摘要
大数据时代,数据已成为驱动社会发展的重要的资产.但是数据在其全生命周期均面临不同种类、不同层次的安全威胁,极大降低了用户进行数据共享的意愿.区块链具有去中心化、去信任化和防篡改的安全特性,为降低信息系统单点化的风险提供了重要的解决思路,能够应用于数据安全领域.该文从数据安全的核心特性入手,介绍区块链在增强数据机密性、数据完整性和数据可用性三个方向的最新研究成果,对各研究方向存在的缺陷进行分析,进而对未来发展方向进行了展望.该文认为,区块链技术的合理应用能够增强分布式环境下的数据安全,有着广阔的前景.
In the era of big data,data has become an important asset driving social development.However,data faces different types and different levels of security threats throughout its life cycle,which greatly reduces users’willingness to share data.Blockchain has several security features such as decentralization,immutable,and tamper resistance.It provides an important solution for reducing the risk of a single point of information systems and can be applied to the field of data security.This article starts with the core characteristics of data security,and introduces the latest research results of blockchain in three directions:confidentiality,integrity,and availability.At first,this paper analyzes the shortcomings of each research direction.In terms of data confidentiality,the blockchain can effectively supplement data confidentiality protection in 5 areas.(1)Blockchain can be applied to enhance the security of data encryption,establish a decentralized trusted third party for cryptographic protocols,and provide a reliable incentive mechanism.For example,it can be applied to searchable encryption,proxy re-encryption,and secure multiparty computing.(2)Blockchain is applied to identity authentication,which can realize decentralized PKI technology and identity management,solve the single point problem in identity authentication,the problem of certificate transparency,and the problem of malfeasance by certification centers.And it can establish a safe and trusted digital identity authentication system.(3)Blockchain can apply access control.On the one hand,it can solve the problem of single point of access control,providing a more robust access control system for common scenarios and IoT scenarios,and achieving the management of access policies and transactions of access rights.On the other hand,it can improve the credibility of attribute-based encryption authorization institutions,which improves the security of ABE.(4)The combination of blockchain and trusted execution technology can establish trusted remote state management which enhances the availability of TEE.(5)The application of blockchain to the construction of covert channels can solve problems such as communication tampering,single channels and poor privacy.In terms of data integrity,blockchain has three applications.(1)Blockchain can achieve data confirmation and traceability,establishing a credible flow trajectory for data.(2)Blockchain can be used to build a more credible log audit system and improve the security of information systems.(3)Blockchain can be combined with various industry applications to achieve more reliable data integrity protection.In terms of data availability,blockchain has two kinds of applications.(1)The blockchain itself is a solution to consistency in the byzantine environment,which can achieve byzantine consensus in a large-scale network environment.(2)A more secure and reliable distributed database system based on the blockchain.On the one hand,the blockchain itself can be used to implement a byzantine fault-tolerant distributed storage system.On the other hand,blockchain can supplement the shortcomings of existing distributed storage.Finally,this article analyzes the research of blockchain in the field of data security,summarizes the current research challenges.At last,focusing on blockchain efficiency,data security,privacy protection,infrastructure security,blockchain isomorphization,and practicality,this paper looks forward to future research.We believes that the correct application of blockchain technology can enhance data security in a distributed environment with broad prospects.
作者
刘明达
陈左宁
拾以娟
汤凌韬
曹丹
LIU Ming-Da;CHEN Zuo-Ning;SHI Yi-Juan;TANG Ling-Tao;CAO Dan(Jiangnan Institute of Computing Technology,Wuxi,Jiangsu 214083;Chinese Academy of Engineering,Beijing 100088)
出处
《计算机学报》
EI
CSCD
北大核心
2021年第1期1-27,共27页
Chinese Journal of Computers
基金
国家科技重点专项“核高基”(2017ZX01028101)
国家自然科学基金(91430214,6732018)资助.
关键词
区块链
数据安全
数据共享
机密性
完整性
可用性
blockchain
data security
data sharing
confidentiality
integrity
availability
作者简介
刘明达,博士研究生,主要研究方向为信息安全、区块链.E-mail:happyliumd@163.com;陈左宁,博士,教授,中国工程院院士,中国计算机学会(CCF)会士(提供会员号),主要研究领域为软件理论、操作系统、信息安全;拾以娟,博士,副研究员,主要研究方向为信息安全、区块链;汤凌韬,博士研究生,主要研究方向为网络安全;曹丹,博士,工程师,主要研究方向为网络安全、密码学.
