• 《工程索引》(EI)刊源期刊
  • 综合性科学技术类中文核心期刊
  • 中国科技论文统计源期刊
  • 中国科学引文数据库来源期刊

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

网络安全等级保护下的区块链评估方法

朱岩 张艺 王迪 秦博涵 郭倩 冯荣权 赵章界

朱岩, 张艺, 王迪, 秦博涵, 郭倩, 冯荣权, 赵章界. 网络安全等级保护下的区块链评估方法[J]. 工程科学学报, 2020, 42(10): 1267-1285. doi: 10.13374/j.issn2095-9389.2019.12.17.007
引用本文: 朱岩, 张艺, 王迪, 秦博涵, 郭倩, 冯荣权, 赵章界. 网络安全等级保护下的区块链评估方法[J]. 工程科学学报, 2020, 42(10): 1267-1285. doi: 10.13374/j.issn2095-9389.2019.12.17.007
ZHU Yan, ZHANG Yi, WANG Di, QIN Bo-han, GUO Qian, FENG Rong-quan, ZHAO Zhang-jie. Research on blockchain evaluation methods under the classified protection of cybersecurity[J]. Chinese Journal of Engineering, 2020, 42(10): 1267-1285. doi: 10.13374/j.issn2095-9389.2019.12.17.007
Citation: ZHU Yan, ZHANG Yi, WANG Di, QIN Bo-han, GUO Qian, FENG Rong-quan, ZHAO Zhang-jie. Research on blockchain evaluation methods under the classified protection of cybersecurity[J]. Chinese Journal of Engineering, 2020, 42(10): 1267-1285. doi: 10.13374/j.issn2095-9389.2019.12.17.007

网络安全等级保护下的区块链评估方法

doi: 10.13374/j.issn2095-9389.2019.12.17.007
基金项目: 国家科技部重点研发计划资助项目(2018YFB1402702);国家自然科学基金资助项目(61972032);北京市经济和信息化局资助项目(HTBH_20200901_573)
详细信息
    通讯作者:

    E-mail:zhuyan@ustb.edu.cn

  • 中图分类号: TP306

Research on blockchain evaluation methods under the classified protection of cybersecurity

More Information
  • 摘要: 等级保护(简称等保)是我国信息安全的基本政策,随着区块链技术在各行业中的应用日趋广泛,有必要同步推进区块链系统的等级保护测评工作,这将有利于推动该技术在我国的持续健康发展。有鉴于此,依据等保第三级的应用和数据安全要求,给出了区块链系统中对等网络、分布式账本、共识机制和智能合约等核心技术的具体测评要求及实施方案,并从等保2.0规定的控制点出发,分别对当前区块链系统运行数据与基于日志流程的安全审计机制进行了归纳与分析。通过上述评估与分析可知区块链系统在软件容错、资源控制和备份与恢复等方面满足等保要求,而在安全审计、身份鉴别、数据完整性等方面则有待进一步改进。
  • 图  1  区块链框架

    Figure  1.  Blockchain framework

    图  2  比特币P2P网络规模变化图。(a)近3个月比特币网络规模变化图;(b) 2009年之后比特币网络规模变化图

    Figure  2.  Scale change of Bitcoin P2P network: (a) scale change of Bitcoin P2P network in last three months; (b) scale change of Bitcoin P2P network since 2009

    图  3  共识过程时序关系图

    Figure  3.  Consensus timing diagram

    图  4  比特币全网算力图

    Figure  4.  Bitcoin hashrate historical chart

    图  5  共识机制难度变化趋势图(比特币)

    Figure  5.  Consensus difficulty change trend diagram(Bitcoin)

    图  6  区块链交易结构

    Figure  6.  Structure of blockchain transaction

    图  7  区块链系统中已确认和未确认交易数量对比(近3个月)。(a)比特币与以太坊确认交易量图;(b)比特币中未确认交易增长变化图

    Figure  7.  Comparison between confirmed and unconfirmed transactions in the blockchain systems: (a) diagram of confirmed transactions for Bitcoin and Ethereum; (b) growth chart of unconfirmed transactions for Bitcoin

    图  8  常用脚本机制

    Figure  8.  Common scripting mechanism

    图  9  区块链日志生成流程图

    Figure  9.  Blockchain log workflow chart

    表  1  定级要素与安全等级的关系

    Table  1.   Relation between grading elements and safety level

    程度
    Degree
    公民、法人、其他组织
    Citizens, corporations and other organizations
    社会秩序、社会公共利益
    Social order, public interest
    国家安全
    National security
    损害
    General damage
    第一级
    Level 1
    第二级
    Level 2
    第三级
    Level 3
    严重损害
    Significant damage
    第二级
    Level 2
    第三级
    Level 3
    第四级
    Level 4
    特别严重损害
    Especially significant damage
    第三级
    *Level 3
    第四级
    Level 4
    第五级
    Level 5
    * Classified protection 1.0 is level 2.
    下载: 导出CSV

