| 基于区块链的分布式可信网络连接架构 |
| |
| 引用本文: | 刘明达,拾以娟,陈左宁.基于区块链的分布式可信网络连接架构[J].软件学报,2019,30(8):2314-2336. |
| |
| 作者姓名: | 刘明达 拾以娟 陈左宁 |
| |
| 作者单位: | 江南计算技术研究所, 江苏 无锡 214083,江南计算技术研究所, 江苏 无锡 214083,中国工程院, 北京 100088 |
| |
| 基金项目: | 核高基国家科技重大专项(2013ZX01029002G001) |
| |
| 摘 要: | 可信网络连接是信任关系从终端扩展到网络的关键技术.但是,TCG的TNC架构和中国的TCA架构均面向有中心的强身份网络,在实际部署中存在访问控制单点化、策略决策中心化的问题.此外,信任扩展使用二值化的信任链传递模型,与复杂网络环境的安全模型并不吻合,对网络可信状态的刻画不够准确.针对上述问题,在充分分析安全世界信任关系的基础上,提出一种基于区块链的分布式可信网络连接架构——B-TNC,其本质是对传统可信网络连接进行分布式改造.B-TNC充分融合了区块链去中心化、防篡改、可追溯的安全特性,实现了更强的网络信任模型.首先描述B-TNC的总体架构设计,概括其信任关系.然后,针对核心问题展开描述:(1)提出了面向访问控制、数据保护和身份认证的3种区块链系统;(2)提出了基于区块链技术构建分布式的可信验证者;(3)提出了基于DPoS共识的的远程证明协议.最后,对B-TNC进行正确性、安全性和效率分析.分析结果表明,B-TNC能够实现面向分布式网络的可信网络连接,具有去中心化、可追溯、匿名、不可篡改的安全特性,能够对抗常见的攻击,并且具备良好的效率.
|
| 关 键 词: | 区块链 可信网络连接 信任模型 分布式网络 共识协议 |
| 收稿时间: | 2018/5/29 0:00:00 |
| 修稿时间: | 2018/9/21 0:00:00 |
Distributed Trusted Network Connection Architecture Based on Blockchain |
| |
| LIU Ming-D,SHI Yi-Juan and CHEN Zuo-Ning.Distributed Trusted Network Connection Architecture Based on Blockchain[J].Journal of Software,2019,30(8):2314-2336. |
| |
| Authors: | LIU Ming-D SHI Yi-Juan and CHEN Zuo-Ning |
| |
| Affiliation: | Jiangnan Institute of Computing Technology, Wuxi 214083, China,Jiangnan Institute of Computing Technology, Wuxi 214083, China and Chinese Academy of Engineering, Beijing 100088, China |
| |
| Abstract: | Trusted network connection is the key technology for trust relationship to extend from terminal to network. However, TCG''s TNC architecture and China''s TCA architecture are both oriented to a strong identity network with central access. In actual deployment, there is a single point of access control and policy decision center. In addition, the trust extension uses the binary trust chain transfer model, which is not consistent with the security model of the complex network environment, and the portrayal of the trusted state of the network is not accurate enough. In response to the above issues, this study fully analyzes the trust relationship in the security world and then proposes a distributed trusted network connection architecture based on blockchain, called B-TNC, which is the transformation of TNC with blockchain essentially. B-TNC fully integrates the de-centralization, tamper-proof, and traceable security features of blockchain, and realizes a stronger network trust model. This paper first describes the overall architecture design of B-TNC, and summarizes its trust relationship. Then, the core problems are described:(1) proposing three blockchain systems for access control, data protection, and identity authentication; (2) proposing to build distributed trusted verifiers based on blockchain; and (3) proposing a remote attestation protocol based on DPoS consensus. Finally, this paper analyzes the correctness, security, and efficiency of B-TNC. The analysis shows that B-TNC can realize trusted network connection oriented to distributed network, with decentralization, traceability, anonymity, not tampered security features that are resistant to common attacks, with sound efficiency. |
| |
| Keywords: | blockchain trusted network connection trust model distributed network consensus protocol |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
