区块链在PKI安全中的应用研究

doi:10.3778/j.issn.1673-9418.2311038

摘要/Abstract

摘要： 重应用、轻防御的设计思想致使传输控制协议/网际协议（TCP/IP）体系结构设计之初就缺乏内生安全属性，使得公钥基础设施（PKI）作为实现互联网不同实体之间通信真实性、完整性、机密性和不可抵赖性的安全治理权威架构自提出以来就备受关注，同时PKI自身因其中心化机制带来的单点故障和单一信任等安全威胁也成为近年来研究者关注的热点。随着区块链技术逐渐应用于信息安全领域，利用区块链的去中心化、分布式账本、防篡改、公开透明等特点来解决原生PKI及其演进过程中出现的各类安全问题成为一个研究方向和重点。根据PKI技术的发展及区块链技术的应用，将解决原生PKI安全的方法分为以信任网络（WoT）技术和证书透明度（CT）机制为主的不依赖区块链的解决方案，保留认证机构（CA）核心功能的融入区块链技术的中心化PKI方案，以及用区块链完全替代CA功能的基于区块链的去中心化PKI方案。介绍了原生PKI的安全现状，讨论了分别利用WoT技术和CT机制对原生PKI的安全性进行改造的具体方法，重点分析了融入区块链技术的中心化PKI以及基于区块链的去中心化PKI的设计思想，并分别选择了部分典型应用场景就其实现方法和应用特点进行了有针对性的剖析，对区块链在PKI安全中的应用研究进行了展望。

关键词: 区块链, 公钥基础设施, 网络安全, 证书管理, 认证机构

Abstract: The design idea of emphasizing application and neglecting defense leads to the lack of endogenous security attributes at the beginning of the design of transmission control protocol/Internet protocol (TCP/IP) architecture. Public key infrastructure (PKI), as an authoritative security governance framework to realize the authenticity, integrity, confidentiality and non-repudiation of communication between different entities on the Internet, has attracted much attention since it was proposed, which has also become the focus of researchers in recent years because of single point of failure and single trust and other security threats caused by the centralized mechanism of PKI. With the gradual application of blockchain technology in the field of information security, it has become a research direction and focus to use the characteristics of decentralization, distributed ledger, tamper-proof, openness and transparency of blockchain to solve various security problems arising in the native PKI and its evolution. According to the application and development of PKI and blockchain, the methods to solve PKI security are divided into the solutions based on Web of trust (WoT) technology and certificate transparency (CT) mechanism, which do not rely on blockchain, the centralized PKI solutions integrated with blockchain technology, which retain the core function of certificate authority (CA), and the decentralized PKI schemes based on blockchain, which completely replace the CA function with blockchain. Firstly, the security status of the original PKI is introduced, and the methods using WoT technology and CT mechanism to transform the security of the original PKI are discussed respectively. Then, the design ideas of centralized PKI integrated with blockchain technology and decentralized PKI based on blockchain are analyzed. Some typical application scenarios are selected to analyze their implementation methods and application characteristics. Finally, the application research of blockchain in PKI security is prospected.

Key words: blockchain, public key infrastructure, cybersecurity, certificate management, certificate authority

夏玲玲, 王群, 马卓, 梁广俊. 区块链在PKI安全中的应用研究[J]. 计算机科学与探索, 2024, 18(10): 2573-2593.

XIA Lingling, WANG Qun, MA Zhuo, LIANG Guangjun. Research on Application of Blockchain in PKI Security[J]. Journal of Frontiers of Computer Science and Technology, 2024, 18(10): 2573-2593.

参考文献

[1] KOLKMAN O, MEKKING W, GIEBEN R. DNSSEC operational practices, version 2(RFC 6781)[EB/OL]. (2012-12-01)[2023-09-10]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6781. txt.pdf.
[2] WEILER S, SONALKER A, AUSTEIN R. A publication protocol for the resource public key infrastructure (RPKI) (RFC 8181)[EB/OL]. [2023-09-10]. https://www.rfc-editor.org/rfc/pdfrfc/rfc8181.txt.pdf.
