The High-Value Data Sharing Model Based on Blockchain and Game Theory for Data Centers

doi:10.3969/j.issn.1671-1122.2022.06.008

Abstract

Abstract:

Despite the huge amount of high-value data in a data center, there exists the issue of isolated data island. High-value data sharing is an effective way to solve the isolated data island issue and exploit the potential value of data. However, the prerequisite to realizing the full sharing of high-value data is to ensure the security and trustworthiness of the data sharing process. Traditionally, data sharing models tend to adopt the centralized architecture, which are prone to trust and security issues. Blockchain is a distributed technology with features such as decentralized, hard to tamper, hard to forge, traceable and auditable. It provides a reliable solution for data security sharing. Nevertheless, limited application scenarios and lack of security guarantee are limitations of blockchain-based data sharing solutions. In response to the above problems, the high-value data sharing model based on blockchain and game theory for data centers was proposed in this thesis. Firstly, the model used blockchain technology to ensure the traceability, confidentiality and security of the sharing process. Secondly, the model mobilized data holders to share high-value data by applying the game theory to give the corresponding incentive scheme. Finally, the model was compared with other existing data sharing models. Through comparative analysis, it is verified that this model has full functionality, security and efficiency, and can be better applied to data center scenarios.

Key words: blockchain, smart contract, data sharing, game theory, information security

CLC Number:

TP309

YU Kechen, GUO Li, YIN Hongwei, YAN Xuesong. The High-Value Data Sharing Model Based on Blockchain and Game Theory for Data Centers[J]. Netinfo Security, 2022, 22(6): 73-85.

Figures/Tables 12

攻击类别	攻击描述	防御方式
追加攻击	攻击者通过对交易进行伪造并进行虚假的共识,以生成区块	节点会对区块链账本进行验证,并且区块链管理者会周期性对区块链账本进行核验
链接攻击	攻击者通过对区块链账本进行分析,利用IP及常用ID对用户进行画像,找到真实的用户或者关联用户与其对应的交易	采用联盟链技术,且节点只有注册成功后才能加入区块链。链上用户的身份采用ID进行标识,ID标识由上级机关授权注册机构进行分发,而注册机构由区块链管理者进行管理,这部分内容不保存在区块链上而是保存在许可数据库中
区块链篡改攻击	攻击者要先取得区块链的记账权,然后对区块链数据进行篡改,并将篡改后的区块链在区块链网络上广播	参与区块链的节点由注册机构控制,注册需要实名,攻击者很难参与区块链。并且由于基于博弈论的激励方案,这种攻击往往得不偿失,增加了攻击者对记账权的获取难度
存储篡改攻击	攻击者试图篡改存储在区块链数据库中的数据	采用落盘加密机制,数据中区块链数据都是加密的,在没有密钥的情况下,攻击者无法解开密文,也就无法进行篡改
越权访问攻击	攻击者利用许可机制的漏洞进行攻击	本文模型采取基于完备准入机制和数据访问机制的联盟链,并且要求节点实名注册
拒绝服务攻击	攻击者使用单一节点发送大量无用数据,耗尽了区块链服务器的网络资源,导致服务器无法正常服务	与异常检测系统联防联动,在攻击的初期就识别出异常用户,并将其从区块链中移除或者设置为只能接收数据的观察节点;基于博弈论的激励方案使得这种攻击的前期花销很大
内部人员攻击	攻击者以社会工程学或者其他方式收买内部人员,使其将高价值数据进行违规传输	采用ACE安全增强方案,可以阻止数据持有者发送数据给不在其可发送范围内的数据接收者

