Consensus Algorithms on Appendable-Block Blockchains: Impact and Security Analysis

The Internet of Things (IoT) has been making people’s lives more efficient and more comfortable in the past years, and it is expected to get even better. This improvement may benefit from the use of blockchain to enhance security, scalability, reliability and auditability. Recently, different blockchain architectures were proposed to provide a solution that is better suited for IoT scenarios. One of them, called appendable-block blockchains, proposed a data structure that allows to include transactions in blocks that were already inserted in the blockchain. This approach allows appendable-block blockchains to manage large amounts of data produced by IoT devices through decoupled and appendable data structures. Nevertheless, consensus algorithms can impact throughput and latency in scenarios with large amount of produced transactions, since IoT devices can produce data very quickly (milliseconds) while these data might take some time to be included in a block (seconds). Consequently, it is important to understand the behaviour of different consensus algorithms over appendabble-block blockchain in these type of scenarios. Therefore, we adapted the appendable-block blockchain to use and compare the impact of different consensus algorithms: Practical Byzantine Fault Tolerance (PBFT), witness-based, delegated Byzantine Fault Tolerance (dBFT) and Proof-of-Work (PoW). The results show that both dBFT and PBFT can achieve fast consensus (< 150ms) in the context of appendable-block blockchains. We also present a discussion regarding attacks in each consensus algorithm to help one to choose the best solution (considering performance and security issues) for each scenario.

     

基于完美二叉树通信拓扑的拜占庭容错共识算法

针对实用拜占庭容错(PBFT)算法中主节点可预测、通信复杂度高和作恶节点缺少惩罚机制的问题,该文提出一种基于完美二叉树通信拓扑的联盟链拜占庭容错算法(PBT-BFT)。首先设计了信誉评估模型对节点的行为进行评估,同时提出基于信誉的可验证随机函数(R-VRF),使得随机抽取概率与信誉值呈正相关,保证了拥有不同信誉值的节点抽签的公平性和随机性。然后,设计了完美二叉树通信拓扑,将通信复杂度降低至线性复杂度,同时提出轮换主节点和流水线工作机制,提高了共识效率。实验结果表明,与PBFT相比,平均吞吐量提高了121.6%,平均时延降低了73.8%,能够很好地适用于大规模网络节点的联盟链。     

基于凝聚型层次聚类的PBFT优化共识机制

面对粮食联盟链网络中的大量共识节点,由于传统实用拜占庭容错(practical Byzantine fault tolerance,PBFT)共识算法效率低下,导致通信能耗过高,从而极大地增加信息泄露和数据造假的风险。针对上述难题,本文提出了一种基于凝聚型层次聚类(agglomerative hierarchical clustering,AHC)的PBFT优化共识算法。首先,利用AHC算法对所有网络共识节点进行目标划分和聚类;其次,使所有簇并行发生PBFT共识;最后,通过簇间主节点共识达成消息一致。实验结果表明,该改进算法能够有效降低能量开销,并提高共识效率和吞吐量。     

基于信用等级划分的医疗数据安全共识算法

在基于区块链的医疗数据共享系统中为防御恶意节点攻击并且提高共识效率,该文提出基于信用等级划分的医疗数据安全共识算法(SCA_MD)。首先,在SCA_MD中,考虑由数据节点、共识节点和监管节点组成的医疗区块共识模型,提出相应的节点身份验证机制,实现快速验证。其次,提出基于海洋掠食者的自我优化信用等级划分算法(SCRD),以限制恶意节点共识权力。最后改进代表节点选举机制和共识机制,提高共识的效率。实验结果表明：不管恶意节点数量如何变化,SCA_MD都能提高交易吞吐量,降低平均交易时延和平均节点通信开销。     

RBFT:基于Raft集群的拜占庭容错共识机制

针对现有联盟链共识机制因可拓展性不足,无法在支持大规模网络的同时满足低时延、高吞吐量和安全性的问题,采用网络分片的思想,提出一种适用于联盟链的带有监督节点的两级共识机制——RBFT.首先对网络节点进行分组,组内采用改进的Raft机制进行共识,然后由每个组内选出的领导者组成网络委员会,网络委员会内部采用PBFT机制进行共...     

