基于区块链技术架构的隐私泄露风险评估方法

doi:10.19678/j.issn.1000-3428.0063637

计算机工程 ›› 2023, Vol. 49 ›› Issue (1): 146-153. doi: 10.19678/j.issn.1000-3428.0063637

基于区块链技术架构的隐私泄露风险评估方法

冉玲琴^1,3, 彭长根^1,2,3, 许德权^2,3, 吴宁博⁴

1. 贵州大学数学与统计学院, 贵阳 550025;
2. 贵州大学计算机科学与技术学院贵州省大数据产业发展应用研究院, 贵阳 550025;
3. 公共大数据国家重点实验室, 贵阳 550025;
4. 贵州财经大学信息学院, 贵阳 550025

收稿日期:2021-12-27 修回日期:2022-03-07 发布日期:2022-06-30
作者简介:冉玲琴(1997-),女,硕士研究生,主研方向为区块链技术、博弈论;彭长根(通信作者),教授、博士、博士生导师;许德权,博士研究生;吴宁博,讲师、博士。
基金资助:
国家自然科学基金（U1836205）；贵州省科技计划项目（黔科合平台人才［2020］5017）；贵州省教育厅自然科学项目（黔教合KY字［2021］140）。

Privacy Disclosure Risk Assessment Method Based on Blockchain Technology Architecture

RAN Lingqin^1,3, PENG Changgen^1,2,3, XU Dequan^2,3, WU Ningbo⁴

1. College of Mathematics and Statistics, Guizhou University, Guiyang 550025, China;
2. Guizhou Big Date Academy, College of Computer Science and Technology, Guizhou University, Guiyang 550025, China;
3. State Key Laboratory of Public Big Data, Guiyang 550025, China;
4. College of Information, Guizhou University of Finance and Economics, Guiyang 550025, China

Received:2021-12-27 Revised:2022-03-07 Published:2022-06-30

摘要/Abstract

摘要： 区块链技术的广泛应用导致其隐私泄露问题日益严重。为有效评估区块链技术存在的隐私泄露风险，从区块链技术架构的角度，通过基于博弈的方法对攻击进行量化，提出一种区块链隐私泄露风险评估方法。考虑用户对区块链技术架构层中各攻击的敏感性程度不同，构建用户敏感度矩阵，分别计算主观敏感度与客观敏感度。利用区块链诚实用户与恶意攻击者之间的策略交互过程构建不完全信息静态贝叶斯博弈模型，通过双方的期望收益定义风险影响性与可能性，从而得到基于区块链技术架构层的风险评估分数以及整个区块链的隐私泄露风险评估分数。在此基础上，利用Sigmoid函数对风险评估分数进行正则化处理并根据风险指数判断隐私泄露的风险等级，将隐私泄露分为风险可忽略、风险适中以及风险异常3种状态。实验结果表明，该方法能够有效评估区块链隐私泄露风险情况，指导用户进行多层次、有针对性的隐私保护。

关键词: 区块链, 博弈论, 隐私泄露, 纳什均衡, 风险评估

Abstract: The widespread application of blockchain technology has led to the increasingly serious problem of privacy disclosure.To effectively assess this risk from the perspective of blockchain technology architecture, this study proposed a method for quantifying attacks using game based methods.In considering the different sensitivity of users to attacks in the blockchain technology architecture layer, a user sensitivity matrix is constructed to calculate subjective and objective sensitivity.The policy interaction process between honest users and malicious attackers on the blockchain is used to build a static Bayesian game model with incomplete information, and the risk impact and possibility are defined by the expected benefits of both parties, thereby obtaining the risk assessment score based on the blockchain technology architecture layer and privacy disclosure risk assessment score of the entire blockchain.Based on this, a Sigmoid function is used to regularize the risk assessment scores and determine the risk level of privacy leakage according to the risk index.Privacy leakage is divided into three risk states:negligible, moderate, and abnormal.The experimental results show that this method can effectively assess the risk of blockchain privacy disclosure and ensure multi-level and targeted privacy protection to users.

Key words: blockchain, game theory, privacy disclosure, Nash equilibrium, risk assessment

中图分类号:

TP391

冉玲琴, 彭长根, 许德权, 吴宁博. 基于区块链技术架构的隐私泄露风险评估方法[J]. 计算机工程, 2023, 49(1): 146-153.

