计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (3): 66-82.DOI: 10.3778/j.issn.1002-8331.2107-0404
刘双印,雷墨鹥兮,王璐,孙传恒,徐龙琴,曹亮,冯大春,郑建华,李景彬
出版日期:
2022-02-01
发布日期:
2022-01-28
LIU Shuangyin, LEI Moyixi, WANG Lu, SUN Chuanheng, XU Longqin, CAO Liang,FENG Dachun, ZHENG Jianhua, LI Jingbin
Online:
2022-02-01
Published:
2022-01-28
摘要: 区块链是基于数字加密货币基础上发展而来的分布式数据库技术,区块链系统具有去中心化、不可篡改、高度自治、分布共识等特点,为无需第三方监管实现分布式一致性问题提供了解决方案。随着区块链技术快速发展,区块链在弱信任平台应用领域更加普及,但也面临着自身系统漏洞和安全攻击的挑战。从区块链研究背景及漏洞发展趋势入手,总结分析了区块链关键技术原理及其优缺点、区块链系统存在的技术漏洞和安全攻击,并对技术漏洞和漏洞攻击类型进行归纳分类,指出语法错误、环境配置和图形界面错误是区块链系统中排前三的漏洞缺陷,漏洞攻击对区块链系统构成极大的安全威胁,务必加以重视和防范,以期对未来区块链技术改进发展提供参考与借鉴。
刘双印, 雷墨鹥兮, 王璐, 孙传恒, 徐龙琴, 曹亮, 冯大春, 郑建华, 李景彬. 区块链关键技术及存在问题研究综述[J]. 计算机工程与应用, 2022, 58(3): 66-82.
LIU Shuangyin, LEI Moyixi, WANG Lu, SUN Chuanheng, XU Longqin, CAO Liang, FENG Dachun, ZHENG Jianhua, LI Jingbin. Survey of Blockchain Key Technologies and Existing Problems[J]. Computer Engineering and Applications, 2022, 58(3): 66-82.
[1] 刘敖迪,杜学绘,王娜,等.区块链技术及其在信息安全领域的研究进展[J].软件学报,2018,29(7):2092-2115. LIU A D,DU X H,WANG N,et al.Research progress of blockchain technology and its application in information security[J].Journal of Software,2018,29(7):2092-2115. [2] NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2009].https://bitcoin.org/bitcoin.pdf. [3] WALPORT M.Distributed ledger technology:beyond blockchain[EB/OL].[2018?10?05].https://www.gov.uk/government/news/distributed-ledger-technology-beyond-block-chain. [4] Ministry of Industry and Information Technology.Chinese blockchain technology and application development white paper 2016[EB/OL].[2018?10?05].http://www.fullrich.com/Uploads/article/?le/2016/1020/580866e374069.pdf. [5] 赛迪报告:《2019—2020中国专利白皮书》.[EB/OL].https://baijiahao.baidu.com/s?id=1684115088555403329&wfr=spider&for=pc. [6] 袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016,42(4):481-494. YUAN Y,WANG F Y.Blockchain:the state of the art and future trends[J].Acta Automatica Sinica,2016,42(4):481-494. [7] CREYDT M,FISCHER M.Blockchain and more-Algorithm driven food traceability[J].Food Control,2019,105:45-51. [8] OLSEN P,BORIT M.The components of a food traceability system[J].Trends in Food Science & Technology,2018,77:143-149. [9] YUAN Y,WANG F Y.Blockchain and cryptocurrencies:model,techniques,and applications[J].IEEE Transactions on Systems,Man,and Cybernetics:Systems,2018,48(9):1421-1428. [10] WAN Z,LO D,XIA X,et al.Bug characteristics in blockchain systems:a large-scale empirical study[C]//2017 IEEE/ACM 14th International Conference on Mining Software Repositories(MSR),Buenos Aires,Argentina,2017:413-424. [11] MAESA D D F,MORI P.Blockchain 3.0 applications survey[J].Journal of Parallel and Distributed Computing,2020,138:99-114. [12] 钱建平,吴文斌,杨鹏.新一代信息技术对农产品追溯系统智能化影响的综述[J].农业工程学报,2020,36(5):182-191. QIAN J P,WU W B,YANG P.Review on agricultural products smart traceability system affected by new generation information technology[J].Transactions of the Chinese Society of Agricultural Engineering,2020,36(5):182-191. [13] 国家信息安全漏洞共享平台[EB/OL].