WSN中基于周期性超宽带距离信息的女巫攻击检测

针对无线传感器网络易受多种网络攻击和节点妥协的问题,提出一种基于周期性超宽带距离信息的女巫攻击检测的完整系统。首先进行相邻节点间的测距和hello数据分组的交换,然后采用局部估算方式构建距离估计表格,并使每个节点均含有这种表格。接着,在网络中周期性地对每个节点独立执行多个距离匹配检查。最后,当合法节点在至少2个不同节点之间找到了距离匹配时,就发出警报废除女巫节点。如果不存在距离匹配,节点继续正常操作。模拟实验配备IEEE 802.15.4对等传感器网络,实验结果证明了提出的系统可以容忍并发女巫攻击数量的变化,也可以成功处理同时发生的、可延展的女巫攻击。另外发生假警报的概率非常小,整个网络性能及其一致性没有受到影响。     

基于PBFT区块链技术的电网企业仓储系统

提出了一种基于实用拜占庭容错(PBFT)算法的区块链技术,首先对传统的实用拜占庭容错算法原理进行了阐述,该传统算法包含前期、需求、预准备、准备、确认、答复6个阶段,但传统算法具有实时性差、缺乏惩罚机制、带宽高的缺点。针对出现的这些问题,又对传统算法进行了改进,具体涉及记账节点、共识过程以及视图切换过程。通过测试进一步证明了该改进算法的实用性,并将该算法应用于电网企业中,构建的虚拟仓库实现了联储联备,降低了库存资金的耗费,并且提高了电网企业库存管理的效率。     

异步区块链支持的安全频谱共享

针对目前频谱稀缺的困境,一个经济有效的解决方案是将未充分利用的授权频谱以机会的方式分配给未授权用户。然而,实现大规模频谱共享面临激励缺失、隐私泄露、安全威胁和时延过大等挑战。利用区块联盟链技术的安全机制,设计了由频谱接入层、区块链网络层、区块链共识层构成的区块链动态频谱接入系统。该系统采用异步实时拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)改善共识延时,设计基于最优匹配算法的匹配方案,提高频谱复用率。经仿真验证,该方案频谱复用率提升近6%。相比于实时拜占庭机制,所提方案减少了系统延时,提升吞吐量近129%。     

STS_4e: Secure Time Synchronization in IEEE802.15.4e Networks

IEEE802.15.4e networks adopt time-synchronized medium access control protocols which enables highly reliable and ultra-low power industrial wireless networks. In these networks, nodes use timeslot to communicate which need a high-precision time synchronization. In hostile environments, the time synchronization protocol may be destroyed by external, compromise or pulse-delay attacks. In this paper, we present a secure time synchronization for IEEE802.15.4e networks called STS_4e which includes a secure single-hop pair-wise time synchronization and a secure cluster-wise time synchronization. The secure pair-wise time synchronization adopts message integrity authentication mechanism to defend against external attacks and threshold filter algorithm to defend against compromise and pulse-delay attacks. The secure cluster-wise time synchronization adopts packet-based key chain to improve µTESLA broadcast authentication mechanism which can well balance the delay of disclosed keys and the length of key chain. Finally, we implement the STS_4e scheme on OpenMoteSTM node running OpenWSN. The results show that the proposed scheme can successfully defend against time synchronization attacks as well as the low energy consumption.     

可防御SSDF攻击的宽带压缩频谱感知

SSDF（Spectrum Sensing Data Falsification）攻击是认知无线网络中对频谱感知性能危害最大的攻击方式之一。基于认知无线网络中信号频域的固有稀疏性,本文结合了压缩感知(CS)技术与平均一致(average consensus)算法,建立了可防御SSDF攻击的分布式宽带压缩频谱感知模型。本文建立了次用户的声望值指标,用以在分布式信息融合的过程中更加准确地排除潜在的恶意次用户影响。在感知阶段,各个CR节点对接收到的主用户信号进行压缩采样以减少对宽带信号采样的开销和复杂度,并做出本地频谱估计。在信息融合阶段,各CR节点的本地频谱估计结果以分布式的方式进行信息融合,排除潜在恶意次用户的影响,得到最终的频谱估计结果。仿真结果表明,本文提出的分布式频谱感知模型可以有效地抵御SSDF攻击,提高了频谱感知的性能。      

