Conference：22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

CCF level：CCF C

Categories：Network and Information Security

Year：2023

Num：30

Conference time：1-3 November 2023

1

Title: 

TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain

TI-DNS：基于区块链的可信、激励性DNS解析架构

Authors: 

Key words:

DNS, cache poisoning attack, blockchain, smart contract, shared model

DNS、缓存中毒攻击、区块链、智能合约、共享模型

Abstract: 

Domain Name System (DNS) is a critical component of the Internet infrastructure, responsible for translating domain names into IP addresses. However, DNS is vulnerable to some malicious attacks, including DNS cache poisoning, which redirects users to malicious websites displaying offensive or illegal content. Existing countermeasures often suffer from at least one of the following weakness: weak attack resistance, high overhead, or complex implementation. To address these challenges, this paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records caused by the cache poisoning attacks in the DNS resolution process. TI-DNS leverages a multi-resolver Query Vote mechanism to ensure the credibility of verified records on the blockchain ledger and a stake-based incentive mechanism to promote well-behaved participation. Importantly, TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure. Finally, we develop a prototype and evaluate it against alternative solutions. The result demonstrates that TI-DNS effectively and efficiently solves DNS cache poisoning.

域名系统 (DNS) 是互联网基础设施的重要组成部分，负责将域名转换为 IP 地址。然而，DNS 容易受到一些恶意攻击，包括 DNS 缓存中毒，它会将用户重定向到显示攻击性或非法内容的恶意网站。现有的对策通常存在以下至少一个弱点：抗攻击性弱、开销高或实施复杂。为了应对这些挑战，本文提出了 TI-DNS，这是一种基于区块链的 DNS 解析架构，旨在检测和纠正 DNS 解析过程中缓存中毒攻击造成的伪造 DNS 记录。TI-DNS 利用多解析器查询投票机制来确保区块链账本上经过验证的记录的可信度，并利用基于权益的激励机制来促进良好行为的参与。重要的是，TI-DNS 很容易被采用，因为它只需要对当前 DNS 基础设施的解析器端进行修改。最后，我们开发了一个原型并根据替代解决方案对其进行了评估。结果表明，TI-DNS 有效且高效地解决了 DNS 缓存中毒问题。

Pdf link:

https://ieeexplore.ieee.org/document/10538522

2

Title: 

A Commitment and Ring Signature based Scheme for Amount and Identity Privacy Protection in Blockchain

基于承诺和环签名的区块链金额和身份隐私保护方案

Authors: 

Key words:

Blockchain, Pedersen Commitment, Privacy Protection, Smart Contract, Ring Signature, Transaction

区块链，Pedersen承诺，隐私保护，智能合约，环签名，交易

Abstract: 

Blockchain has been envisioned as an anonymous cryptocurrency framework and can be applied in various applications such as e-payment, share economics, and distributed ledger. Although an account is anonymous, privacy in terms of consumption behaviors still imposes leakage risks. For example, an adversary may infer the consumption capability related to an account further by analyzing the history of consumption records. It is thus of critical importance to design a solution to preserve the anonymity of both transaction amount and transaction peer’s identity, which is changeable because the amount must be still authenticated in anonymity. In this paper, we propose a scheme by using Pedersen commitment to anonymize the transaction amount, and together using ring signature to conceal the transaction peer’s identity while maintaining authentication. Especially, we further improve the security of anonymous authentication enabled by ring signature by introducing accountability, which can defend against double-spending attacks by penalization and empower auditability. The extensive performance and security analysis justify the applicability of the proposed scheme.

