基于联盟链的数据溯源机制

doi:10.11959/j.issn.2096-109x.2023067

摘要/Abstract

摘要：

随着大数据时代的到来，数据的产生和流转速度获得空前增长。区块链技术的出现为数据的真实性验证提供了新的解决思路。随着区块链技术的发展，不同区块链间数据流转需求逐渐增加，而不同区块链间数据流转又带来了新的安全性问题，如跨链数据传递易泄露、非法访问造成数据泄露不易发现等。针对上述问题，提出一种基于联盟链的数据溯源机制。设计了跨区块链的数据溯源模型，引入私有数据管道来实现跨链数据传递的安全性，通过授权与访问日志实现对用户行为的记录，保证非法越权访问的可追溯性。为提高数据溯源查询效率，采用链上链下同步存储机制，将每次交易前的数据流转状态经加密存储至数据库，并将其索引存储在区块链交易中，从而实现链上链下数据的一一对应，同时在区块体中引入 Merkel 山脉存储区块摘要，提高区块合法性检验效率。根据数据存储形式及跨链数据交互机制，设计了数据溯源算法，并将溯源结果以有序树的形式展示。针对电商行业的跨域数据溯源场景，基于Fabric搭建了联盟链溯源实验环境，并采用Go语言模拟测试了区块数量较大、交易数量较多情况下的数据溯源性能。结果显示，随着区块高度及数据流转次数增加，数据验证及溯源效率具有显著优势。

关键词: 区块链, 数据溯源, 跨链, 联盟链

Abstract:

With the unprecedented growth in the speed of data generation and circulation in the era of big data, the emergence of blockchain technology provides a new solution for data authenticity verification.However, with the increasing demand for data flow between different blockchains, new security issues arise.Cross-chain data transmission can lead to data leakage, and detecting data leakage caused by illegal access becomes challenging.To address these problems, a data traceability mechanism based on a consortium chain was proposed.A cross-blockchain data traceability model was designed, incorporating private data pipelines to ensure the security of cross-chain data transmission.User behaviors were recorded through authorization and access logs, ensuring the traceability of illegal unauthorized access.To improve the efficiency of data traceability and query, an on-chain and off-chain synchronous storage mechanism was adopted.The state of data flow before each transaction was encrypted and stored in the database, and its index was stored in the blockchain transaction.This enables a one-to-one correspondence between on-chain and off-chain data.Additionally, Merkle trees were introduced into the block body to store block summaries, enhancing the efficiency of block legitimacy verification.Based on the data storage form and cross-chain data interaction mechanism, a data traceability algorithm was designed.The traceability results were displayed in the form of an ordered tree.An experimental environment for consortium chain traceability was built using fabric, targeting the cross-domain data traceability scenario in the e-commerce industry.The GO language was used to simulate and test the data traceability performance with a large number of blocks and transactions.The results demonstrate that with the increasing number of blocks and transactions, the proposed data traceability mechanism maintains satisfactory performance.

Key words: block chain, data traceability, across chain, consortium chain

中图分类号:

TP391

赵守才, 曹利峰, 杜学绘. 基于联盟链的数据溯源机制[J]. 网络与信息安全学报, 2023, 9(5): 92-105.

Shoucai ZHAO, Lifeng CAO, Xuehui DU. Data traceability mechanism based on consortium chain[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 92-105.