Extensive game analysis and improvement strategy of DPOS consensus mechanism

Delegated proof-of-stake ( DPOS) consensus mechanism is widely adopted in blockchain platforms, but problems exist in its current applications. In order to explore the security risks in the voting attack of the DPOS consensus mechanism, an extensive game model between nodes was constructed, and it was concluded that the DPOS consensus mechanism relies too much on tokens, and the possibility of node attacks is very high. In order to solve the problems of frequent changes of DPOS consensus mechanism nodes, inactive node voting, excessive reliance on tokens, and malicious nodes, a dynamic, credible, and attack-evading DPOS consensus mechanism was proposed. In addition, the Python simulation results show that the improved Bayesian voting algorithm is effective in calculating node scores.     

Blockchain trading mechanism based on attached chain for the delay tolerant network

In order to deploy a blockchain on the non-continuous connectivity delay tolerant network,a blockchain trading mechanism was designed,which could run on this type of network.First,the identifier was introduced into the existing block structure and a block structure on the attached chain was presented,which could append the blocks generated during network disconnection.Then,the approaches including the block package,block mining and block consensus on the attached chain were proposed.Finally,a confirming consensus approach was presented to avoid block fraud in the process of appending the attached chain.Through theoretical proof and experimental analysis,the proposed mechanism can support blockchain trading in the delay tolerant network.     

面向车联网异构节点的区块链高效一致性共识算法研究

车联网异构节点由于其性能差异大、具有移动性等原因会造成区块链共识算法交易吞吐率低、交易时延较大等问题,该文提出面向车联网异构节点的区块链高效一致性共识算法(ECCA)。首先,在ECCA中,考虑由验证节点、一般节点和恶意节点组成的车联网异构节点,提出一种信用等级机制,实现信用等级划分和3类异构节点的划分。其次,提出一种跨区下的节点身份变更机制,及时调整当前区域内的节点身份。最后,提出一种改进的一致性共识算法,满足车联网的时效性需求。仿真结果表明：ECCA算法降低性能较差的一般节点和恶意节点对区块共识效率的影响,提高交易吞吐量,降低平均交易时延和平均节点通信开销。     

6G oriented blockchain based Internet of things data sharing and storage mechanism

Considering the heterogeneity of various IoT system and the single point failure of centralized data-processing platform,a decentralized IoT data sharing and storage method based on blockchain technology was proposed.The block consensus and decentralized storage of shared data were realized through the PoS consensus mechanism.A block layered propagation mechanism between consensus node and verified node was proposed based on the Gossip protocol.The block propagation delay model and decentralization evaluation model of blockchain networks were derived.The trade-off between the block propagation delay and the decentralization degree of networks was analyzed.The simulation results demonstrate that the block propagation delay and degree of network decentralization decrease with the increase of minimal capabilities of consensus nodes.As an application example,in the trajectory data sharing scenario of confirmed patients,the data sharing smart contract is implemented and tested based on the Ethereum development platform.     

Trust-aware secure routing protocol for wireless sensor networks

A trust-aware secure routing protocol (TSRP) for wireless sensor networks is proposed in this paper to defend against varieties of attacks. First, each node calculates the comprehensive trust values of its neighbors based on direct trust value, indirect trust value, volatilization factor, and residual energy to defend against black hole, selective forwarding, wormhole, hello flood, and sinkhole attacks. Second, any source node that needs to send data forwards a routing request packet to its neighbors in multi-path mode, and this continues until the sink at the end is reached. Finally, the sink finds the optimal path based on the path's comprehensive trust values, transmission distance, and hop count by analyzing the received packets. Simulation results show that TSRP has lower network latency, smaller packet loss rate, and lower average network energy consumption than ad hoc on-demand distance vector routing and trust based secure routing protocol.     

