基于区块链的数据完整性多方高效审计机制

doi:10.11959/j.issn.2096-109x.2021107

摘要/Abstract

摘要：

提出了一种面向大数据环境的基于区块链的数据完整性多方高效审计机制（MBE-ADI）。构建基于数据域的混合Merkle DAG结构对数据组织，实现大数据环境下大量非结构化数据同时验证；为应对大数据环境下数据量大的问题，设计基于 BLS 签名多副本确定性验证方法，实现支持多副本的数据完整性高效验证；设计基于联盟链的双验证审计架构，实现去中心化自动审计以及审计历史可信追溯，同时为数据拥有者和数据使用者提供数据完整性验证服务，实现数据的可信获取。测试证明系统的可行性以及数据完整性审计的高效性。

关键词: 区块链, 大数据, 完整性审计, MerkleDAG, 数据共享

Abstract:

A blockchain-based data integrity multi-party high-efficiency audit mechanism (MBE-ADI) for the big data environment was proposed.A hybrid Merkle DAG structure based on data domain was built to organize data, and realized the simultaneous verification of a large number of unstructured data in the big data environment.In order to deal with the problem of large amount of data in the big data environment, a multi copy deterministic verification method based on BLS signature was designed to realize the efficient verification of data integrity supporting multiple copies.A dual verification audit architecture based on consortium blockchain was designed to realize decentralized automatic audit and audit history credible traceability.At the same time, data integrity verification services were provided for data owners and data users to realize reliable acquisition of data.The test proves the feasibility of the system and the efficiency of data integrity audit.

Key words: blockchain, big data, integrity audit, Merkle DAG, data sharing

中图分类号:

TP309.2

周家顺, 王娜, 杜学绘. 基于区块链的数据完整性多方高效审计机制[J]. 网络与信息安全学报, 2021, 7(6): 113-125.

Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain[J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125.