[3] Sun Microsystems, Inc. Public key infrastructure overview [EB/OL]. (2001-08-01)[2023-09-10]. http://highsecu.free.fr/db/outils_de_securite/cryptographie/pki/publickey.pdf.
[4] Verizon. 2023 data breach investigations report (DBIR)[EB/OL]. [2023-09-10]. https://www.verizon.com/bu siness/resources/reports/2023-data-breach-investigations-report-dbir.pdf.
[5] 王群, 李馥娟, 王振力, 等. 区块链原理及关键技术[J]. 计算机科学与探索, 2020, 14(10): 1621-1643.
WANG Q, LI F J, WANG Z L, et al. Principle and core technology of blockchain[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(10): 1621-1643.
[6] 刘敖迪, 杜学绘, 王娜, 等. 区块链技术及其在信息安全领域的研究进展[J]. 软件学报, 2018, 29(7): 2092-2115.
LIU A D, DU X H, WANG N, et al. Research progress of blockchain technology and its application in information security[J]. Journal of Software, 2018, 29(7): 2092-2115.
[7] 徐恪, 凌思通, 李琦, 等. 基于区块链的网络安全体系结构与关键技术研究进展[J]. 计算机学报, 2021, 44(1): 55-83.
XU K, LING S T, LI Q, et al. Research progress of network secutiry architecture and key technologies based on blockchain[J]. Chinese Journal of Computers, 2021, 44(1): 55-83.
[8] 李馥娟, 马卓, 王群. 区块链系统身份管理机制研究综述[J]. 计算机工程与应用, 2024, 60(1): 57-73.
LI F J, MA Z, WANG Q. Survey on identity management in blockchain systems[J]. Computer Engineering and Applications, 2024, 60(1): 57-73.
[9] GARBA A, HU Q W, CHEN Z, et al. BB-PKI: blockchain-based public key infrastructure certificate management[C]//Proceedings of the 2020 IEEE 22nd International Conference on High Performance Computing and Communications, Yanuca Island, Dec 14-16, 2020. Piscataway: IEEE, 2020: 824-829.
[10] YAKUBOV A, SHBAIR W M, WALLBOM A, et al. A blockchain-based PKI management framework[EB/OL]. [2023-09-16]. https://orbilu.uni.lu/bitstream/10993/35468/1/blockchain-based-pki.pdf.
[11] ALI F S, KUPCU A. Improving PKI, BGP, and DNS using blockchain: a systematic review[EB/OL]. [2023-09-16]. https://arxiv.org/abs/2001.00747.
[12] DIFFIE W, HELLMAN M. New directions in cryptography[J]. IEEE Transactions on Information Theory, 1976, 22(6): 644-654.
[13] KOHNFELDER L. Toward a practical public-key cryptosystem[D]. Cambridge: Massachusetts Institute of Technology, 1978.
[14] GOURISETTI S N G, MYLREA M, PATANGIA H. Evaluation and demonstration of blockchain applicability framework[J]. IEEE Transactions on Engineering Management, 2019, 67(4): 1142-1156.
[15] HAAS J J, HU Y C, LABERTEAUX K P. Efficient certificate revocation list organization and distribution[J]. IEEE Journal on Selected Areas in Communications, 2011, 29(3): 595-604.
[16] SANTESSON S, MYERS M, ANKNEY R, et al. X.509 Internet public key infrastructure online certificate status protocol-OCSP[EB/OL]. (2013-06-01)[2024-02-28]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6960.txt.pdf.
[17] 王群, 李馥娟, 倪雪莉, 等. 区块链共识算法及应用研究[J]. 计算机科学与探索, 2022, 16(6): 1214-1242.
WANG Q, LI F J, NI X L, et al. Survey on blockchain consensus algorithms and application[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(6): 1214-1242.
