CN112019481A - Block chain equipment management and data transmission system based on directed acyclic graph architecture - Google Patents
Block chain equipment management and data transmission system based on directed acyclic graph architecture Download PDFInfo
- Publication number
- CN112019481A CN112019481A CN201910460540.0A CN201910460540A CN112019481A CN 112019481 A CN112019481 A CN 112019481A CN 201910460540 A CN201910460540 A CN 201910460540A CN 112019481 A CN112019481 A CN 112019481A
- Authority
- CN
- China
- Prior art keywords
- internet
- transaction
- node
- equipment
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A block chain device management and data transmission system based on a directed acyclic graph architecture, comprising: the invention relates to an Internet of things device, a gateway node and at least one administrator node which are connected through a blockchain network.
Description
Technical Field
The invention relates to the technology in the field of Internet of things, in particular to a block chain device management and data transmission system based on a Directed Acyclic Graph (DAG) architecture, which uses a block chain to complete safe and reliable device management and data transmission in the Internet of things.
Background
The existing internet of things system uses a centralized system architecture, and a central server provides communication service and data storage capability, so that the system is more susceptible to single-point failure and malicious attacks such as distributed denial of service attack (DDOS) and Sybil attacks, and the system loses normal operation capability.
Disclosure of Invention
The invention provides a block chain equipment management and data transmission system based on a directed acyclic graph architecture, aiming at the defects that the existing Internet of things excessively depends on a security engine and the system has low expansibility, and by utilizing the characteristics that a block chain cannot be tampered and decentralized, the high calculation complexity caused by the complex cryptography and consensus mechanism of the traditional block chain is not suitable for the Internet of things equipment with limited calculation capability, and through a workload certification (PoW) mechanism based on a node credit value, compared with the traditional workload certification mechanism, the calculation complexity of the block chain consensus mechanism can be obviously reduced, so that the transaction efficiency of the block chain is improved, and the block chain technology can be suitable for the Internet of things equipment.
The invention is realized by the following technical scheme:
the invention relates to a block chain equipment management and data transmission system based on a directed acyclic graph architecture, which comprises: the system comprises the internet of things equipment connected through a blockchain network, a gateway node and at least one administrator node, wherein the gateway node is used for acquiring an authorized equipment list from the blockchain to identify whether a transaction request comes from legal internet of things equipment, and the administrator node comprises: the gateway node receives a request from authorized internet of things equipment, verifies and broadcasts a transaction from the internet of things equipment, and the administrator node records a public key of the authorized equipment to the blockchain by initiating a transaction containing a public key list of the authorized equipment so as to manage the authorized internet of things equipment.
The Internet of things equipment is provided with a group of public and private key pairs (PK, SK) with unique identity identifications.
The administrator node is a sub-administrator node formed by a superior administrator node authorizing and appointing a subordinate node to help the Internet of things equipment in the management system and shield illegal requests from unauthorized equipment, so that management and expansion are flexibly performed, a public key of the administrator node is prefabricated into an initial block of a block chain through hard coding, and a private key of the administrator node is used for signing transactions.
The block chain network is a tree-shaped directed acyclic graph structure, adopts an asynchronous consensus mechanism, and adopts transaction nodes to replace block nodes to process a plurality of transactions simultaneously, thereby improving the throughput of the block chain network.
The gateway node, namely the whole node in the entanglement network, is used for ensuring the safety and the stability of the whole entanglement network by broadcasting transaction and redundantly storing the data of the block chain.
The invention relates to a data authority control method based on the system, which adopts a symmetric encryption algorithm to encrypt sensing data and distributes keys in a decentralized mode, and comprises the following specific steps:
step 1) an administrator node firstly hard codes own public key information into a created block file, initializes a block chain network and authorizes legal gateway nodes and Internet of things equipment;
step 2) after the internet of things equipment is activated, a key distribution stage is carried out, specifically: message M1The public key of the Internet of things equipment is used for encryption and then is sent to the Internet of things equipment, so that the message can be guaranteed to be decrypted only by the equipment with the private key. Message M1Nonce inaFor initiating a response challenge when the internet-of-things device returns in the next response messageReturning the correct nonce value, the device is considered to have successfully decrypted M1The content of (1). Decrypting message M at an Internet of things device1And obtains a symmetric encryption key SK thereinsThen, SK will be usedsEncrypted message M2Sends to the administrator node to prove that the device has successfully obtained the key SKs。noncebAlso a response challenge, again with the authentication key SKsThe correctness of the operation. Administrator node in message M3Middle return noncebTo end this round of key distribution.