RAN Lingqin, PENG Changgen, XU Dequan, WU Ningbo. Privacy Disclosure Risk Assessment Method Based on Blockchain Technology Architecture[J]. Computer Engineering, 2023, 49(1): 146-153.

http://www.ecice06.com/CN/Y2023/V49/I1/146

图/表 7

20230701175751

20230701175754

20230701175757

20230701175801

20230701175804

20230701175807

20230701175810

参考文献

[1] NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2021-11-05].https://bitcoin.org/bitcoin.pdf.
[2] 刘汉卿, 阮娜.区块链中攻击方式的研究[J].计算机学报, 2021, 44(4):786-805. LIU H Q, RUAN N.A survey on attacking strategies in blockchain[J].Chinese Journal of Computers, 2021, 44(4):786-805.(in Chinese)
[3] 冯登国, 张阳, 张玉清.信息安全风险评估综述[J].通信学报, 2004, 25(7):10-18. FENG D G, ZHANG Y, ZHANG Y Q.Survey of information security risk assessment[J].Journal of Communications, 2004, 25(7):10-18.(in Chinese)
[4] 叶聪聪, 李国强, 蔡鸿明, 等.区块链的安全检测模型[J].软件学报, 2018, 29(5):1348-1359. YE C C, LI G Q, CAI H M, et al.Security detection model of blockchain[J].Journal of Software, 2018, 29(5):1348-1359.(in Chinese)
[5] 秦超霞, 郭兵, 沈艳, 等.区块链的安全风险评估模型[J].电子学报, 2021, 49(1):117-124. QIN C X, GUO B, SHEN Y, et al.Security risk assessment model of blockchain[J].Acta Electronica Sinica, 2021, 49(1):117-124.(in Chinese)
[6] 田国华, 胡云瀚, 陈晓峰.区块链系统攻击与防御技术研究进展[J].软件学报, 2021, 32(5):1495-1525. TIAN G H, HU Y H, CHEN X F.Research progress on attack and defense techniques in block-chain system[J].Journal of Software, 2021, 32(5):1495-1525.(in Chinese)
[7] WANG H Q, KUN H, XU D M.A maturity model for blockchain adoption[EB/OL].[2021-11-05].https://www.researchgate.net/publication/310537864_A_maturity_model_for_blockchain_adoption.
[8] MORGANTI G, SCHIAVONE E, BONDAVALLI A.Risk assessment of blockchain technology[C]//Proceedings of the 8th Latin-American Symposium on Dependable Computing.Washington D.C., USA:IEEE Press, 2018:87-96.
[9] ROSS R.Guide for conducting risk assessments[EB/OL].[2021-11-05].https://www.nist.gov/publications/guide-conducting-risk-assessments.
[10] ZAMANI E, HE Y, PHILLIPS M.On the security risks of the blockchain[J].Journal of Computer Information Systems, 2020, 60(6):495-506.
[11] DUMAS J G, JIMENEZ-GARCES S, SOIMAN F.Blockchain technology and crypto-assets market analysis:vulnerabilities and risk assessment[C]//Proceedings of the 12th International Multi-Conference on Complexity, Informatics and Cybernetics.Washington D.C., USA:IEEE Press, 2021:1-28.
[12] 邵奇峰, 金澈清, 张召, 等.区块链技术:架构及进展[J].计算机学报, 2018, 41(5):969-988. SHAO Q F, JIN C Q, ZHANG Z, et al.Blockchain:architecture and research progress[J].Chinese Journal of Computers, 2018, 41(5):969-988.(in Chinese)
[13] 孟小峰, 刘立新.基于区块链的数据透明化:问题与挑战[J].计算机研究与发展, 2021, 58(2):237-252. MENG X F, LIU L X.Blockchain-based data transparency:issues and challenges[J].Journal of Computer Research and Development, 2021, 58(2):237-252.(in Chinese)
[14] 谢识予.经济博弈论[M].上海:复旦大学出版社, 2002. XIE S Y.Economic game theory[M].Shanghai:Fudan University Press, 2002.(in Chinese)
[15] COX L A.Game theory and risk analysis[J].Risk Analysis, 2009, 29(8):1062-1068.
[16] ZHAO Y F, HUANG L N, SMIDTS C, et al.Finite-horizon semi-Markov game for time-sensitive attack response and probabilistic risk assessment in nuclear power plants[J].Reliability Engineering & System Safety, 2020, 201:106878.
[17] ALZAHRANI N, BULUSU N.Towards true decentra-lization:a blockchain consensus protocol based on game theory and randomness[EB/OL].[2021-11-05].https://www.researchgate.net/publication/327876786_Towards_True_Decentralization_A_Blockchain_Consensus_Protocol_Based_on_Game_Theory_and_Randomness_9th_International_Conference_GameSec_2018_Seattle_WA_USA_October_29-31_2018_Proceedings.
[18] ZHANG T, ZHAO K, YANG M, et al.Research on privacy security risk assessment method of mobile commerce based on information entropy and Markov[J].Wireless Communi-cations and Mobile Computing, 2020, 15:1-11.
[19] HAN X, HUANG H L, WANG L Y.F-PAD:private attribute disclosure risk estimation in online social networks[J].IEEE Transactions on Dependable and Secure Computing, 2019, 16(6):1054-1069.
[20] KANG H Y, XIAO Y H, YIN J.An intelligent detection method of personal privacy disclosure for social networks[J].Security and Communication Networks, 2021, 20:1-11.
[21] RANA R M, ZAEEM R N, BARBER K S.An assessment of blockchain identity solutions:minimizing risk and liability of authentication[C]//Proceedings of IEEE/WIC/ACM International Conference on Web Intelligence.Washington D.C., USA:IEEE Press, 2019:26-33.
[22] 邝青青.基于个人隐私泄露的风险评估[D].贵阳:贵州大学, 2016. KUANG Q Q.Risk assessment based on personal privacy disclosure[D].Guiyang:Guizhou University, 2016.(in Chinese)
[23] RACHANA HARISH A, LIU X L, ZHONG R Y, et al.Log-flock:a blockchain-enabled platform for digital asset valuation and risk assessment in E-commerce logistics financing[J].Computers & Industrial Engineering, 2021, 151:107001.
[24] ZARREH A, WAN H, LEE Y, et al.Risk assessment for cyber security of manufacturing systems:a game theory approach[J].Procedia Manufacturing, 2019, 38:605-612.
[25] CHERIGUENE A, KABACHE T, KERRACHE C A, et al.NOTA:a novel online teaching and assessment scheme using blockchain for emergency cases[J].Education and Information Technologies, 2022, 27(1):115-132.

