A Practical Heartbeat-based Defense Scheme Against Cloning Attacks in PoA Blockchain

Consensus mechanism, as the soul-building-block of decentralized settings, enables a series of blockchain applications, such as Bitcoin and Ethereum. For better security and soundness, more and more blockchain systems tend to adopt proof-of-authority (PoA) to avoid or alleviate the various security risks caused by their peer-to-peer (P2P) networks. However, the PoA protocol is also vulnerable to cloning attack (CA), which provides a potential pathway for double-spending attack and has not been well solved. In this paper, we propose a heartbeat-based defense scheme to achieve an effective CA detection in PoA blockchians. To this end, we first analyze two PoA algorithms, Aura and Clique, along with their CA. On this basis, we propose a heartbeat-based defense scheme that can detect CA effectively regardless of the underlying consensus algorithm of the blockchain. Then, to avoid the potential efficiency reduction caused by the increase of sealers, we further design an enhanced hierarchical node selection algorithm, in which sealers can challenge partial nodes selected randomly according our strategy to detect CA in an efficient manner. Finally, we theoretically estimate the precision rate model of our scheme and then establish a prototype PoA blockchain system to test the performance of our scheme. As expected, the experiment results are consistent with our theoretical analysis, which powerfully demonstrates the efficiency and practicability of the proposed scheme.     

基于区块链的分布式无人机数据安全模型

针对无人机协同作业信息安全和数据通信问题,提出一种基于区块链的分布式无人机数据安全模型。首先,利用轻量化加密技术重构无人机区块链结构,设计适用于物联网边缘计算场景的分布式区块链网络模型;然后,调用智能合约实现区块链数据的安全共享,并结合信誉评估方案和代理权益证明思想,提出融合共识协议的的工作量证明方法完成数据交易。实验结果表明：作为数据安全共享实例,所提方法可使受攻击的无人机信誉值降至不可信任状态,并在不同攻击模式下的能够有效抑制恶意攻击,执行自适应工作量证明的共识算法的正常节点交易率可提升3-4倍,为无人机数据共享提供了安全保障。     

Hybrid Smart Contracts for Securing IoMT Data

Data management becomes essential component of patient healthcare. Internet of Medical Things (IoMT) performs a wireless communication between E-medical applications and human being. Instead of consulting a doctor in the hospital, patients get health related information remotely from the physician. The main issues in the E-Medical application are lack of safety, security and privacy preservation of patient’s health care data. To overcome these issues, this work proposes block chain based IoMT Processed with Hybrid consensus protocol for secured storage. Patients health data is collected from physician, smart devices etc. The main goal is to store this highly valuable health related data in a secure, safety, easy access and less cost-effective manner. In this research we combine two smart contracts such as Practical Byzantine Fault Tolerance with proof of work (PBFT-PoW). The implementation is done using cloud technology setup with smart contracts (PBFT-PoW). The accuracy rate of PBFT is 90.15%, for PoW is 92.75% and our proposed work PBFT-PoW is 99.88%.     

基于区块链技术的高校学生心理健康管理系统设计

区块链技术减轻了对中心设备的依赖,实现信息验证的完整性和所有权,其独特的分散和透明特性,可有效地解决信息管理过程中存在的记录不完整及难以获取自身心里健康信息等问题。高效的心理健康管理系统需要互操作性,这允许软件应用程序和技术平台安全、无缝的通信。本文采用区块链技术以安全且伪匿名的方式访问纵向、完整且可篡改的心理记录信息——这些记录存储在分散的系统中,实现异构系统间的信息交互,解决了心理健康管理过程中数据安全交互的问题。     

基于混合算法区块链和节点身份认证的数据存储方案

为了增强云数据存储的完整性和安全性,在无线传感器网络（WSN）中,提出一种基于混合算法区块链的数据存储方案,以及一种集成身份验证和隐私保护的去中心化框架。首先,簇头将采集到的信息传递至基站,而基站在分布式区块链上记录所有关键参数,并传递至云端存储。然后,为了获得更高的安全等级,合并椭圆曲线加密（ECC）的160位密钥与高级加密标准（AES）的128位密钥,并在云存储层之间进行密钥对交换。基于混合算法的区块链结合身份验证方案可以很好地保证云数据的安全性存储,因此所提方案在安全性方面较为优秀。此外,恶意节点可通过基站从区块链中直接移除并撤销认证,方便快捷。仿真结果表明,与去中心化的区块链信息管理（BIM）方案、基于信任和分布式区块链评估的安全定位（DBE）算法和利用密钥衍生加密和数据分析（KDE-DA）管理方案相比,所提方案在延迟、吞吐量、计算开销方面具有一定的优越性。     

区块链在数据安全领域的研究进展

大数据时代,数据已成为驱动社会发展的重要的资产.但是数据在其全生命周期均面临不同种类、不同层次的安全威胁,极大降低了用户进行数据共享的意愿.区块链具有去中心化、去信任化和防篡改的安全特性,为降低信息系统单点化的风险提供了重要的解决思路,能够应用于数据安全领域.该文从数据安全的核心特性入手,介绍区块链在增强数据机密性、数...     

