基于区块链的网络安全体系结构与关键技术研究进展

随着互联网技术的不断演进与用户数量的“爆炸式”增长,网络作为一项基础设施渗透于人们生存、生活的各个方面,其安全问题也逐渐成为人们日益关注的重点.然而,随着网络规模的扩大以及攻击者恶意行为的多样化、复杂化,传统网络安全体系架构及其关键技术已经暴露出单点信任、部署困难等诸多问题,而具备去中心化、不可篡改等特性的区块链技术为网络安全所面临的挑战提供了新的解决思路.本文从网络层安全、应用层安全以及PKI安全三方面对近几年基于区块链的网络安全体系结构与关键技术研究进行梳理,并将区块链的作用归类为真实存储、真实计算、真实激励三种情形.针对区块链的具体应用领域,本文首先介绍了该领域的安全现状,然后对区块链的具体应用研究进行了介绍,并分析了区块链技术在该领域所存在的优势.本文最后结合现有的解决思路对未来区块链应用中所需要注意的隐私问题、可扩展性问题、安全问题以及区块链结构演进的方向进行了分析,并对未来基于区块链的网络安全体系结构与关键技术研究进行了展望.

Research Progress of Network Security Architecture and Key Technologies Based on Blockchain

With the continuous evolution of Internet technology and the explosively increasing number of users,the Internet has become an integral part of people’s daily life.Therefore,network security has become the focus of attention.Researchers have been doing much research on network security.However,with the expansion of network scale and the diversification of attackers’misbehaviors,some drawbacks have been exposed to traditional network security architecture and its key technologies.Firstly,most of today’s network security infrastructures,such as PKI and RPKI,are realized as a centralized architecture.Therefore,the cybersecurity measures built on the trust in these centralized infrastructures expose a single-point of trust problem.The incidents of DigiNotar hacked to issue the malicious certificate for more than 500 websites and Symantec’s misinformation of more than 30000 certificate extension vouchers all indicate that once incidents occur in these trust centers,it will be a severe impact on the entire Internet.Secondly,since early network architecture designation did not seriously consider security,the deployment of many later proposed security mechanisms will modify existing network protocols and affect network efficiency.Therefore,there are difficulties in the actual deployment of these security mechanisms.Besides,with the advent of the IoT era,the network’s complexity will continue to expand,and network security construction should be participated by many organizations and even the whole people.However,there is a lack of a reliable incentive mechanism to coordinate the cooperation between different organizations and mobilize users’enthusiasm to participate in the network security construction.Nowadays,there is no good solution for these disadvantages,but emerging technology blockchain provides new solutions.Blockchain is a trustworthy distributed database that integrates P2P technology,cryptography,consensus mechanism,and distributed storage technology.Because of blockchain’s characteristics such as decentralization,immutability,and auditability,researchers have devoted themselves to researching blockchain-based applications on network security.From the perspective of network security architecture,blockchain-based applications focus on network-layer security,application-layer security,and PKI security.The applications in network-layer include collaborative intrusion detection and inter-domain routing security.The applications in the application-layer include vulnerability crowdsourcing and access control.Blockchain’s applications for PKI security is to improve centralized PKI or build decentralized PKI.Furthermore,blockchain’s role in these network security applications is classified into true-storage,true-computing,and true-incentive.True-storage is to take blockchain as a storage platform to ensure the authenticity of stored data,avoid data tampering,and make a proper response to the user’s data access request.True-computing is to take blockchain as a computing platform based on true-storage and smart contracts.The platform can ensure the computing processes’openness,transparency,and verifiability while ensuring the computing results’authenticity,credibility,and immutability.True-incentive introduces incentive mechanisms based on true-storage and true-computing to realize transparent reward and punishment measures.For each specific blockchain-based application on network security,this paper first introduces the security status,then introduces the specific research works and shows how blockchain is applied to improve safety,finally analyzing the advantages of blockchain technology in this field.In the end,this paper introduces the challenges that should be paid attention to in blockchain-based applications on network security,include privacy,scalability,blockchain security,and structure evolution direction.Moreover,this paper prospects future network security architecture and key technologies based on blockchain.