[18] SELIMI M, KABBINALE A R, ALI A, et al. Towards blockchain-enabled wireless mesh networks[EB/OL]. [2023- 09-16]. https://arxiv.org/abs/1804.00561.
[19] CASTRO M, LISKOV B. Practical Byzantine fault toler-ance[C]//Proceedings of the 3rd Symposium on Operationg Systems Design and Implementation, New Orleans, Feb 22-25, 1999: 173-186.
[20] AKOBSSON M, JUELS A. Proofs of work and bread pud-ding protocols[C]//Proceedings of the 1999 IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security, Sep 20-21, 1999. Berlin, Heidelberg: Springer, 1999: 258-272.
[21] KING S, NADAL S. PPCoin: peer-to-peer crypto-currency with proof-of-stake[EB/OL]. (2012-08-19)[2023-09-26]. https:// www.peercoin.net/assets/paper/peercoin-paper.pdf.
[22] SCHUH F, LARIMER D, CRYPTONOMEX, et al. BitShare 2.0: financial smart contract platform[EB/OL]. (2015-11-01)[2023-09-26]. http://docs.bitshares.eu/_downloads/ bitshares-financial-platform.pdf.
[23] WANG L, DING G Q, ZHAO Y L, et al. Optimization of levelDB by separating key and value[C]//Proceedings of the 2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies, Taipei, China, Dec 18-21, 2017. Piscataway: IEEE, 2017: 412-428.
[24] SYTA E, TAMAS I, VISHER D, et al. Keeping authorities “honest or bust” with decentralized witness cosigning[C]//Proceedings of the 2016 IEEE Symposium on Security and Privacy, San Jose, May 22-26, 2016. Piscataway: IEEE, 2016: 526-545.
[25] LAURIE B, LANGLEY A, KASPER E. Certificate transparency[J]. ACM Queue, 2014, 12(8): 10-19.
[26] SUN A, LI B, WAN H, et al. PoliCT: flexible policy in certificate transparency enabling lightweight self-monitor[C]//Proceedings of the 2021 International Conference on Applied Cryptography and Network Security. Cham: Springer, 2021: 358-377.
[27] 周家晶, 王福, 沈寒辉, 等. PKI跨域信任计算方法[J]. 计算机工程, 2011, 37(13): 115-118.
ZHOU J J, WANG F, SHEN H H, et al. Calculation method of PKI cross-domain trust[J]. Computer Engineering, 2011, 37(13): 115-118.
[28] ANADA H, YASUDA T, KAWAMOTO J, et al. RSA public keys with inside structure: proofs of key generation and identities for Web-of-trust[J]. Journal of Information Security and Applications, 2019, 45(4): 10-19.
[29] ZIMMERMANN P. PGP-pretty good privacy[EB/OL]. [2023-09-26]. https://www.hit.bme.hu/~buttyan/courses/BMEV-IHI4372/ pgp.pdf.
[30] NGUYEN P Q. Can we trust cryptographic software? Cryptographic flaws in GNU privacy guard v1.2.3[C]//Proceedings of the 2004 International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, May 22-26, 2004. Berlin, Heidelberg: Springer, 2004: 555-570.
[31] CALLAS J, DONNERHACKE L, FINNEY H, et al. OpenPGP message format[EB/OL]. (2007-11-01)[2024-02-28]. https://www.rfc-editor.org/rfc/pdfrfc/rfc4880.txt.pdf.
[32] SIDDIQUI Z, GAO J C, KHAN M K. An improved lightweight PUF-PKI digital certificate authentication scheme for the Internet of thing[J]. IEEE Internet of Things Journal, 2022, 9(20): 19744-19756.
[33] LAURIE B, LANGLEY A, KASPER E. Certificate transparency (RFC 6962)[EB/OL]. (2013-06-01)[2023-09-26]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6962.txt.pdf.
[34] CHARITON A A, DEGKLERI E, PAPADOPOULOS P, et al. CCSP: a compressed certificate status protocol[C]//Proceedings of the 2017 IEEE Conference on Computer Communications, Atlanta, May 1-4, 2017. Piscataway: IEEE, 2017: 1-9.
