共查询到19条相似文献,搜索用时 171 毫秒
1.
为解决传统烟草行业缺少物料管理数据留痕导致的物料无法追溯问题,在研究区块链中智能合约及IoT技术基础上提出了一种基于物联网及区块链的去中心化数据管理系统。系统由三个主要组件组成,包括IoT客户端网络、智能合约和安全模块。实现利用区块链技术防止数据信息被篡改,利用数据加密等特性存储数据。通过物联网技术实现物料从采购到出库... 相似文献
2.
在智能制造系统中,工业物联网通过先进的管理技术将制造设备互连,实现了信息的实时传输、设备的范在化感知和数据的快速分析处理。但是由于制造设备的异构性、物联网网关(IoT网关)数据分析能力的有限性、制造设备的存储力低下,设备和数据的低安全性等缺陷严重阻碍了智能制造的发展。BEIIoT架构从制造企业的实际生产过程与应用角度出发,将区块链技术与边缘计算相结合,通过对服务器进行P2P组网以实现对设备去中心化管理;通过对边缘设备进行服务化封装,增强设备的安全性与实时分析能力,降低设备的异构性;使用DAG双链式数据存储结构,提高数据的冗余度与安全性,实现生产线数据的异步并发备份存储。BEIIoT架构为智能制造的实施提供了体系支持。 相似文献
3.
基于区块链的去中心化应用已在加密数字货币、云存储、物联网等多个领域提供健壮、可信且持久的服务, 然而区块链的吞吐能力难以满足去中心化应用日益增长的性能需求. 分片是当前主流的区块链性能优化技术, 但现有的区块链分片主要面向用户和用户之间的转账交易, 并不完全适用于以智能合约调用交易为主的去中心化应用. 针对此问题, 设计并实现面向智能合约分片的联盟区块链系统BETASCO. BETASCO为每个智能合约提供一个分片作为独立执行环境, 通过基于分布式散列表的合约定位服务将交易路由至目标智能合约所在的分片, 并通过智能合约间的异步调用机制满足跨智能合约的通信和协作需求. BETASCO通过节点虚拟化允许一个节点加入多个分片, 支持同一组节点上多个智能合约的并行执行. 实验结果表明, BETASCO整体吞吐能力可随智能合约数量的增加而线性增长, 且执行单个智能合约的吞吐能力与HyperLedger Fabric相当. 相似文献
4.
区块链的分布式和去中心化特性能够有效应对传统物联网架构所面临的设备安全和数据安全挑战。网关作为区块链与物联网融合的关键节点,在融合应用中面临算力、存储资源受限的实际困难,亟需可用的轻量级设计与实现方案。针对这一问题,设计并实现了一种基于联盟链的轻量级区块链-物联网网关原型。首先,基于长安链SPV(Simplified Payment Verification)框架,在网关中实现了关键数据的上链存证与交易数据的过滤精简;其次,从感知设备的行为模式、感知数据两方面进行模式提取与异常识别,保证设备的接入安全和运行安全;最后,针对网关轻节点所存储的区块链默克尔树,提出了一种剪枝算法,加速本组织相关交易数据的验证过程。实验结果表明,设计的轻量级网关具备设备身份可信认证和运行时异常行为检测的可行性,与其它方法相比,默克尔树剪枝优化算法能够大幅度降低交易验证时延。 相似文献
5.
区块链由于其去中心化的特点,被认为是近年来最具颠覆性和革命性的技术创新之一。然而,目前大多数公有链由于数据高度冗余使得区块链系统数据迅速增长,从而造成节点存储资源消耗严重,此外它还存在区块共识成本较高导致系统吞吐量低的问题。针对区块链的可扩展性问题,提出一种适用于智能合约的无状态区块链性能优化方案STiPChain。STiPChain基于密码累加器与可验证计算完成无状态设计,采用RSA累加器生成智能合约的有效性证明实现节点状态数据压缩,同时通过分布式设计将智能合约的有效性证明更新效率优化至常数,极大降低节点对磁盘和内存的需求。在此基础上,STiPChain将区块共识与区块运算解耦,基于可验证计算技术提出新的智能合约执行逻辑和交易验证方案,解决无状态条件下的交易验证与执行问题,有效提高系统吞吐量。实验结果表明,与Ethereum相比,STiPChain无状态区块链性能优化方案将共识节点的存储需求降低了99%,吞吐量提高了1.6~2 500倍。 相似文献
6.
