面向跨域可信的泛中心化区块链DNS架构研究

doi:10.11959/j.issn.2096-109x.2020024

网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (2): 19-34.doi: 10.11959/j.issn.2096-109x.2020024

所属专题：区块链

面向跨域可信的泛中心化区块链DNS架构研究

雷凯^1,²(),束方兴^1,²,黄磊^1,²,章奇超^1,²

¹ 北京大学深圳市内容中心网络与区块链重点实验室，广东深圳 518055
² 北京大学互联网研究院（深圳），广东深圳 518055

修回日期:2020-02-12 出版日期:2020-04-15 发布日期:2020-04-23
作者简介:雷凯（1976- ），男，湖南长沙人，博士，北京大学副教授，主要研究方向为信息中心网络、区块链、联邦学习与知识图谱|束方兴（1990- ），男，宁夏银川人，北京大学硕士生，主要研究方向为区块链系统|黄磊（1993- ），男，江苏扬州人，北京大学硕士生，主要研究方向为分布式系统和区块链系统|章奇超（1994- ），男，浙江杭州人，北京大学硕士生，主要研究方向为区块链系统
基金资助:
深圳市科技创新基金资助项目(ZDSYS201802051831427)

Research on cross-domain trustable blockchain based decentralized DNS architecture

Kai LEI^1,²(),Fangxing SHU^1,²,Lei HUANG^1,²,Qichao ZHANG^1,²

¹ Shenzhen Key Lab for Information Centric Networking ＆Blockchain Technology,School of Electronics and Computer Engineering,Peking University,Shenzhen 518055,China
² Internet Research Institute,Peking University,Shenzhen 518055,China

Revised:2020-02-12 Online:2020-04-15 Published:2020-04-23
Supported by:
The Science and Technology Innovation Project of Shenzhen(ZDSYS201802051831427)

摘要/Abstract

摘要：

DNS 系统是重要的互联网基础设施，采用中心化层级式结构，在根区存在中心化现象，导致单点故障风险、中心权利滥用风险等缺陷。设计新的泛中心化 DNS 架构将使域名系统从依赖中心的单一信任域，变为多个以顶级域名为根相互平行的信任域，存在跨域可信的研究挑战。围绕跨域可信架构的设计，在架构设计层面采用控制与解析分离的思想，提出双区块链 DNS 架构；在数据层面的跨域验证方面设计了基于单向累加器的验证方案，将传统验证过程 O(N)的时间复杂度降为接近 O(1)；在关键技术的性能层面，结合DPoS机制与BFT算法提出CDBFT算法，平均吞吐量可以达到736 TPS（transaction per second）。并用理论推导和实验验证了架构在安全、性能及可扩展性方面具有优势。

关键词: DNS, 区块链, 单向累加器, 跨域可信, 共识机制

Abstract:

The domain name system (DNS) is an important internet infrastructure.However,current DNS utilizes centralized hierarchical structure with severe dependence on root server,which causes defects such as the risk of single-point failure and the abuse of central rights.Designing new decentralized DNS mainly focuses on transforming the domain name system from a single trust domain which relies on the center to multiple trust domains with the top-level domain name as the root parallel to each other,but also faces cross-domain credible challenges.To design a cross-domain trusted architecture,the concept of separating control and analysis was adopted,and a dual-blockchain DNS architecture was proposed.At data layer,a novel cross-domain verification was designed based on a one-way accumulator verification scheme,with the time complexity of the verification process O(N) reducing to O(1) nearly.The CDBFT algorithm was proposed by combining the DPoS mechanism and the BFT algorithm,whose average throughput reaches 736 TPS.The theoretical derivation and experimental results have demonstrated the advantages of this new DNS architecture on security,performance,and scalability.

Key words: DNS, blockchain, one-way accumulator, cross-domain trustable, consensus mechanism

中图分类号:

TP311.1

雷凯,束方兴,黄磊,章奇超. 面向跨域可信的泛中心化区块链DNS架构研究[J]. 网络与信息安全学报, 2020, 6(2): 19-34.

Kai LEI,Fangxing SHU,Lei HUANG,Qichao ZHANG. Research on cross-domain trustable blockchain based decentralized DNS architecture[J]. Chinese Journal of Network and Information Security, 2020, 6(2): 19-34.

图/表 12

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

参考文献 32

[1]	延志伟, 耿光刚, 李洪涛 ,等. DNS 根服务体系的发展研究[J]. 网络与信息安全学报, 2017,3(3): 1-12.
	YAN Z W , GENG G G , LI H T . Study on the development of the DNS root system[J]. Chinese Journal of Network and Information Security, 2017,3(3): 1-12.
[2]	方滨兴 . 从“国家网络主权”谈基于国家联盟的自治根域名解析体系[J]. 信息安全与通信保密, 2014(12): 35-38.
	FANG B X . Country autonomous root domain name resolution architecture from the perfective of country cyber sovereignty[J]. Information Security and Communication Privacy, 2014(12): 35-38.
[3]	KAMINSKY D . Spelunking the triangle:exploring Aaron Swartzs take on Zooko’s triangle[EB]. 2011.
[4]	RAMASUBRAMANIAN V , SIRER E G . The design and implementation of a next generation name service for the Internet[C]// ACM Sigcomm. 2004.
[5]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. 2008.
[6]	BARNABY C , AWAIS R . Trust beyond computation alone:human aspects of trust in blockchain technologies[C]// ACM 41st ICSE 2019. 2019: 21-30.
[7]	ABRAHAM I , CHAN T H , DOLEV D ,et al. Communication complexity of Byzantine agreement,revisited[C]// Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing (PODC 2019). 2019: 317-326.
[8]	DONG X L , AMAL A , JIANBING N ,et al. Anonymous reputation system for IIoT-enabled retail marketing atop PoS blockchain[J]. IEEE Transactions on Industrial Informatics, 2019,15(6):35273537
[9]	Namecoin[EB].
[10]	LI C , LI P , XU W ,et al. Scaling Nakamoto consensus to thousands of transactions per second[EB].
[11]	CHAN T H , PASS R , SHI E . PaLa:a simple partially synchronous Blockchain[J]. IACR Cryptology ePrint Archive, 2018
[12]	PASS R , SHI E . Rethinking large-scale consensus[C]// Proceedings of 30th IEEE Computer Security Foundations Symposium (CSF 2017). 2017: 115-129.
[13]	章峰, 史博轩, 蒋文保 . 区块链关键技术及应用研究综述[J]. 网络与信息安全学报, 2018,4(4): 22-29.
	ZHANG F , SHI B X , JIANG W B . Review of key technology and its application of blockchain[J]. Chinese Journal of Network and In-formation Security, 2018,4(4): 22-29.
[14]	ANDROULAKI E , BARGER A , BORTNIKOV V ,et al. Hyperledger fabric:a distributed operating system for permissioned Block-chains[C]// Proceedings of the Thirteenth EuroSys Conference (EuroSys 2018). 2018: 1-15.
[15]	NKN Lab. NKN:a scalable self-evolving and self-incentivized decentralized network[EB].
[16]	FROMKNECHT C , VELICANU D , YAKOUBOV S . Certcoin:a namecoin based decentralized authentication system 6.857 class project[EB]. 2014:
[17]	HU W H , AO M , SHI L ,et al. Review of blockchain-based DNS alternatives[J]. Chinese Journal of Network and Information Security, 2017,3(3): 71-77.
[18]	ALI M , JUDE N ,et al. Blockstack:design and implementation of a global naming system with Blockchains[C]// USENIX Annual Technical Conference. 2016: 181-194
[19]	刘井强 . 基于私有根域名的 DNS 解析实验系统设计与实现[D]. 哈尔滨：哈尔滨工业大学, 2017.
	LIU J Q . Design and implementation of DNS resolution test system based on private root domain[D]. Harbin:Harbin Institute of Technology, 2017.
[20]	张宇, 夏重达, 方滨兴 ,等. 一个自主开放的互联网根域名解析体系[J]. 信息安全学报, 2017,2(4): 57-69.
	ZHANG Y , XIA C D , FANG B X ,et al. An autonomous open root resolution architecture for domain name system in the internet[J]. Journal of Cyber Security, 2017,2(4): 57-69.
[21]	庄天舒, 刘文峰, 李东 . 基于区块链的 DNS 根域名解析体系[J]. 电信科学, 2018(3): 17-22.
	ZHUANG T S , LIU W F , LI D . DNS root domain name analysis system based on blockchain[J]. Telecommunications Science, 2018(3): 17-22.
[22]	PASS R , SHI E . Hybrid consensus:efficient consensus in the permission less model[C]// Proceedings of 31st International Symposium on Distributed Computing (ISDC 2017). 2017: 1-16.
[23]	ABRAHAM I , MALKHI D , SPIEGELMAN A . Validated asynchronous Byzantine agreement with optimal resilience and asymptotically optimal time and word communication[EB].
[24]	BENALOH J , DE-MARE M , . One-way accumulators:a decentralized alternative to digital signatures[C]// Advances in Cryptology-EUROCRYPT’93.Berlin,Heidelberg:Springer. 1993: 274-285.
[25]	NIKO B , PFITZMANN B . Collision-free accumulators and fail-stop signature schemes without trees[C]// International Conference on the Theory and Applications of Cryptographic Techniques.Berlin,Heidelberg:Springer. 1997.
[26]	KOKORIS-KOGIAS E , JOVANOVIC P , GASSER L ,et al. OmniLedger:a secure,scale-out,decentralized ledger via sharding[C]// Proceedings of 2018 IEEE Symposium on Security and Privacy (S＆P 2018). 2018: 583-598.
[27]	LUU L , NARAYANAN V , ZHENG C ,et al. A secure sharding protocol for open blockchains[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 17-30.
[28]	New Kind of Network[EB].
[29]	GARAY J A , KIAYIAS A . SoK:a consensus taxonomy in the Blockchain era[J]. ACR Cryptology ePrint Archive, 2018(5): 26-37.
[30]	ABRAHAM I , MALKHI D , SPIEGELMAN A . Validated asynchronous Byzantine agreement with optimal resilience and asymptotically optimal time and word communication[EB].
[31]	SAPIRSHTEIN A , SOMPOLINSKY Y , ZOHAR A . Optimal selfish mining strategies in Bitcoin[C]// Financial Cryptography and Data Security 2016. 2016: 515-532.
[32]	MATHIEU B , SERGE P , PIERRE P ,et al. STewARD:SDN and blockchain-based trust evaluation for automated risk management on IoT devices[C]// IEEE Infocom 2019-WKSHPS. 2019.

