跨链接入的区块链安全强度评估方法

doi:10.3969/j.issn.1671-1122.2023.01.010

摘要/Abstract

摘要：

目前针对跨链安全评估的研究较为薄弱，文章针对目前出现的各类区块链跨链系统安全问题，提出一整套跨链区块链安全强度评估方法，将安全问题分为跨链信任问题、跨链共识问题、跨链安全问题和跨链网络问题4种类型，同时根据其评价特性结合层次分析法和模糊综合评价法，构建评估矩阵提炼权重系数，对系统进行定量及定性评估并计算隶属度，可根据结果分析系统安全性，对跨链平台、系统评估及提升自身安全性具有一定意义。为研究评估方法的有效性，在样例跨链系统上进行安全强度评估。评估结果表明，该系统总体评价为良，得分为78.27，还具有一定提升空间。此评估方法对跨链接入的区块链系统的安全评估具有一定的借鉴意义。

关键词: 区块链安全, 跨链评估, 评估方法

Abstract:

In view of the current security issues of various blockchain cross-chain systems, this paper proposed a set of cross-chain blockchain security strength evaluation methods, and divided security issues into four types: cross-chain trust issues, cross-chain consensus issues, cross-chain security issues, and cross-chain network issues. At the same time, according to their evaluation characteristics, the combination of the analytic hierarchy process and the fuzzy comprehensive evaluation method was used to construct an evaluation matrix to refine the weight coefficients, conducted quantitative and qualitative evaluations of the system and calculated the membership degree, and analyzed the system security according to the result. It is meaningful for cross-chain platforms or systems to evaluate their own security and make advancement. Through the security strength evaluation on the cross-chain system, the result is that the system is better than normal, with a score of 78.27, and still have some improvement. This method has a certain effect on the security evaluation of cross-chain blockchain system.

Key words: blockchain security, cross-chain evaluation, evaluation method

中图分类号:

TP309

冯怡婷, 马兆丰, 徐单恒, 段鹏飞. 跨链接入的区块链安全强度评估方法[J]. 信息网络安全, 2023, 23(1): 84-92.

FENG Yiting, MA Zhaofeng, XU Danheng, DUAN Pengfei. Evaluation Method for Cross-Chain Security Strength Access[J]. Netinfo Security, 2023, 23(1): 84-92.