基于区块链的跨域认证利用区块链代替传统的CA机构颁发区块链证书,借助区块链的去中心化和透明性,实现了信任的去中心化;针对现有基于区块链的跨域认证存在着跨域认证效率不高,没有完整的证书管理功能、区块链存储证书开销大的问题,提出了基于区块链和动态累加器的跨域认证方案,设计了区块链证书格式,描述了跨域认证协议,将区块链证书信息映射为累加值,提升了验证效率,通过在智能合约中构建动态累加器,实现证书的注册,撤销和查询功能;实验结果表明,该方案能够有效降低区块链证书存储成本,提升跨域认证效率. 相似文献
7.
基于双区块链的医疗记录安全存储与共享方案 总被引:1,自引:0,他引:1
在当前的医疗信息化建设中,电子医疗记录的存储与共享给病人带来了隐私泄露的风险,从而造成名誉损害和财产损失。现有的多数保护隐私的医疗记录存储与共享方案使用了中心化的管理节点,容易遭受集中攻击导致单点失效和恶意篡改的威胁。针对这些问题,设计了一个双区块链结构的医疗记录安全存储与共享方案
EMRSBC,其中使用2条联盟链分别用于医疗记录存储与共享。该方案解决了传统单链应用中拓展性差、吞吐量低的问题,将医疗记录的共享与存储分开,利用区块链的去中心化特性以及智能合约的链上代码实现在不可信环境中的访问控制,有效地保护了病人的隐私数据在存储与共享过程中的安全性。 相似文献
8.
数据流行度去重方案中存在检测机构不诚实、数据存储不可靠等问题,提出一种面向去中心化存储的数据流行度去重模型。针对检测机构不诚实,模型结合区块链的不可篡改性与智能合约的不可抵赖性,将智能合约作为检测机构执行数据的重复性检测和流行度检测,保障了检测结果的真实性。针对数据存储不可靠问题,提出一种文件链存储结构,该结构满足数据流行度去重的要求,并通过添加辅助信息的方式,建立分布在不同存储节点中实现物理/逻辑上传的分片之间的逻辑关系,为流行度数据去中心化网络存储提供基础;同时,在数据块信息中添加备份标识,借助备份标识将存储网络划分为两个虚拟存储空间,分别实现数据和备份数据的检测与存储,满足了用户备份需求。安全性分析和性能分析表明,该方案具有可行性,保障了检测结果的真实性,并提高了数据存储的可靠性。 相似文献
9.
10.
11.
DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices
The Internet of Things (IoT) is a novel paradigm where many of the objects that surround us can be connected to the internet. Since IoT is always related to user’s personal information, it raises lot of data security and privacy issues. In this paper, we present a secure and fine-grained data access control scheme for constrained IoT devices and cloud computing based on hierarchical attribute-based encryption, which reduces the key management by introducing hierarchical attribute authorities. In order to relieve local computation burden, we propose an outsourced encryption and decryption construction by delegating most of laborious operations to gateway and cloud server. Further, our scheme achieves efficient policy updating, which allows the sender device to update access policies without retrieving and re-encrypting the data. The security and performance analysis results show that our scheme is secure and efficient. 相似文献
12.
Smart grid and advanced metering infrastructure (AMI) technologies have recently been the focus of rapid advancement and significant investment by many utilities and other service providers. For proper Smart grid deployment, smart energy home area network (HAN) must deploy smart meter along with other utility HAN devices and customer HAN devices. Energy service interface (ESI) is deployed as a HAN gateway which can provide two-way communications between HAN devices and utilities or service providers. However, in order to meet the envisioned functional, reliability, and scalability requirements of the Smart grid, cyber security must no longer be neglected. Thus, the development of a comprehensive security mechanism for AMI network is predominantly essential. A remote access to HAN devices may be required for either the customer that using his ubiquitous mobile device at the remote site or maintenance personals (either from utilities or service providers) those using handheld devices, which must be done securely. In this paper, we propose a security mechanism for remote access to HAN networks which is comprised of a lightweight and effective ECC-based entity authentication mechanism and ECC-based digital signature scheme. ECC-based entity authentication mechanism allows ESI as a gatekeeper to monitor the authentication process between two communicating entities. With a modified ECC-based digital signature scheme, secure data transfer between mobile devices and HAN devices has occurred. We have conducted security analysis, efficiency analysis as well as formal verification of the proposed mechanism. 相似文献
13.
当前物联网设备节点动态性强且计算能力弱,导致物联网中的传统访问控制机制存在策略判决与策略权限管理效率较低、安全性不足等问题.提出基于以太坊区块链的物联网设备访问控制机制,结合基于角色的访问控制(RBAC)模型设计智能合约.对以太坊相关特性进行分析,建立结合用户组的改进RBAC模型.设计基于以太坊区块链技术的物联网设备访... 相似文献
14.