(2020).https://www.cnvd.org.cn. China national vulnerability database[EB/OL].(2020).https://www.cnvd.org.cn. [14] WAN Z,LO D,XIA X,et al.Bug characteristics in blockchain systems:a large-scale empirical study[C]//IEEE/ACM International Conference on Mining Software Repositories,2017. [15] MS A,MRJ B,NSS C,et al.Blockchain and smart contract for access control in healthcare:a survey,issues and challenges,and open issues[J].Journal of Network and Computer Applications,2021,178(1):10-29. [16] WONG D R,BHATTACHARYA S,BUTTE A J.Prototype of running clinical trials in an untrustworthy environment using blockchain[J].Nature Communications,2019,10(1):1-8. [17] 王芳,赵洪,马嘉悦,等.数据科学视角下数据溯源研究与实践进展[J].中国图书馆学报,2019,45(5):79-100. WANG F,ZHAO H,MA J Y,et al.Research and practice progress of data provenance from the perspective of data science[J].Journal of Library Science in China,2019,45(5):79-100. [18] 张奥,白晓颖.区块链隐私保护研究与实践综述[J].软件学报,2020,31(5):1406-1434. ZHANG A,BAI X Y.Survey of research and practices on blockchain privacy protection[J].Journal of Software,2020,31(5):1406-1434. [19] YU R G,WANG J R,XU T Y,et al.Authentication with block-chain algorithm and text encryption protocol in calculation of social network[J].IEEE Access,2017,5:24944-24951. [20] HALAMKA J D,LIPPMAN A,EKBLAW A,et al.The potential for blockchain to transform electronic health records[J].Harvard Business Review,2017,3(3):1-5. [21] YANG X,LI M,YU H,et al.A trusted blockchain-based traceability system for fruit and vegetable agricultural products[J].IEEE Access,2021,9:36282-36293. [22] 魏晓旭,郑佳.我国区块链研究现状及热点分析[J].高技术通讯,2019,29(11):1116-1123. WEI X X,ZHENG J.Research status and hot spot analysis of block-chain in China[J].Chinese High Technology Letters,2019,29(11):1116-1123. [23] LIU Y,WANG K,YUN L,et al.LightChain:a lightweight blockchain system for industrial Internet of things[J].IEEE Transactions on Industrial Informatics,2019,15(6):3571-3581. [24] TEAM D.Blockchains tutorials[EB/OL].[2020-08-10].https://data-flflair.training/blogs/types-of-blockchain/. [25] MELO C,DANTAS J,PEREIRA P,et al.Distributed application provisioning over Ethereum-based private and permissioned blockchain:availability modeling,capacity,and costs planning[J].The Journal of Supercomputing,2021,77:9615-9641. [26] BHAT S A,SOFI I B,CHI C Y.Edge computing and its convergence with blockchain in 5G and beyond:security,challenges,and opportunities[J].IEEE Access,2020,8:205340-205373. [27] 王学龙,张璟.P2P关键技术研究综述[J].计算机应用研究,2010,27(3):801-805. WANG X L,ZHANG J.Survey on peer-to-peer key technologies[J].Application Research of Computers,2010,27(3):801-805. [28] ZHENG W,ZHENG Z,CHEN X,et al.NutBaaS:a blockchain-as-a-service platform[J].IEEE Access,2019,7:134422-134433. [29] NAIR P R,DORAI D R.Evaluation of performance and security of proof of work and proof of stake using blockchain[C]//2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks(ICICV),Tirunelveli,India,2021:279-283. [30] 黄根,邹一波,徐云.区块链中Merkle树性能研究[J].