    表  2  等级保护1.0与2.0三级应用层控制点对比

    Table  2.   Comparison of application layer control points in classified protection 1.0 and 2.0 at level 3

    版本
    Version
    类别
    Category
    控制点
    Control points
    等级保护1.0
    Classified protection 1.0
    应用安全
    Application security
    身份鉴别、访问控制、安全审计、通信完整性、通信保密性、软件容错、资源控制
    Identity authentication, access control, security audit, communication integrity, communication confidentiality, software fault tolerance, resource control
    数据安全及备份恢复
    Data security and backup recovery
    数据完整性、数据保密性、备份和恢复
    Data integrity, data confidentiality, backup and recovery
    等级保护2.0
    Classified protection 2.0
    应用和数据安全
    Application and data security
    身份鉴别、访问控制、安全审计、软件容错、资源控制、数据完整性、数据保密性、
    数据备份和恢复、剩余信息保护、个人信息保护
    Identity authentication, access control, security audit, software fault tolerance, resource control, data integrity, data confidentiality, data backup and recovery, residual
    information protection, personal information protection
    下载: 导出CSV

    表  3  分布式对等网络测评

    Table  3.   Distributed peer-to-peer network assessment

    类别
    Categories
    测评项
    Items
    实施
    Implementation
    预期效果
    Expected Effectiveness
    实际测评结果说明
    Description of actual evaluation results
    达标
    Y/N
    身份鉴别
    Identification
    节点接入控制
    Node link control
    查看连入区块链是否
    需要认证
    Check if the connection to the Blockchain requires authentication
    当节点连入系统时,对其进行身份认证,控制节点接入
    When nodes are connected, the system authenticates themto restrict node access.
    节点接入时没有对身份
    进行认证
    The identity is not authenticated when the node is connected.

    N
    软件容错
    Software fault tolerance
    自我保护与自适应
    Self-protection and self-adaptation
    网络不稳定时查看信息传输情况
    Inspect information transmission when the network is unstable.
    网络抖动对传输不会造成太大影响,系统运行稳定Network jitter does not have much impact on transmission. Blockchain runs stably.网络抖动时,区块链
    系统运行稳定
    Blockchain system runs stably when network jitter occurs.

    Y
    资源控制
    Resource control
    并发连接限制
    Concurrent connection restriction
    查看节点最大连接数目
    View the maximum number of connections on nodes
    对最大并发连接进行限制,防止系统资源耗尽
    Limit maximum concurrent connections to prevent system resource exhaustion
    节点连接不超过117个输入连接,向其他节点发起
    8个输出连接。
    Node connections do not exceed 117 input connections and 8 output connections.

    Y
    连接超时限制
    Connection timeout limit
    查看相关网络配置
    View related network configurations
    自动结束长期无应答的会话防止系统资源占用
    Automatically end long-term unanswered sessions to prevent system resource usage.
    某个节点超过30 min没有新消息,则发送心跳消息,长达90 min没有通信,则结束会话
    If there is no communication for more than 30 minutes, a heartbeat message is sent. End the session if there is no communication for 90 minutes.

    Y
    数据完整性
    Data integrity
    单播通信防篡改
    Anti-tampering of unicast
    查看数据传输是否加密防
    篡改安全
    Check whether data transmission is encrypted and tamper-proof
    数据在点对点通信过程中不被篡改
    Data is not tampered with in the process of point-to-point communication.
    不能保障数据在单播通信过程中的完整性
    The integrity of data in unicast communication cannot be guaranteed.

    N
    广播通信防篡改
    Multicast communication tamper-proof
    能否提供通信多播,广播功能,通信过程中数据是否防篡改
    Check whether the system can provide communication multicast, broadcast function and tamper-proof data in the process of communication
    数据在广播通信过程中
    不被篡改
    Data is not tampered with during broadcast communication.
    不能保障数据在广播通信过程中的完整性
    The Bitcoin system does not guarantee the integrity of data in the broadcast communication process.

    N
    转发通信防篡改
    Forwarding communication tamper-proof
    转发功能及数据防篡改
    Data tampering prevention in forwarding communication
    数据在某节点通过转发时
    不被篡改
    Data is not tampered with when forwarded by a node.
    不能保障数据在转发通信过程中的完整性
    The integrity of data in the process of forwarding communication cannot be guaranteed

    N
    安全审计
    Security audit
    网络状态获取更新
    Network status get update
    查看日志是否记录
    节点状态信息
    Check whether the log records
    node status information.
    能够为系统的稳定运行提供可信的节点数据
    Ability to provide trusted node data for stable operation of the system.
    存在单个节点的状态更新记录,但更新记录不进行全网交换,无法获取全网状态
    There is a status update record for a single node. However, update records are not exchanged in the whole network, the whole network status cannot be obtained.

