无线传感器网络中基于信誉的恶意节点检测

提出一种基于信誉的恶意节点检测方法——RMDMN,在分簇的网络结构基础上,对节点的行为属性(如丢包率、转发率、位置匹配信息等)和网络攻击进行建模,结合阈值比较法动态地更新节点信誉值并进行恶意节点判断.实验仿真显示,该方法具有一定的恶意节点检测能力.     

Data Secure Storage Mechanism of Sensor Networks Based on Blockchain

As the number of sensor network application scenarios continues to grow, the security problems inherent in this approach have become obstacles that hinder its wide application. However, it has attracted increasing attention from industry and academia. The blockchain is based on a distributed network and has the characteristics of nontampering and traceability of block data. It is thus naturally able to solve the security problems of the sensor networks. Accordingly, this paper first analyzes the security risks associated with data storage in the sensor networks, then proposes using blockchain technology to ensure that data storage in the sensor networks is secure. In the traditional blockchain, the data layer uses a Merkle hash tree to store data; however, the Merkle hash tree cannot provide non-member proof, which makes it unable to resist the attacks of malicious nodes in networks. To solve this problem, this paper utilizes a cryptographic accumulator rather than a Merkle hash tree to provide both member proof and nonmember proof. Moreover, the number of elements in the existing accumulator is limited and unable to meet the blockchain’s expansion requirements. This paper therefore proposes a new type of unbounded accumulator and provides its definition and security model. Finally, this paper constructs an unbounded accumulator scheme using bilinear pairs and analyzes its performance.     

Distributed Secure Storage Scheme Based on Sharding Blockchain

Distributed storage can store data in multiple devices or servers to improve data security. However, in today's explosive growth of network data, traditional distributed storage scheme is faced with some severe challenges such as insufficient performance, data tampering, and data lose. A distributed storage scheme based on blockchain has been proposed to improve security and efficiency of traditional distributed storage. Under this scheme, the following improvements have been made in this paper. This paper first analyzes the problems faced by distributed storage. Then proposed to build a new distributed storage blockchain scheme with sharding blockchain. The proposed scheme realizes the partitioning of the network and nodes by means of blockchain sharding technology, which can improve the efficiency of data verification between nodes. In addition, this paper uses polynomial commitment to construct a new verifiable secret share scheme called PolyVSS. This new scheme is one of the foundations for building our improved distributed storage blockchain scheme. Compared with the previous scheme, our new scheme does not require a trusted third party and has some new features such as homomorphic and batch opening. The security of VSS can be further improved. Experimental comparisons show that the proposed scheme significantly reduces storage and communication costs.     

Advanced DAG-Based Ranking (ADR) Protocol for Blockchain Scalability

In the past decade, blockchain has evolved as a promising solution to develop secure distributed ledgers and has gained massive attention. However, current blockchain systems face the problems of limited throughput, poor scalability, and high latency. Due to the failure of consensus algorithms in managing nodes’identities, blockchain technology is considered inappropriate for many applications, e.g., in IoT environments, because of poor scalability. This paper proposes a blockchain consensus mechanism called the Advanced DAG-based Ranking (ADR) protocol to improve blockchain scalability and throughput. The ADR protocol uses the directed acyclic graph ledger, where nodes are placed according to their ranking positions in the graph. It allows honest nodes to use the Direct Acyclic Graph (DAG) topology to write blocks and verify transactions instead of a chain of blocks. By using a three-step strategy, this protocol ensures that the system is secured against doublespending attacks and allows for higher throughput and scalability. The first step involves the safe entry of nodes into the system by verifying their private and public keys. The next step involves developing an advanced DAG ledger so nodes can start block production and verify transactions. In the third step, a ranking algorithm is developed to separate the nodes created by attackers. After eliminating attacker nodes, the nodes are ranked according to their performance in the system, and true nodes are arranged in blocks in topological order. As a result, the ADR protocol is suitable for applications in the Internet of Things (IoT). We evaluated ADR on EC2 clusters with more than 100 nodes and achieved better transaction throughput and liveness of the network while adding malicious nodes. Based on the simulation results, this research determined that the transaction’s performance was significantly improved over blockchains like Internet of Things Applications (IOTA) and ByteBall.     