计算机系统应用,2020,29(9):237-243. HUANG G,ZOU Y B,XU Y.Performance analysis and research of merkle trees with blockchain[J].Computer Systems & Applications,2020,29(9):237-243. [31] RAY P P,KUMAR N,DASH D.BLWN:blockchain-based lightweight simplified payment verification in IoT-assisted e-healthcare[J].IEEE Systems Journal,2020(99):1-12. [32] 袁勇,倪晓春,曾帅,等.区块链共识算法的发展现状与展望[J].自动化学报,2018,44(11):2011-2022. YUAN Y,NI X C,ZENG S,et al.Blockchain consensus algorithms:the state of the art and future trends[J].Acta Automatica Sinica,2018,44(11):2011-2022. [33] NGUYEN G T,KIM K.A survey about consensus algorithms used in blockchain[J].Journal of Information Processing Systems,2018,14(1):101-128. [34] 郭上铜,王瑞锦,张凤荔.区块链技术原理与应用综述[J].计算机科学,2021,48(2):271-281. GUO S T,WANG R J,ZHANG F L.Summary of principle and application of blockchain[J].Computer Science,2021,48(2):271-281. [35] DWORK C,NAOR M.Pricing via processing or combatting junk mail[C]//Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology.Santa Barbara,California,USA:Springer-Verlag,1992:139-147. [36] JAKOBSSON M,JUELS A.Proofs of work and bread pudding protocols(extended abstract)[C]//Secure Information Networks.Boston,MA,Germany:Springer,1999:258-272. [37] CASTRO M,LISKOV B.Practical byzantine fault tolerance[C]//Proceedings of the 3rd Symposium on Operating Systems Design and Implementation.New Orleans,USA:USENIX Association,1999:173-186. [38] Proof of stake[EB/OL].[2018-11-11].https://en.bitcoin.it/wiki/Proof of Stake. [39] SUNNY K,SCOTT N.PPcoin:peer-to-peer CryptoCurrency with proof-of-stake[EB/OL].[2012-08-19].https://decred.org/research/king. [40] GERVAIS A,KARAME G O,WüST K,et al.On the security and performance of proof of work blockchains[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer Communications Security.New York,NY,USA:Association for Computing Machinery,2016:3-16. [41] LARIMER D.Delegated proof-of-stake(DPoS)[EB/OL]. http://bitsharestalk.org/index.php?topic=4009.60. [42] JAVED I T,ALHARBI F,MARGARIA T,et al.Qureshi,PETchain:a blockchain-based privacy enhancing technology[J].IEEE Access,2021,9:41129-41143. [43] 孟吴同,张大伟.Hyperledger Fabric共识机制优化方案[J].自动化学报,2021,47(8):1885-1898. MENG W T,ZHANG D W.Optimization scheme for hyperledger fabric consensus mechanism[J].Acta Automatica Sinica,2021,47(8):1885-1898. [44] ANDROULAKI E,MANEVICH Y,MURALIDHARAN S,et al.Hyperledger fabric:a distributed operating system for permissioned blockchains[C]//The Thirteenth EuroSys Conference,2018. [45] WANG S,HUANG C,LI J,et al.Decentralized construction of knowledge graphs for deep recommender systems based on blockchain-powered smart contracts[J].IEEE Access,2019,7:136951-136961. [46] VACCA A,SORBO A D,VISAGGIO C A,et al.A systematic literature review of blockchain and smart contract development:techniques,tools,and open challenges[J].Journal of Systems and Software,2021,174:110891-110909. [47] LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS’16),Association for Computing Machinery,New York,NY,USA,2016:254-269. [48] 王璞巍,杨航天,孟佶,等.