[35] PILAUD V. Signed tree associahedra[EB/OL]. [2023-09-28]. https://arxiv.org/abs/1309.5222.
[36] NORDBERG L, GILLMOR D K, RITTER T. Gossiping in CT(draft-ietf-trans-gossip-05)[EB/OL]. (2018-01-14)[2023-09-28]. https://datatracker.ietf.org/doc/html/draft-ietf-trans-gossip-05.
[37] MATSUMOTO S, SZALACHOWSKI P, PERRIG A. Deployment challenges in log-based PKI enhancements[C]//Proceedings of the 8th European Workshop on System Security, Bordeaux, Apr 21, 2015. New York: ACM, 2015: 1-7.
[38] PANIGRAHI A, NAYAK A K, PAUL R. Smart contract assisted blockchain based PKI system[EB/OL]. [2023-09-28]. https://arxiv.org/abs/2207.09127.
[39] SZALACHOWSKI P, MATSUMOTO S, PERRIG A. PoliCert: secure and flexible TLS certificate management[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Nov 3-7, 2014. New York: ACM, 2014: 406-417.
[40] RYAN M D. Enhanced certificate transparency and end-to-end encrypted mail[EB/OL]. (2014-02-23)[2023-10-09]. https:// eprint.iacr.org/2013/595.pdf.
[41] KIM T H J, HUANG L S, PERRIG A, et al. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure[C]//Proceedings of the 22nd International Conference on World Wide Web, Rio de Janeiro, May 13-17, 2013. New York: ACM, 2013: 679-690.
[42] BASIN D, CREMERS C, KIM T H, et al. ARPKI: attack resilient public-key infrastructure[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Nov 3-7, 2014. New York: ACM, 2014: 382-393.
[43] YU J S, CHEVAL V, RYAN M. DTKI: a new formalized PKI with verifiable trusted parties[J]. The Computer Journal, 2016, 59(11): 1695-1713.
[44] LAURIE B, MESSERI E, STRADLING R. Certificate transparency version 2.0[EB/OL]. (2021-12-01)[2024-02-29]. https://www.hjp.at/doc/rfc/rfc9162.pdf.
[45] WANG Z, LIN J Q, CAI Q W, et al. Blockchain-based certificate transparency and revocation transparency[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 681-697.
[46] RASHID A, MASOOD A, ABBAS H, et al. Blockchain-based public key infrastructure: a transparent digital certification mechanism for secure communication[J]. IEEE Network, 2021, 35(5): 220-225.
[47] CAPECE G, GHIRON N L, PASQUALE F. Blockchain technology: redefining trust for digital certificates[J]. Sustainability, 2020, 12(21): 1-12.
[48] MATSUMOTO S, REISCHUK R M. IKP: turning a PKI around with decentralized automated incentives[C]//Proceedings of the 2017 IEEE Symposium on Security and Privacy, San Jose, May 22-26, 2017. Piscataway: IEEE, 2017: 410-426.
[49] NAMRATHA M, AMAN M S, PANDEY S, et al. Decentralized domain authentication-exploratory literature survey[C]//Proceedings of the 2021 5th International Conference on Computing Methodologies and Communication, Erode, Apr 8-10, 2021. Piscataway: IEEE, 2021: 42-47.
[50] NAYAZI S K, AMAN M S, PANDEY S, et al. Decentralised domain authentication[J]. International Journal of Blockchains and Cryptocurrencies, 2022, 3(1): 24-40.
[51] CHEN J, YAO S X, YUAN Q, et al. CertChain: public and efficient certificate audit based on blockchain for TLS connections[C]//Proceedings of the 2018 IEEE Conference on Computer Communications, Honolulu, Apr 16-19, 2018. Pisc-ataway: IEEE, 2018: 2060-2068.
[52] DODING I, SRUK V, CAFUTA D. Reducing false rate packet recognition using dual counting bloom filter[J]. Telecommunication Systems, 2018, 68: 67-78.