An Erebus Attack Detection Method Oriented to Blockchain Network Layer

Recently, the Erebus attack has proved to be a security threat to the blockchain network layer, and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer. The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks. This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer. The goal is to improve the performance of Erebus attack detection methods, by combining the traffic behavior with the routing status based on multimodal deep feature learning. The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring, hidden traffic overlay, and transaction identity forgery. The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer. Consequently, detecting objects is expected to become more relevant and sensitive. A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy (ReliefF_WMRmR) to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior. The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data. According to WMRmR, a feature selection framework was defined to eliminate weakly correlated features, eliminate redundant information, and reduce the detection overhead of the model. A multimodal deep learning model was constructed based on the multilayer perceptron (MLP) to settle the high false alarm rates incurred by multisource data. Using this model, isolated inputs and deep learning were conducted on the selected routing status and traffic behavior. Redundant intermodal information was removed because of the complementarity of the multimodal network, which was followed by feature fusion and output feature representation to boost classification detection precision. The experimental results demonstrate that the proposed method can detect features, such as traffic data, at key link nodes and route messages in a real blockchain network environment. Additionally, the model can detect Erebus attacks effectively. This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%, the recall rate by 2.01%, and the F1-score by 2.43%.     

A Fair Blind Signature Scheme to Revoke Malicious Vehicles in VANETs

With the rapid development of IoT (Internet of Things), VANETs (Vehicular Ad-Hoc Networks) have become an attractive ad-hoc network that brings convenience into people’s lives. Vehicles can be informed of the position, direction, speed and other real-time information of nearby vehicles to avoid traffic jams and accidents. However, VANET environments could be dangerous in the absence of security protection. Because of the openness and self-organization of VANETs, there are plenty of malicious pathways. To guarantee vehicle security, the research aims to provide an effective VANET security mechanism that can track malicious vehicles as necessary. Therefore, this work focuses on malicious vehicles and proposes an anonymous authentication scheme in VANETs based on the fair blind signature to protect vehicle security.     

A Key Recovery System Based on Password-Protected Secret Sharing in a Permissioned Blockchain

In today’s fourth industrial revolution, various blockchain technologies are being actively researched. A blockchain is a peer-to-peer data-sharing structure lacking central control. If a user wishes to access stored data, she/he must employ a private key to prove ownership of the data and create a transaction. If the private key is lost, blockchain data cannot be accessed. To solve such a problem, public blockchain users can recover the key using a wallet program. However, key recovery in a permissioned blockchain (PBC) has been but little studied. The PBC server is Honest-but-Curious (HBC), and should not be able to learn anything of the user; the server should simply recover and store the key. The server must also be resistant to malicious attacks. Therefore, key recovery in a PBC must satisfy various security requirements. Here, we present a password-protected secret sharing (PPSS) key recovery system, protected by a secure password from a malicious key storage server of a PBC. We describe existing key recovery schemes and our PPSS scheme.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

A New Anti-Quantum Proxy Blind Signature for Blockchain-Enabled Internet of Things

Blockchain technology has become a research hotspot in recent years with the prominent characteristics as public, distributed and decentration. And blockchain-enabled internet of things (BIoT) has a tendency to make a revolutionary change for the internet of things (IoT) which requires distributed trustless consensus. However, the scalability and security issues become particularly important with the dramatically increasing number of IoT devices. Especially, with the development of quantum computing, many extant cryptographic algorithms applied in blockchain or BIoT systems are vulnerable to the quantum attacks. In this paper, an anti-quantum proxy blind signature scheme based on the lattice cryptography has been proposed, which can provide user anonymity and untraceability in the distributed applications of BIoT. Then, the security proof of the proposed scheme can derive that it is secure in random oracle model, and the efficiency analysis can indicate it is efficient than other similar literatures.     

Trustworthiness Evaluation for Permissioned Blockchain-Enabled Applications

As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations, related stakeholders need a means to assess the trustworthiness of the applications involved within. It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy. Therefore, this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications. The framework divides itself into different implementation domains, i.e., organization security, application security, consensus mechanism security, node management and network security, host security and perimeter security, and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains. In addition, a case study, including a security testing and risk evaluation on each stack of a specific organization, is demonstrated as an implementation instruction of our proposed risk management framework. According to the best of our knowledge, this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view. If users can trust the applications that adopted this framework, this study can contribute to the adoption of permissioned blockchain-enabled technologies. Furthermore, application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.     