    N
    网络节点动态监测
    Network node dynamic monitoring
    是否对在线节点数量
    进行统计
    Statistics on the number of
    online nodes
    具备对节点动态增加和减少的识别能力
    Ability to recognize nodes dynamically increasing and decreasing.
    区块链系统具备全网节点数量实时统计能力
    The Bitcoin system does not have the real-time statistical ability of the number of nodes in the whole network.

    Y
    下载: 导出CSV

    表  4  不同区块链参数选择对网络传输影响[43]

    Table  4.   Impact of parameter selection on network transmission in different blockchains[43]

    ParameterBitcoinLitecoinDogecoinEthereum
    区块间隔
    Block interval
    10 min
    10 min
    2.5 min
    2.5 min
    1 min
    1 min
    10−20 s
    10−20 s
    公共节点
    Public nodes
    60008006004000
    挖矿池
    Mining pools
    16121213
    陈腐块率/%
    Stale block rate
    0.410.2730.6196.8
    区块大小/KB
    Block size
    534.86.1181.5
    下载: 导出CSV

    表  5  共识机制测评

    Table  5.   Consensus mechanism assessment

    类别
    Categories
    测评项
    Items
    实施
    Implementation
    预期效果
    Expected effectiveness
    实际测评结果说明
    Description of actual
    evaluation results
    达标
    Y/N
    资源控制
    Resource control
    共识资源控制
    Consensus resource control
    检测计算机中资源
    使用情况。
    Check the use of resources in the computer
    共识机制消耗计算机资源
    应该最小化原则
    Consensus mechanisms should minimize the consumption of computer resources.
    PoW共识机制计算资源耗费较大,但系统资源可控
    PoW consumes a lot of computing resources, but the system resources are controllable.

    Y
    备份与恢复
    Backup and recovery
    实时备份
    Real-time backup
    查看节点是否同步了
    新共识区块
    Check whether the node has synchronized the new consensus block
    全网节点具有相同的数据副本
    All network nodes have the
    same data replica.
    节点实时备份区块链中产生的交易数据
    Real-time backup of transaction data generated in Bitcoin system by nodes.

    Y
    系统热冗余
    System hot redundancy
    查看节点瘫痪后
    系统可用性
    View system availability after node paralysis
    业务连续性未被中断
    Business continuity not interrupted.
    节点之间互为冗余,单一或少数节点故障不影响系统稳定性和可用性
    Nodes are redundant to each other and single or few node failures do not affect the stability and availability of the system.

    Y
    共识效果
    Consensus effect
    共识容错性
    Consensus fault tolerance
    设置异常节点,查看共识情况
    Set exception nodes and view consensus.
    存在共识阈值,使得超过阈值的节点达到共识即代表全网共识完成
    There is a consensus threshold, so that the node exceeding the threshold reaches the consensus, which means that the consensus of the whole network is completed.
    系统可容纳5%的节点共识错误。95%以上的节点
    共识成功即可
    The system can accommodate 5% node consensus errors. More than 95% of the nodes are successful.

    Y
    共识有效性
    Consensus Effectiveness
    发起非法交易,查看共识是否失败
    Initiate an illegal transaction to see if the consensus failed
    非法交易共识失败。通过对交易进行正确性和逻辑性验证,使恶意造假交易的代价昂贵,避免恶意共识
    Illegal transaction consensus failed. By verifying the correctness and logic of the transaction, the cost of malicious fraudulent transactions is expensive and avoids malicious consensus.
    非法交易不能被共识通过
    Illegal transactions cannot be passed by consensus.

    Y
    共识结果一致性
    Consensus consistency
    发起合法交易,查看共识结果是否满足一致
    Initiate a legal transaction and see if the consensus result is consistent
    忠诚参与方共识结果
    具有一致性
    Loyal participant consensus results are consistent.
    对于合法交易区块链系统达成共识后写入区块链
    After agreeing on the legal transaction of Bitcoin system, it is written into the blockchain.

    Y
    下载: 导出CSV

    表  6  分布式账本测评

    Table  6.   Distributed ledger assessment

    类别
    Categories
    测评项
    Items
    实施
    Implementation
    预期效果
    Expected effectiveness
    实际测评结果说明
    Description of actual evaluation results
    达标
    Y/N
    软件容错
    Software fault tolerance
    账本格式规范性
    Standardization of ledger
    查看账本中的数据格式是否有统一标准
    Check whether the data format in the ledger has a uniform standard
    交易、区块等数据按照数据格式进行存储
    Data such as transactions and blocks are stored
    in data format.
    区块链系统交易、区块等均有统一组织标准
    Blockchain system transactions, blocks, etc. have unified organizational standards.