[53] KHANDELWAL H, MITTAL K, AGRAWAL S, et al. Certificate verification system using blockchain[C]//Advances in Cybernetics, Cognition, and Machine Learning for Communication Technologies. Cham: Springer, 2020: 251-258.
[54] LUO X Y, XU Z, XUE K P, et al. ScalaCert: scalability-oriented PKI with redactable consortium blockchain enabled “On-Cert” certificate revocation[C]//Proceedings of the 42nd IEEE International Conference on Distributed Computing Systems, Bologna, Jul 10-13, 2022. Piscataway: IEEE, 2022: 1236-1246.
[55] DEUBER D, MAGRI B, THYAGARAJAN S A K. Redactable blockchain in the permissionless setting[C]//Proceedings of the 2019 IEEE Symposium on Security and Privacy, San Francisco, May 19-23, 2019. Piscataway: IEEE, 2019: 124-138.
[56] JIA M, CHEN J, HE K, et al. Redactable blockchain from decentralized chameleon hash functions[J]. IEEE Transactions on Information Forensics and Security, 2022(17): 2771-2783.
[57] KHIEU B T, MOH M. Cloud-centric blockchain public key infrastructure for big data applications[EB/OL]. [2023-10-09]. https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=4982& context=faculty_rsca.
[58] KUBILAY M Y, KIRAZ M S, MANTAR H A. CertLedger: a new PKI model with certificate transparency based on blockchain[J]. Computers & Security, 2019, 85: 333-352.
[59] GENNARO R, GOLDFEDER S. Fast multiparty threshold ECDSA with fast trustless setup[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, Oct 15-19, 2018. New York: ACM, 2018: 1179-1194.
[60] JI Y, XIAO Y, CAO B, et al. Threshold/multi adaptor signature and their applications in blockchains[J]. Electronics,2024, 13(1): 76.
[61] GARBA A, CHEN Z, GUAN Z, et al. LightLedger: a novel blockchain-based domain certificate authentication and validation scheme[J]. IEEE Transactions on Network Science and Engineering, 2021, 8(2): 1698-1710.
[62] SCHAERER J, ZUMBRUNN S, BRAUN T. Veritaa: a distributed public key infrastructure with signature store[J]. International Journal of Network Management, 2022, 32(2): 1-21.
[63] SCHAERER J, ZUMBRUNN S, BRAUN T. Veritaa—the graph of trust[C]//Proceedings of the 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services, Paris, Sep 28-30, 2020. Piscataway: IEEE, 2020: 168-175.
[64] LIANG W B, YOU L, HU G R. LRS_PKI: a novel blockchain-based PKI framework using linkable ring signatures[J]. Computer Networks, 2023, 237: 110043.
[65] ODOOM J, HUANG X F, ZHOU Z H, et al. Linked or unlinked:a systematic review of linkable ring signature schemes[J]. Journal of Systems Architecture, 2023, 134: 102786.
[66] HENNINGSEN S, FLORIAN M, RUST S, et al. Mapping the interplanetary filesystem[EB/OL]. [2023-09-28]. https://arxiv.org/abs/2002.07747.
[67] KHAN S, ZHU L H, ZHANG Z J, et al. Attack-resilient TLS certificate transparency[J]. IEEE Access, 2020(8): 98958- 98973.
[68] LI B Y, LI F J, MA Z Q, et al. Exploring the security of certificate transparency in the wild[C]//Proceedings of the 2020 International Conference on Applied Cryptography and Network Security, Rome, Jun 20-23, 2020. Cham: Springer, 2020: 453-470.
[69] HAN K, HWANG S O. A PKI without TTP based on conditional trust in blockchain[J]. Neural Computing and Applications, 2020, 32: 13097-13106.
[70] ZHAO X Y, ZHONG B C, CUI Z C. Design of a decentralized identifier-based authentication and access control model for smart homes[J]. Electronics, 2023, 12(15): 3334.