图/表 18

图1

图2

图3

图4

图5

表1

图6

图7

表2

图8

图9

图10

图11

图12

图13

图14

图15

图16

参考文献 25

[1]	田有亮, 杨科迪, 王缵 ,等. 基于属性加密的区块链数据溯源算法[J]. 通信学报, 2019,40(11): 101-111.
	TIAN Y L , YANG K D , WANG Z ,et al. Algorithm of blockchain data provenance based on ABE[J]. Journal on Communications, 2019,40(11): 101-111.
[2]	石丽波, 孙连山, 王艺星 . 数据起源安全研究综述[J]. 计算机应用研究, 2017,34(1): 1-7.
	SHI L B , SUN L S , WANG Y X . Survey of data provenance security[J]. Application Research of Computers, 2017,34(1): 1-7.
[3]	张学旺, 冯家琦, 殷梓杰 ,等. 基于区块链的数据溯源可信查询方法[J]. 应用科学学报, 2021,39(1): 42-54.
	ZHANG X W , FENG J Q , YIN Z J ,et al. Trusted query method for data provenance based on blockchain[J]. Journal of Applied Sciences, 2021,39(1): 42-54.
[4]	谢绒娜 . 面向数据跨域流转的访问控制关键技术研究[D]. 西安:西安电子科技大学, 2020.
	XIE R N . Research on key technologies of access control for cross-domain data exchange[D]. Xi'an:Xidian University, 2020.
[5]	TOSH D K , SHETTY S , LIANG X ,et al. Consensus protocols for blockchain-based data provenance:challenges and opportunities[C]// Ubiquitous Computing,Electronics ＆ Mobile Communication Conference (UEMCON). 2017: 469-474.
[6]	于戈, 聂铁铮, 李晓华 ,等. 区块链系统中的分布式数据管理技术——挑战与展望[J]. 计算机学报, 2021,44(1): 28-54.
	YU G , NIE T Z , LI X H ,et al. The challenge and prospect of distributed data management techniques in blockchain systems[J]. Chinese Journal of Computers, 2021,44(1): 28-54.
[7]	孙知信, 张鑫, 相峰 ,等. 区块链存储可扩展性研究进展[J]. 软件学报, 2021,32(1): 20.
	SUN Z X , ZHANG X , XIANG F ,et al. Survey of storage scalability on blockchain[J]. Journal of Software, 2021,32(1): 20.
[8]	蔡维德, 郁莲, 王荣 ,等. 基于区块链的应用系统开发方法研究[J]. 软件学报, 2017,28(6): 1474-1487.
	CAI W D , YU L , WANG R ,et al. Blockchain application development techniques[J]. Journal of Software, 2017,28(6): 1474-1487.
[9]	韩妍妍, 张齐, 闫晓璇 ,等. 基于区块链的电子文件流转设计与实现[J]. 计算机应用, 2020,40(11): 3357-3365.
	HAN Y Y , ZHANG Q , YAN X X ,et al. Design and implementation of electronic file circulation based on blockchain[J]. Journal of Computer Applications, 2020,40(11): 3357-3365.
[10]	冯家琦 . 基于区块链的数据溯源方法研究与应用[D]. 重庆:重庆邮电大学, 2021.
	FENG J Q . Research and application of data provenance method blockchain-based[D]. Chongqing:Chongqing University of Posts and Telecommunications, 2021.
[11]	樊玉琦, 盛东, 王伦飞 . 基于纠删码的区块链存储优化[J]. 计算机学报, 2022,45(4): 858-876.
	FAN Y Q , SHENG D , WANG L F . Blockchain storage optimization based on erasure code[J]. Chinese Journal of Computers, 2022,45(4): 858-876.
[12]	乔蕊, 曹琰, 王清贤 . 基于联盟链的物联网动态数据溯源机制[J]. 软件学报, 2019,30(6): 1614-1631.
	QIAO R , CAO Y , WANG Q X . Traceability mechanism of dynamic data in Internet of things based on consortium blockchain[J]. Journal of Software, 2019,30(6): 1614-1631.
[13]	SUN J , YAO X M , WANG S P ,et al. Blockchain-based secure storage and access scheme for electronic medical records in IPFS[J]. IEEE Access, 2020(8): 59389-59401.
[14]	刘炜, 李阳, 田钊 ,等. IDDS:一种双链结构传染病数据共享区块链模型[J]. 计算机应用研究, 2020(1): 1-6.
	LIU W , LI Y , TIAN Z ,et al. IDDS:double-chain structure infectious disease data sharing blockchain model[J]. Application Research of Computers, 2020(1): 1-6.