    Y
    访问控制
    Access control
    账本访问控制
    Ledger access control
    查看是否存在访问策略监管节点及访问控制策略
    Check whether there is an access policy supervision node and access control policy
    对账本上的数据资源进行保护,防止非法访问
    Protect the data resources
    on the ledger against
    illegal access
    作为公有链系统没有完备的访问控制策略
    Bitcoin as a public blockchain, there is no complete access control strategy

    N
    数据完整性
    Data integrity
    存储完整性
    Storage integrity
    查看数据存储是否存在哈希、指纹等机制保障存储的完整性
    Check if there is a hash mechanism in the data storage to ensure the integrity of the storage
    存储内容被哈希处理,完整性得到保障
    Stored data is hashed and integrity is guaranteed.
    将交易按照默克尔树的形式进行哈希并存储于区块
    Bitcoin hashes transactions in the form of Merkel trees and stores them in blocks.

    Y
    数据保密性
    Data confidentiality
    存储保密性
    Storage Confidentiality
    查看机密数据的存储
    是否加密
    Check if the storage of confidential data is encrypted
    数据存储不是以明文格式
    Data is not stored in plaintext format.
    数据存储是以明文的16进制形式进行存储,方便查询和验证
    Bitcoin data storage is stored in plaintext in hexadecimal form, which is convenient for query and verification.

    N
    账本功能
    Ledgerfunction
    数据抗抵赖
    Data non-repudiation
    查看账本中的交易数据来源是否有效
    Check if the transaction data in the ledger is signed
    交易被各个参与方签名,使交易可溯源,以达到抗抵赖的作用。
    The transaction is signed by each participant, so that the transaction can be traceable to achieve the role of non-repudiation.
    区块链系统通过对交易数据进行签名达到了数据
    抗抵赖的作用
    Bitcoin achieves data non-repudiation by signing transaction data.

    Y
    账本数据同步
    Ledger data synchronization
    查看是否有完全节点,
    节点间存储账本数据
    是否一致
    Check if there is a full node, store all data in the ledger
    全节点中同步了账本中所有的数据,可以通过全节点得到区块链数据的完整副本
    All the data in the ledger is synchronized in the full node. A complete copy of the blockchain data can be obtained from full nodes.
    区块链系统中存在同步了账本所有数据的全节点,并能对同步过程中发现的数据错误予以检测及确认
    There are full nodes in the Bitcoin system that synchronize all the data of the ledger.

    Y
    账本数据幂等
    Ledger data idempotentce
    查看账本信息中检索同样的数据结果是否一致
    Check if the results of retrieving the same data
    are consistent
    在查询相同记录时具有
    相同的结果,确保
    数据的一致性
    Ensure data consistency by querying the same records with the same results.
    区块链系统存入账本的数据均通过共识,账本数据具有幂等性
    The data of Bitcoin deposited in the ledger has passed the consensus, and ledger data has idempotency.

    Y
    下载: 导出CSV

    表  7  区块链头信息及长度限制

    Table  7.   Information and length limit of Blockchain Header

    数据项
    Items
    用途
    Use
    大小(字节)
    Size(byte)
    区块版本V
    Version
    区块版本号
    Block version number
    4
    难度D
    Difficulty Target
    用以标注挖矿难度
    To indicate the difficulty of mining
    4
    前区块哈希
    PreH Pre-block hash
    基于区块中所有交易的256位hash值
    Based on the 256-bit hash value of all transactions in the block
    32
    默克尔树根M
    Merkletree Root
    交易内容hash256值
    The value of the transaction content 256-bit hash
    32
    随机数N
    Nonce
    用以调整当前区块头hash值
    To adjust the current block head hash value
    4
    时间戳T
    Timestamp
    UNIX时间戳A
    UNIX timestamp
    4
    下载: 导出CSV

    表  8  区块链合约计算层测评

    Table  8.   Blockchain contract computing layer evaluation

    类别
    Categories
    测评项
    Items
    实施
    Implementation
    预期效果
    Expected effectiveness
    实际测评结果说明
    Description of actual evaluation results
    达标
    Y/N
    身份鉴别
    Identification
    执行身份验证
    Performingentity authentication
    查看合约是否许可查看或限定执行者身份
    Check if the contract can be viewed or qualify executor’s identity
    应对登录的用户进行身份标识和鉴别,身份标识具有唯一性,身份鉴别信息具有复杂度
    The identification and authentication should be carried out for the logged-in user. The identification is required to be unique and complicated.
    在发布交易时,区块链会对执行者身份进行验证,因此可以控制执行合约的身份
    When publishing a transaction, the blockchain verifies the executor’s identity, thus constraining the execution of contract.

    Y
    安全审计
    Security audit
    行为事件审计
    Behavioral event audit
    能否验证智能
    合约的执行
    Check if to verify the execution of smart contract
    应启用安全审计功能,审计覆盖到每个用户,对重要的用户行为和重要
    安全事件进行审计
    The security audit function should be enabled to cover every user over significant user actions and
    security events.
    所有参与挖矿节点会
    验证智能合约执行的
    正确性
    All nodes involved in mining can verify the correctness of smart contract execution.