[71] DERVISHI R, NEZIRI V, REXHA B. Transactions privacy on blockchain using Web of trust concept[J]. Information Security Journal: A Global Perspective, 2023, 32(6): 417-429.
[72] JIA M, HE K, CHEN J, et al. PROCESS: privacy-preserving on-chain certificate status service[C]//Proceedings of the 2021 IEEE Conference on Computer Communications, Vancouver, May 10-13, 2021. Piscataway: IEEE, 2021: 1-10.
[73] FROMKNECHT C, VELICANU D, YAKOUBOV S. Certcoin: a namecoin based decentralized authentication system[R]. Cambridge: Massachusetts Institute of Technology, 2014.
[74] FROMKNECHT C, VELICANU D, YAKOUBOV S. A decentralized public key infrastructure with identity retention[EB/OL]. (2014-11-11)[2023-10-12]. https://eprint. iacr.org/2014/803.pdf.
[75] Namecoin. Namecoin[EB/OL]. [2023-10-15]. https://www. namecoin.org/.
[76] MAYMOUNKOV P, MAZIERES D. Kademlia: a peer-to-peer information system based on the XOR metric[C]//Proceedings of the 2002 International Workshop on Peer-to-Peer Systems, Cambridge, Mar 7-8, 2002. Berlin, Heidelberg: Springer, 2002: 53-65.
[77] AXON L, GOLDSMITH M. PB-PKI: a privacy-aware blockchain-based PKI[C]//Proceedings of the 14th International Conference on Security and Cryptography, Madrid, Jul 24-26, 2017: 311-318.
[78] JIANG W, LI H, XU G, et al. PTAS: privacy-preserving thin-client authentication scheme in blockchain-based PKI[J]. Future Generation Computer Systems, 2019, 96: 185-195.
[79] ULUKUS S, AVESTIMEHR S, GASTPAR M, et al. Private retrieval, computing, and learning: recent progress and future challenges[J]. IEEE Journal on Selected Areas in Communications, 2022, 40(3): 729-748.
[80] AI-BASSAM M. SCPKI: a smart contract-based PKI and identity system[C]//Proceedings of the 2017 ACM Workshop on Blockchain, Cryptocurrencies and Contracts, Abu Dhabi, Apr 2, 2017. New York: ACM, 2017: 35-40.
[81] MARKELON S A, TRUE J. The DecCert PKI: a solution to decentralized identity attestation and Zooko’s triangle[C]//Proceedings of the 2022 IEEE International Conference on Decentralized Applications and Infrastructures, Newark, Aug 15-18, 2022. Piscataway: IEEE, 2022: 74-82.
[82] LI F Y, LIU Z X, LI T, et al. Privacy-aware PKI model with strong forward security[J]. International Journal of Intelligent Systems, 2022, 37(12): 10049-10065.
[83] ALI M, NELSON J, SHEA R, et al. Blockstack: a global naming and storage system secured by blockchains[C]//Proceedings of the 2016 USENIX Annual Technical Conference, Denver, Jun 22-24, 2016. Berkeley: USENIX Association, 2016: 181-194.
[84] ALI M, SHEA R, NELSON J, et al. Blockstack: a new decentralized Internet (whitepaper)[EB/OL]. (2017-05-01) [2023-10-16]. https://docs.huihoo.com/blockstack/ Blockstack-A-New-Decentralized-Internet.pdf.
[85] 李东云, 白杰, 吴先锋. 基于CNWW3区块链网络的域名体系[J]. 信息技术与网络安全, 2019, 38(10): 6-13.
LI D Y, BAI J, WU X F. The domain name system based on CNWW3 blockchain network[J]. Information Technology and Network Security, 2019, 38(10): 6-13.
[86] SATYBALDY A, NOWOSTAAWSKI M, ELLINGSEN J. Self-sovereign identity systems: evaluation framework[C]//Proceedings of the 14th IFIP International Summer School on Privacy and Identity Management, Windisch, Aug 19-23, 2019. Cham: Springer, 2019: 447-461.