Theoretical and practical applications of blockchain in healthcare information management

A primary objective of blockchain technology is to address information security and efficiency issues related to existing information sharing systems. For the sharing of health records, little is known about the application of blockchain in management information systems. There are strict regulations for sharing health information due to insecure systems and privacy concerns. To significantly and effectively improve medical diagnosis, it is beneficial to have efficient, reliable, and accurate accessibility to a patient's full medical history. Due to concerns with the security of health systems and privacy concerns, medical histories are not always accessible to healthcare providers. To help increase accessibility options, this research proposes a blockchain-based model that facilitates sharing medical records in a manner that is beneficial to both healthcare providers and patients. Social exchange theory provides the theoretical support for the conceptual model presented. Experimental findings based on 151 participants revealed that the blockchain technology can provide a secure information system and increase patient motivation to share medical records. To show the applicability of the proposed use of blockchain from a practical managerial perspective, we show feasibility by developing an Android software application.     

区块链的数据管理技术综述

最近几年,随着加密货币和去中心化应用的流行,区块链技术受到了各行业极大的关注.从数据管理的角度,区块链可以视作是在一个分布式环境下众多不可信节点共同维护且不可篡改的账本.由于节点间相互不可信,区块链通过共识协议,确保数据存储的一致性,实现去中心化的数据管理.针对区块链的安全性以及共识协议,已有诸多工作进行全面的分析.将从数据管理的角度,分析区块链技术与传统数据库下数据管理技术的异同.分布式数据管理的研究已经持续数十年,涵盖了数据存储模式、事务处理机制、查询执行与验证、系统可扩展性等诸多方面,并已有诸多技术广泛应用于实际的分布式数据库中.该类工作往往假定存在中心可信节点或者节点只可能发生崩溃而不存在恶意攻击.然而在区块链环境中,系统设计需考虑不可信节点可能的攻击行为以及拜占庭容错.这给数据管理带来了新的问题与挑战.因此,将梳理并分析国内外有关区块链数据管理的文献,并展望未来的研究方向.     

A Novel Internet of Medical Thing Cryptosystem Based on Jigsaw Transformation and Ikeda Chaotic Map

Image encryption has attracted much interest as a robust security solution for preventing unauthorized access to critical image data. Medical picture encryption is a crucial step in many cloud-based and healthcare applications. In this study, a strong cryptosystem based on a 2D chaotic map and Jigsaw transformation is presented for the encryption of medical photos in private Internet of Medical Things (IoMT) and cloud storage. A disorganized three-dimensional map is the foundation of the proposed cipher. The dispersion of pixel values and the permutation of their places in this map are accomplished using a nonlinear encoding process. The suggested cryptosystem enhances the security of the delivered medical images by performing many operations. To validate the efficiency of the recommended cryptosystem, various medical image kinds are used, each with its unique characteristics. Several measures are used to evaluate the proposed cryptosystem, which all support its robust security. The simulation results confirm the supplied cryptosystem’s secrecy. Furthermore, it provides strong robustness and suggested protection standards for cloud service applications, healthcare, and IoMT. It is seen that the proposed 3D chaotic cryptosystem obtains an average entropy of 7.9998, which is near its most excellent value of 8, and a typical NPCR value of 99.62%, which is also near its extreme value of 99.60%. Moreover, the recommended cryptosystem outperforms conventional security systems across the test assessment criteria.     

基于区块链的电子医疗记录安全共享

针对电子医疗记录（EMR）共享面临的数据提供商集权化、患者数据管理显被动、互操作效率低、恶意传播等问题,提出一种基于区块链的电子医疗记录安全共享方法。首先,基于商用密码SM2数字签名算法提出一种更加安全高效的泛指定验证者签名证明（UDVSP）方案;然后,设计具有上传、验证、检索、撤销等功能的智能合约,构造基于区块链的电子医疗记录安全共享系统;最后,通过安全性分析和性能分析论证UDVSP方案和共享系统的可行性。安全性分析结果表明,所设计的UDVSP方案满足可证明安全性。性能评估结果表明,与现有常用的UDVSP/UDVS方案相比,节省至少87.42%的计算开销和93.75%的通信代价。区块链智能合约原型系统的仿真结果进一步论证了共享系统的安全性和高效性。     