图/表 11

表1

表2

表3

表4

表5

表6

表7

表8

表9

表10

表11

参考文献 27

[1]	GORKHALI A, LI L, SHRESTHA A. Blockchain: A Literature Review[J]. Journal of Management Analytics, 2020, 7(3): 321-43. doi: 10.1080/23270012.2020.1801529 URL
[2]	MA Zhaofeng, GAO Hongmin, PENG Xueyin, et al. Handbook of Blockchain Technology Development[M]. Beijing: Tsinghua University Press, 2021.
	马兆丰, 高宏民, 彭雪银, 等. 区块链技术开发指南[M]. 北京: 清华大学出版社, 2021.
[3]	LI Fang, LI Zhuoran, ZHAO He. Research on the Progress in Cross-Chain Technology of Blockchains[J]. Journal of Software, 2019, 30(6): 1649-1660.
	李芳, 李卓然, 赵赫. 区块链跨链技术进展研究[J]. 软件学报, 2019, 30(6): 1649-1660.
[4]	ZHONG T, SHI P C, CHANG J S, et al. Joint Cloud Cross-Chain Verification Model of Decentralized Identifiers[EB/OL]. [2022-06-12]. https://ieeexplore.ieee.org/document/9679363/.
[5]	XIE Tianxiu, ZHANG Yue, GAI Keke, et al. Cross-Chain-Based Decentralized Identity for Mortgage Loans[EB/OL]. [2022-05-21]. https://link.springer.com/chapter/10.1007/978-3-030-82153-1_51.
[6]	WANG Sasa, DAI Bingrong, ZHU Menglu, et al. User Identity Authentication Model for Cross-Chain System[J]. Computer Engineering and Applications, 2022, 58(19): 135-141. doi: 10.3778/j.issn.1002-8331.2107-0251
	王洒洒, 戴炳荣, 朱孟禄, 等. 面向跨链系统的用户身份标识认证模型[J]. 计算机工程与应用, 2022, 58(19):135-141. doi: 10.3778/j.issn.1002-8331.2107-0251
[7]	DONG Guishan, ZHANG Zhaolei, LI Hongwei, et al. Regulatory System Architecture and Key Mechanisms of Blockchain-Based Heterogeneous Identity Alliance[J]. Communications Technology, 2020, 53(2): 401-413.
	董贵山, 张兆雷, 李洪伟, 等. 基于区块链的异构身份联盟与监管体系架构和关键机制[J]. 通信技术, 2020, 53(2): 401-413.
[8]	PILLAI B, BISWAS K, MUTHUKKUMARASAMY V. Cross-Chain Interoperability among Blockchain-Based Systems Using Transactions[J]. Knowledge Engineering Review, 2020, 35: 1-17.
[9]	MOEZKARIMI Z, ABDOLLAHEI F, ARABSORKHI A, et al. Proposing a Framework for Evaluating the Blockchain Platform[EB/OL]. [2022-05-26]. https://ieeexplore.ieee.org/document/8765280.
[10]	PRADEEPKUMAR D S, SINGI K, KAULGUD V, et al. Evaluating Complexity and Digitizability of Regulations and Contracts for a Blockchain Application Design[C]// ACM. 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York: ACM, 2018: 25-29.
[11]	RAN Lingqin, PENG Changgen, XU Dequan, et al. Privacy Disclosure Risk Assessment Method Based on Blockchain Technology Architecture[J]. Computer Engineering, 2022(7): 1-12.
	冉玲琴, 彭长根, 许德权, 等. 基于区块链技术架构的隐私泄露风险评估方法[J]. 计算机工程, 2022(7): 1-12.
[12]	WANG X, NI W, ZHA X, et al. Capacity Analysis of Public Blockchain[J]. Computer Communications, 2021, 177: 112-24. doi: 10.1016/j.comcom.2021.06.019 URL
[13]	YE Congcong, LI Guoqiang, CAI Hongming, et al. Security Detection Model of Blockchain[J]. Journal of Software, 2018, 29(5): 1348-1359.
	叶聪聪, 李国强, 蔡鸿明, 等. 区块链的安全检测模型[J]. 软件学报, 2018, 29(5): 1348-1359.
[14]	DEMIR M, TURETKEN O, FERWORN A. A Financial Evaluation Framework for Blockchain Implementations[EB/OL]. [2022-05-22]. https://ieeexplore.ieee.org/document/8936297/.
[15]	CAI Weide, WANG Rong, HE Juan, et al. Decentralized Digital Asset Exchanges[J]. Journal of Software, 2022, 33(2): 410-433.
	蔡维德, 王荣, 何娟, 等. 分布式数字资产交易平台的问题与评估[J]. 软件学报, 2022, 33(2): 410-433.
[16]	BAI C G, SARKIS J. A Supply Chain Transparency and Sustainability Technology Appraisal Model for Blockchain Technology[J]. International Journal of Production Research, 2020, 58(7): 2142-2162. doi: 10.1080/00207543.2019.1708989 URL
[17]	ZHANG Zhimin, WEI Cuiping. Research on Some Theories and Applications of Analytic Hierarchy Process[J]. Journal of Qufu Normal University, 2013, 39(1): 37-41.
	章志敏, 魏翠萍. 层次分析若干理论与应用研究[J]. 曲阜师范大学学报, 2013, 39(1): 37-41.
[18]	LI Yanling, WU Jianwei, ZHU Yehang. A Method for Determining Expert’s Weight Based on Consistency of Judgment Matrix[J]. Computer and Modernization, 2017(6): 20-24.
	李艳玲, 吴建伟, 朱烨行. 基于判断矩阵一致性程度的专家权重确定方法[J]. 计算机与现代化, 2017(6): 20-24.
[19]	MENG Bo, WANG Yibing, ZHAO Can, et al. Survey on Cross-Chain Protocols of Blockchain[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(10): 1-18.
	孟博, 王乙丙, 赵璨, 等. 区块链跨链协议综述[J]. 计算机科学与探索, 2022, 16(10): 1-18.
[20]	ZHU Yan, ZHANG Yi, WANG Di, et al. Research on Blockchain Evaluation Methods under the Classified Protection of CyberSecurity[J]. Chinese Journal of Engineering, 2020, 42(10): 1267-1285.
	朱岩, 张艺, 王迪, 等. 网络安全等级保护下的区块链评估方法[J]. 工程科学学报, 2020, 42(10): 1267-1285.
[21]	TAYLOR P J, DARGAHI T, DEHGHANTANHA A, et al. A Systematic Literature Review of Blockchain Cyber Security[J]. Digital Communications and Networks, 2020, 6(2): 147-156. doi: 10.1016/j.dcan.2019.01.005 URL
[22]	MA Z F, WANG X, JAIN D K, et al. A Blockchain-Based Trusted Data Management Scheme in Edge Computing[J]. IEEE Transactions on Industrial Informatics, 2020, 16(3): 2013-2021. doi: 10.1109/TII.2019.2933482 URL
[23]	MA Z F, JIANG M, GAO H M, et al. Blockchain for Digital Rights Management[J]. Future Generation Computer Systems the International Journal of Escience, 2018, 89: 746-764.
[24]	MA Z F, MENG J L, WANG J H, et al. Blockchain-Based Decentralized Authentication Modeling Scheme in Edge and IoT Environment[J]. IEEE Internet of Things Journal, 2021, 8(4): 2116-2123. doi: 10.1109/JIOT.2020.3037733 URL
[25]	MA Z F, WANG L Y, WANG X C, et al. Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data[J]. IEEE Internet of Things Journal, 2020, 7(5): 4000-4015. doi: 10.1109/JIOT.2019.2960526 URL
[26]	MA Z F, WANG L Y, ZHAO W Z. Blockchain-Driven Trusted Data Sharing with Privacy Protection in IoT Sensor Network[J]. IEEE Sensors Journal, 2021, 21(22): 472-479.
[27]	MA Z F, ZHAO W Z, LUO S S, et al. TrustedBaaS: Blockchain-Enabled Distributed and Higher-Level Trusted Platform[J]. Computer Networks, 2020, 183: 1-11.