[87] CUCKO S, TURKANOVIC M. Decentralized and self-sovereign identity: systematic mapping study[J]. IEEE Access, 2021(8): 139009-139027.
[88] AI-MASHHADI S, MANICHAM S. A brief review of blockchain-based DNS systems[J]. International Journal of Internet Technology and Secured Transactions, 2020, 10(4): 420-432.
[89] TASHEV K A, ARZIEVA J T, ARZIEV A T, et al. Method authentication of objects information communication[C]//Proceedings of the 22nd International Conference on Internet of Things, Smart Spaces, and Next Generation Networks and Systems, Tashkent, Dec 15-16, 2022. New York: ACM, 2022: 105-116.
[90] LUNDKVIST C, HECK R, TORSTENSSON J, et al. Uport: a platform for self-sovereign identity[EB/OL]. (2016-10-20)[2024-03-03]. https://whitepaper.uport.me/uPort_whitepaper_ DRAFT20161020.pdf.
[91] 魏松杰, 吕伟龙, 李莎莎. 区块链公链应用的典型安全问题综述[J]. 软件学报, 2022, 33(1): 324-355.
WEI S J, LU W L, LI S S. Overview on typical security problems in public blockchain applications[J]. Journal of Software, 2022, 33(1): 324-355.
[92] ISLAM M, RAHMAN M M, MAHMUD M, et al. A review on blockchain security issues and challenges[C]//Proceedings of the 2021 IEEE 12th Control and System Graduate Research Colloquium, Shah Alam, Aug 7, 2021. Piscataway: IEEE, 2021: 227-232.
[93] 王利朋, 关志, 李青山, 等. 区块链数据安全服务综述[J]. 软件学报, 2023, 34(1): 1-32.
WANG L P, GUAN Z, LI Q S, et al. Survey on blockchain-based security services[J]. Journal of Software, 2023, 34(1): 1-32.
[94] 倪雪莉, 马卓, 王群. 区块链P2P网络及安全研究[J]. 计算机工程与应用, 2024, 60(5): 17-29.
NI X L, MA Z, WANG Q. Research on blockchain P2P network and its security[J]. Computer Engineering and Applications, 2024, 60(5): 17-29.
[95] TAPSELL J, AKRAM R N, MARKANTONAKIS K. An evaluation of the security of the bitcoin peer-to-peer network[EB/OL]. [2023-09-28]. https://arxiv.org/abs/1805.10259.
[96] GUNTURN R. Survey of sybil attacks in social networks[EB/OL]. [2023-09-28]. https://arxiv.org/abs/1504.05522.
[97] LOPEZ-FUENTES F A, EUGUI-DE-ALBA I, ORTIZ-RUIZ O M. Evaluating P2P networks against eclipse attacks[J]. Procedia Technology, 2012, 3(2): 61-68.
[98] APONTE F A, OROZCO A L S, VILLANUEVA-POLANCO R, et al. The 51% attack on blockchains: a mining behavior study[J]. IEEE Access, 2021, 9: 140549-140564.
[99] NAYAK K, KUMAR S, MILLER A, et al. Stubborn mining: generalizing selfish mining and combining with an eclipse attack[C]//Proceedings of the 2016 IEEE European Symposium on Security and Privacy, Saarbruecken, Mar 21-24, 2016. Piscataway: IEEE, 2016: 305-320.
[100] JANG J, LEE H. Profitable double-spending attacks[J]. Applied Sciences-Basel, 2020, 10(23): 8477.
[101] PRAITHEESHAN P, PAN L, YU J, et al. Security analysis methods on ethereum smart contract vulnerabilities: a survey[EB/OL]. [2023-09-28]. https://arxiv.org/abs/1908.08605.
[102] IQBAL M, MATULEVICIUS R. Blockchain-based application security risks: a systematic literature review[EB/OL]. [2023-09-28]. https://arxiv.org/abs/1912.09556.