选择文件类型/文献管理软件名称

选择包含的内容

基于区块链技术架构的隐私泄露风险评估方法

Privacy Disclosure Risk Assessment Method Based on Blockchain Technology Architecture

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链数据形成与隐私威胁[J]. 计算机工程, 2023, 49(8): 1-12.
[2]	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案[J]. 计算机工程, 2023, 49(6): 34-41,52.
[3]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[4]	高健博, 张家硕, 李青山, 陈钟. RegLang监管合约规则冲突检测方法[J]. 计算机工程, 2023, 49(5): 12-21,28.
[5]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链隐私保护机制研究[J]. 计算机工程, 2023, 49(4): 1-13.
[6]	黄金荣, 刘百祥, 张亮, 张展鹏. 基于智能合约和非同质化代币的去中心化匿名身份认证模型[J]. 计算机工程, 2023, 49(4): 14-22.
[7]	白首圳, 陈美娟. 面向工业互联网的区块链分层分片研究[J]. 计算机工程, 2023, 49(3): 58-66,79.
[8]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[9]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[10]	孙林昆, 蒋文保, 郭阳楠, 李春强. 基于密码累加器的无状态区块链性能优化[J]. 计算机工程, 2023, 49(2): 46-53.
[11]	刘泽坤, 王峰, 贾海蓉. 结合动态信用机制的PBFT算法优化方案[J]. 计算机工程, 2023, 49(2): 191-198.
[12]	李尤慧子, 俞海涛, 殷昱煜, 高洪皓. 基于超级账本的集群联邦优化模型[J]. 计算机工程, 2023, 49(1): 22-30.
[13]	陈凯, 徐成, 刘宏哲, 代松银. 基于区块链的危险驾驶地图数据评估模型[J]. 计算机工程, 2022, 48(8): 160-165,172.
[14]	张亮, 刘百祥. 区块链与秘密分享融合技术综述[J]. 计算机工程, 2022, 48(8): 1-11.
[15]	王劲松, 赵述佳, 赵泽宁, 张洪玮. 基于交易网络的公有链用户识别方法[J]. 计算机工程, 2022, 48(8): 30-36.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于区块链技术架构的隐私泄露风险评估方法

Privacy Disclosure Risk Assessment Method Based on Blockchain Technology Architecture

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献

相关文章 15

编辑推荐

Metrics

本文评价