References 21

[1]	IRWIN S O. Eric T. Meyer and Ralph Schroeder: Knowledge Machines: Digital Transformations of the Sciences and Humanities[EB/OL]. (2020-06-24) [2021-11-15]. https://link.springer.com/article/10.1007/s00146-020-01001-2.
[2]	XU Xiwei, LU Qinghua, LIU Yue, et al. Designing Blockchain-Based Applications a Case Study for Imported Product Traceability[J]. Future Generation Computer Systems, 2019, 92: 399-406. doi: 10.1016/j.future.2018.10.010 URL
[3]	WANG Zhihua, LIU Pingzeng, SONG Chengbao, et al. Research on Flexible and Reliable Blockchain-Based Traceability System for Agricultural Products[J]. Computer Engineering, 2020, 46(12): 313-320.
	王志铧, 柳平增, 宋成宝, 等. 基于区块链的农产品柔性可信溯源系统研究[J]. 计算机工程, 2020, 46(12): 313-320.
[4]	FAN Kai, WANG Shangyang, REN Yanhui, et al. MedBlock: Efficient and Secure Medical Data Sharing via Blockchain[J]. Journal of Medical Systems, 2018, 42(8): 136-146. doi: 10.1007/s10916-018-0993-7 pmid: 29931655
[5]	ZHOU Hui, WANG Lidan, ZHONG Chengyue. Lock Chain Facilitates Electronic Medical Data Sharing[J]. Hospital Administration Journal of Chinese People’s Liberation Army, 2019, 26(7): 645-647.
	周辉, 王丽丹, 钟成跃. 区块链助力电子医疗数据共享[J]. 解放军医院管理杂志, 2019, 26(7): 645-647.
[6]	LIU Zi’ang, HUANG Yuanyuan, MA Jiali, et al. Design and Implementation of Monitoring Platform for Medical Data Abuse Based on Blockchain[J]. Netinfo Security, 2021, 21(5): 58-66.
	刘子昂, 黄缘缘, 马佳利, 等. 基于区块链的医疗数据滥用监控平台设计与实现[J]. 信息网络安全, 2021, 21(5): 58-66.
[7]	HWANG H C, SHON J G, PARK J S. Design of an Enhanced Web Archiving System for Preserving Content Integrity with Blockchain[J]. Electronics, 2020, 9(8): 1255-1267. doi: 10.3390/electronics9081255 URL
[8]	TAN Haibo, ZHOU Tong, ZHAO He, et al. Archival Data Protection and Sharing Method Based on Blockchain[J]. Journal of Software, 2019, 30(9): 2620-2635.
	谭海波, 周桐, 赵赫, 等. 基于区块链的档案数据保护与共享方法[J]. 软件学报, 2019, 30(9): 2620-2635.
[9]	NASH J F. Equilibrium Points in N-Person Games[J]. National Academy of Sciences, 1950, 36(1): 48-49. doi: 10.1073/pnas.36.1.48 URL
[10]	NASH J F. Two-Person Cooperative Games[J]. Econometrica, 1950, 21: 128-140. doi: 10.2307/1906951 URL
[11]	NASH J F. Non-Cooperative Games[J]. Annals of Mathematics, 1951, 54: 286-295. doi: 10.2307/1969529 URL
[12]	SCHUSTER P, SIGMUND K. Replicator Dynamics[J]. Journal of Theoretical Biology, 1983, 100(3): 533-538. doi: 10.1016/0022-5193(83)90445-9 URL
[13]	YAO Qian. Incentive Compatibility of Blockchain Technology: An Economic Analysis Based on Game Theory[J]. Tsinghua Financial Review, 2018(9): 95-100.
	姚前. 区块链技术的激励相容:基于博弈论的经济分析[J]. 清华金融评论, 2018(9): 95-100.
[14]	SHEN Meng, DUAN Junxian, ZHU Liehuang, et al. Blockchain-Based Incentives for Secure and Collaborative Data Sharing in Multiple Clouds[J]. IEEE Journal on Selected Areas in Communications, 2020, 38(6): 1229-1241. doi: 10.1109/JSAC.2020.2986619 URL
[15]	TANG Changbing, YANG Zhen, ZHENG Zhonglong, et al. Game Dilemma Analysis and Optimization of PoW Consensus Algorithm[J]. Acta Automatica Sinica, 2017, 43(9): 1520-1531.
	唐长兵, 杨珍, 郑忠龙, 等. PoW共识算法中的博弈困境分析与优化[J]. 自动化学报, 2017, 43(9): 1520-1531.
[16]	CHEN Mengrong, LIN Ying, LAN Wei, et al. Improvement of DPoS Consensus Mechanism Based on Positive Incentive[J]. Computer Science, 2020, 47(2): 269-275.
	陈梦蓉, 林英, 兰微, 等. 基于“奖励制度”的DPoS共识机制改进[J]. 计算机科学, 2020, 47(2): 269-275.
[17]	SONG Lihua, LI Tao, WANG Yilei. Applications of Game Theory in Blockchain[J]. Journal of Cryptologic Reseatch, 2019, 6(1): 100-111.
[18]	China Academy of Information and Communications Technology, China Communications Standards Association. Blockchain Security White Paper-Technology Application[EB/OL]. (2018-09-19) [2021-10-22]. http://www.caict.ac.cn/kxyj/qwfb/bps/201809/t20180919_185441.htm.
	中国信息通信研究院, 中国通信标准化协会. 区块链安全白皮书—技术应用篇[EB/OL]. (2018-09-19) [2021-10-22]. http://www.caict.ac.cn/kxyj/qwfb/bps/201809/t20180919_185441.htm.
[19]	GE Lin, JI Xinsheng, JIANG Tao, et al. Security Mechanism for Internet of Things Information Sharing Based on Blockchain Technology[J]. Journal of Computer Applications, 2019, 39(2): 458-463.
	葛琳, 季新生, 江涛, 等. 基于区块链技术的物联网信息共享安全机制[J]. 计算机应用, 2019, 39(2): 458-463.
[20]	FAN Kai, REN Yanhui, WANG Yue, et al. Blockchain-Based Efficient Privacy Preserving and Data Sharing Scheme of Content-Centric Network in 5G[J]. IET Communications, 2018, 12(5): 527-532. doi: 10.1049/iet-com.2017.0619 URL
[21]	ZHONG Hong, ZHU Wenlong, XU Yan, et al. Multi-Authority Attribute-Based Encryption Access Control Scheme with Policy Hidden for Cloud Storage[J]. Soft Computing, 2018, 22(1): 243-251. doi: 10.1007/s00500-016-2330-8 URL

