作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2024, Vol. 50 ›› Issue (7): 174-186. doi: 10.19678/j.issn.1000-3428.0068120

• 网络空间安全 • 上一篇    下一篇

分布式可信数据管理与隐私保护技术研究

郑清安1, 董建成2, 陈亮3, 阮英清4, 李锦松3, 许林彬5,*()   

  1. 1. 福建警察学院计算机与信息安全管理系, 福建 福州 350007
    2. 北京邮电大学网络空间安全学院, 北京 100876
    3. 福建省监狱管理局, 福建 福州 350002
    4. 福建省司法厅, 福建 福州 350025
    5. 中共福建省委政法委员会, 福建 福州 350003
  • 收稿日期:2023-07-20 出版日期:2024-07-15 发布日期:2024-03-06
  • 通讯作者: 许林彬
  • 基金资助:
    2023年福建省社会科学基金公安理论研究专项(FJ2023TWGA004); 福建省财政厅省直单位教育和科研专项; 国家重点研发计划(2020YFB1005500); 北京市自然科学基金(M21034)

Research on Distributed Trusted Data Management and Privacy Protection Technology

Qing'an ZHENG1, Jiancheng DONG2, Liang CHEN3, Yingqing RUAN4, Jinsong LI3, Linbin XU5,*()   

  1. 1. Department of Computer and Information Security Management, Fujian Police College, Fuzhou 350007, Fujian, China
    2. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
    3. Fujian Provincial Prison Administration, Fuzhou 350002, Fujian, China
    4. Fujian Provincial Department of Justice, Fuzhou 350025, Fujian, China
    5. The Political and Legal Affairs Committee of the CPC Fujian Provincial Committee, Fuzhou 350003, Fujian, China
  • Received:2023-07-20 Online:2024-07-15 Published:2024-03-06
  • Contact: Linbin XU

摘要:

相较于传统的分布式数据库系统, 区块链技术在处理记账事务方面展现出更好的分布性、透明性和可信性, 且传统中心化数据库系统存在严重的隐私泄露问题。针对传统中心化数据管理机制中存在的信任问题和隐私泄露问题, 提出一种支持隐私保护的分布式可信数据管理模型。该模型采用分布式存储、数据隐私保护、访问控制和分布式身份等关键技术来实现数据的可信管理和协同隐私保护。在数据隐私保护方面, 基于同态加密和零知识证明算法协议保障用户的数据隐私。在数据访问控制方面, 结合链上群组隔离机制和节点存储落盘加密技术实现数据访问控制, 将隐私控制回归属主。在用户身份隐私保护方面, 利用分布式身份技术将物理身份和可验证凭证进行链下存储, 将实体信息最小化或根据需要在受控范围内共享。搭建系统原型并测试系统区块链吞吐量, 结果表明, 针对get请求, 每秒完成的事务数(TPS)达到811.2, set请求的TPS达到225.5, 正确率均为100%。系统测试结果验证了该模型在功能性、安全性和可行性方面符合预期, 性能较优。

关键词: 区块链, 隐私保护, 可信数据, 访问控制, 分布式身份

Abstract:

Blockchain systems provide better distribution, transparency, and trustworthiness than traditional distributed database systems in terms of bookkeeping methods. To address the trust and privacy leakage problems that exist in traditional centralized data management mechanisms, this study proposes a distributed trusted data management model that supports privacy protection. The model adopts key technologies, such as distributed storage, data privacy protection, access control, and distributed identity, to realize trusted data management and collaborative privacy protection. In terms of data privacy protection, user data privacy is guaranteed based on homomorphic encryption and a zero-knowledge proof algorithm protocol. Data access control is realized by combining an on-chain group isolation mechanism with node storage drop disk encryption technology, returning privacy control to the owner. In terms of user identity privacy protection, distributed identity technology is used to store physical identity and verifiable credentials off-chain to minimize entity information or share it within a controlled range as needed. The system prototype is built and tested for blockchain throughput. The results show that for get requests, Transactions Per Second (TPS) reaches 811.2, and for set requests, TPS reaches 225.5, with an accuracy rate of 100%. The system testing results show that the model's functionality, security, and feasibility meet expectations, with superior performance.

Key words: blockchain, privacy protection, trusted data, access control, distributed identity