基于区块链的网络安全体系结构与关键技术研究进展  被引量：60

作　　者：徐恪[1,2,4] 凌思通 李琦 吴波 沈蒙[6] 张智超[1,2] 姚苏[1,2] 刘昕 李琳 XU Ke;LING Si-Tong;LI Qi;WU Bo;SHEN Meng;ZHANG Zhi-Chao;YAO Su;LIU Xin;LI Lin(Department of Computer Science and Technology,Tsinghua University,Beijing 100084;Beijing National Research Center for Information Science and Technology,Beijing 100084;Institute for Network Science and Cyberspace,Tsinghua University,Beijing 100084;Peng Cheng Laboratory,Shenzhen,Guangdong 518000;2012 Labs,Huawei Technology Co.Ltd.,Beijing 100085;School of Computer Science,Beijing Institute of Technology,Beijing 100081;Migu Culture Technology Co.,Ltd,Beijing 100088)

机构地区：[1]清华大学计算机科学与技术系,北京100084 [2]北京信息科学与技术国家研究中心,北京100084 [3]清华大学网络科学与网络空间研究院,北京100084 [4]鹏城实验室,广东深圳518000 [5]华为技术有限公司2012实验室,北京100085 [6]北京理工大学计算机学院,北京100081 [7]咪咕文化科技有限公司,北京100088

出　　处：《计算机学报》2021年第1期55-83,共29页Chinese Journal of Computers

基　　金：国家重点研发计划课题(2018YFB0803405);国家杰出青年科学基金(61825204);国家自然科学基金(61932016,61802222);北京高校卓越青年科学家计划项目(BJJWZYJH101201910003011);国家研究中心项目(BNR2019RC01011);鹏城实验室大湾区未来网络试验与应用环境项目(LZC0019);华为技术有限公司委托项目(IIF2019015003)资助

摘　　要：随着互联网技术的不断演进与用户数量的“爆炸式”增长,网络作为一项基础设施渗透于人们生存、生活的各个方面,其安全问题也逐渐成为人们日益关注的重点.然而,随着网络规模的扩大以及攻击者恶意行为的多样化、复杂化,传统网络安全体系架构及其关键技术已经暴露出单点信任、部署困难等诸多问题,而具备去中心化、不可篡改等特性的区块链技术为网络安全所面临的挑战提供了新的解决思路.本文从网络层安全、应用层安全以及PKI安全三方面对近几年基于区块链的网络安全体系结构与关键技术研究进行梳理,并将区块链的作用归类为真实存储、真实计算、真实激励三种情形.针对区块链的具体应用领域,本文首先介绍了该领域的安全现状,然后对区块链的具体应用研究进行了介绍,并分析了区块链技术在该领域所存在的优势.本文最后结合现有的解决思路对未来区块链应用中所需要注意的隐私问题、可扩展性问题、安全问题以及区块链结构演进的方向进行了分析,并对未来基于区块链的网络安全体系结构与关键技术研究进行了展望.With the continuous evolution of Internet technology and the explosively increasing number of users,the Internet has become an integral part of people’s daily life.Therefore,network security has become the focus of attention.Researchers have been doing much research on network security.However,with the expansion of network scale and the diversification of attackers’misbehaviors,some drawbacks have been exposed to traditional network security architecture and its key technologies.Firstly,most of today’s network security infrastructures,such as PKI and RPKI,are realized as a centralized architecture.Therefore,the cybersecurity measures built on the trust in these centralized infrastructures expose a single-point of trust problem.The incidents of DigiNotar hacked to issue the malicious certificate for more than 500 websites and Symantec’s misinformation of more than 30000 certificate extension vouchers all indicate that once incidents occur in these trust centers,it will be a severe impact on the entire Internet.Secondly,since early network architecture designation did not seriously consider security,the deployment of many later proposed security mechanisms will modify existing network protocols and affect network efficiency.Therefore,there are difficulties in the actual deployment of these security mechanisms.Besides,with the advent of the IoT era,the network’s complexity will continue to expand,and network security construction should be participated by many organizations and even the whole people.However,there is a lack of a reliable incentive mechanism to coordinate the cooperation between different organizations and mobilize users’enthusiasm to participate in the network security construction.Nowadays,there is no good solution for these disadvantages,but emerging technology blockchain provides new solutions.Blockchain is a trustworthy distributed database that integrates P2P technology,cryptography,consensus mechanism,and distributed storage technology.Because of blockchain’s characteristics such

关 键 词：区块链 网络安全体系结构 网络层安全 应用层安全 PKI安全 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]