为保障航海实验室数据安全,提出基于区块链的航海实验室多域访问安全监控方法。构建基于区块链的航海实验室多域访问安全监控架构,其中用户认证层将以X509数字证书为基础进行改进的区块链证书作为支撑跨域认证过程的信任凭证,写入区块链,结合身份认证服务器组建跨域认证协议,完成航海实验室用户多域访问认证,并在权限管理层和运维层作用下依据认证情况下发多域访问权限决策结果,经区块管理层完成本域区块的完整性保证后,将航海实验室安全监控数据存储于数据储存层。实验结果表明:该方法可以对多域访问用户身份进行认证,避免攻击者盗取数据;设置hash难度值前导为5个0,可提高该方法的区块生成效率,该方法可以有效保障航海实验室在面对多种攻击的安全性。
Research on blockchain based multi domain access security monitoring methods for maritime laboratories to ensure data security in maritime laboratories. Build a blockchain based multi domain access security monitoring architecture for navigation laboratories, in which the user authentication layer uses the improved blockchain certificate based on X509 digital certificate as the trust certificate to support the cross domain authentication process, writes it into the blockchain, and combines it with the identity authentication server to form a cross domain authentication protocol to complete the multi domain access authentication for navigation laboratory users, and under the role of the permission management layer and the operation and maintenance layer, the multi domain access permission decision results are issued based on the authentication situation. After the block management layer completes the integrity assurance of the local domain blocks, the navigation laboratory security monitoring data is stored in the data storage layer. The experimental results show that this method can authenticate the identity of users accessing multiple domains, avoiding attackers from stealing data; Setting the hash difficulty value as a leading value of 5 zeros can improve the block generation efficiency of this method, which can effectively ensure the security of navigation laboratories in the face of various attacks.
2023,45(23): 178-181 收稿日期:2023-09-07
DOI:10.3404/j.issn.1672-7649.2023.23.033
分类号:TP309
基金项目:江苏省南通市科技计划项目(JC22022007)
作者简介:张红兵(1979-),男,实验师,主要研究方向为航海实验室建设
参考文献:
[1] 石兆军, 周晓俊, 李可, 等. 基于多源信息融合的网络安全监控技术[J]. 计算机工程与设计, 2020, 41(12): 3361-3367.
SHI Zhao-jun, ZHOU Xiao-jun, LI Ke, et al. Cyberspace security monitoring technology based on multi-source information fusion[J]. Computer Engineering and Design, 2020, 41(12): 3361-3367.
[2] 龙浩, 张书奎, 张力. 基于属性加密的雾协同云数据共享方案[J]. 计算机工程与设计, 2021, 42(01): 31-37.
LONG Hao, ZHANG Shu-kui, ZHANG Li. Fog-assisted cloud data sharing scheme based on attribute-based encryption[J]. Computer Engineering and Design, 2021, 42(01): 31-37.
[3] 江泽涛, 时晨, 张少钦, 等. 云环境下基于混合密码体系的跨域控制方案[J]. 计算机应用研究, 2020, 37(11): 3387-3391.
JIANG Ze-tao, SHI Chen, ZHANG Shao-qin, et al. Cross-domain control scheme based on hybrid cryptosystem in cloud environment[J]. Application Research of Computers, 2020, 37(11): 3387-3391.
[4] 宋靖文, 张大伟, 韩旭, 等. 区块链中可监管的身份隐私保护方案[J]. 软件学报, 2023, 34(7): 3292-3312.
SONG Jing-Wen, ZHANG Da-Wei, HAN Xu, et al. Supervised i9dentity privacy protection scheme in blockchain[J]. Journal of Software, 2023, 34(7): 3292-3312.
[5] 周利峰, 殷新春, 宁建廷. 一种适用于无线医疗传感器网络的基于区块链的无证书聚合签名方案[J]. 小型微型计算机系统, 2022, 43(6): 1128-1135.
ZHOU Li-feng, YIN Xin-chun, NING Jian-ting. Block chain-based certificate less aggregate signature scheme for wireless medical sensor networks[J]. Journal of Chinese Computer Systems, 2022, 43(6): 1128-1135.