Blockchain Based Consensus Algorithm and Trustworthy Evaluation of Authenticated Subgraph Queries

Over the past era, subgraph mining from a large collection of graph database is a crucial problem. In addition, scalability is another big problem due to insufficient storage. There are several security challenges associated with subgraph mining in today’s on-demand system. To address this downside, our proposed work introduces a Blockchain-based Consensus algorithm for Authenticated query search in the Large-Scale Dynamic Graphs (BCCA-LSDG). The two-fold process is handled in the proposed BCCA-LSDG: graph indexing and authenticated query search (query processing). A blockchain-based reputation system is meant to maintain the trust blockchain and cloud server of the proposed architecture. To resolve the issues and provide safe big data transmission, the proposed technique also combines blockchain with a consensus algorithm architecture. Security of the big data is ensured by dividing the BC network into distinct networks, each with a restricted number of allowed entities, data kept in the cloud gate server, and data analysis in the blockchain. The consensus algorithm is crucial for maintaining the speed, performance and security of the blockchain. Then Dual Similarity based MapReduce helps in mapping and reducing the relevant subgraphs with the use of optimal feature sets. Finally, the graph index refinement process is undertaken to improve the query results. Concerning query error, fuzzy logic is used to refine the index of the graph dynamically. The proposed technique outperforms advanced methodologies in both blockchain and non-blockchain systems, and the combination of blockchain and subgraph provides a secure communication platform, according to the findings.     

融合联邦学习与区块链的医疗数据共享方案

随着医疗大数据的发展,医疗数据安全、个人隐私保护等问题日益突出。为在高效利用各个医疗机构医疗数据的同时保护病人的隐私,提出一种将联邦学习与区块链相结合的医疗数据共享与隐私保护方案。使用联邦学习对多源医疗数据进行建模,将训练的模型参数和医疗机构的声誉值存储于区块链上,并利用区块链对贡献高质量数据的医院进行奖励。通过分析数据源质量对联邦学习算法性能的影响,提出一种基于双重主观逻辑模型的声誉值计算算法来改进联邦学习的精确度,使用改进的声誉机制保证在数据共享中筛选数据源的效率,并利用区块链和联邦学习技术,提高共享效率和实现隐私保护。此外,利用Tensorflow搭建分布式平台并对算法性能进行对比分析,实验结果表明,所提方案能够筛选出高质量的数据源,减少边缘节点与恶意节点的交互时间,即使当声誉值在0.5以上时,也能达到0.857的学习精确度。     

基于SM2数字签名的区块链匿名密钥交换协议

区块链技术因其去中心化、匿名性、不可篡改、不可伪造等优点, 已经成为我国的一项前沿技术, 在各领域得到广泛的应用。虽然用户可利用区块链发布匿名交易, 有效隐藏交易双方的身份信息, 但双方交易完成后传输交易相关数据可能破坏匿名性。这是因为在数据传输过程中, 为了保证双方通信安全, 往往使用认证密钥交换协议认证双方身份, 计算会话密钥建立安全信道。由于传统的认证密钥交换协议涉及双方的长期公私钥对信息, 所以将泄露交易双方的身份信息。虽然区块链匿名密钥交换可基于交易双方的历史链上交易完成密钥交换, 有效保障交易双方的匿名性, 但现有区块链匿名密钥交换协议主要基于国外密码算法设计, 难以适用于国产区块链平台, 不符合我国密码核心技术自主可控的要求。为丰富国产商用密码算法在区块链匿名密钥交换方面的研究, 满足区块链交易后双方匿名安全通信的需求, 本文以 SM2 数字签名算法和区块链为基础, 构造非交互式和交互式两种区块链匿名密钥交换协议。并在 CK 安全模型中证明非交互式的协议满足会话密钥安全, 交互式的协议满足有前向安全性的会话密钥安全。最后通过理论分析和编程实现结果表明, 本文协议在没有比现有协议消耗更多的计算开销与通信代价的前提下, 可适用于国产化区块链平台。     

基于SVM的Android应用程序安全检测综述

当前基于SVM的Android应用程序安全检测技术主要是通过将SVM算法与动静态分析方法相结合,应用于Android应用程序的漏洞和恶意软件的检测中,而恶意软件的检测又可分为恶意行为的检测和恶意代码的检测。故本文按SVM算法应用到的检测领域分类,分别对其应用于Android应用程序中的恶意行为检测、恶意代码检测和漏洞检测方面的研究进行分析与讨论,并总结了当前该领域中仍然存在的一些问题,给出了SVM算法和其应用于Android安全检测中的改进之处,最后对未来的发展进行了展望。     

