Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants t...Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants to maintain the storage state consistently.However,with the improvement of network environment complexity and system scale,blockchain development is limited by the performance,security,and scalability of the consensus protocol.To address this problem,this paper introduces the collaborative filtering mechanism commonly used in the recommendation system into the Practical Byzantine Fault Tolerance(PBFT)and proposes a Byzantine fault-tolerant(BFT)consensus protocol based on collaborative filtering recommendation(CRBFT).Specifically,an improved collaborative filtering recommendation method is designed to use the similarity between a node’s recommendation opinions and those of the recommender as a basis for determining whether to adopt the recommendation opinions.This can amplify the recommendation voice of good nodes,weaken the impact of cunningmalicious nodes on the trust value calculation,andmake the calculated resultsmore accurate.In addition,the nodes are given voting power according to their trust value,and a weight randomelection algorithm is designed and implemented to reduce the risk of attack.The experimental results show that CRBFT can effectively eliminate various malicious nodes and improve the performance of blockchain systems in complex network environments,and the feasibility of CRBFT is also proven by theoretical analysis.展开更多
Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policy...Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.展开更多
The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various proble...The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various problems appear in the centralization system of public key infrastructure (PKI). In recent years, in addition to cryptographic problems, attacks against PKI have focused on the single point of failure of certificate authority (CA). Although there are many reasons for a single point of failure, the purpose of the attack is to invalidate the CA. Thus a distributed authentication system is explored to provide a feasible solution to develop distributed PKI with the rise of the blockchain. Due to the automation and economic penalties of smart contracts, a PKI system is proposed based on smart contracts. The certificate chain was constructed in the blockchain, and a mechanism was adopted for auditing access to CA nodes in the blockchain. Experimental results show that security requirements of CA are met in this system.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.62102449)awarded to W.J.Wang.
文摘Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants to maintain the storage state consistently.However,with the improvement of network environment complexity and system scale,blockchain development is limited by the performance,security,and scalability of the consensus protocol.To address this problem,this paper introduces the collaborative filtering mechanism commonly used in the recommendation system into the Practical Byzantine Fault Tolerance(PBFT)and proposes a Byzantine fault-tolerant(BFT)consensus protocol based on collaborative filtering recommendation(CRBFT).Specifically,an improved collaborative filtering recommendation method is designed to use the similarity between a node’s recommendation opinions and those of the recommender as a basis for determining whether to adopt the recommendation opinions.This can amplify the recommendation voice of good nodes,weaken the impact of cunningmalicious nodes on the trust value calculation,andmake the calculated resultsmore accurate.In addition,the nodes are given voting power according to their trust value,and a weight randomelection algorithm is designed and implemented to reduce the risk of attack.The experimental results show that CRBFT can effectively eliminate various malicious nodes and improve the performance of blockchain systems in complex network environments,and the feasibility of CRBFT is also proven by theoretical analysis.
基金Key Research and Development and Promotion Program of Henan Province(No.222102210069)Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003)National Natural Science Foundation of China(No.62102449).
文摘Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.
基金the National Natural Science Foundations of China (grant No. 61802436 and No. 61702550)he National Key Research and Development Plan (grant No. 2018YFB0803603 and No. 2016YFB0501901).
文摘The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various problems appear in the centralization system of public key infrastructure (PKI). In recent years, in addition to cryptographic problems, attacks against PKI have focused on the single point of failure of certificate authority (CA). Although there are many reasons for a single point of failure, the purpose of the attack is to invalidate the CA. Thus a distributed authentication system is explored to provide a feasible solution to develop distributed PKI with the rise of the blockchain. Due to the automation and economic penalties of smart contracts, a PKI system is proposed based on smart contracts. The certificate chain was constructed in the blockchain, and a mechanism was adopted for auditing access to CA nodes in the blockchain. Experimental results show that security requirements of CA are met in this system.