    Y
    审计记录
    Audit records
    是否记录了审计的
    相关信息
    Check if audit information is recorded
    审计记录应包括事件的日期和时间、用户、事件类型、事件是否成功等。应对审计记录进行保护,定期备份,避免受到未预期的删除、修改或覆盖等
    The audit record should include the date and time of event, the executor, the type
    of event, the state if the event was successful, etc. Audit records should
    be protected and backed up regularly to avoid unexpected deletions, modifications or overwrites.
    区块中的交易记录了智能合约的执行时间、执行用户、执行的输入与输出
    The transactions in the block record the execution time, the executors, the input and output of the smart contract.

    N
    恶意代码防范
    Malicious code protection
    免受恶意代码攻击
    Protection from
    malicious code
    是否有免受恶意代码攻击的机制
    Check if there is a mechanism to protect against malicious code
    应采用免受恶意代码攻击的技术措施或主动免疫可信验证机制及时识别入侵和病毒行为,并将其有效阻断。
    It is necessary to adopt the technical measures to avoid the attack of malicious code or the trusted verification mechanism with active immunity to identify the intrusion and virus behavior in time and block it effectively.
    通过限定的寻址方式、
    限定的指令集以及Docker等运行环境或其他机制使得本地计算机及区块链系统不会
    受到影响
    Local computers and blockchain systems do not be affected byrestricted addressing methods, limited instruction sets, operating platforms such as Docker, or other mechanisms.

    Y
    数据完整性
    Data integrity
    传输完整性
    Transmission integrity
    查看是否通过校验技术或密码技术保证
    数据完整性
    Check if data integrity is guaranteed by CRC or cryptography
    应采用校验技术或密码技术保证重要数据在传输过程中的完整性。
    Verification technology or cryptography should be adopted to ensure the integrity of important data during transmission.
    存在单个节点的状态
    更新记录
    There are status updating records for individual nodes.

    Y
    数据保密性
    Data confidentiality
    传输保密性
    Transmission confidentiality
    查看是否通过密码技术保证数据保密性
    Check if data onidenticality is guaranteed by cryptography.
    应采用密码技术保证重要数据
    在传输过程中的保密性。
    Cryptography should be adopted to ensure the confidentiality of important data during transmission.
    区块链系统不具备全网节点数量实时统计能力
    The blockchain system does not have the real-time statistical ability on the number of nodes in the whole network.

    N
    下载: 导出CSV

    表  9  区块链系统error审计分类

    Table  9.   Blockchain error audit classification

    功能
    Function
    接口函数
    Interface function
    输出错误
    Output error
    初始化错误
    Initialization error
    AppInit2_Cold()Winsock库、初始化完整性检测、钱包文件损坏等
    Winsock Library, Initial Integrity Detection, Wallet File Damage, etc.
    交易错误
    Transaction error
    CheckTransaction()检查交易时出错,如输入输出为空等交易格式错误
    Errors in checking transactions, such as empty input and output, etc.
    AcceptToMemoryPool()验证交易合理性并存入交易池时发生错误,如输入已经被花费等
    Errors occur when validating the reasonableness of transactions
    and storing them in the trading pool, such as input being spent, etc.
    CScriptCheck()脚本签名错误
    Script signature error
    CheckInputs()交易输入错误,如:交易总输入<总输出
    Transaction input errors, such as: total transaction input <total output
    CheckSignature()检查签名时出错
    Error in checking signature
    区块错误
    Block error
    WriteBlockToDisk()将区块写入磁盘出错,如文件打开失败
    Errors in writing blocks to disk, such as file opening failure
    ReadBlockFromDisk()从磁盘读出区块出错,如打开区块文件失败
    Error reading block from disk, such as failure to open block file
    DisconnectBlock()断开区块链接时出错
    Error while disconnecting block links
    ConnectBlock()连接区块时出错,如资产提交时出错
    Error connecting blocks, such as asset submission
    CheckBlock()检查区块时出错,如默克尔树根不匹配
    Error checking blocks, such as Merkle root mismatch
    ContextualCheckBlockHeader检查区块头部信息是否出错,如块的时间戳太早
    Check if block header information is wrong, such as block timestamp too early
    LoadBlockIndex()加载区块索引出错,如将创世块写入磁盘失败
    Error loading block index, such as failure to write Genesis block to disk
    共识错误
    Consensus error
    CheckBlockHeader()工作量证明失败 Proof-of-work error
    AcceptBlock()未找到工作量证明
    Accepting blocks makes errors, such as failing to find proof-of-work
    网络错误
    Network error
    RecvLine()socket错误Socket error
    Read()连接节点数据文件peer.dat读错误
    Error in peer.dat reading of connection node data file
    Write()连接节点数据文件peer.dat写错误
    Error in peer.dat writing of connection node data file
    Connect()连接错误 Connection error
    ProcessMessage()侦听并处理网络中的不同的消息时出错
    Errors in listening for and processing different messages in the network
    远程过程调用
    Remote procedure call
    JSONRPCError远程过程调用请求、解析、参数等错误
    Errors in remote procedure call requests, parsing, parameters, etc.
    下载: 导出CSV