Step 3) the Internet of things equipment which successfully acquires the secret key sends data to the gateway node in a transaction form, and the gateway node verifies the validity of the transaction;
and 4) the gateway node broadcasts the transaction result in the block chain network after the transaction verification is passed.
Technical effects
Compared with the prior art, the block chain of the directed acyclic graph architecture and the credit value-based workload certification mechanism are adopted, so that the transaction efficiency of the block chain is improved, and the block chain is more suitable for the scene of the Internet of things; meanwhile, the gateway node records the identity identifier of the gateway equipment authorized by the administrator on the block chain by utilizing the characteristic that the block chain can not be tampered, so that legal equipment in the system can be well prevented from being illegally tampered, meanwhile, unauthorized equipment can be effectively prevented from being added, and the safety and reliability of the gateway node management technology are improved. Due to the distributed architecture of the system, attack means such as distributed denial attack, Sybil attack and double blossom attack (double spreading) can be well resisted.
The invention distributes the symmetric key by using the public and private key pair of each Internet of things device, so that a trusted third party is not required to participate. Meanwhile, the scheme can flexibly update the symmetric key according to the requirement.
Drawings
FIG. 1 is a schematic diagram of a system architecture;
FIG. 2 is a schematic diagram of a symmetric key distribution flow of the system;
FIG. 3 is a schematic flow chart of the system of the embodiment;
FIG. 4 is a performance test chart of the credit-based workload proving algorithm in the embodiment;
fig. 5 is a performance test chart of the AES symmetric encryption algorithm in the embodiment.
Detailed Description
As shown in fig. 1, the present embodiment relates to a block chain device management and data transmission system based on DAG architecture, which includes: thing networking device, gateway node, administrator node and block chain network, wherein: the Internet of things equipment is a light node, the gateway node and the administrator node are full nodes, and all the nodes jointly construct and maintain a block chain network.
As shown in fig. 3, the method for controlling data permission based on the above system in this embodiment specifically includes:
step 1) an administrator node firstly hard codes own public key information into a created block file, and initializes a block chain network: the administrator node adds the gateway nodes by assigning blockchain accounts to the gateway nodes and recording the identifiers of the gateway nodes, i.e. their public keys, on the blockchain. Each gateway node runs the full nodes of the blockchain, and participates in maintaining the intertwined network together.
After initializing the gateway node, the administrator node may add or delete the internet of things device by updating the authorized device list recorded on the blockchain.
And 2) in a key distribution stage, the administrator node does not need to distribute keys to all the Internet of things devices, and only needs to distribute keys to the Internet of things devices collecting sensitive data.
As shown in fig. 3, the data collected by the internet of things device 1 is not sensitive data, so that the data does not need to be encrypted by using a secret key; and the internet of things device 2 collects sensitive data, so that the internet of things device encrypts the data by using a symmetric key before initiating a transaction so as to ensure the confidentiality of the sensitive data.
Before the internet of things device 2 starts to send data, a symmetric key is obtained through the key distribution scheme described in fig. 2, and then the data is encrypted by using the symmetric key and then sent.
As shown in FIG. 2, message M1The public key of the Internet of things equipment is used for encryption and then is sent to the Internet of things equipment, so that the message can be guaranteed to be decrypted only by the equipment with the private key. Message M1Nonce inaFor initiating a response challenge, when the internet of things device returns the correct nonce value in the next response message, the device is considered to have successfully decrypted M1The content of (1). Decrypting message M at an Internet of things device1And obtains a symmetric encryption key SK thereinsThen, sK will be usedsEncrypted message M2Sends to the administrator node to prove that the device has successfully obtained the key SKs。noncebAlso a response challenge, again with the authentication key SKsThe correctness of the operation. Administrator node in message M3Middle return noncebTo end this round of key distribution.
In FIG. 2, TS is a time stamp, M*Being a message, Enc*And Dec*Encryption and decryption functions, respectively. The operation of generating the symmetric key only needs to be performed once for the same device. Each message in the whole flow can be signed by using the secret key of the sender, so that the message received by the receiver is ensured not to be tampered or damaged. The timestamp TS in the message is the timeliness of the message for resisting replay attacks.
