基于区块链的可信日志存储与验证系统
|
摘要
为满足计算机操作系统中日志数据的完整性保护需求,基于区块链技术,设计并实现可信日志存储与验证系统。存储阶段将本地日志的数据指纹上传至区块链,并保存区块链返回的存储凭证。验证阶段将本地日志的数据指纹与从区块链中获取的数据指纹进行比对,实现日志的完整性验证。分析结果表明,该系统具有去中心化、不可篡改、公开透明等特点,可有效检测日志数据的篡改行为。
To meet the needs of protecting the integrity of log data in computer operation system,this paper designs and implements a blockchain-based trusted log storage and verification system.During the storage phase,user uploads the date fingerprint of the local log to the blockchain and saves the returned credentials.During the verification phase,user fetches the stored fingerprint from blockchain,and compares it with the data fingerprint computed from local log to verify the integrity.Analysis result shows that with the advantages of decentralization,transparency,tamper-resistant and so on,this system can effectively detect the tampering behavior on the log data.
To meet the needs of protecting the integrity of log data in computer operation system,this paper designs and implements a blockchain-based trusted log storage and verification system.During the storage phase,user uploads the date fingerprint of the local log to the blockchain and saves the returned credentials.During the verification phase,user fetches the stored fingerprint from blockchain,and compares it with the data fingerprint computed from local log to verify the integrity.Analysis result shows that with the advantages of decentralization,transparency,tamper-resistant and so on,this system can effectively detect the tampering behavior on the log data.
引文
[1] 于洋洋,虞慧群,范贵生.一种云存储数据完整性验证方法[J].华东理工大学学报(自然科学版),2013,39(2):211-216.
[2] CHEN Yindong,LI Liping,CHEN Ziran.An approach to verifying data integrity for cloud storage[C]//Proceedings of International Conference on Computational Intelligence and Security.Washington D.C.,USA:IEEE Press,2017:582-585.
[3] 周恩光,李舟军,郭华,等.一个改进的云存储数据完整性验证方案[J].电子学报,2014,42(1):150-154.
[4] 刘璐.基于日志代理的安全审计系统[D].大连:大连海事大学,2011.
[5] CHEN Haoyu,TU Shanshan,ZHAO Chunye,et al.Provenance cloud security auditing system based on log analysis[C]//Proceedings of International Conference of Online Analysis and Computing Science.Washington D.C.,USA:IEEE Press,2016:155-159.
[6] 周昕毅.Linux集群运维平台用户权限管理及日志审计系统实现[D].上海:上海交通大学,2013.
[7] 王继业,高灵超,董爱强,等.基于区块链的数据安全共享网络体系研究[J].计算机研究与发展,2017,52(4):742-749.
[8] ZHANG Yinghui,SHU Jiangang,YANG Kan,et al.TKSE:trustworthy keyword search over encrypted data with two-side verifiability via blockchain[J].IEEE Access,2018,6:31077-31087.
[9] ZHANG Ying hui,SHU Jiangang,YANG Kan,et al.Scalable and privacy-preserving data sharing based on blockchain[J].Journal of Computer Science and Technology,2018,33(3):557-567.
[10] 贾亚茹,刘向阳,刘胜利.去中心化的安全分布式存储系统[J].计算机工程,2012,38(3):126-129.
[11] 韩璇,刘亚敏.区块链技术中的共识机制研究[J].信息网络安全,2017(9):147-152.
[12] HAO Yue,LI Yi,DONG Xinghua,et al.Performance analysis of consensus algorithm in private blockchain[C]//Proceedings of Intelligent Vehicles Symposium.Washington D.C.,USA:IEEE Press,2018:280-285.
[13] PIRLEA G,SERGEY I.Mechanising blockchain consensus[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs.New York,USA:ACM Press,2018:78-90.
[14] 刘晓东.身份签名体制的研究[D].山东:山东大学,2008.
[15] WU Huai,XU Chunxiang,DENG Jiang.Server-aided aggregate verification signature:security definition and construction[J].Information and Communication Technology,2015,7(2/3):278-286.
[16] 李志敏.哈希函数设计与分析[D].北京:北京邮电大学,2009.