    表  10  区块链系统测评结果总结

    Table  10.   Summary of evaluation results of blockchain system

    类别
    Categories
    测评项
    Items
    达标 √/×
    比特币
    Bitcoin
    以太坊
    Ethereum
    超级账本
    Hyperledger
    分布式对等网络测评
    Distributed P2P network assessment
    软件容错
    Software fault tolerance
    自我保护与自适应
    Self-protection and self-adaptation
    资源控制
    Resource control
    并发连接限制
    Concurrent connection restriction
    连接超时限制
    Connection timeout limit
    身份鉴别
    Identification
    节点接入控制
    Node link control
    ××
    分布式对等网络测评
    Distributed P2P network assessment
    数据完整性
    Data integrity
    单播通信防篡改
    Anti-tampering of unicast
    ×××
    广播通信防篡改
    Multicast communication tamper-proof
    ×××
    转发通信防篡改
    Forwarding communication tamper-proof
    ×××
    安全审计
    Security audit
    网络状态获取更新
    Network status get update
    ××
    网络节点动态监测
    Network node dynamic monitoring
    分布式账本测评
    Distributed ledgers assessment
    软件容错
    Software fault tolerance
    账本格式规范性
    Standardization of ledger
    访问控制
    Access control
    账本访问控制
    Ledger access control
    ××
    数据完整性
    Data integrity
    存储完整性
    Storage integrity
    数据保密性
    Data confidentiality
    存储保密性
    Storage confidentiality
    ×××
    账本功能
    Ledger function
    数据抗抵赖
    Data non-repudiation
    账本数据同步
    Ledger data synchronization
    账本数据幂等
    Ledger data idempotence
    共识机制测评
    Consensus mechanism assessment
    资源控制
    Resource control
    共识资源测评
    Consensus Resource Control
    备份与恢复
    Backup and recovery
    实时备份
    Real-time backup
    系统热冗余
    System hot redundancy
    共识效果
    Consensus effect
    共识容错性
    Consensus fault tolerance
    共识有效性
    Consensus effectiveness
    共识结果一致性
    Consensus Consistency
    合约计算层测评
    Contract computing layer assessment
    身份鉴别
    Identification
    执行身份验证
    Performing entity authentication
    安全审计
    Security audit
    行为事件审计
    Behavioral event audit
    审计记录
    Audit records
    ×××
    恶意代码防范
    Malicious code protection
    免受恶意代码攻击
    Protection from malicious code
    数据完整性
    Data integrity
    传输完整性
    Transmission integrity
    数据保密性
    Data confidentiality
    传输保密性
    Transmission confidentiality
    ×××
    统计
    Statistics
    达标个数
    Number of qualified items
    19
    Nineteen
    19
    Nineteen
    22
    Twenty-two
    下载: 导出CSV
  • [1] Nakamoto S, Bitcoin: a peer-to-peer electronic cash system[J/OL]. Bitcoin Online (2008-10-31)[2019-12-17] https://bitcoin.org/bitcoin.pdf
    [2] Mettler M. Blockchain technology in healthcare: the revolution starts here // 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom). Munich, 2016: 1
    [3] 安瑞, 何德彪, 张韵茹, 等. 基于区块链技术的防伪系统的设计与实现. 密码学报, 2017, 4(2):199

    An R, He D B, Zhang Y R, et al. The design of an anti-counterfeiting system based on blockchain. J Cryptol Res, 2017, 4(2): 199
    [4] 田海博, 何杰杰, 付利青. 基于公开区块链的隐私保护公平合同签署协议. 密码学报, 2017, 4(2):187

    Tian H B, He J J, Fu L Q. A privacy preserving fair contract signing protocol based on block chains. J Cryptologic Res, 2017, 4(2): 187
    [5] Wijaya D A. Extending asset management system functionality in bitcoin platform // 2016 International Conference on Computer, Control, Informatics and its Applications (IC3INA). Tangerang, 2016: 97
    [6] Tian Z H, Wang B L, Ye Z W, et al. The survey of information system security classified protection // Electrical Engineering and Control. Springer, Berlin, Heidelberg, 2011: 975
    [7] 夏冰. 网络安全法和网络安全等级保护2.0. 北京: 电子工业出版社, 2017

    Xia B. Cybersecurity Law and Classified Protection of Cybersecurity 2.0. Beijing: Publishing House of Electronics Industry, 2017
    [8] 郭启全. 网络安全法与网络安全等级保护制度培训教程(2018版). 北京: 电子工业出版社, 2018

    Guo Q Q. Book of Cybersecurity Law and Classified Protection of Cybersecurity. Beijing: Publishing House of Electronics Industry, 2018
    [9] 邓若伊, 余梦珑, 丁艺, 等. 以法制保障网络空间安全构筑网络强国——《网络安全法》和《国家网络空间安全战略》解读. 电子政务, 2017(02):2