Step 3), the gateway node carries out validity verification: before the internet of things equipment initiates a new transaction, two random unconfirmed transactions are acquired in a tangled network through a Remote Procedure Call (RPC) interface provided by the nearest gateway node, and are subjected to validity verification by using a hash algorithm.
Step 4), broadcasting a transaction result: after the verification is passed, the internet of things device links the newly-initiated transaction and the two verified transactions together in the form of a hash pointer through a credit value-based workload certification algorithm, and then sends the hash pointer to the gateway node through the RPC interface for synchronous broadcasting.
The transaction form is realized through a workload certification mechanism based on credit values, and specifically comprises the following steps: each internet of things device has a uniquely matched credit value Cr, which is updated in real time with the behavior of the internet of things device.
The acts include: normal behavior of gradually increasing credit over time, i.e. sending transactions complying with the rules of the system, and abnormal behavior of decreasing credit.
The credit value Cr ═ lambda1Crp+λ2CrnWherein: cr (chromium) componentpPart of the credit value obtained for normal behaviour, CrnPart of credit deducted for abnormal behaviour, λ1And λ2By varying λ for each respective weight coefficient1And λ2To adjust the penalty strategy of the system, e.g. by increasing λ2To take a more stringent penalty policy.
The difficulty value of the workload proof mechanism is adjusted according to the credit value, and the lower the credit value, the higher the difficulty value of the workload proof algorithm. Therefore, the mechanism can enable honest internet of things equipment nodes to consume fewer computing resources, and meanwhile, the cost of attack launching by malicious nodes is increased.
The credit value obtained by normal behavior is part CrpThe number of normal behaviors executed by the equipment in one time unit is positively correlated with the activity level of the internet of things equipment, and specifically comprises the following steps:
wherein: n is the number of normal device behaviors in the latest unit time, Δ T is one unit time, wkIs the weight of the kth transaction. The weight of a transaction, i.e. the number of times the transaction is acknowledged by the gateway node, is higher the greater the number of acknowledgements is, the higher the trustworthiness of the transaction is.
When any Internet of things equipment is active in any time period, CrpThe real-time adjustment can be carried out along with the activity degree of the real-time transaction system, so that the active honest nodes in the system can carry out faster transaction submission by using less computing resources. When any device has not submitted a transaction for a period of time, the embodiment treats it as inactiveThe system will send the point, even the untrusted node, its CrpSet to 0 while preserving the difficulty of its workload proof algorithm.
The credit value part Cr deducted by the abnormal behaviornThe abnormal behaviors of the equipment of the Internet of things are inversely related, namely the larger the abnormal behaviors, the Cr isnThe lower the value of (c). The formalization is described as:
wherein: m is the total number of abnormal behaviors of the equipment, t is the current time, and t iskα (Event) is a penalty coefficient corresponding to the abnormal behavior Event at the time point when the k-th abnormal behavior occurs.
From the above description, the negative effect of the abnormal behavior on the device node of the internet of things is gradually reduced over time, but is different from CrpIts effect does not disappear completely over time. When a certain abnormal behavior just happens, due to t-tkInfinitely approaches 0, so | CrnIf | becomes infinite instantaneously, the difficulty of the workload proving algorithm is also adjusted to be very high, so that the device cannot continue to perform abnormal attack behaviors. Such a credit-based adaptive workload proving mechanism may effectively prevent abnormal behavior of the device. The credit value of the device is calculated based on the transaction weight and the abnormal behavior recorded on the blockchain, and thus cannot be forged or tampered.
As shown in fig. 4, the present embodiment is configured to compare the performances of the original workload proving algorithm and the workload proving algorithm based on credit values by four sets of experiments, respectively, wherein: PoW stands for raw workload certification algorithm and Cr-PoW stands for credit-based workload certification algorithm. It can be observed from the embodiment in the figure that, under the condition of normal behavior of the node, the Cr-PoW executes fastest, and each transaction requires only 0.118 second on average, while PoW requires 0.7 second, which is a workload proof algorithm based on credit value, and can improve the transaction speed for honest nodes. For a malicious node, the more abnormal behaviors of the node, the longer the node needs to consume for completing one transaction, and the penalty time exponentially increases along with the increase of the number of the abnormal behaviors, so that the malicious node can hardly complete one transaction. The experimental result shows that the workload proving algorithm based on the credit value can also effectively prevent the attack of the malicious node.