场景	分布式	跨安全域	追溯性需要	安全性需要
传统数据共享系统应用场景	否	否	无	需要
基于区块链的数据共享系统一般应用场景	是	可能	需要	需要
数据中心场景	是	是	特别需要	特别需要

角色	说明
数据持有者	高价值数据的持有方,一般为某数据中心内的节点
数据接收者	需要访问数据的另一个数据中心或者本数据中心内的节点
区块链管理者	对数据持有者和数据接收者进行管理的角色,一般由上级或者本级任命

符号	定义
S	数据持有者
R	数据接收者
Ad	区块链管理者
EnDB	文件加密数据库
BlockDB	区块链底层数据库
Blockchain	基于区块链的数据共享系统
fileserver	文件服务器
RT	对原始信息进行处理后得到的相关信息
QT	数据接收者的请求信息
GUID	共享任务的唯一识别号
DAP	完整的数据访问路径
Sp	数据持有者的公钥地址
hash{}	哈希函数
Sign{M, X}	使用X的私钥对消息M进行签名,以表示X是消息发出方
{M}+X	采用X公钥信息对M进行加密,并发送该消息
{M}-X	采用X的私钥对发送的加密消息进行解密,得到消息M
table{}	对M进行检索
Auth{X}	对X的身份进行验证
AuthX	由X（G为门户系统,DS为共享系统）进行认证
ski	属于i的私钥
pki	属于i的公钥
X_i→X_j:M	i向j传递信息M
X: S{}	X进行S{}的处理
M={M₁\|M₂\|…M_n}	M由M₁, M₂…, M_n中的一个或者多个组成
Log{}	由区块链对操作记录进行共识,并最终写入区块链
token	认证成功后由系统发放的令牌
Gen1/Gen2	分别为对称/非对称加密算法
key	对称加密算法的共享密钥

功能模型	可溯源审计	成员管控	安全共享	激励作用
文献[20]所提模型	实现	未实现	未实现	无
文献[21]所提模型	未实现	实现	部分实现	无
文献[2]所提模型	实现	未实现	部分实现	无
文献[4]所提模型	实现	实现	部分实现	无
本文模型	实现	实现	实现	有