    Deng R Y, Yu M L, Ding Y, et al. Safeguarding cyberspace security by law and building a cyber power— —Interpretation of cybersecurity law of the People’s Republic of China and National cyberspace security strategy. E-Government, 2017(02): 2
    [10] 朱继锋, 赵英杰, 杨贺, 等. 等级保护思想的演化. 信息安全与通信保密, 2011(4):70 doi: 10.3969/j.issn.1009-8054.2011.04.029

    Zhu J F, Zhao Y J, Yang H, et al. The evolution of classified protection idea. Inform Security Commun Privacy, 2011(4): 70 doi: 10.3969/j.issn.1009-8054.2011.04.029
    [11] 马力, 祝国邦, 陆磊. 《网络安全等级保护基本要求》(GB/T 22239—2019)标准解读. 信息网络安全, 2019, 19(2):77 doi: 10.3969/j.issn.1671-1122.2019.02.010

    Ma L, Zhu G B, Lu L. Baseline for classified protection of cybersecurity (GB/T 22239—2019) standard interpretation. Netinfo Security, 2019, 19(2): 77 doi: 10.3969/j.issn.1671-1122.2019.02.010
    [12] 高员, 黄晓昆, 李秀伟. 等保2.0时代云计算安全要求及测评实践. 信息安全研究, 2018, 4(11):987 doi: 10.3969/j.issn.2096-1057.2018.11.004

    Gao Y, Huang X K, Li X W. Cloud computing security requirements and measurement practices in the classified protection 2.0Era. J Inform Security Res, 2018, 4(11): 987 doi: 10.3969/j.issn.2096-1057.2018.11.004
    [13] 黄钟, 陈肖, 文书豪, 等. 大数据安全测评框架和技术研究. 通信技术, 2017, 50(8):1810 doi: 10.3969/j.issn.1002-0802.2017.08.038

    Huang Z, Chen X, Wen S H, et al. Security testing frame and technology of big data. Commun Technol, 2017, 50(8): 1810 doi: 10.3969/j.issn.1002-0802.2017.08.038
    [14] 王宁, 刘志军. 物联网安全中的等级保护研究. 信息网络安全, 2011(6):5

    Wang N, Liu Z J. The internet of things security protection level of the research. Netinfo Security, 2011(6): 5
    [15] Wood G. Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 2014, 151: 1
    [16] Androulaki E, Barger A, Bortnikov V, et al. Hyperledger fabric: A distributed operating system for permissioned Blockchains // Proceedings of the Thirteenth EuroSys Conference (EuroSys 2018). Porto, 2018: 1
    [17] Kosba A, Miller A, Shi E, et al. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts // 2016 IEEE Symposium on Security and Privacy (SP). San Jose, 2016: 839
    [18] 朱岩, 甘国华, 邓迪, 等. 区块链关键技术中的安全性研究. 信息安全研究, 2016, 2(12):1090