From the security level analysis of the system, the method can be divided into two parts of system security and data security:
in terms of system security, the embodiment is constructed based on a blockchain of a directed acyclic graph structure, and the blockchain is a distributed ledger and is composed of a group of copied database nodes. The sensing data is redundantly copied by all the full nodes, so that the sensing data can effectively cope with the fault of one or more nodes, and the reliability of the Internet of things system is improved. Meanwhile, the embodiment knows that the information recorded in the blockchain cannot be tampered, so the embodiment manages the internet of things device by using the function by maintaining the authorization list on the blockchain. According to the list, all the nodes can refuse to provide services for unauthorized Internet of things equipment, so that distributed denial of service attacks, Sybil attacks and the like can be effectively defended.
In terms of data security, the embodiment uses a symmetric encryption algorithm to implement a data authority control method, and the confidentiality of sensor data is protected by encrypting data before storage in a blockchain. Only the person in possession of the key can decrypt and obtain the sensor data, thereby standardizing access to sensitive sensor data in transparent systems.
In the embodiment, the AES algorithm is used for encrypting the sensing data, as shown in fig. 5, the operation performance of the AES symmetric encryption algorithm on the raspberry is tested, and it can be seen that only 0.373 seconds are needed for encrypting a data packet with the size of 256KB, and the data with the size of 256KB is large enough for data transmission in the internet of things system, so that the data authority control method can be considered to have almost no influence on the transaction efficiency.
The foregoing embodiments may be modified in many different ways by those skilled in the art without departing from the spirit and scope of the invention, which is defined by the appended claims and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims (9)
1. A system for block chain device management and data transmission based on a directed acyclic graph architecture, comprising: the system comprises the internet of things equipment connected through a blockchain network, a gateway node and at least one administrator node, wherein the gateway node is used for acquiring an authorized equipment list from the blockchain to identify whether a transaction request comes from legal internet of things equipment, and the administrator node comprises: the method comprises the steps that a gateway node receives a request from authorized Internet of things equipment, verifies and broadcasts a transaction from the Internet of things equipment, and an administrator node records a public key of the authorized equipment to a blockchain by initiating a transaction containing a public key list of the authorized equipment so as to manage the authorized Internet of things equipment;
the Internet of things equipment is provided with a group of public and private key pairs (PK, SK) with unique identity identifications.
2. The system as claimed in claim 1, wherein the administrator node is a sub-administrator node authorized by a superior administrator node to designate a subordinate node as a sub-administrator node to help manage the internet of things devices in the system and shield illegal requests from unauthorized devices for flexible management and extension, a public key of the administrator node is pre-fabricated into an initial block of the block chain by hard coding, and a private key of the administrator node is used to sign the transaction.
3. The system of claim 1, wherein the blockchain network is a tangled network in which anyone can participate, the tangled network is a tree-like directed acyclic graph structure, and an asynchronous consensus mechanism is adopted to process multiple transactions simultaneously by replacing blockchain nodes with transaction nodes, thereby improving the throughput of the blockchain network.
4. The system of claim 3, wherein the gateway node, i.e. the whole node in the intertwined network, is configured to ensure the security and stability of the whole intertwined network by broadcasting the transaction and redundantly storing the data of the block chain.
5. A method for controlling data authority based on the system of any one of the preceding claims, wherein a symmetric encryption algorithm is used to encrypt the sensing data and to distribute the key in a decentralized manner, comprising the following steps:
step 1) an administrator node firstly hard codes own public key information into a created block file, initializes a block chain network and authorizes legal gateway nodes and Internet of things equipment;
step 2) after the IOT equipment is activated, a key distribution stage is carried out,
step 3) the Internet of things equipment which successfully acquires the secret key sends data to the gateway node in a transaction form, and the gateway node verifies the validity of the transaction;
and 4) the gateway node broadcasts the transaction result in the block chain network after the transaction verification is passed.
6. The method according to claim 5, wherein the step 2 is specifically: message M1The public key of the Internet of things equipment is used for encryption and then is sent to the Internet of things equipment, so that the message can be ensured to be decrypted only by the equipment with the private key, and the message M1Nonce inaFor initiating a response challenge, when the internet of things device returns the correct nonce value in the next response message, the device is considered to have successfully decrypted M1Decrypting the message M at the internet of things device1And obtains a symmetric encryption key SK thereinsThen, SK will be usedsEncrypted message M2Sends to the administrator node to prove that the device has successfully obtained the key SKs,noncebAlso a response challenge, again with the authentication key SKsCorrectness of (1) the administrator node is in message M3Middle return noncebTo end this round of key distribution.