图/表 16

图1

图2

图3

图4

图5

图6

图7

图8

图9

表1

表2

图10

图11

图12

图13

图14

参考文献 29

[1]	AL-SAI Z A , ABUALIGAH L M . Big data and E-government:a review[C]// Proceedings of 2017 8th International Conference on Information Technology (ICIT). 2017: 580-587.
[2]	ZUO W M , WANG C Y . Judicial big data and big-data-based legal research in China[J]. Asian Journal of Law and Society, 2020,7(3): 495-514.
[3]	RAGHUPATHI W , RAGHUPATHI V . Big data analytics in healthcare:promise and potential[J]. Health Information Science and Systems, 2014,2:3.
[4]	谭霜, 贾焰, 韩伟红 . 云存储中的数据完整性证明研究及进展[J]. 计算机学报, 2015,38(1): 164-177.
	TAN S , JIA Y , HAN W H . Research and development of provable data integrity in cloud storage[J]. Chinese Journal of Computers, 2015,38(1): 164-177.
[5]	魏凯敏, 翁健, 任奎 . 大数据安全保护技术综述[J]. 网络与信息安全学报, 2016,2(4): 1-11.
	WEI K M , WENG J , REN K . Data security and protection techniques in big data:a survey[J]. Chinese Journal of Network and Information Security, 2016,2(4): 1-11.
[6]	蒋余浩 . 开放共享下的政务大数据管理机制创新[J]. 中国行政管理, 2017(8): 42-46.
	JIANG Y H . Open data through collaborative sharing:an essay on innovative mechanism of government big data management[J]. Chinese Public Administration, 2017(8): 42-46.
[7]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. 2009.
[8]	DESWARTE Y , QUISQUATER J J , SA?DANE A , . Remote integrity checking[M]// Integrity and Internal Control in Information Systems VI. Boston: Kluwer Academic Publishers, 2003: 1-11.
[9]	ATENIESE G , BURNS R , CURTMOLA R ,et al. Provable data possession at untrusted stores[C]// Proceedings of the 14th ACM conference on Computer and Communications Security. 2007: 598-609.
[10]	WANG Q , WANG C , REN K ,et al. Enabling public auditability and data dynamics for storage security in cloud computing[C]// Proceedings of IEEE Transactions on Parallel and Distributed Systems. 2009: 847-859.
[11]	谢四江, 贾倍, 王鹤 ,等. 基于多分支路径树的云存储大数据完整性证明机制[J]. 计算机科学, 2019,46(3): 188-196.
	XIE S J , JIA B , WANG H ,et al. Cloud big data integrity verification scheme based on multi-branch Tree[J]. Computer Science, 2019,46(3): 188-196.
[12]	刘洪宇, 丁奕文, 陈雷霆 . 支持动态操作的多副本数据完整性验证方案[J]. 计算机应用研究, 2019,36(9): 2778-2782.
	LIU H Y , DING Y W , CHEN L T . Multiple-replica data integrity checking protocol with efficient dynamic update in cloud storage[J]. Application Research of Computers, 2019,36(9): 2778-2782.
[13]	CURTMOLA R , KHAN O , BURNS R ,et al. MR-PDP:multiple-replica provable data possession[C]// Proceedings of 2008 The 28th International Conference on Distributed Computing Systems. 2008: 411-420.
[14]	LU N , ZHANG Y X , SHI W B ,et al. A secure and scalable data integrity auditing scheme based on hyperledger fabric[J]. Computers ＆ Security, 2020,92: 101741.
[15]	HANG L , ULLAH I , KIM D H . A secure fish farm platform based on blockchain for agriculture data integrity[J]. Computers and Electronics in Agriculture, 2020,170: 105251.
[16]	HANG L , KIM D H . Design and implementation of an integrated IoT blockchain platform for sensing data integrity[J]. Sensors (Basel,Switzerland), 2019,19(10): 2228.
[17]	ALTULYAN M , YAO L N , KANHERE S S ,et al. A unified framework for data integrity protection in people-centric smart cities[J]. Multimedia Tools and Applications, 2020,79(7): 4989-5002.
[18]	LIU B , YU X L , CHEN S P ,et al. Blockchain based data integrity service framework for IoT data[C]// Proceedings of 2017 IEEE International Conference on Web Services (ICWS). Piscataway:IEEE Press, 2017: 468-475.
[19]	ZHAO Q Y , CHEN S Y , LIU Z L ,et al. Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems[J]. Information Processing ＆ Management, 2020,57(6): 102355.
[20]	WEI P C , WANG D H , ZHAO Y ,et al. Blockchain data-based cloud data integrity protection mechanism[J]. Future Generation Computer Systems, 2020,102: 902-911.
[21]	魏艳, 毛燕琴, 沈苏彬 . 一种基于区块链的数据完整性验证解决方案[J]. 计算机技术与发展, 2020,30(1): 76-81.
	WEI Y , MAO Y Q , SHEN S B . A data integrity verification solution based on Blockchain[J]. Computer Technology and Development, 2020,30(1): 76-81.
[22]	GAVIN W . Ethereum:A secure decentralized generalised transaction ledger[R]. Ethereum Project Yellow Paper, 2014.
[23]	LIU C , YANG C , ZHANG X Y ,et al. External integrity verification for outsourced big data in cloud and IoT:a big picture[J]. Future Generation Computer Systems, 2015,49: 58-67.
[24]	CHEN X Y , SHANG T , KIM I ,et al. A remote data integrity checking scheme for big data storage[C]// Proceedings of 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC). Piscataway:IEEE Press, 2017: 53-59.
[25]	NASONOV D , VISHERATIN A A , BOUKHANOVSKY A . Blockchain-based transaction integrity in distributed big data marketplace[M]// Lecture Notes in Computer Science. Cham: Springer International Publishing, 2018: 569-577.
[26]	LEBDAOUI I , EL HAJJI S , ORHANOU G . Managing big data integrity[C]// Proceedings of 2016 International Conference on Engineering ＆ MIS (ICEMIS). Piscataway:IEEE Press, 2016: 1-6.
[27]	BENET J . IPFS - content addressed,versioned,P2P file system[J]. arXiv:1407.3561, 2014.
[28]	ANDROULAKI E , BARGER A , BORTNIKOV V ,et al. Hyperledger fabric:a distributed operating system for permissioned blockchains[C]// Proceedings of Proceedings of the Thirteenth EuroSys Conference. New York,NY,USA:ACM, 2018: 1-15.
[29]	BONEH D , LYNN B , SHACHAM H . Short signatures from the Weil pairing[J]. Journal of Cryptology:the Journal of the International Association for Cryptologic Research, 2004,17(4): 297-319.

方案		参与方		审计机构	多副本	确定性验证	公开验证	异构多数据	数据动态修改	验证历史检索	多方验证
文献[10]	多个DO	SP	TPA	TPA	NO	NO	YES	NO	YES	NO	NO
文献[11]	DO	SP	TPA	TPA	NO	NO	YES	NO	YES	NO	NO
文献[12]	DO	SP		DO	YES	NO	NO	NO	YES	NO	NO
文献[14]	DO	SP	多个TPA	动态TPA	NO	NO	YES	NO	NO	YES	YES
文献[18]	DO	DU	SP	智能合约	NO	YES	NO	NO	NO	NO	YES
文献[19]	DO	SP		DO/SP/TPA	NO	NO	NO	NO	YES	NO	NO
文献[20]	多个DO	SP		智能合约	NO	NO	YES	NO	YES	NO	NO
本文方案	多个DO	多个DU	多个SP	智能合约	YES	YES	YES	YES	NO	YES	YES

云服务器	用户	功能标识
server1	DO_A	Peer1、Org1、Ca1、Kafka1、Zookeeper1、Orderer1
server2	DO_B	Peer2、Org2、Ca2、Kafka2、Zookeeper2
server3	DU_A	Peer3、Org3、Ca3、Kafka3、Zookeeper3、Orderer2
server4	DU_B	Peer4、Org4、Ca4、Kafka4、Zookeeper4
server5	SP_A	Peer5、Org5、Ca5、Kafka5、Zookeeper5、Orderer3
server6	SP_B	Peer6、Org6、Ca6、Kafka6、Zookeeper6