区块链被认为是一种匿名加密货币框架，可应用于电子支付、共享经济和分布式账本等各种应用。尽管账户是匿名的，但消费行为方面的隐私仍然存在泄露风险。例如，对手可以通过分析消费记录的历史来进一步推断与账户相关的消费能力。因此，设计一个解决方案来保护交易金额和交易对等方身份的匿名性至关重要，因为金额在匿名的情况下仍必须经过认证，所以交易金额和交易对等方身份是可变的。在本文中，我们提出了一个方案，利用 Pedersen 承诺来匿名化交易金额，并结合使用环签名来隐藏交易对等方的身份，同时保持认证。特别是，我们通过引入问责制进一步提高了环签名支持的匿名认证的安全性，这可以通过惩罚来抵御双重支付攻击并增强可审计性。广泛的性能和安全性分析证明了所提方案的适用性。

Pdf link:

https://ieeexplore.ieee.org/document/10538704

3

Title: 

IHFBF: A High-Performance Blockchain Framework for Improving Hyperledger Fabric Permissioned Chain

IHFBF：用于改进 Hyperledger Fabric 许可链的高性能区块链框架

Authors: 

Key words:

Permissioned chain, Byzantine fault-tolerant consensus, blockchain, parallel workflow, IHFBF

许可链、拜占庭容错共识、区块链、并行工作流、IHFBF

Abstract: 

Permissioned blockchain frameworks typically employ efficient Byzantine fault-tolerant consensus protocols, making them appealing for the deployment of fast transaction applications among a large number of mutually distrustful participants. However, existing permissioned blockchain frameworks typically use sequential serial workflows to invoke the consensus protocol and execute transactions for the application, resulting in significantly lower performance for these applications when deployed in traditional systems. Therefore, a new permissioned blockchain framework is needed to improve transaction processing efficiency and enhance system performance for practical blockchain technology applications. We propose IHFBF (Improved Hyperledger Fabric Blockchain Framework), an improved permissioned blockchain framework that employs a predictive transaction sorting method by selecting a node within the consensus nodes to act as a sorter. This enables parallel execution of the consensus protocol and transactions, resulting in improved overall system performance. However, if the sorter is a malicious node, it can severely impact system performance. To address this, IHFBF uses a view-change method based on a deny-list approach, which effectively guides all participants and replaces or denies malicious participants. Compared to other three fast permissioned blockchain frameworks, IHFBF’s parallel workflow framework reduces latency and exhibits better throughput in the presence of malicious participants, resulting in efficient system performance.

许可型区块链框架通常采用高效的拜占庭容错共识协议，因此非常适合在大量互不信任的参与者之间部署快速交易应用程序。然而，现有的许可型区块链框架通常使用顺序串行工作流来调用共识协议并为应用程序执行交易，导致这些应用程序在传统系统中部署时性能显著降低。因此，需要一种新的许可型区块链框架来提高交易处理效率并增强实际区块链技术应用的系统性能。我们提出了 IHFBF（改进的 Hyperledger Fabric 区块链框架），这是一种改进的许可型区块链框架，它采用预测交易排序方法，通过选择共识节点中的节点作为排序器。这使得共识协议和交易能够并行执行，从而提高整体系统性能。但是，如果排序器是恶意节点，则会严重影响系统性能。为了解决这个问题，IHFBF 使用基于拒绝列表方法的视图更改方法，可以有效地引导所有参与者并替换或拒绝恶意参与者。与其他三种快速许可区块链框架相比，IHFBF 的并行工作流框架在存在恶意参与者的情况下降低了延迟并表现出更好的吞吐量，从而实现了高效的系统性能。

Pdf link:

https://ieeexplore.ieee.org/document/10538680

4

Title: 

Rethinking Practical Blockchain-Based Symmetric Searchable Encryption Services

重新思考基于区块链的实用对称可搜索加密服务

Authors: 

Key words:

Blockchain, Searchable Encryption, Efficiency, Soundness

区块链、可搜索加密、效率、健全性

Abstract: 

Blockchain-based cloud storage is one of the areas which have been developing rapidly in both academia and industry in recent years. As a key feature to improve the usability of such systems, keyword search is yet missing in existing blockchain-based cloud storage systems due to the encryption of uploaded files. To enable this important feature for blockchain-based cloud storage systems while preserving privacy, blockchain-based Symmetric Searchable Encryption schemes have attracted a lot of research interest. In this research, we pinpoint three important requirements for blockchain-based SSE systems to be practical. The first two requirements are fast query response and low on-chain storage cost. They are the key for a blockchain-based SSE system to be usable and feasible. The third requirement is soundness, which guarantees that dishonest behaviours from both users and service providers can be detected and prevented. To the best of our knowledge, none of the existing studies achieves these properties at the same time. To fill in this gap, we present a novel construction of the blockchain-based SSE system. We provide both theoretical analysis and empirical evaluation to show that the system achieves all the desired properties.