Enhancing Blockchain Security Using Ripple Consensus Algorithm

In the development of technology in various fields like big data analysis, data mining, big data, cloud computing, and blockchain technology, security become more constrained. Blockchain is used in providing security by encrypting the sharing of information. Blockchain is applied in the peer-to-peer (P2P) network and it has a decentralized ledger. Providing security against unauthorized breaches in the distributed network is required. To detect unauthorized breaches, there are numerous techniques were developed and those techniques are inefficient and have poor data integrity. Hence, a novel technique needs to be implemented to tackle the new breaches in the distributed network. This paper, proposed a hybrid technique of two fish with a ripple consensus algorithm (TF-RC). To improve the detection time and security, this paper uses efficient transmission of data in the distributed network. The experimental analysis of TF-RC by using the metric measures of performance in terms of latency, throughput, energy efficiency and it produced better performance.     

Blockchain-based ubiquitous manufacturing: a secure and reliable cyber-physical system

With product customisation and emerging business opportunities, small and medium manufacturing enterprises (SMEs) must find ways to collaborate and share competency in a trustable manner to survive a turbulent market. Therefore, service industry turns to the manufacturing industry and SMEs migrate to cloud manufacturing (CM) and ubiquitous manufacturing. However, existing platforms use centralised networking, which suffers from security, scalability and big-data problems. In this paper, we propose a blockchain-based platform as a trustable network to eradicate third-party problems, which can improve the scalability, security and big-data problems for SMEs. Our proposed platform is developed based on a consortium blockchain which provides a peer-to-peer communication network between the end user and the service provider. We improve existing consensus mechanism and communication protocol based on a cyber-physical system (CPS), via an autonomous agent. Firstly, we provide a review of cloud manufacturing, ubiquitous manufacturing and blockchain-based manufacturing approaches by highlighting the main problems. Then, the proposed platform, blockchain ubiquitous manufacturing (BCUM), is explained, based on its architecture, consensus algorithm and CPS, with the help of autonomous agent communication. The proposed platform has been developed for 3D printing companies which are geographically distributed and tested based on network performance and three practical scenarios.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

Sea Turtle Foraging Optimization-Based Controller Placement with Blockchain-Assisted Intrusion Detection in Software-Defined Networks

Software-defined networking (SDN) algorithms are gaining increasing interest and are making networks flexible and agile. The basic idea of SDN is to move the control planes to more than one server’s named controllers and limit the data planes to numerous sending network components, enabling flexible and dynamic network management. A distinctive characteristic of SDN is that it can logically centralize the control plane by utilizing many physical controllers. The deployment of the controller—that is, the controller placement problem (CPP)—becomes a vital model challenge. Through the advancements of blockchain technology, data integrity between nodes can be enhanced with no requirement for a trusted third party. Using the latest developments in blockchain technology, this article designs a novel sea turtle foraging optimization algorithm for the controller placement problem (STFOA-CPP) with blockchain-based intrusion detection in an SDN environment. The major intention of the STFOA-CPP technique is the maximization of lifetime, network connectivity, and load balancing with the minimization of latency. In addition, the STFOA-CPP technique is based on the sea turtles’ food-searching characteristics of tracking the odour path of dimethyl sulphide (DMS) released from food sources. Moreover, the presented STFOA-CPP technique can adapt with the controller’s count mandated and the shift to controller mapping to variable network traffic. Finally, the blockchain can inspect the data integrity, determine significantly malicious input, and improve the robust nature of developing a trust relationship between several nodes in the SDN. To demonstrate the improved performance of the STFOA-CPP algorithm, a wide-ranging experimental analysis was carried out. The extensive comparison study highlighted the improved outcomes of the STFOA-CPP technique over other recent approaches.     