面向合同的智能合约的形式化定义及参考实现[J].软件学报,2019,30(9):2608-2619. WANG P W,YANG H T,MENG J,et al.Formal definition for classical smart contracts and reference implementation[J].Journal of Software,2019,30(9):2608-2619. [49] SAYEED S,MARCO-GISBERT H,CAIRA T.Smart contract:attacks and protections[J].IEEE Access,2020,8:24416-24427. [50] Ethereum.Solidity[EB/OL].[2021-04-09].https://docs.soliditylang.org/en/latest/. [51] LIU L,ZHOU S,HUANG H,et al.From technology to society:an overview of blockchain-based DAO[J].arXiv:2011.14940,2020. [52] MCCORRY P,HEILMAN E,MILLER A.Atomically trading with roger:gambling on the success of a hardfork[C]//European Symposium on Research in Computer Security International Workshop on Data Privacy Management Cryptocurrencies and Blockchain Technology,2017. [53] NEWSOME J,SHI E,SONG D X,et al.The sybil attack in sensor networks:analysis & defenses[J].IEEE Access,2004:259-268. [54] KARAME G O,ANDROULAKI E,CAPKUN S.Double-spending fast payments in Bitcoin[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security,2012. [55] FRANZè G,TEDESCO F,FAMULARO D.Resilience against replay attacks:a distributed model predictive control scheme for networked multi-agent systems[J].IEEE/CAA Journal of Automatica Sinica,2021,8(3):628-640. [56] MOUSTAPHA B A.The effect of propagation delay on the dynamic evolution of the Bitcoin blockchain[J].Digital Communications and Networks,2020,6(2):157-166. [57] LIU Y Z,HEI Y M,XU T G,et al.An evaluation of uncle block mechanism effect on ethereum selfish and stubborn mining combined with an eclipse attack[J].IEEE Access,2020,8:17489-17499. [58] KOCHER P C.Timing attacks on implementations of Diffie-hellman,RSA,DSS,and other systems[C]//Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology,1999. [59] HABIB M,MEHMOOD T,ULLAH F,et al.Performance of wimax security algorithm(the comparative study of RSA encryption algorithm with ECC encryption algorithm)[C]//2009 International Conference on Computer Technology and Development,2009:108-112. [60] 杨波.现代密码学[M].北京:清华大学出版社,2017. YANG B.Cyberspace security[M].Beijing:Tsinghua University Press,2017. [61] ABULKASIM H,MASHATAN A,GHOSE S.Secure multiparty quantum key agreement against collusive attacks[J].Scientific Reports,2021,11:1-8. [62] 万武南,陈豪,陈俊,等.区块链的椭圆曲线密码算法侧信道安全分析[J].应用科学学报,2019,37(2):57-66. WAN W N,CHEN H,CHEN J,et al.Side channel security analysis of elliptic curve cryptography of blockchain[J].Journal of Applied Sciences,2019,37(2):57-66. [63] GOBIN L.A refined power analysis attack on elliptic curve cryptosystems[C]//Proceeding of Public Key Cryptography.[S.l.]:Springer-Verlag,2003:199-211. [64] FEDOROV A K,KIKTENKO E O,LVOVSKY A I,et al.Quantum computers put blockchain security at risk[J].Nature,2018,568:465-467. [65] RAUSSENDORF R,BRIEGEL H J.A one-way quantum computer[J].Physical Review Letters,2001,86(22):5188-5191. [66] YE C,LI G,CAI H,et al.Fukuda,analysis of security in blockchain:case study in 51%-attack detecting[C]//2018 5th International Conference on Dependable Systems and Their Applications(DSA),Dalian,China,2018:15-24. [67] MOTTER A E,NISHIKAWA T,LAI Y C.Range-based attack on links in scale-free networks:are long-range links responsible for the small-world phenomenon?