主页期刊介绍编委会编辑部服务介绍道德声明在线审稿编委办公编辑办公English
2018-2019年专刊出版计划 微信服务介绍 最新一期:2019年第9期
     
在线出版
各期目录
纸质出版
分辑系列
论文检索
论文排行
综述文章
专刊文章
美文分享
各期封面
E-mail Alerts
RSS
旧版入口
中国科学院软件研究所
  
投稿指南 问题解答 下载区 收费标准 在线投稿
刘明达,拾以娟,陈左宁.基于区块链的分布式可信网络连接架构.软件学报,2019,30(8):2314-2336
基于区块链的分布式可信网络连接架构
Distributed Trusted Network Connection Architecture Based on Blockchain
投稿时间:2018-05-29  修订日期:2018-09-21
DOI:10.13328/j.cnki.jos.005764
中文关键词:  区块链  可信网络连接  信任模型  分布式网络  共识协议
英文关键词:blockchain  trusted network connection  trust model  distributed network  consensus protocol
基金项目:核高基国家科技重大专项(2013ZX01029002G001)
作者单位E-mail
刘明达 江南计算技术研究所, 江苏 无锡 214083 happyliumd@163.com 
拾以娟 江南计算技术研究所, 江苏 无锡 214083  
陈左宁 中国工程院, 北京 100088  
摘要点击次数: 915
全文下载次数: 536
中文摘要:
      可信网络连接是信任关系从终端扩展到网络的关键技术.但是,TCG的TNC架构和中国的TCA架构均面向有中心的强身份网络,在实际部署中存在访问控制单点化、策略决策中心化的问题.此外,信任扩展使用二值化的信任链传递模型,与复杂网络环境的安全模型并不吻合,对网络可信状态的刻画不够准确.针对上述问题,在充分分析安全世界信任关系的基础上,提出一种基于区块链的分布式可信网络连接架构——B-TNC,其本质是对传统可信网络连接进行分布式改造.B-TNC充分融合了区块链去中心化、防篡改、可追溯的安全特性,实现了更强的网络信任模型.首先描述B-TNC的总体架构设计,概括其信任关系.然后,针对核心问题展开描述:(1)提出了面向访问控制、数据保护和身份认证的3种区块链系统;(2)提出了基于区块链技术构建分布式的可信验证者;(3)提出了基于DPoS共识的的远程证明协议.最后,对B-TNC进行正确性、安全性和效率分析.分析结果表明,B-TNC能够实现面向分布式网络的可信网络连接,具有去中心化、可追溯、匿名、不可篡改的安全特性,能够对抗常见的攻击,并且具备良好的效率.
英文摘要:
      Trusted network connection is the key technology for trust relationship to extend from terminal to network. However, TCG's TNC architecture and China's TCA architecture are both oriented to a strong identity network with central access. In actual deployment, there is a single point of access control and policy decision center. In addition, the trust extension uses the binary trust chain transfer model, which is not consistent with the security model of the complex network environment, and the portrayal of the trusted state of the network is not accurate enough. In response to the above issues, this study fully analyzes the trust relationship in the security world and then proposes a distributed trusted network connection architecture based on blockchain, called B-TNC, which is the transformation of TNC with blockchain essentially. B-TNC fully integrates the de-centralization, tamper-proof, and traceable security features of blockchain, and realizes a stronger network trust model. This paper first describes the overall architecture design of B-TNC, and summarizes its trust relationship. Then, the core problems are described:(1) proposing three blockchain systems for access control, data protection, and identity authentication; (2) proposing to build distributed trusted verifiers based on blockchain; and (3) proposing a remote attestation protocol based on DPoS consensus. Finally, this paper analyzes the correctness, security, and efficiency of B-TNC. The analysis shows that B-TNC can realize trusted network connection oriented to distributed network, with decentralization, traceability, anonymity, not tampered security features that are resistant to common attacks, with sound efficiency.
HTML  下载PDF全文  查看/发表评论  下载PDF阅读器
 

京公网安备 11040202500064号

主办单位:中国科学院软件研究所 中国计算机学会 京ICP备05046678号-4
编辑部电话:+86-10-62562563 E-mail: jos@iscas.ac.cn
Copyright 中国科学院软件研究所《软件学报》版权所有 All Rights Reserved
本刊全文数据库版权所有,未经许可,不得转载,本刊保留追究法律责任的权利