7. The method of claim 5, wherein the transaction in step 3 is implemented by a credit-based workload certification mechanism, specifically: each piece of Internet of things equipment has a uniquely matched credit value Cr, and the credit value is updated in real time along with the behavior of the piece of Internet of things equipment;
the acts include: normal behavior that gradually increases the credit value over time, i.e. abnormal behavior that sends transactions and decreases the credit value in compliance with the rules of the system;
the credit value Cr ═ lambda1Crp+λ2CrnWherein: cr (chromium) componentpPart of the credit value obtained for normal behaviour, CrnPart of credit deducted for abnormal behaviour, λ1And λ2By varying λ for each respective weight coefficient1And λ2To adjust the penalty policy of the system.
8. The method as claimed in claim 7, wherein said credit value obtained by normal behavior is a part of CrpThe number of normal behaviors executed by the equipment in one time unit is positively correlated with the activity level of the internet of things equipment, and specifically comprises the following steps:
wherein: n is the number of normal device behaviors in the latest unit time, Δ T is one unit time, wkThe weight of one transaction is the number of times that the transaction is confirmed by the gateway node, and the more the number of times of confirmation, the higher the credibility of the transaction is;
the credit value part Cr deducted by the abnormal behaviornThe abnormal behaviors of the equipment of the Internet of things are inversely related, namely the larger the abnormal behaviors, the Cr isnThe lower the value of (a) is, specifically:
wherein: m is the total number of abnormal behaviors of the equipment, t is the current time, and t iskα (Event) is a penalty coefficient corresponding to the abnormal behavior Event at the time point when the k-th abnormal behavior occurs.
9. The method as claimed in claim 7, wherein when any IOT device is active for any period of time, Cr is addedpThe real-time adjustment can be carried out along with the activity degree of the real-time transaction system, so that the active honest nodes in the system can be ensured to carry out faster transaction submission by using less computing resources; when any device does not submit a transaction for a period of time, it is treated as an inactive or untrusted node and Cr-linedpSet to 0 while preserving the difficulty of its workload proof algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910460540.0A CN112019481A (en) | 2019-05-30 | 2019-05-30 | Block chain equipment management and data transmission system based on directed acyclic graph architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910460540.0A CN112019481A (en) | 2019-05-30 | 2019-05-30 | Block chain equipment management and data transmission system based on directed acyclic graph architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112019481A true CN112019481A (en) | 2020-12-01 |
Family
ID=73501877
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910460540.0A Pending CN112019481A (en) | 2019-05-30 | 2019-05-30 | Block chain equipment management and data transmission system based on directed acyclic graph architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019481A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112487484A (en) * | 2020-12-15 | 2021-03-12 | 深圳壹账通智能科技有限公司 | Dynamic configuration method and device for node permission in block chain network |
| CN112600917A (en) * | 2020-12-11 | 2021-04-02 | 重庆邮电大学 | Reputation-based block chain work proving method |
| CN112861163A (en) * | 2021-03-15 | 2021-05-28 | 云南大学 | Reputation ETC system based on evidence chain framework, data protection method and vehicle behavior management method based on reputation value |
| CN113065960A (en) * | 2021-03-22 | 2021-07-02 | 江苏派智信息科技有限公司 | Transaction system based on block chain |
| CN113949642A (en) * | 2021-10-19 | 2022-01-18 | 中国电子科技集团公司第二十研究所 | Internet of things sensor node trust evaluation method based on block chain storage |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743132A (en) * | 2017-11-28 | 2018-02-27 | 江苏信源久安信息科技有限公司 | The identification of Internet of Things trusted identity and control method based on id password |
| US20180255131A1 (en) * | 2015-11-09 | 2018-09-06 | Innogy Innovation Gmbh | System and Method for Transporting an Object |
| CN108985732A (en) * | 2018-06-08 | 2018-12-11 | 中国地质大学(武汉) | The common recognition and account book data organization method and system of DAG technology based on no block |
| CN109756579A (en) * | 2019-03-05 | 2019-05-14 | 深圳众享互联科技有限公司 | A kind of Internet of Things Information Secure Transmission System and transmission method based on block chain |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