[J].Physical Review E Statistical Nonlinear & Soft Matter Physics,2002,66(6):065103. [68] MIRKOVIC J,PRIER G,REIHER P.Attacking DDoS at the source[C]//IEEE International Conference on Network Protocols.[S.l.]:IEEE Computer Society,2002:312-321. [69] 约翰·范本特姆,刘奋荣.图博弈的设计与模态逻辑的发展[J].清华大学学报(哲学社会科学版),2019,34(2):131-139. VAN BENTHEM J,LIU F R.Interaction between graph game design and modal logics[J].Journal of Tsinghua University(Philosophy and Social Sciences),2019,34(2):131-139. [70] 王甜甜,于双元,徐保民.基于策略梯度算法的工作量证明中挖矿困境研究[J].计算机应用,2019,39(5):1336-1342. WANG T T,YU S Y,XU B M.Research on proof of work mining dilemma based on policy gradient algorithm[J].Journal of Computer Applications,2019,39(5):1336-1342. [71] 韩璇,袁勇,王飞跃.区块链安全问题:研究现状与展望[J].自动化学报,2019,45(1):206-225. HAN X,YUAN Y,WANG F Y.Security problems on blockchain:the state of the art and future trends[J].Acta Automatica Sinica,2019,45(1):206-225. [72] GILIAZOV R R.Blockchain protocol study[J].Modern Information Technologies and IT-Education,2019,15(1):190-199. [73] XU J J.Are blockchains immune to all malicious attacks?[J].Financial Innovation,2016,2(1):1-9. [74] FURNELL S M,BAKHSHI T,PAPADAKI M,et al.Social engineering:assessing vulnerabilities in practice[J].Information Management & Computer Security,2013,17(1):53-63. [75] ZENG S,NI X C,YUAN Y,et al.A bibliometric analysis of blockchain research[C]//Proceedings of the 29th IEEE Intelligent Vehicles Symposium(IV 18).Changshu,China:IEEE,2018:102-107. [76] 武继刚,刘同来,李境一,等.移动边缘计算中的区块链技术研究进展[J].计算机工程,2020(8):1-13. WU J G,LIU T L,LI J Y.Research progress on blockchain technology in mobile edge computing[J].Computer Engineering,2020(8):1-13. [77] MEIKLEJOHN S,POMAROLE M,JORDAN G,et al.A fistful of bitcoins:characterizing payments among men with no names[C]//Proceedings of the 2013 Conference on Internet Measurement,2013:127-140. [78] 张中霞,王明文.区块链钱包方案研究综述[J].计算机工程与应用,2020,56(6):28-38. ZHANG Z X,WANG M W.Survey on blockchain wallet scheme[J].Computer Engineering and Applications,2020,56(6):28-38. [79] DU W,DENG J,HAN Y S,et al.A pairwise key pre-distribution scheme for wireless sensor networks[J].ACM Transactions on Information and System Security,2003,8(2):228-258. [80] ESCHENAUER L,GLIGOR V D.A key-management scheme for distributed sensor networks[C]//Proceedings of the 9th ACM Conference on Computer and Communication Security,2002:41-47. [81] SRI P,BHASKARI D L.Blockchain technology for secure medical data sharing using consensus mechanism[J].Materials Today:Proceedings,2020:1-8. [82] ELIYAN L F, PIETRO R D.DoS and DDoS attacks in software defined networks:a survey of existing solutions and research challenges-science direct[J].Future Generation Computer Systems,2021,122:149-171. [83] SHOEB A,CHITHRALEKHA T.Resource management of switches and controller during saturation time to avoid DDoS in SDN[C]//Proceedings of 2nd IEEE International Conference on Engineering and Technology(ICETECH 2016),2016:152-157. [84] GIOTIS K,ANDROULIDAKIS G,MAGLARIS V.A scalable anomaly detection and mitigation architecture for legacy networks via an OpenFlow middlebox[J].International Journal of Security and Communication Networks,2015,9(13):1958-1970. [85] 刘子州,程晓荣,王治博.