Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants t...Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants to maintain the storage state consistently.However,with the improvement of network environment complexity and system scale,blockchain development is limited by the performance,security,and scalability of the consensus protocol.To address this problem,this paper introduces the collaborative filtering mechanism commonly used in the recommendation system into the Practical Byzantine Fault Tolerance(PBFT)and proposes a Byzantine fault-tolerant(BFT)consensus protocol based on collaborative filtering recommendation(CRBFT).Specifically,an improved collaborative filtering recommendation method is designed to use the similarity between a node’s recommendation opinions and those of the recommender as a basis for determining whether to adopt the recommendation opinions.This can amplify the recommendation voice of good nodes,weaken the impact of cunningmalicious nodes on the trust value calculation,andmake the calculated resultsmore accurate.In addition,the nodes are given voting power according to their trust value,and a weight randomelection algorithm is designed and implemented to reduce the risk of attack.The experimental results show that CRBFT can effectively eliminate various malicious nodes and improve the performance of blockchain systems in complex network environments,and the feasibility of CRBFT is also proven by theoretical analysis.展开更多
Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policy...Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.展开更多
The complexity and diversity of the cloud business and the continuous growth of new services put forward higher requirements for businessoriented adaptive reconstruction of cloud networks. Therefore, by introducing th...The complexity and diversity of the cloud business and the continuous growth of new services put forward higher requirements for businessoriented adaptive reconstruction of cloud networks. Therefore, by introducing the construction idea of reconfiguration network into cloud network, this paper designs a business-oriented dynamic reconfiguration model of cloud computing network. In the design process of the model, the formal description of the model reconfigurable goal, the target-tree decomposition method and the target ordergraph relation representation method were proposed. A rapid-reconfiguration method based on similar node transformation, a specific reconfiguration process of the model and reconfiguration optimization algorithm were also presented in detail. The model provided an effective resolution to better realize the flexibility, scalability, security and self-adaptability of the network in the cloud environment, which ensures the reconfiguration continuity of the cloud network to meet ever-changing business requirements. Finally, the performance of the model is verified, which proves the high efficiency of the model the dynamic reconfiguration.展开更多
The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various proble...The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various problems appear in the centralization system of public key infrastructure (PKI). In recent years, in addition to cryptographic problems, attacks against PKI have focused on the single point of failure of certificate authority (CA). Although there are many reasons for a single point of failure, the purpose of the attack is to invalidate the CA. Thus a distributed authentication system is explored to provide a feasible solution to develop distributed PKI with the rise of the blockchain. Due to the automation and economic penalties of smart contracts, a PKI system is proposed based on smart contracts. The certificate chain was constructed in the blockchain, and a mechanism was adopted for auditing access to CA nodes in the blockchain. Experimental results show that security requirements of CA are met in this system.展开更多
Aiming at the requirement of anonymous supervision of digital certificates in blockchain public key infrastructure(PKI),this paper proposes a ring signature with multiple indirect verifications(RS-MIV).This mechanism ...Aiming at the requirement of anonymous supervision of digital certificates in blockchain public key infrastructure(PKI),this paper proposes a ring signature with multiple indirect verifications(RS-MIV).This mechanism can ensure multiple and indirect verification of certificate signer identity while preserving its anonymity.On this basis,a supervisable anonymous management scheme was designed based on smart contracts,which realizes the anonymity of certificate authority nodes,the anonymous issuance of digital certificates,the anonymous verification of digital certificates,and the traceability of illegal certificate issuers in the blockchain PKI.It is proved that the scheme can guarantee the anonymity and traceability of the certificate issuer’s identity at an acceptable cost.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.62102449)awarded to W.J.Wang.