[15]	张国潮, 王瑞锦 . 基于门限秘密共享的区块链分片存储模型[J]. 计算机应用, 2019,39(9): 2617-2622.
	ZHANG G C , WANG J R . Blockchain shard storage model based on threshold secret sharing[J]. Journal of Computer Applications, 2019,39(9): 2617-2622.
[16]	贾大宇, 信俊昌, 王之琼 ,等. 存储容量可扩展区块链系统的高效查询模型[J]. 软件学报, 2019,30(9): 2655-2670.
	JIA D Y , XIN J C , WANG Z Q ,et al. Efficient query model for storage capacity scalable blockchain system[J]. Journal of Software, 2019,30(9): 2655-2670.
[17]	刘耀宗, 刘云恒 . 基于区块链RFI大数据安全溯源模型[J]. 计算机科学, 2018,45(S2): 367-368,381.
	LIU Y Z , LIU Y H . Security provenance model for RFID big data based on blockchain[J]. Computer Science, 2018,45(S2): 367-368,381.
[18]	LI X , MA Z , LUO S . Blockchain-oriented privacy protection with online and offline verification in cross-chain system[C]// 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). 2022: 177-181.
[19]	NEISSE R , STERI G , NAI-FOVINO I.2017 . A blockchain-based approach for data accountability and provenance tracking[C]// Proceedings of the 12th International Conference on Availability,Reliability and Security (ARES '17). 2017: 1-10.
[20]	余涛, 牛保宁, 樊星 . FabricSQL:区块链数据的关系查询[J]. 计算机工程与设计, 2020,41(10): 2988-2995.
	YU T , NIU B N , FAN X . FabricSQL:relational query of blockchain data[J]. Computer Engineering and Design, 2020,41(10): 2988-2995.
[21]	LAI C , WANG Y . Achieving efficient and secure query in blockchain-based traceability systems[C]// 2022 19th Annual International Conference on Privacy,Security ＆ Trust (PST). 2022: 1-5.
[22]	刘炜, 王栋, 佘维 ,等. 一种面向区块链溯源的高效查询方法[J]. 应用科学学报, 2022,40(4): 623-638.
	LIU W , WANG D , SHE W ,et al. An efficient query method for blockchain traceability[J]. Journal of Applied Sciences, 2022,40(4): 623-638.
[23]	PENG Z , WU H , XIAO B ,et al. VQL:providing query efficiency and data authenticity in blockchain systems[C]// 2019 IEEE 35th International Conference on Data Engineering Workshops. 2019: 1-6.
[24]	韩宝富 . 基于区块链的云数据完整性审计机制研究[D]. 沈阳:沈阳工业大学, 2021.
	HAN B F . Research on cloud data integrity audit mechanism based on blockchain[D]. Shengyang:Shenyang University of Technology, 2021.
[25]	BUNZ B , KIFFER L , LU L ,et al. FlyClient:super-light clients for cryptocurrencies[C]// 2020 IEEE Symposium on Security and Privacy. 2020.

符号	含义
N₁	通道数量为N₁时，网络效率最高（N₁＞N₂）
N₂	通道数量超过N₂ 时，网络效率将低于最低通道数量时的效率
M₁	单通道内私有数据管道数量为M₁时，数据传递效率最高（M₁＞M₂）
M₂	单通道内私有数据管道数量超过M₂时，数据传递效率将低于单个私有数据管道
P₁	需要建立跨链交易的集合
P₂	为跨链交易所需的目标链集合（与集合P₁一一对应）

组织	节点	端口号	加入通道
	peer0.org1	7051	channel1
	peer1.org1	7052	channel1
org1	peer2.org1	7053	channel1
	peer3.org1	7054	channel1
	peer4.org1	7055	channel1
	peer0.org2	9051	channel2
	peer1.org2	9052	channel2
org2	peer2.org2	9053	channel2
	peer3.org2	9054	channel2
	peer4.org2	9055	channel2
	peer0.org3	11051	channel1＆ channel2
	peer1.org3	11052	channel1＆ channel2
org3	peer2.org3	11053	channel1＆ channel2
	peer3.org3	11054	channel1＆ channel2
	peer4.org3	11055	channel1＆ channel2