-
2019
- 2019-05-30 CN CN201910460540.0A patent/CN112019481A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180255131A1 (en) * | 2015-11-09 | 2018-09-06 | Innogy Innovation Gmbh | System and Method for Transporting an Object |
| CN107743132A (en) * | 2017-11-28 | 2018-02-27 | 江苏信源久安信息科技有限公司 | The identification of Internet of Things trusted identity and control method based on id password |
| CN108985732A (en) * | 2018-06-08 | 2018-12-11 | 中国地质大学(武汉) | The common recognition and account book data organization method and system of DAG technology based on no block |
| CN109768988A (en) * | 2019-02-26 | 2019-05-17 | 安捷光通科技成都有限公司 | Decentralization Internet of Things security certification system, facility registration and identity identifying method |
| CN109756579A (en) * | 2019-03-05 | 2019-05-14 | 深圳众享互联科技有限公司 | A kind of Internet of Things Information Secure Transmission System and transmission method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| JUNQIN HUANG ET AL: "Towards Secure Industrial IoT: Blockchain System With Credit-Based Consensus Mechanism", 《IEEE》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112600917A (en) * | 2020-12-11 | 2021-04-02 | 重庆邮电大学 | Reputation-based block chain work proving method |
| CN112600917B (en) * | 2020-12-11 | 2022-05-03 | 重庆邮电大学 | Reputation-based block chain work proving method |
| CN112487484A (en) * | 2020-12-15 | 2021-03-12 | 深圳壹账通智能科技有限公司 | Dynamic configuration method and device for node permission in block chain network |
| CN112861163A (en) * | 2021-03-15 | 2021-05-28 | 云南大学 | Reputation ETC system based on evidence chain framework, data protection method and vehicle behavior management method based on reputation value |
| CN112861163B (en) * | 2021-03-15 | 2022-12-30 | 云南大学 | Reputation ETC system based on evidence chain framework, data protection method and vehicle behavior management method based on reputation value |
| CN113065960A (en) * | 2021-03-22 | 2021-07-02 | 江苏派智信息科技有限公司 | Transaction system based on block chain |
| CN113949642A (en) * | 2021-10-19 | 2022-01-18 | 中国电子科技集团公司第二十研究所 | Internet of things sensor node trust evaluation method based on block chain storage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Attkan et al. | Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security | |
| CN108964919B (en) | Lightweight anonymous authentication method with privacy protection based on Internet of vehicles | |
| CN111372243B (en) | Security distributed aggregation and access system and method based on fog alliance chain | |
| WO2020133655A1 (en) | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario | |
| CN112019481A (en) | Block chain equipment management and data transmission system based on directed acyclic graph architecture | |
| Sun et al. | A privacy-preserving mutual authentication resisting DoS attacks in VANETs | |
| Xue et al. | A secure, efficient, and accountable edge-based access control framework for information centric networks | |
| Rasheed et al. | Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks | |
| CN113194469A (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
| CN113872944A (en) | Block chain-oriented zero-trust security architecture and cluster deployment framework thereof | |
| CN114139203B (en) | Block chain-based heterogeneous identity alliance risk assessment system and method and terminal | |
| Szalachowski et al. | RITM: Revocation in the Middle | |
| Annessi et al. | It's about time: Securing broadcast time synchronization with data origin authentication | |
| Xu et al. | Trustworthy and transparent third-party authority | |
| Wang et al. | Blockchain-aided secure access control for UAV computing networks | |
| Yuan et al. | Fedcomm: A privacy-enhanced and efficient authentication protocol for federated learning in vehicular ad-hoc networks | |
| Lau et al. | Blockchain‐based authentication and secure communication in IoT networks | |
| Iyengar et al. | Trilateral trust based defense mechanism against DDoS attacks in cloud computing environment | |
| CN115834093A (en) | Block chain-based network node control method and system and consensus node | |
| He et al. | FASE: Fine-grained accountable and space-efficient access control for multimedia content with in-network caching | |
| Oberoi et al. | ADRCN: A framework to detect and mitigate malicious Insider Attacks in Cloud-Based environment on IaaS | |
| Bhise et al. | Detection and mitigation of Sybil attack in peer-to-peer network | |
| Magnanini et al. | Flexible and survivable single sign-on | |
| Latah et al. | DPSec: A blockchain-based data plane authentication protocol for SDNs | |
| WO2012100352A1 (en) | Controlled security domains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201201 |