文摘Blockchain has been widely used in finance,the Internet of Things(IoT),supply chains,and other scenarios as a revolutionary technology.Consensus protocol plays a vital role in blockchain,which helps all participants to maintain the storage state consistently.However,with the improvement of network environment complexity and system scale,blockchain development is limited by the performance,security,and scalability of the consensus protocol.To address this problem,this paper introduces the collaborative filtering mechanism commonly used in the recommendation system into the Practical Byzantine Fault Tolerance(PBFT)and proposes a Byzantine fault-tolerant(BFT)consensus protocol based on collaborative filtering recommendation(CRBFT).Specifically,an improved collaborative filtering recommendation method is designed to use the similarity between a node’s recommendation opinions and those of the recommender as a basis for determining whether to adopt the recommendation opinions.This can amplify the recommendation voice of good nodes,weaken the impact of cunningmalicious nodes on the trust value calculation,andmake the calculated resultsmore accurate.In addition,the nodes are given voting power according to their trust value,and a weight randomelection algorithm is designed and implemented to reduce the risk of attack.The experimental results show that CRBFT can effectively eliminate various malicious nodes and improve the performance of blockchain systems in complex network environments,and the feasibility of CRBFT is also proven by theoretical analysis.
基金Key Research and Development and Promotion Program of Henan Province(No.222102210069)Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003)National Natural Science Foundation of China(No.62102449).
文摘Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.
基金the National Natural Science Foundations of China (grant No. 61502531 and No. 61702550)the National Key Research and Development Plan (grant No. 2018YFB0803603 and No. 2016YFB0501901).
文摘The complexity and diversity of the cloud business and the continuous growth of new services put forward higher requirements for businessoriented adaptive reconstruction of cloud networks. Therefore, by introducing the construction idea of reconfiguration network into cloud network, this paper designs a business-oriented dynamic reconfiguration model of cloud computing network. In the design process of the model, the formal description of the model reconfigurable goal, the target-tree decomposition method and the target ordergraph relation representation method were proposed. A rapid-reconfiguration method based on similar node transformation, a specific reconfiguration process of the model and reconfiguration optimization algorithm were also presented in detail. The model provided an effective resolution to better realize the flexibility, scalability, security and self-adaptability of the network in the cloud environment, which ensures the reconfiguration continuity of the cloud network to meet ever-changing business requirements. Finally, the performance of the model is verified, which proves the high efficiency of the model the dynamic reconfiguration.
基金the National Natural Science Foundations of China (grant No. 61802436 and No. 61702550)he National Key Research and Development Plan (grant No. 2018YFB0803603 and No. 2016YFB0501901).
文摘The current Internet web trust system is based on the traditional PKI system, to achieve the purpose of secure communication through the trusted third party. However, with the increase of network nodes, various problems appear in the centralization system of public key infrastructure (PKI). In recent years, in addition to cryptographic problems, attacks against PKI have focused on the single point of failure of certificate authority (CA). Although there are many reasons for a single point of failure, the purpose of the attack is to invalidate the CA. Thus a distributed authentication system is explored to provide a feasible solution to develop distributed PKI with the rise of the blockchain. Due to the automation and economic penalties of smart contracts, a PKI system is proposed based on smart contracts. The certificate chain was constructed in the blockchain, and a mechanism was adopted for auditing access to CA nodes in the blockchain. Experimental results show that security requirements of CA are met in this system.
基金This work was supported in part by the National Key Research and Development Program of China under Grant 2018YFB0803603 and Grant 2016YFB0501901in part by the National Natural Science Foundation of China under Grant 61502531,Grant 61702550,and Grant 61802436.
文摘Aiming at the requirement of anonymous supervision of digital certificates in blockchain public key infrastructure(PKI),this paper proposes a ring signature with multiple indirect verifications(RS-MIV).This mechanism can ensure multiple and indirect verification of certificate signer identity while preserving its anonymity.On this basis,a supervisable anonymous management scheme was designed based on smart contracts,which realizes the anonymity of certificate authority nodes,the anonymous issuance of digital certificates,the anonymous verification of digital certificates,and the traceability of illegal certificate issuers in the blockchain PKI.It is proved that the scheme can guarantee the anonymity and traceability of the certificate issuer’s identity at an acceptable cost.
