurcation alarm broadcast information;
the first query module is used for querying a block chain account book and acquiring a first accounting node public key;
the first verification module is used for verifying the signature of the private key of the first accounting node by utilizing the public key of the first accounting node;
and the first extraction module is used for extracting the branched alarm broadcast information after the signature of the private key of the first accounting node passes the verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010568383.8A CN111724164B (en) | 2020-06-19 | 2020-06-19 | Method and device for preventing replay attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010568383.8A CN111724164B (en) | 2020-06-19 | 2020-06-19 | Method and device for preventing replay attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111724164A true CN111724164A (en) | 2020-09-29 |
| CN111724164B CN111724164B (en) | 2023-07-14 |
Family
ID=72568372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010568383.8A Active CN111724164B (en) | 2020-06-19 | 2020-06-19 | Method and device for preventing replay attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111724164B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106991607A (en) * | 2017-03-29 | 2017-07-28 | 杭州秘猿科技有限公司 | A kind of unordered transaction control method based on block chain account model |
| CN108647963A (en) * | 2018-05-02 | 2018-10-12 | 百度在线网络技术(北京)有限公司 | Determination method, apparatus, server and the storage medium of block chain main chain |
| CN109033832A (en) * | 2018-06-22 | 2018-12-18 | 深圳前海益链网络科技有限公司 | A method of prevention carries out of short duration bifurcated honeysuckle to block chain network and attacks |
| CN110992035A (en) * | 2019-12-13 | 2020-04-10 | 中国工商银行股份有限公司 | Block chain link point management method, device and system |
-
2020
- 2020-06-19 CN CN202010568383.8A patent/CN111724164B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106991607A (en) * | 2017-03-29 | 2017-07-28 | 杭州秘猿科技有限公司 | A kind of unordered transaction control method based on block chain account model |
| CN108647963A (en) * | 2018-05-02 | 2018-10-12 | 百度在线网络技术(北京)有限公司 | Determination method, apparatus, server and the storage medium of block chain main chain |
| CN109033832A (en) * | 2018-06-22 | 2018-12-18 | 深圳前海益链网络科技有限公司 | A method of prevention carries out of short duration bifurcated honeysuckle to block chain network and attacks |
| CN110992035A (en) * | 2019-12-13 | 2020-04-10 | 中国工商银行股份有限公司 | Block chain link point management method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111724164B (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108492108B (en) | Block chain cross-chain communication method, system and computer readable storage medium | |
| CN108234134B (en) | Block synchronization method and system | |
| CN107483419B (en) | Method, device and system for authenticating access terminal by server, server and computer readable storage medium | |
| CN109639661B (en) | Server certificate updating method, device, equipment and computer readable storage medium | |
| CN110597918B (en) | Account management method, account management device and computer readable storage medium | |
| CN102523218A (en) | Network safety protection method, equipment and system thereof | |
| CN111639327A (en) | Authentication method and device for open platform | |
| CN105139204A (en) | Method and system for carrying out security authentication | |
| CN108989052B (en) | Transaction request processing method and system | |
| KR20160110275A (en) | Terminal Device for Dynamic Secure Module and Driving Method Thereof | |
| CN111222174A (en) | Joining method, verification method, device and storage medium of block chain node | |
| CN110943840B (en) | Signature verification method | |
| CN112351117A (en) | Domain name management method and device, electronic equipment and storage medium | |
| CN106897606A (en) | A kind of brush machine means of defence and device | |
| CN114493862A (en) | Verification method, device, electronic equipment, system and storage medium for cross-chain transaction | |
| CN108075895B (en) | Node permission method and system based on block chain | |
| CN111970122B (en) | Official APP identification method, mobile terminal and application server | |
| CN111724164B (en) | Method and device for preventing replay attack | |
| CN104917763B (en) | A kind of PIN cache method | |
| CN112118292A (en) | Method, apparatus, network node and storage medium for cross-link communication | |
| WO2007074992A1 (en) | Method for detecting malicious code changes from hacking of program loaded and executed on memory through network | |
| CN115118504A (en) | Knowledge base updating method and device, electronic equipment and storage medium | |
| CN111598558B (en) | Billing method, billing node server and payer node server | |
| CN112751807B (en) | Secure communication method, device, system and storage medium | |
| CN113986578A (en) | Message checking method and first equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |