KR20230100129A - Chaincode-based file integrity verification system - Google Patents

Abstract

The present invention relates to a chaincode-based file integrity verification system, and more particularly, to verify the integrity of a file on a platform including a client, hyperledger explorer, channel, node, and peer, and to verify the integrity of a chaincode in the verification step of a guarantor peer. It is about a chaincode-based file integrity verification system that stops deployment in case of problems.
According to an embodiment of the present invention, in a chaincode-based file integrity verification system including a client, Hyperledger Explorer, channel, node, and peer: the client requesting account access to Hyperledger Explorer; allocating authority to an authorized client when the client is an authorized client; sending, by the authorized client, a block request for a channel to a peer; the peer sharing the hash with the node; and outputting the result to the client by the node.

Description

Chaincode-based file integrity verification system}

The present invention relates to a chaincode-based file integrity verification system, and more particularly, to verify the integrity of a file on a platform including a client, hyperledger explorer, channel, node, and peer, and to verify the integrity of a chaincode in the verification step of a guarantor peer. It is about a chaincode-based file integrity verification system that stops deployment in case of problems.

Recently, with the development of network and hardware technology, research on convergence of blockchain technology and security is being actively conducted and applied to various network technologies.

In the embodiment of the present invention, we propose a model that analyzes existing blockchain technologies and verifies the integrity of files using private blockchains in a limited environment.

The proposed model is written in the chain code of Hyperledger Fabric, a private blockchain platform, and the integrity of the file can be verified through Hyperledger Explorer, a private blockchain integrated management platform. The performance of the proposed model was analyzed from the perspective of developers and users.

1. J. S. Kim, S. C. Kim & N. J. Park. (2021). Blockchain-based Product Carry-in/out Management Mechanism. The Journal of Korean Institute of Information Technology, 19(1), 131-138. 2. J. H. Kim. (2020). Fault Tolerance Enhancement for Distributed Storage Blockchain Systems. Journal of the Korea Institute of Information and Communication Engineering, 1558-1561. 3. S. H. Lee & K. C. Kim. (2021). Proposal of Blockchain Structure with Real-Time Capability Suitable for 5G-Based Service Provision. The Journal of Korean Institute of Communications and Information Sciences, 46(1), 102-113. 4. M. Y. Kim, H. S. Lee & J. D. Kim. (2020). A Blockchain Copyright Information Registration System for Content Protection of Online Sharing Platforms. Journal of the Korea Institute of Information and Communication Engineering, 24(12), 1718-1721. 5. J. K. Lee. (2018). A Docker Container Case Study for Implementing Block Chain Distributed General Ledger. Korean Computers and Accounting Review, 16(1), 27-41. 6. J. C. Yeom, Y. S. Lee & In-Ho Ra. (2019). Proposal of PublicKey_Based Node Authentication Method for Secure Private Block Chain Environment. Korea Institute Of Communication Sciences, 466-467. 7. W. S. Park, D. Y. Hwang & K. H. Kim. (2018). A Study on Certificate Issuance System Using Private Block chain. Korea Institute Of Communication Sciences, 1192-1193. 8. B.J. Cho. (2019). BOTP(Blockchain One Time Password) System. The Korean Institute of Information Scientists and Engineers, 1221-1223. 9. H. G. Kim, S. H. Jung. (2020). IoT Authentication System Using Blockchain and TOTP. Journal of the Korea Society of Computer and Information, 25(2), 113-122. 10. G. Y. Jung. (2018). A Study on the legal nature of cryptocurrency and a smart contract. Korea commercial law association, 109-150. 11. H. K. Kwon, H. J. Kim, K. B. Jang & H. J. Seo. (2020). An Improvement of missing pet rescue system based on Smart Contract. Journal of the Korea Institute of Information and Communication Engineering, 24(6), 786-794. 12. J. Y. Kim, J. H. Kwon, S. I. Jang, Y. K. Kim, M. J. Son & M. H. Kim. (2020). A Method to reduce transaction endorsement time based on network latency in Hyperledger Fabric. Proceedings of the Korean Society of Computer Information Conference, 28(2), 41-44. 13. S. I. Jang, J. H. Kwon, J. Y. Kim, C. H. Im & M. H. Kim. (2020). Study on Chaincode execution cost base endorsing peer routing method to reduce endorsement time in Hyperledger Fabric. Proceedings of the Korean Society of Computer Information Conference, 28(2), 37-40. 14. K. H. Lee. (2018). A Study on the type of Blockchain (Ethereum, Hyperledger Fabric). Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 442-443. 15. J. K. Lee & H. Y. Choi. (2018). A Case Study of Using Hyperledger Composer based on Docker Container for Implementing Block Chain Distributed Ledger. Korean Computers and Accounting Review, 16(2), 1-18.

The problem to be solved by the present invention is to provide a chaincode-based file integrity verification system that verifies the integrity of a file using a private blockchain.

According to an embodiment of the present invention, in a chaincode-based file integrity verification system including a client, Hyperledger Explorer, channel, node, and peer: the client requesting account access to Hyperledger Explorer; allocating authority to an authorized client when the client is an authorized client; sending, by the authorized client, a block request for a channel to a peer; the peer sharing the hash with the node; and outputting the result to the client by the node.

According to an embodiment of the present invention, the integrity of a file can be verified using a private blockchain.

In addition, by using the Hyperledger Explorer, even beginners without blockchain-related background can easily build a blockchain network.

1 is a network diagram of a chaincode-based file integrity verification system according to an embodiment of the present invention.
2 is an operational flowchart of a chaincode-based file integrity verification system according to an embodiment of the present invention.
3 and 4 are diagrams showing a platform configuration of a chaincode-based file integrity verification system according to an embodiment of the present invention.
5 is a diagram showing a chaincode view of a chaincode-based file integrity verification system according to an embodiment of the present invention.
6 is a diagram illustrating a chaincode development and analysis process of a chaincode-based file integrity verification system according to an embodiment of the present invention.

Hereinafter, various embodiments of this document will be described with reference to the accompanying drawings. However, it should be understood that this is not intended to limit the technology described in this document to specific embodiments, and includes various modifications, equivalents, and/or alternatives of the embodiments of this document. . In connection with the description of the drawings, like reference numerals may be used for like elements.

In this document, expressions such as "comprises" or "may include" indicate the presence of corresponding features (eg, components such as numerical values, functions, operations, or parts), and do not exclude the presence of additional features. don't

In this document, expressions such as “A or B,” “at least one of A and/and B,” or “one or more of A or/and B” may include all possible combinations of the items listed together. . For example, “A or B,” “at least one of A and B,” or “at least one of A or B” (1) includes at least one A, (2) includes at least one B, Or (3) may refer to all cases including at least one A and at least one B.

Terms used in this document are only used to describe a specific embodiment, and may not be intended to limit the scope of other embodiments. Singular expressions may include plural expressions unless the context clearly dictates otherwise. Terms used herein, including technical or scientific terms, may have the same meaning as commonly understood by a person of ordinary skill in the technical field described in this document. Among the terms used in this document, terms defined in a general dictionary may be interpreted as having the same or similar meaning as the meaning in the context of the related art, and unless explicitly defined in this document, an ideal or excessively formal meaning. not be interpreted as In some cases, even terms defined in this document cannot be interpreted to exclude the embodiments of this document.

Of course, various modifications can be made by those skilled in the art without departing from the gist of the present invention claimed in the claims of the present invention, and these modifications are the technical spirit of the present invention or It should not be understood individually from the perspective.

In addition, the method according to the present invention can be implemented as a computer readable code (program) on a computer readable recording medium. A computer-readable recording medium may include all types of recording devices storing data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, and optical data storage devices, and also those implemented in the form of carrier waves (for example, transmission through the Internet). include In addition, the computer-readable recording medium may store computer-readable codes that can be executed in a distributed manner by distributed computer systems connected through a network.

1. Chaincode-based verification model

According to the conventional Hyperledger fabric construction method, various business modeling is set by accessing Playgrounds through Hyperledger, Docker image, and Compose. Afterwards, in order to add and edit new modeling, the administrator must always log in and manage through the web. This existing method causes the hassle and unnecessary time consumption of having to authenticate and search through an administrator each time a specific file is shared within the company.

In order to solve this problem, an embodiment of the present invention proposes a chaincode-based verification model.

Hereinafter, the file integrity verification model using chaincode technology is classified into Hyperledger Fabric and Hyperledger Explorer to build the model.

1.1. system configuration

The file integrity verification system consists of node groups, Hyperledger Fabric platform, peers, and Hyperledger Explorer.

The administrator develops the chaincode, executes it as a client application, and sends it to the endorser peer.

After verifying the chaincode, the guarantor peer distributes it to all peers through the channel.

An orderer node connected to the channel receives the transaction and constructs a blockchain.

The orderer node applies the transaction to the block and sends it to peer nodes in the Hyperledger Fabric network.

Peer nodes send broadcast requests to other peers.

Peers receiving the request proceed with block updates and synchronize the ledger. This process is as shown in FIGS. 1 and 2 .

Hyperledger Explorer, when a client requests account access to the explorer, approves the account through authentication and assigns authority to the authorized user. The client transmits (views) a block request for a channel through an account to which authority is assigned.

The client can check the peer that received the block request through the node, channel, and explorer.

1.2. system model

Hyperledger Fabric uses chaincode technology to verify and design the integrity of the X.509 certificate on the blockchain.

In the embodiment of the present invention, in order to implement the verification process, Microsoft's Windows 10 Pro 20H2 was used as the OS, Oracle's VirtualBox was used as the environment, Hyperlger and Docker were used as the platform, and Google's Go language was used as the Dev language. JS and Git were used.

1.2.1 Building the platform

Before building Hyperledger Fabric, the necessary virtualization platform and various programs for dependencies are pre-installed.

The program package, apt-transport-https, is a package for encrypted communication and is installed along with ca-certificates, curl, gnupgagent, and software-properties-common.

And, since node.js is used in the Hyperledger Fabric SDK, install it as a required element.

In the embodiment of the present invention, Go lang is installed because it is written based on the Go language.

In addition, Docker Compose is also installed because Hyperledger Fabric must be run in Docker's virtualization container and multiple virtualization containers such as peer and orderer must be run.

The platform installation configuration is installed in the order of Ubuntu Mirror Server, Docker Mirror Server, and Go lang Mirror Server. The platform environment configuration is shown in FIG. 3 .

Mirror Server consists of 5 steps: Ubuntu Mirror Server, Docker Mirror Server, Go lang Mirror Server, and Npm Mirror Server to build the basic platform.

Mirror Server is a duplicate of a network node and supports network and file sharing services by accessing it through various protocols.

In Mirror Server, Ubuntu is updated for compatibility with various programs. It automatically indexes existing installed programs and updates them. Afterwards, install the Docker program for virtualization of Ubuntu server and complete the GPG Key authentication process. Next, download and install the Go language for hyperledger fabric chaincode development. Finally, install the node js package manager to configure the Hyperledger Fabric environment.

The above installation process is explained again with Linux commands as follows.

① Ubuntu Mirror Server Update and upgrade the current Ubuntu Platform to the latest version through Ubuntu Mirror Server, and download and install essential programs.

$apt update && apt upgrade

$apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common nodejs

② Complete the GPG Key authentication procedure to verify the download with the key management program for the Docker Mirror Server APT package. If the authentication result is "OK", proceed with registering the docker repository.

$curl -fsSL

https://download.docker.com/linux/ubuntu/gp g|sudo apt-key add -add-apt-repository \

"deb [arch=amd64]

https://download.docker.com/linux/ubuntu \

$(lsb_release -cs) \

stable"

Update the existing application with the apt-get update command, and download and install required configuration files for Docker with the sudo apt-get install command. And run the service of the Docker process installed with the systemctl command with administrator privileges. The command is:

$ apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io

$ sudo usermod -a -G docker $USER

$ sudo systemctl start docker

$ sudo systemctl enable docker

Since Hyperledger fabric uses and manages multiple containers, download and install the Docker Compose tool that can automatically manage and share applications. And in Docker Compose, you can define services in YAML files and run or terminate multiple containers with short commands. The Docker Compose installation command is as follows:

$ curl -L

"https://github.com/docker/compose/releases/ download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o/usr/local/bin/ docker- compose

When the Docker compose installation is successfully completed, the execution permission for the compose files is granted with the chmod command.

$ chmod +x /usr/local/bin/docker-compose

③ Golang Mirror Server Google's Go lang programming development language is additionally installed for Hyperledger Fabric chaincode development. The installation command is as follows.

$ wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz

$ tar-xzvf go1.15.5.linux-amd64.tar.gz

$ sudo mv go//usr/local

When the Go lang programming development language installation is successfully completed, register environment variables so that they can be called throughout the operating system. Search the bashrc file for environment variables and add the following command to the end of the file.

export GOPATH=/usr/local/go

export PATH=$PATH:$GOPATH/bin

④ Npm Mirror Server Hyperledger Fabric's SDK is designed to be used in a nodejs and javascript execution environment, so install npm (node package manager) as a nodejs package manager. The installation command is as follows.

$ curl -L https://npmjs.org/install.sh

1.2.2 Building Hyperledger Fabric

Hyperledger Fabric construction consists of Hyperledger Fabric Mirror Sever, Hyperledger Fabric Channel, Hyperledger Explorer, and Chaincode. First, after downloading the image of Hyperledger Fabric through the Hyperledger Fabric Mirror Server on the Ubuntu platform, execute it through the Docker program. Docker manages each virtualized image with the Docker Compose program. Afterwards, the internal components of Hyperledger Fabric are Orderer Node, Peer, Channel, Client App, and Endorser Peer, and communicate through Channel. Channel allows users to check the state of the blockchain through the View of Hyperledger Explorer. Chaincode is the part of the blockchain that administrators write according to the design. The platform construction is as shown in FIG. 4 .

Building the Hyperledger Fabric environment proceeds in five steps: Mirror Server, Channel creation, Hyperledger Explorer, chaincode development, and View.

First, the Mirror Server downloads an external Hyperledger Fabric image and executes it through Docker. Second, a blockchain channel is created through Docker and a script file is created. Third, install Hyperledger Explorer for web application integration. Fourth, the manager writes in chaincode language according to the design and proceeds with distribution. Finally, it manages Hyperledger Fabric through Docker Compose and checks the blockchain as a view from the user's point of view.

① Hyperledger Fabric Mirror Server Download Hyperledger Fabric 2.2 version through the file address of the Hyperledger Fabric Mirror Server and proceed with the installation. If you want to install different versions, you can install them by version with bash-s x.y.z command. The command is:

$curl-sSL https://bit.ly/2ysbOFE | bash-s 2.2.0

② Channel creation For automatic network configuration of Hyperledger Fabric 2.2, create a channel with the "up createChannel" command in the test-network folder and execute the script file (network.sh). The command is:

$./network.sh up create

Among Channel Docker's commands, you can use the "ps-a" command to check the processes and containers currently running in Docker.

If the container does not operate, stop the execution of the script file (network.sh) with the "down" command and run the container again with the "up" command. The command is:

$docker ps -a

③ Hyperledger Explorer Hyperledger Explorer is a web application program that calls, distributes, and executes various lists such as block, network information, and chaincode. It is linked with Hyperledger Fabric to easily monitor the flow of blocks and nodes on the web. . The command to install Hyperledger Explorer is as follows.

$wget

https://raw.githubusercontent.com/hyperledge r/blockchain-explorer/master/examples/net1/config.json

$wget

https://raw.githubusercontent.com/hyperledge r/blockchain-explorer/master/examples/net1/co n n e c t i o n - p r o f i l e / f i r s t - n e t w o r k . j s o n -P connection-profile

$wget

https://raw.githubusercontent.com/hyperledge r/blockchain-explorer/master/docker-compose.yaml

Before installing Hyperledger Explorer, copy the certificate folder created during the script file execution process in Hyperledger Fabric to the explorer folder for interworking with Hyperledger Explorer.

$ c p - r ~ / f a b r i c - s a m p l e s / t e s t - n e t w o r k / organizations / ~/explorer Execute the docker-compose.yaml file with the "gedit" command to change the volume settings.

$ gedit docker-compose.yaml

before

volumes:

-

./examples/net1/config.json:/opt/explorer/app/platform/fabric/config.json

-

./examples/net1/connection-profile:/opt/explorer/app/platform/fabric/connection-profile

- ./examples/net1/crypto:/tmp/crypto

- walletstore:/opt/explorer/wallet

after

volumes:

-

./config.json:/opt/explorer/app/platform/fabric/config.json

-

./connection-profile:/opt/explorer/app/platform/fabric/connection-profile

- ./organizations:/tmp/crypto

- walletstore:/opt/wallet

The server built in the embodiment of the present invention recognizes the Broken Authentication vulnerability and configures the security of Hyperledger Explorer.

Use the "gedit connection-profile/first-network.json" command to edit the configuration information of first-network written in json language. After that, change the "id" and "password" parts to the administrator's ID and password. The command is:

$ gedit connection-profile/first-network.json

# Default username and password

"id": "exploreradmin",

"password": "exploreradminpw"

Chaincode is a program written in Golang, node.js or Java that implements and develops smart contracts on Hyperledger Fabric. It runs standalone in a Docker container, manages the ledger, and, given permission, chaincodes can call other chaincodes to access them. First, register the chaincode environment variable to change the configuration so that it can be called.