基于区块链的社会物联网可信服务管理框架

针对当前社会物联网可信服务管理中存在的中心化程度高、交易不透明和易受攻击等问题,提出了一种基于区块链的社会物联网可信服务管理框架。该框架通过区块链的去中心化特性在服务请求者和服务提供者之间直接建立信任关系,利用智能合约产生并管理新的交易,实现交易过程透明化并减少管理维护成本。同时,区块链的共识机制可用于交易验证并防范恶意攻击和篡改,减少网络攻击和恶意节点的欺骗。最后,分析了该框架在实际构建中面临的主要挑战。     

Deletable blockchain based on threshold ring signature

With the development of blockchain,huge storage space is needed to store all of blockchain data.In addition,data can’t be changed once it is packaged into the chain,and it may be possible for overdue data to take up large storage space.Firstly,a threshold ring signature scheme was improved,and then a deletable blockchain scheme based on the mechanism of proof of space (PoSpace) consensus was constructed.Most of nodes could sign and delete a block together when block data was overdue,and the overall structure of the blockchain was unchanged.Several experiments in a simulated environment were executed,and the results show that the proposed blockchain scheme has high efficiency in generating and delegating a block.Meanwhile,the deletion of a block doesn’t influence the storage and use of other blocks.     

区块链下基于蛛网模型的新能源汽车能源交易机制研究

针对在新能源汽车有限的车载能源资源约束条件下,如何解决行驶时效性不足的问题,该文提出一种区块链下的分布式能源交易机制。首先基于区块链构建新能源汽车能源交易网络,并通过信誉值共识(PoR)机制确保能源交易的隐私性。然后,基于收敛型蛛网设计了非线性定价协商算法,联合区块链技术分布式存储车辆信誉值数据库,确保能源交易双方至少能在满足弱帕累托效应的情况下获得最优定价。最后通过仿真,验证了所提算法在区块链下的有效性和收敛性,并求出该算法的最优步长及其系数。     

Big Data Architecture for Scalable and Trustful DNS based on Sharded DAG Blockchain

Internet applications remain exposed to pervasive Domain Name System (DNS)–based threats. Blockchain technologies provide a new way for tackling DNS vulnerability issues, and have been highlighted recently. However, traditional blockchain is still not well suited for big data applications such as DNS, because the performance of blockchain consensus greatly limits its practical adoption. In this paper, we present DagGridLedger, a sharded directed acyclic graph (DAG) blockchain that provides scalable big data architecture for trustful DNS management. To achieve this goal, DagGridLedger proposes a radical new architecture that combines blockchain sharding and DAG techniques on the DNS resolver side, thereby making it a promising solution to enhance the security and stability of large-scale DNS system. To be specific, DagGridLedger provides a blockchain structure targeting DNS application, which employs a high-performance DAG consensus algorithm named DagGrid. DagGrid consensus realizes a multi-DNS negotiation mechanism through block sharding in generating a block. With an improved asynchronous leaderless Byzantine consensus, DagGrid implements total order determination, which guarantees the trustful DNS management. Further experiments verified the performance of DagGridLedger as well as the applicability of the proposed blockchain architecture in traditional DNS. To this end, DagGridLedger consistently achieves a big data architecture for secure DNS record management, with a novel shared DAG consensus designed for high throughput. This makes DagGridLedger a promising architecture for highly secure and efficient DNS solution.

     

A blockchain-based audit approach for encrypted data in federated learning

The development of data-driven artificial intelligence technology has given birth to a variety of big data applications. Data has become an essential factor to improve these applications. Federated learning, a privacy-preserving machine learning method, is proposed to leverage data from different data owners. It is typically used in conjunction with cryptographic methods, in which data owners train the global model by sharing encrypted model updates. However, data encryption makes it difficult to identify the quality of these model updates. Malicious data owners may launch attacks such as data poisoning and free-riding. To defend against such attacks, it is necessary to find an approach to audit encrypted model updates. In this paper, we propose a blockchain-based audit approach for encrypted gradients. It uses a behavior chain to record the encrypted gradients from data owners, and an audit chain to evaluate the gradients’ quality. Specifically, we propose a privacy-preserving homomorphic noise mechanism in which the noise of each gradient sums to zero after aggregation, ensuring the availability of aggregated gradient. In addition, we design a joint audit algorithm that can locate malicious data owners without decrypting individual gradients. Through security analysis and experimental evaluation, we demonstrate that our approach can defend against malicious gradient attacks in federated learning.