面向跨域可信的泛中心化区块链DNS架构研究

Research on cross-domain trustable blockchain based decentralized DNS architecture

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 32

相关文章 15

Metrics

推荐阅读 0

[1]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[2]	王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114.
[3]	余北缘, 任珊瑶, 刘建伟. 区块链资产窃取攻击与防御技术综述[J]. 网络与信息安全学报, 2023, 9(1): 1-17.
[4]	施凡, 钟瑶, 薛鹏飞, 许成喜. 基于SSDP和DNS-SD协议的双栈主机发现方法及其安全分析[J]. 网络与信息安全学报, 2023, 9(1): 56-66.
[5]	唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
[6]	林丹, 林凯欣, 吴嘉婧, 郑子彬. 基于字节码的以太坊智能合约分类方法[J]. 网络与信息安全学报, 2022, 8(5): 111-120.
[7]	陈立全, 李潇, 杨哲懿, 钱思杰. 基于区块链的高透明度PKI认证协议[J]. 网络与信息安全学报, 2022, 8(4): 1-11.
[8]	张文博, 陈思敏, 魏立斐, 宋巍, 黄冬梅. 基于形式化方法的智能合约验证研究综述[J]. 网络与信息安全学报, 2022, 8(4): 12-28.
[9]	刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.
[10]	宋晓玲, 刘勇, 董景楠, 黄勇飞. 元宇宙中区块链的应用与展望[J]. 网络与信息安全学报, 2022, 8(4): 45-65.
[11]	金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.
[12]	姜鹏坤, 张问银, 王九如, 黄善云, 宋万水. 基于正常交易掩盖下的区块链隐蔽通信方案[J]. 网络与信息安全学报, 2022, 8(4): 77-86.
[13]	翟宝琴, 王健, 韩磊, 刘吉强, 何嘉豪, 刘天皓. 基于信任值的车联网分层共识优化协议[J]. 网络与信息安全学报, 2022, 8(3): 142-153.
[14]	余佳仁, 田有亮, 林晖. 基于信誉管理模型的矿工类型鉴别机制设计[J]. 网络与信息安全学报, 2022, 8(1): 128-138.
[15]	高振升, 曹利峰, 杜学绘. 基于区块链的访问控制技术研究进展[J]. 网络与信息安全学报, 2021, 7(6): 68-87.