区块链中区块截留攻击的研究与分析[J].计算机工程与应用:1-16[2021-07-15].http://kns.cnki.net/kcms/detail/11.2127.tp.20201231.1104.006.html. LIU Z Z,CHENG X R,WANG Z B.Research and analysis of block with holding attack for blockchain[J].Computer Engineering and Applications:1-16[2021-07-15].http://kns.cnki.net/kcms/detail/11.2127.tp.20201231.1104. 006.html. [86] 张茹.基于博弈论的区块截留攻击缓解策略的研究[D].呼和浩特:内蒙古大学,2019. ZHANG R.Research of block with holding attack mitigation strategy based on game theory[D].Hohhot:Inner Mongolia University,2019. [87] ZHAO C,WANG Q,LIU X,et al.Reinforcement learning based a non-zero-sum game for secure transmission against smart jamming[J].Digital Signal Processing,2021,112(12):103002. [88] CAI X,WANG B,CAO Z,et al.Game control of attack and defense in cyber physical system[J].Procedia Computer Science,2021,187(10):488-494. [89] ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts(SoK)[C]//International Conference on Principles of Security & Trust.Berlin,Heidelberg:Springer,2017. [90] KUMAR A,VARADARAJAN V,KUMAR A,et al.Microprocessors and Microsystems xxx(xxxx)xxx Black hole attack detection in vehicular ad-hoc network using secure AODV routing algorithm[J].Microprocessors and Microsystems,2020,80. [91] RAJENDRAN N,JAWAHAR P K,PRIYADARSHINI R.Cross centric intrusion detection system for secure routing over black hole attacks in MANETs[J].Computer Communications,2019,148:129-135. |
[1] | 刘子州, 程晓荣, 王治博. 区块链中区块截留攻击的研究与分析[J]. 计算机工程与应用, 2022, 58(4): 118-125. |
[2] | 石秋娥, 周喜, 王轶. 基于去中心化索引的IPFS数据获取方法研究[J]. 计算机工程与应用, 2022, 58(3): 83-90. |
[3] | 方燚飚, 周创明, 李松, 宋亚飞, 高娜, 刘唐. 联盟链中实用拜占庭容错算法的改进[J]. 计算机工程与应用, 2022, 58(3): 135-142. |
[4] | 陈焕新, 李爱萍. 基于Fabric的快速公平合同签署协议[J]. 计算机工程与应用, 2022, 58(2): 116-122. |
[5] | 刘发升, 孙起玄, 李江华. 融合双区块链的征信数据存储和查询方案[J]. 计算机工程与应用, 2022, 58(2): 123-128. |
[6] | 杨培蓓,王晓光. 区块链下的船舶抵押融资信用风险测度与控制[J]. 计算机工程与应用, 2021, 57(9): 264-271. |
[7] | 李超群,陈智罡,宋新霞,周云慧. 疫情环境下接触人跟踪系统的研究综述[J]. 计算机工程与应用, 2021, 57(9): 68-80. |
[8] | 崔增乐,钱晓东. 区块链社交网络信息传播模型的优化研究[J]. 计算机工程与应用, 2021, 57(7): 59-69. |
[9] | 门嘉卫,赖成喆. 带有激励机制的车联网合作下载信任管理方案[J]. 计算机工程与应用, 2021, 57(5): 100-106. |
[10] | 翁晓泳. 基于区块链的云计算数据共享系统研究[J]. 计算机工程与应用, 2021, 57(3): 120-124. |
[11] | 杨坤桥,王煜翔,郭兵,李强. 委托股权证明共识机制的改进研究[J]. 计算机工程与应用, 2021, 57(24): 107-114. |
[12] | 冯贵兰,李正楠. 基于区块链的公平预付卡管理方案[J]. 计算机工程与应用, 2021, 57(24): 115-125. |
[13] | 李天明,严翔,张增年,田阳,吴鑫,李超群. 区块链+物联网在农产品溯源中的应用研究[J]. 计算机工程与应用, 2021, 57(23): 50-60. |
[14] | 贺智明,徐亿达. 区块链与可搜索加密结合的电子病历共享方案[J]. 计算机工程与应用, 2021, 57(21): 140-147. |
[15] | 王晓光,杨培蓓. 航运物流企业数字化转型设计与效果分析[J]. 计算机工程与应用, 2021, 57(21): 241-247. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||