    Zhu Y, Gan G H, Deng D, et al. Security architecture and key technologies of blockchain. J Inform Security Res, 2016, 2(12): 1090
    [19] Antonopoulos A M. Mastering Bitcoin: Unlocking Digital Cryptocurrencies. California: O'Reilly Media, Inc, 2014
    [20] Ben Mariem S, Casas P, Donnet B. Vivisecting blockchain P2P networks: Unveiling the bitcoin IP network // ACM CoNEXT Student Workshop. Crete, 2018
    [21] Gencer A E, Basu S, Eyal I, et al. Decentralization in bitcoin and ethereum networks // International Conference on Financial Cryptography and Data Security. Berlin, 2018: 439
    [22] Donet J A D, Pérez-Sola C, Herrera-Joancomartí J. The bitcoin P2P network // Proceedings of the 1st Workshop on Bitcoin Research (in Assocation with Financial Crypto 14). Berlin, 2014: 87
    [23] Du M X, Ma X F, Zhang Z, et al. A review on consensus algorithm of blockchain // 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC). Banff, 2017: 2567
    [24] Gramoli V. From blockchain consensus back to byzantine consensus. Future Generation Comput Syst, 2020, 107: 760 doi: 10.1016/j.future.2017.09.023
    [25] Nguyen G T, Kim K. A survey about consensus algorithms used in blockchain. J Inform Process Syst, 2018, 14(1): 101
    [26] Fullmer D, Morse A S. Analysis of difficulty control in bitcoin and proof-of-work blockchains // 2018 IEEE Conference on Decision and Control (CDC). Miami Beach, 2018: 5988
    [27] Taylor D. An Analysis of Bitcoin and the Proof of Work Protocols Energy Consumption, Growth, Impact and Sustainability[Dissertation]. Glasgow: University of Strathclyde, 2018
    [28] Castro M, Liskov B. Practical Byzantine fault tolerance // Proceedings of the Third USENIX Symposium on Operating Systems Design and Implementation (OSDI). New Orleans, 1999: 173
    [29] Borran F, Schiper A. A leader-free byzantine consensus algorithm // International Conference on Distributed Computing and Networking. Berlin, 2010: 67
    [30] Saleh, F. Blockchain without waste: proof-of-stake. Economics Networks eJ. http://dx.doi.org/10.2139/ssrn.3183935
    [31] Bach L M, Mihaljevic B, Zagar M. Comparative analysis of blockchain consensus algorithms // 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). Opatija, 2018: 1545.
    [32] Kiayias A, Koutsoupias E, Kyropoulou M, et al. Blockchain mining games // Proceedings of the 2016 ACM Conference on Economics and Computation. ACM, 2016: 365
    [33] Levine M. Scientific method and the adversary model: Some preliminary thoughts. Am Psychologist, 1974, 29(9): 661 doi: 10.1037/h0037627
    [34] Dey S. A proof of work: Securing majority-attack in blockchain using machine learning and algorithmic game theory. Int J Wireless Microwave Technol, 2018, 8(5): 1 doi: 10.5815/ijwmt.2018.05.01
    [35] Heusser J. SAT solving-An alternative to brute force bitcoin mining[J/OL]. Technical Report(2013-02-03)[2019-12-17]. https://jheusser.github.io/2013/02/03/satcoin.html
    [36] Eyal I, Sirer E G. Majority is not enough: Bitcoin mining is vulnerable. Commun ACM, 2018, 61(7): 95 doi: 10.1145/3212998
    [37] Heilman E, Kendler A, Zohar A, et al. Eclipse attacks on bitcoin’s peer-to-peer network// Proceedings of the 24th USENIX Conference on Security Symposium (SEC'15). Washington D.C., 2015: 129
    [38] Douceur J R. The sybil attack // International Workshop on Peer-to-Peer Systems. Berlin, 2002: 251
    [39] Chohan, Usman W. The double spending problem and cryptocurrencies. Inf Syst Economics eJ, http://dx.doi.org/10.2139/ssrn.3090174
    [40] Decker C, Wattenhofer R. Information propagation in the bitcoin network // IEEE P2P 2013 Proceedings. Trento, 2013: 1
    [41] Decker C, Wattenhofer R. Bitcoin transaction malleability and MtGox // 19th European Symposium on Research in Computer Security. Wroclaw, 2014: 313
    [42] Zhu Y, Guo R Q, Gan G H, et al. Interactive incontestable signature for transactions confirmation in bitcoin blockchain // 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC). Atlanta, 2016: 443
    [43] Gervais A, Karame G O, Wüst K, et al. On the security and performance of proof of work blockchains // Proceedings of the 2016 ACM SIGSAC Cnference on Computer and Communications Security. New York, 2016: 3
    [44] Sekiguchi K, Chiba M, Kashima M. The Securities Settlement System and Distributed Ledger Technology. Bank of Japan Research Laboratory Series, 2018
    [45] Bowden R, Keeler H P, Krzesinski A E, et al. Block arrivals in the Bitcoin blockchain[J/OL]. arXiv preprint(2018-01-23)[2019-12-17]. https://arxiv.org/pdf/1801.07447.pdf
    [46] Son K T, Thang N T, Dong T M, et al. Blockchain technology for data entirety. Sci Research, 2019, 6(6): 68
    [47] Merkle R C. Protocols for public key cryptosystems // 1980 IEEE Symposium on Security and Privacy. Oakland, 1980: 122
    [48] Szydlo M. Merkle tree traversal in log space and time // International Conference on the Theory and Applications of Cryptographic Techniques. Interlaken, 2004: 541
    [49] Jakobsson M, Leighton T, Micali S, et al. Fractal Merkle tree representation and traversal // Cryptographers’ Track at the RSA Conference. San Francisco, 2003: 314
    [50] Delgado-Segura S, Pérez-Solà C, Herrera-Joancomartí J, et al. Bitcoin private key locked transactions. Inform Process Lett, 2018, 140: 37 doi: 10.1016/j.ipl.2018.08.004
    [51] Stanciu N. Importance of event log management to ensure information system security. Metalurgia Int, 2013, 18(2): 144
    [52] Kreps J, Narkhede N, Rao J. Kafka: a distributed messaging system for log processing // Proceedings of the NetDB. Athens, 2011
    [53] Aniello L, Baldoni R, Gaetani E, et al. A prototype evaluation of a tamper-resistant high performance blockchain-based transaction log for a distributed database // 2017 13th European Dependable Computing Conference (EDCC). Geneva, 2017: 151
  • 加载中
图(9) / 表(10)
计量
  • 文章访问数:  3034
  • HTML全文浏览量:  711
  • PDF下载量:  81
  • 被引次数: 0
出版历程
  • 收稿日期:  2019-12-17
  • 刊出日期:  2020-10-25

目录

    /

    返回文章
    返回