Securing and authenticating healthcare records through blockchain technology

Abstract

Healthcare data is important in making critical policy decisions, patients care, and medical diagnostics to name a few. Due to the importance and market demand, healthcare data is also vulnerable to cyber attacks. The centralized record keeping systems expose a single node for the attackers to attack. A decentralized system is computationally expensive but has the ability to be revolutionary by keeping the patient at the core and providing security, transparency, privacy, and interoperability of the electronic healthcare data. A blockchain is such an implementation of a distributed and decentralized system using reliable cryptographic algorithms. This paper proposes a secure blockchain based architecture tailored specifically to cater to the needs of e-healthcare systems.     

基于以太坊平台的医疗数据安全共享方案

针对中心化医疗数据管理系统易受黑客攻击、数据互操作性差以及患者无数据控制权等问题进行了研究,提出基于以太坊平台的医疗数据安全共享方案。利用区块链结合ElGamal算法、可逆哈希函数实现以患者为中心的安全共享机制,并采用智能合约和控制模块实现对数据使用者的访问控制。通过构建以太坊私链进行仿真,结果与对比方案相比,在满足机密性、完整性、身份验证、不可否认性以及访问控制五大安全性能的同时,具备更低的计算开销。     

恶意模型下保密点积协议的设计与分析*

保密点积协议是许多安全多方计算问题中一个重要的协议,常被用在许多保密数据挖掘协议中,为这些协议提供了重要的安全保证。目前,一些已存在的保密点积协议至多在半诚实模型下是安全的。基于一些基本的密码学技术设计了一个恶意模型下安全的保密两方共享点积协议,这个协议比以往协议具有更高的安全性。该协议潜在的应用领域是广阔的,如计算Euclidean距离、保密计算几何、保密协作统计分析等。     

基于双联盟链的智能电网数据共享模型

针对区块链的电网云服务器数据存在数据共享困难和隐私泄露风险,提出一种基于双联盟链的智能电网数据共享模型（DSDCB）。首先,基于星际文件系统（IPFS）在链下存储电力大数据,在链上存储IPFS文件指纹,并使用多重签名公证人将电力数据共享给其他联盟链;然后,在保证隐私不被泄露的情况下,使用代理重加密结合安全多方计算来进行单节点或多节点安全数据共享;最后,利用全同态加密算法在无需解密电力数据的情况下对密文数据进行合理整合。DSDCB的单节点跨链数据共享模型能抵抗51%攻击、女巫攻击、重放攻击和中间人攻击。经证明当恶意参与方少于k个、诚实参与方超过1个时,DSDCB的安全多方跨链数据共享模型能保证数据的安全性与隐私性。仿真对比表明,DSDCB的计算成本低于代理广播再加密（PBRE）和用于安全云存储的加密数据共享方案（CPBRE-DS）,比一轮通信可验证全同态秘密共享（FHNVSS）方案更具有可行性。     

电力移动智能终端安全技术研究

电力移动智能终端中存储的用户身份、电力运维数据、电网管理数据等大量重要信息使其具有巨大的攻击价值。Android作为目前全球最广泛使用的移动终端操作系统,也为相当规模的电力移动智能终端所应用,然而,其开放性（第三方开发）等特征在增强其功能和提升应用灵活性的同时也为系统漏洞、恶意应用等多种类型的攻击提供了渠道。文章通过对Android系统安全模型和安全威胁的研究,总结了针对Android平台上的电力移动智能终端的远程和本地攻击、隐私窃取、通信劫持和远程控制技术及方法。最后,提出了在基于Android系统的电力移动智能终端上加载恶意代码检测模块和操作系统加固的建议方案。     

基于区块链的电子病历数据共享方案

以区块链为数据存储平台的电子病历系统是当下研究的热点. 存储在区块链上的数据是不可变的, 这加强了数据的安全性. 提出了一个基于区块链的电子病历数据共享方案, 实现了患者和第三方数据用户在不侵犯患者隐私的前提下共享患者电子病历. 使用私有链与联盟链构造方案的系统模型, 医院服务器上存储患者的电子病历密文, 私有链上存储患者病历密文的哈希值和关键字索引, 联盟链上存储由关键字索引构成的安全索引. 同时利用可搜索加密技术实现了联盟链上对关键字的安全搜索, 运用代理重加密算法实现了第三方数据用户对患者电子病历的共享. 通过数值实验对方案进行了性能评估.