The emergence of Internet of Things (IoT) technology has yielded a firm technical basis for the construction of a smart home. A smart home system offers occupants the convenience of remote control and automation of household systems. However, there are also potential security risks associated with smart home technologies. The security of users in a smart home environment is related to their life and possessions. A significant amount of research has been devoted to studying the security risks associated with IoT-enabled smart home systems. The increasing intelligence of devices has led to a trend of independent authentication between devices in smart homes. Therefore, mutual authentication for smart devices is essential in smart home systems. In this paper, a mutual authentication scheme is proposed for smart devices in IoT-enabled smart home systems. Signature updates are provided for each device. In addition, with the assistance of a home gateway, the proposed scheme can enable devices to verify the identity of each other. According to the analysis, the proposed scheme is secure against a forged SD or a semi-trusted HG. The computational cost of the proposed scheme in the simulation is acceptable for the application in smart home systems. 相似文献
15.
智能家居运用物联网技术为用户提供自动化的智能服务,但传统的集中式架构存在机密性和完整性等安全性问题,而现有的分布式架构又存在重复认证、高延迟等问题。针对这些问题,基于区块链和椭圆曲线集成加密技术提出了一种智能家居认证与访问控制方案,同时还引入了边缘计算,降低系统的延迟。并将基于权能的访问控制与区块链相结合,在区块链上存储权能令牌并设计了相应的智能合约以实现安全的访问控制。安全性分析表明,该方案具有去中心化、不可窜改、机密性、完整性和可扩展性等安全特性。在以太坊区块链上进行仿真,并根据计算开销、通信开销和响应时间等指标对方案进行了性能评估。评估结果表明,相比其他方案,该方案计算开销和通信开销更小,响应时间更短,具有明显的优势。 相似文献
16.
Due to the exponential growth of the Internet users and wireless devices, interests on home networks have been enormously increased in recent days. In digital home networks, home services including remote access and control to home appliances as well as services offered by service providers are alluring. However, the remote control services cause digital home networks to have various security threats. Hence, for digital home networks, robust security services, especially remote user authentication, should be considered. This paper presents a robust and efficient authentication scheme based on strong-password approach to provide secure remote access in digital home network environments. The proposed scheme uses lightweight computation modules including hashed one-time password and hash-chaining technique along with low-cost smart card technology. It aims to satisfy several security requirements including stolen smart card attack and forward secrecy with lost smart card as well as functional requirements including no verification table and no time synchronization. Comparing with the existing representative schemes, it can be validated that the proposed scheme is more robust authentication mechanism having better security properties. We have conducted formal verification of the proposed scheme. 相似文献
17.
The growing advent of the Internet of Things (IoT) users is driving the adoption of cloud computing technologies. The integration of IoT in the cloud enables storage and computational capabilities for IoT users. However, security has been one of the main concerns of cloud-integrated IoT. Existing work attempts to address the security concerns of cloud-integrated IoT through authentication, access control, and blockchain-based methods. However, existing frameworks are somewhat limited by scalability, privacy, and centralized structures. To mitigate the existing problems, we propose a blockchain-based distributed access control method for secure storage in the IoT cloud (BL-DAC). Initially, the BL-DAC performs decentralized authentication using the Quantum Neural Network Cryptography (QNNC) algorithm. IoT users and edge nodes are authenticated in the blockchain deployed by distributed Trusted Authorities (TAs) using multiple credentials. The user data is classified into sensitive and non-sensitive categories using the Enhanced Seagull Optimization (ESO) algorithm. Also, the authentication to access this data is performed by a decentralized access control method using smart contract policy. Sensitive user data is encrypted using the QNNC algorithm and stored in the private cloud. In contrast, non-sensitive data is stored in the public cloud, and IPFS is used to store data in a decentralized manner with high reliability. In addition, data security is improved by using a hierarchical blockchain which improves scalability by managing the multiple blockchains hierarchically and is lightweight using Proof of Authentication Consensus (PoAH). The BL-DAC is simulated and validated using the Network Simulator-3.26 simulation tool and validated. This work shows better results than the compared ones in terms of validation metrics such as throughput (26%), encryption time (19%), decryption time (16%), response time (15%), block validation time (31%), attack detection rate (16%), access control precision (13%), and scalability (28%). 相似文献
18.
Thar Baker Muhammad Asim Áine MacDermott Farkhund Iqbal Faouzi Kamoun Babar Shah Omar Alfandi Mohammad Hammoudeh 《Software》2020,50(5):503-518
The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform. 相似文献
19.
Kaiping Xue Changsha Ma Peilin Hong Rong Ding 《Journal of Network and Computer Applications》2013,36(1):316-323
Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks. 相似文献