| Permissioned blockchains are proposed for enterprise applications that require communication and data confidentiality,which marks the arrival of blockchain 3.0 era.A permissioned blockchain is a decentralized system which is composed of multiple nodes.Each node maintains the same immutable ledger.Participants trust the data in the ledger without a centralized authority.Therefore,the data security of a ledger is crucial.In a permissioned blockchain,the security of its consensus protocol and private data mechanism is very important to the data integrity and data confidentiality of a ledger.A blockchain system mainly relies on a consensus protocol to maintain the integrity of a ledger.Existing work mainly focuses on attacks against the consensus protocols in public blockchains.However,there is no systematic analysis of attacks against the consensus protocol in the E-O-V permissioned blockchains.The private data mechanism is a representative feature of a permissioned blockchain.This mechanism can keep some data private within a subset of participants.However,existing work does not systematically analyse the security of private data mechanisms in permissioned blockchains.Besides,existing work designs many data sharing schemes based on blockchains,and utilizes the immutable ledger to build the chain of custody of shared data.However,in the scenario of sharing sensitive big data,existing schemes cannot securely and autonomously build the chain of custody due to dishonest users.To improve the data and data sharing security in a permissioned blockchain,we respectively study the security of its consensus protocol,the security of private data mechanisms and secure big-data sharing protocols as follows.Firstly,we model the consensus protocol in an E-O-V permissioned blockchain.By exploiting the vulnerable chaincode deployment process and vulnerable endorsements of private transactions,we propose collusion attacks against the consensus protocol to manipulate both public data and private data.Further,we modify the chaincode deployment scheme and modify the private transaction validation process to mitigate the collusion attacks,so as to enforce the ledger integrity.Secondly,we find that failed private transactions may reveal the private data to its non-member nodes.To address the problem,we propose a commitment-controlled release of secrets(CORES)protocol based on bilinear pairing cryptography.With CORES,the private data will be revealed only after the private transaction is successfully committed to the blockchain.Furthermore,some public blockchain protocols such as the digital goods fair exchange protocol have the similar data leakage issues which can be solved by adopting CORES.Then,we design a novel big-data sharing scheme by utilizing smart contracts and access control mechanisms in permissioned blockchains.Considering dishonest users,the proposed scheme can autonomously and securely build the chain of custody of shared big data in an immutable ledger.Our big-data sharing scheme also can protect the confidentiality of the sensitive big data.Finally,we build a big file sharing prototypical system based on Hyperledger Fabric,and apply the above findings to secure its underlying blockchain system and its application protocol.This dissertation studies the consensus protocol,the private data mechanism and the big data sharing mechanism in a permissioned blockchain,so as to improve its data security and data sharing security.To the best of our knowledge,we are the first to discover multiple security problems in the consensus protocol and the private data mechanism of the representative permissioned blockchains,and further propose corresponding countermeasures.We also design a novel big data sharing mechanism and system to improve the security of data sharing applications.Our findings have great contributions to the security of blockchain-based enterprise applications and the development of permissioned blockchains. |
PDF Full Text Request