GaiaWorld: A Novel Blockchain System Based on Competitive PoS Consensus Mechanism

The birth of blockchain has promoted the development of electronic currencies such as Bitcoin and Ethereum. Blockchain builds a financial system based on cryptology instead of credit, which allows parties to complete the transaction on their own without the need for credible third-party intermediaries. So far, the application scenario of blockchain is mainly confined to the peer-to-peer electronic financial system, which obviously does not fully utilize the potential of blockchain.
In this paper, we introduce GaiaWorld, a new system for decentralized application. To solve the problem of resource waste and mismatch between nodes and computing power in traditional PoW mechanism, GaiaWorld introduces a new consensus mechanism called CPoS, which can improve productivity and liquidity of blockchain system. GaiaWorld constructs a new architecture based on forging committee and forging group systems, which can establish a decentralized, free and stable internet trust system, and can be utilized in multiple application scenarios and construct efficient and reliable content delivery systems.     

基于区块链技术的空调产品电子病历共享方案

随着空调领域大数据和智能化的飞速发展,良好的数据管理模式变得十分重要.本文首次提出一种将区块链作为底层技术的空调产品电子病历共享方案,旨在构建一个去中心化和第三方信任的空调病历信息共享平台.通过运用哈希计算、非对称加密和全网共识等技术,达到对空调故障病历数据的全网可信,突破个人、企业之间的信任壁垒.研究表明:基于区块链...     

CLEC: Combination Locality Based Erasure Code for Permissioned Blockchain Storage

Building a new decentralized domain name system based on blockchain technology is helping to solve problems, such as load imbalance and over-dependence on the trust of the central node. However, in the existing blockchain storage system, the storage overhead is very high due to its full-replication data storage mechanism. The total storage consumption for each block is up to O(n) with n nodes. Erasure code applied to blockchains can significantly reduce the storage overhead, but also greatly lower the read performance. In this study, we propose a novel coding scheme for blockchain storage, Combination Locality based Erasure Code for Permissioned blockchain storage (CLEC). CLEC uses erasure code, parity locality, and topology locality in blockchain storage, greatly reducing reading latency and repair time. In CLEC, the storage consumption per block can be reduced to O(1), and the repair penalty can also be lowered to O(1). Experiments in an open-source permissioned blockchain Tendermint show that CLEC has a maximum repair speed of 6 times and a read speed of nearly 1.7 times with storage overhead of only 1.17 times compared to the current work, a great improvement in reading performance and repair performance with slightly increased storage overhead via implementation.     

Anomaly IoT Node Detection Based on Local Outlier Factor and Time Series

The heterogeneous nodes in the Internet of Things (IoT) are relatively weak in the computing power and storage capacity. Therefore, traditional algorithms of network security are not suitable for the IoT. Once these nodes alternate between normal behavior and anomaly behavior, it is difficult to identify and isolate them by the network system in a short time, thus the data transmission accuracy and the integrity of the network function will be affected negatively. Based on the characteristics of IoT, a lightweight local outlier factor detection method is used for node detection. In order to further determine whether the nodes are an anomaly or not, the varying behavior of those nodes in terms of time is considered in this research, and a time series method is used to make the system respond to the randomness and selectiveness of anomaly behavior nodes effectively in a short period of time. Simulation results show that the proposed method can improve the accuracy of the data transmitted by the network and achieve better performance.     

Task-Attribute-Based Access Control Scheme for IoT via Blockchain

As a new form of network, the Internet of things (IoT) is becoming more widely used in people’s lives. In this paper, related theoretical research and practical applications of the IoT are explored. The security of the IoT has become a hot research topic. Access controls are methods that control reasonable allocations of data and resources and ensure the security of the IoT. However, most access control systems do not dynamically assign users’ rights. Additionally, with some access control systems, there is a risk of overstepping other user’s authority, and there may exist a central authority that is a single point of failure. Therefore, to solve these problems, this paper proposes a Task-Attribute-Based Access Control scheme for the IoT via blockchain that combines the access control technologies of both the IoT and blockchain. This model, which merges the advantages of task-based access controls and attribute-based access controls, is perfectly integrated with blockchain technology. This model uses hash functions and digital signature algorithms to ensure the authenticity and integrity of the data, and it can dynamically allocate users’ minimum privileges and thus perfectly solves the single point of failure problem. The model is implemented using a Geth client and solidity code, and the simulation results demonstrate the effectiveness of the model.     

Network Security Situation Awareness Framework based on Threat Intelligence

Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.