基于智能合约的工业互联网数据公开审计方案  被引量：4

作　　者：李涛[1,2,3] 杨安家 翁健[1,2,3] 郭梓繁 LI Tao;YANG An-Jia;WENG Jian;GUO Zi-Fan(College of Cyber Security,Jinan University,Guangzhou 510632,China;National Joint Engineering Research Center of Network Security Detection and Protection Technology(Jinan University),Guangzhou 510632,China;Guangdong Provincial Key Laboratory of Data Security and Privacy Protection(Jinan University),Guangzhou,510632,China)

机构地区：[1]暨南大学网络空间安全学院,广东广州510632 [2]网络安全检测与防护技术国家地方联合工程研究中心(暨南大学),广东广州510632 [3]广东省数据安全与隐私保护重点实验室(暨南大学),广东广州510632

出　　处：《软件学报》2023年第3期1491-1511,共21页Journal of Software

基　　金：广东省重点领域研发计划(2020B0101360001);国家重点研发计划(2021ZD0112802,2020YFB1005600,2017YFB0802200,2018YFB100370);国家自然科学基金(62072215,U1736203,61825203)。

摘　　要：随着工业互联网产生的数据量日益增加,越来越多的企业选择将工业互联网数据外包存储在云服务器上以节省存储开销.为了防止外包存储的数据被篡改或删除,企业需要定期对其进行审计.提出了一种基于智能合约的工业互联网数据公开审计方案.该方案基于博弈论的思想,设计了一系列智能合约,以高效地抵抗参与者恶意行为.与现有抗合谋的公开审计方案相比,该方案不依赖于复杂的密码学工具实现对参与者恶意行为的抵抗,使得其更为高效,进而能够更好地应用于海量且频繁更新的工业互联网数据场景中.特别地,所设计的博弈合约作为一种独立的工具,能够与现有的公开审计方案有效结合,在不降低其审计效率的同时,增加方案的安全性.在本地环境和以太坊公有测试链Ropsten上对博弈合约以及整体方案进行了一系列的测试,结果表明,所设计的合约运行花费低且对运行环境适应性强,对原有完整性审计方案的效率影响小;同时,与其他抗审计者恶意行为的完整性方案相比,该方案更为高效.As the amount of data generated by the Industrial Internet grows, more and more companies are choosing to outsource the storage for their Industrial Internet data to cloud servers to save storage costs. To prevent the outsourced data from being tampered or deleted, companies need to audit the data integrity regularly. This study proposes a public auditing scheme for Industrial Internet data based on smart contracts. Particularly, a series of game-theory based smart contracts are designed which can efficiently mitigate malicious participators including the third-party auditor and the cloud server. Compared to existing collusion-resistant public auditing schemes, the proposed scheme does not rely on complex cryptographic tools to achieve resistance to participant malicious behavior, and thu s is more efficient and suitable to Industrial Internet applications where huge amount of data need to be frequently updated. Specifica lly, the game-based contract designed in this study as an individual solution, can be effectively combined with existing publi c auditing schemes to turn out a public auditing scheme with better security without losing efficiency. Finally, a series of tests are conducted on the proposed contract in the local environment and Ropsten, the common test chain for Ethereum. The results show that the designed contract is cheap to run and adaptable to the operating environment, has little impact on the efficiency of the original integrity audit soluti on, and is more efficient than other integrity schemes that resist the malicious behavior of auditors.

关 键 词：工业互联网 云存储 公开审计 智能合约 博弈论 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]