[17] ALMUHAMMADI S,AMRO A.Double-hashing operation mode for encryption[C]//Proceedings of Computing and Communication Workshop and Conference.Washington D.C.,USA:IEEE Press,2017:1-7.
[18] ZHUANG Xu,WANG Zhihui,ZHU Yan,et al.A simple password authentication scheme based on geometric hashing function[J].Network Security,2014,16(4):271-277.
[19] 刘栩,石乃轩,王健,等.多重加密通信系统的设计与实现[J].通信技术,2010,43(5):95-97.
[20] 张建.AES算法在端到端通信加密模块中的实现与应用设计[D].北京:北京邮电大学,2011.
[21] LU Peng.Construction of computer encrypted secure communication environment based on private virtual network technology[EB/OL].[2018-12-04].https://ccc.glgoo.top/scholarq=Construction+of+computer+encrypted+secure+communication+environment+based+on+private+virtual+network+technology.
[2] CHEN Yindong,LI Liping,CHEN Ziran.An approach to verifying data integrity for cloud storage[C]//Proceedings of International Conference on Computational Intelligence and Security.Washington D.C.,USA:IEEE Press,2017:582-585.
[3] 周恩光,李舟军,郭华,等.一个改进的云存储数据完整性验证方案[J].电子学报,2014,42(1):150-154.
[4] 刘璐.基于日志代理的安全审计系统[D].大连:大连海事大学,2011.
[5] CHEN Haoyu,TU Shanshan,ZHAO Chunye,et al.Provenance cloud security auditing system based on log analysis[C]//Proceedings of International Conference of Online Analysis and Computing Science.Washington D.C.,USA:IEEE Press,2016:155-159.
[6] 周昕毅.Linux集群运维平台用户权限管理及日志审计系统实现[D].上海:上海交通大学,2013.
[7] 王继业,高灵超,董爱强,等.基于区块链的数据安全共享网络体系研究[J].计算机研究与发展,2017,52(4):742-749.
[8] ZHANG Yinghui,SHU Jiangang,YANG Kan,et al.TKSE:trustworthy keyword search over encrypted data with two-side verifiability via blockchain[J].IEEE Access,2018,6:31077-31087.
[9] ZHANG Ying hui,SHU Jiangang,YANG Kan,et al.Scalable and privacy-preserving data sharing based on blockchain[J].Journal of Computer Science and Technology,2018,33(3):557-567.
[10] 贾亚茹,刘向阳,刘胜利.去中心化的安全分布式存储系统[J].计算机工程,2012,38(3):126-129.
[11] 韩璇,刘亚敏.区块链技术中的共识机制研究[J].信息网络安全,2017(9):147-152.
[12] HAO Yue,LI Yi,DONG Xinghua,et al.Performance analysis of consensus algorithm in private blockchain[C]//Proceedings of Intelligent Vehicles Symposium.Washington D.C.,USA:IEEE Press,2018:280-285.
[13] PIRLEA G,SERGEY I.Mechanising blockchain consensus[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs.New York,USA:ACM Press,2018:78-90.
[14] 刘晓东.身份签名体制的研究[D].山东:山东大学,2008.
[15] WU Huai,XU Chunxiang,DENG Jiang.Server-aided aggregate verification signature:security definition and construction[J].Information and Communication Technology,2015,7(2/3):278-286.
[16] 李志敏.哈希函数设计与分析[D].北京:北京邮电大学,2009.
[17] ALMUHAMMADI S,AMRO A.Double-hashing operation mode for encryption[C]//Proceedings of Computing and Communication Workshop and Conference.Washington D.C.,USA:IEEE Press,2017:1-7.
[18] ZHUANG Xu,WANG Zhihui,ZHU Yan,et al.A simple password authentication scheme based on geometric hashing function[J].Network Security,2014,16(4):271-277.
[19] 刘栩,石乃轩,王健,等.多重加密通信系统的设计与实现[J].通信技术,2010,43(5):95-97.
[20] 张建.AES算法在端到端通信加密模块中的实现与应用设计[D].北京:北京邮电大学,2011.
[21] LU Peng.Construction of computer encrypted secure communication environment based on private virtual network technology[EB/OL].[2018-12-04].https://ccc.glgoo.top/scholarq=Construction+of+computer+encrypted+secure+communication+environment+based+on+private+virtual+network+technology.