准则层	子准则层	子准则含义
跨链信任问题（B1）	跨链机制可信能力（C1）	跨链方法机制的可信任程度
	跨链身份鉴别能力（C2）	验证跨链双方身份签名能力
	区块连续验证能力（C3）	验证区块链连续性能力
	跨链交易验证能力（C4）	验证跨链交易成功和正确能力
跨链共识问题（B2）	孤块问题抵抗能力（C5）	由区块链共识机制工作量证明产生的问题
跨链共识问题（B2）	长距离攻击抵抗能力（C6）	由区块链共识机制权益证明产生的问题
跨链安全问题（B3）	跨链交易资产保护能力（C7）	进行跨链交易时对资产的保护程度
	跨链合约攻击抵抗能力（C8）	进行跨链交易时对跨链交易合约攻击抵抗力
	隐私保护能力（C9）	进行跨链交易时对用户信息的保护能力
跨链网络问题（B4）	网络结构安全能力（C10）	跨链P2P网络结构的健壮程度
	网络传播健壮能力（C11）	验证跨链网络传播数据完整程度
	恶意攻击抵抗能力（C12）	跨链抵抗恶意网络攻击的能力

标度值	重要程度（因素$i$和$j$对比）
1	相同重要
3	稍微重要
5	比较重要
7	非常重要
9	极端重要
2,4,6,8	介于两者之间

因素	B1	B2	B3	B4
B1	$1$	$5$	$2$	$3$
B2	$\frac{1}{5}$	$1$	$\frac{1}{4}$	$\frac{1}{2}$
B3	$\frac{1}{2}$	$4$	$1$	$3$
B4	$\frac{1}{3}$	$2$	$\frac{1}{3}$	$1$

因素权重值	跨链机制可信任能力	跨链身份鉴别能力	区块连续验证能力	跨链交易验证能力
因素权重值	0.3745	0.1643	0.0977	0.3636
一致性检验	$CI=0.0153$ $RI=0.89$ $CR=0.0172$

因素权重值	孤块问题抵抗能力	长距离攻击抵抗能力
因素权重值	0.667	0.333
一致性检验	$CI=0$ $RI=0$ $CR=0$