基于区块链的云存储是近年来学术界和工业界发展迅速的领域之一。关键字搜索是提高此类系统可用性的关键功能，但由于上传文件的加密，现有的基于区块链的云存储系统尚不具备此功能。为了在保护隐私的同时实现基于区块链的云存储系统的这一重要功能，基于区块链的对称可搜索加密方案吸引了大量研究兴趣。在本研究中，我们确定了基于区块链的 SSE 系统实用化的三个重要要求。前两个要求是快速查询响应和低链上存储成本。它们是基于区块链的 SSE 系统可用和可行的关键。第三个要求是健全性，这保证可以检测和防止来自用户和服务提供商的不诚实行为。据我们所知，现有的研究都没有同时实现这些属性。为了填补这一空白，我们提出了一种基于区块链的 SSE 系统的新型构造。我们提供理论分析和实证评估来表明该系统实现了所有期望的属性。

Pdf link:

https://ieeexplore.ieee.org/document/10538607

5

Title: 

A Secure Contactless Payment System with Bidirectional Blockchain and Blake Hash Function

具有双向区块链和 Blake 哈希函数的安全非接触式支付系统

Authors: 

Key words:

Bidirectional blockchain, Internet of Things (IoT), Radio Frequency Identification (RFID), Distributed Ledger Technology (DLT), Contactless Payment

双向区块链、物联网（IoT）、射频识别（RFID）、分布式账本技术（DLT）、非接触式支付。

Abstract: 

The growth of the Internet of Things (IoT) has led to an increased demand for contactless payment via IoT devices. However, machine-to-machine (M2M) payment in the IoT has been limited by poor centralized transaction management, given the distributed nature of the IoT, which results in massive communication overhead. Blockchain technology provides a promising solution for M2M payments in the IoT, but the current blockchain-based solutions for contactless payment lack security and scalability. To address this, a new customised Committee Member Auction mechanism has been proposed that is both safe and scalable for resource-constrained IoT devices. This mechanism also reduces the block mining time by integrating the BLAKE hashing algorithm, as opposed to SHA-256. The proposed framework was implemented utilizing an ESP32 microcontroller and RC522 RFID reader to record over 100 transactions each for SHA-256 and Blake. The results obtained validate that Blake hashing algorithm along with Bidirectional blockchain outperforms SHA-256 by reducing 30% of mining time. Besides improved mining efficiency, this scheme is also found to be resistant against Long Range Attack, Double Spend Attack and Eclipse attack. The proposed scheme thus offers a more secure and scalable option for contactless payments in IoT systems.

物联网 (IoT) 的发展导致对通过物联网设备进行非接触式支付的需求增加。然而，由于物联网的分布式特性，物联网中的机器对机器 (M2M) 支付受到不良集中式交易管理的限制，从而导致大量通信开销。区块链技术为物联网中的 M2M 支付提供了一种有前途的解决方案，但当前基于区块链的非接触式支付解决方案缺乏安全性和可扩展性。为了解决这个问题，提出了一种新的定制委员会成员拍卖机制，该机制对于资源受限的物联网设备既安全又可扩展。该机制还通过集成 BLAKE 哈希算法（而不是 SHA-256）来减少区块挖掘时间。所提出的框架是利用 ESP32 微控制器和 RC522 RFID 阅读器实现的，为 SHA-256 和 Blake 分别记录超过 100 笔交易。获得的结果验证了 Blake 哈希算法以及双向区块链的性能优于 SHA-256，减少了 30% 的挖掘时间。除了提高挖矿效率外，该方案还被发现能够抵御远程攻击、双重支付攻击和日蚀攻击。因此，该方案为物联网系统中的非接触式支付提供了更安全、更可扩展的选择。

 

Pdf link:

https://ieeexplore.ieee.org/document/10538542

篇幅有限，下篇文章将继续分享剩余论文

持续接收区块链最新论文

洞察区块链技术发展趋势

Follow us to keep receiving the latest blockchain papers

Insight into Blockchain Technology Trends