# peer

export PATH=${PWD}/../bin:${PWD}:$PATH

#core.yaml

export FABRIC_CFG_PATH=$PWD/../config/

export CORE_PEER_TLS_ENABLED=true

export CORE_PEER_LOCALMSPID ="Org1MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/or ganizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/us ers/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051

④ Chaincode development For chaincode development, the manager stores args[0] in variable A and args[1] in variable Value according to the program design. And the variable Length stores the length of the parameter. If the length of the parameter is not 2, an Incorrect string is output, and if the Value value is NULL, an error is returned. If the value of Value is normal, the hash is retrieved and returned. And pass it as a parameter to the PutHash function. The input variable stores the result of the PutHash function, and if the result of the PutHash function is NULL, an Error is output, otherwise it returns Success. The pseudocode of the chaincode is as follows:

A ← args[0]

Value ← args[1]

Input ← error

Length ← args

if not Length = 2:

··········· RETURN Incorrect;

if Value = NULL:

·············· RETURN Error;

RETURN Value

Input = PutHash(A,Value)

if not Input = NULL:

····· RETURN Error;

RETURN Success;

⑤ View (Fig. 5)

./network.sh deployCC

After configuring the basic settings of Hyperledger Explorer, run Docker Compose with the "docker-compose up" command. If you edited the Docker configuration or changed the chaincode, stop Docker Compose with the "docker-compose down" command and then restart it.

$ docker-compose up -d

$ docker-compose down -v

2. System model analysis

The system model analysis analyzes the operation process by classifying it into a chaincode administrator's point of view and a chaincode user's point of view.

Develop the chain code, get certified through the guarantor peer, and proceed with distribution to orderer nodes.

The developed chaincode registers and retrieves the hash value of the file.

Chaincode registration and inquiry are available only to authorized users, and external connections are controlled.

The authorized user inquires whether the file hash information has been authenticated from the Hyperledger Fabric Explorer platform.

2.1 Development Analysis of Chaincode

In the existing method, business modeling is set up through Hyperledger, Docker images, and Compose. After that, log in and manage periodically to add and edit new modeling. Such an existing method causes unnecessary time consuming to authenticate and search each time.

Chaincode development analysis in the verification model according to the embodiment of the present invention consists of five steps: chaincode, client application, guarantor peer, peer node, and orderer node.

When the guarantor peer receives a transaction request from a client application, it verifies the transaction. Verification verifies the requested details and the requester's authority. Then run the chaincode and pre-test the results. Distributed ledger chapters and blocks are not updated during the pre-test phase. As a result of the preliminary test, if the transaction does not occur through normal methods, the transaction is blocked.

The orderer peer is the heart of the Hyperledger Fabric network, maintaining the same distributed ledger state across the blockchain network. Then, blocks are created according to authority and transmitted to peers through broadcast. Peer nodes receive distributed ledger updates and broadcast ledger updates to other individual peers. This process is shown in FIG. 6 .

In the chaincode development analysis process according to an embodiment of the present invention, first, the operation principle is analyzed from the perspective of the manager of the Hyperledger Fabric. The blockchain manager writes chaincode according to the program design and requests distribution to the client application. After that, the client application verifies the chaincode received by the guarantor peer and proceeds with the transaction.

The orderer node receiving the transaction constructs a blockchain and transmits it to the peer node. Peer nodes broadcast to update all nodes with the latest block and synchronize the distributed ledger.

① The blockchain manager sends a chaincode distribution request to the client application.

② The client application that received the chaincode distributes it to the whole as a guarantor peer, confirms the request information from the client application, and transacts. It then executes the chaincode and sends a response to the client application.

③ The guarantor peer returns success or failure for the transaction status.

④ The client application constructs a blockchain by sending successful transactions to the orderer node. The orderer node applies the transaction to the block and sends it to peer nodes in the Hyperledger Fabric network.

⑤ The received peer node transmits a broadcast request to other peers. Peers receiving the broadcast request proceed with updating to the latest block and synchronize the distributed ledger.

2.2 User Analysis of Chaincode

Analyzing the operating principles of Hyperledger Fabric from the user's point of view. Users connect to the web server configured with Hyperledger Explorer for blockchain work. After that, the user inputs login information and waits for the verification time. Verification time may vary each time depending on network conditions. After verification, the authorized user checks the information of the blockchain with the Hyperledger Explorer view.

① A user requests access to a web server composed of Hyperledger Explorer.

② Upon receiving the connection request, Hyperledger Explorer searches the setting information and database information to confirm whether or not the user is authorized.

③ In the case of an authorized user, direct requests to the chaincode network are not allowed, and requests for information are sent to peer nodes as agents through Hyperledger Explorer.

④ The received peer node transmits the block information to the Hyperledger Explorer view so that the user can check it.

Claims (1)

In a chaincode-based file integrity verification system including clients, hyperledger explorers, channels, nodes and peers:
the client requesting account access to Hyperledger Explorer;
allocating authority to an authorized client when the client is an authorized client;
sending, by the authorized client, a block request for a channel to a peer;
the peer sharing the hash with the node; and
A chaincode-based file integrity verification system comprising; outputting the result to the client by the node;

Images