Architectural drawing
Analysis of the
- To ensure the security and privacy of archival data, archival attachments and archival attributes are stored encrypted in a private IPFS cluster, and the IPFS addresses and digital fingerprints of archives are stored on a private blockchain. The public blockchain regularly stores and checks the height and hash value of the latest irreversible block of the private blockchain to safeguard the authenticity of the data on the private blockchain. (private data are correct on the chain, will block the hash of information stored on a regular basis to the public on the chain, despite the introduction of the chain of public security safety and reliability of the data, but to the public the recording of data chain takes charge, so can convert chain alliance, but the league chain relative to the public safety of chain is very poor, is a centralized platform and a half, Need further optimization)
- MongoDB is used to store the latest information of user information, file statistics and file attributes in the blockchain data management platform for fuzzy query of files.
Smart contract architecture design
Analysis of the
- The smart Contract architecture in the blockchain Protection subsystem is shown in the figure above. The PfivNeChain Protection Contract (PCPC) is a smart Contract running on the public chain, which is used to store information such as the height and hash value of the block of the private chain to realize the Protection of the private block chain.
- Archive Protection Controller Contract (APCC), Self ProtectionContract (SPC), Factory ClassContract, FCC is a global contract running on the private chain, where SPC contract is used to record the number of times the smart contract writes data and is regularly anchored with the public blockchain. FCC contract creates a file Information storage contract (AISC) for each file when new files are added. AISC contract stores summary information of all historical versions of files, including file object hash values and IPFS addresses. The APCC contract stores the correspondence between the file number and AISC contract.
Block chain structure diagram
Specific flow chart (Blockchain +IPFS)
How to tamper Proof
- The system trusts the permission control of the digital archives management subsystem and the RESTful call request operation, and through the way of storing multiple historical versions of the archives, it realizes the historical traceability of the archives modification and the recovery of the archives information.
- The digital data archive management system has its own permission management mechanism. Only administrators with corresponding permissions can add or modify electronic archives, and update the contents of blockchain and smart contracts by invoking RESTful interfaces.
- Even if the administrator account and password of the archive management system are obtained by hackers, update the archive information in the local database and blockchain as the administrator. IPFS stores the complete information of each updated version of the digital archive, and blockchain stores the IPFS address of each version of the archive. Through RESTful interfaces, the modification history of the archive can still be queried and restored to a certain historical state. RESTful interface design pays great attention to the security and reliability of data transmission. On the basis of HTTPS protocol, AES encryption is used to transmit archive information, and replay attacks and data tampering are solved through timestamp, random number and digital signature parameters.
- Even if HTTPS is hacked, the original information of the archive cannot be decrypted without obtaining the private key of the blockchain data protection subsystem, the digital signature cannot be recalculated without obtaining the private key of the archive, and the encrypted archive data, timestamp and random number parameters cannot be tampered with. Cannot launch replay attacks against RESTful interfaces.
- IPFS is a file system based on content storage. It takes the hash value of the content as the address, and verifies whether the hash value is consistent with the address when taking out the content. Therefore, it has strong tamper-proof to store archive data using IPFS. In addition, the smart contract stores the file’s IPFS address as well as its hash value, and can verify the authenticity of the file data again after it has been retrieved from IPFS. The data of smart contracts is stored on blocks, which cannot be tampered with once they are created. They can only be “forked” to replace the content of existing blocks, and the earlier blocks are created, the harder they are to replace. Etheric fang public consensus chain mainly use PoW mechanism, thus exist the possibility of 51%, it means if a node has a 51% cut in computing power, can be faster than other nodes generated block, make existing blocks the main chain of the chain of bifurcate, forming a long chain of a block and eventually accepted by all the other nodes, and become the new main chain. But because the computing power of the entire Ethereum blockchain is so huge, it’s hard for an individual or organization to have 51 percent of the computing power of the entire network and therefore be considered safe. The local private chain environment uses THE PoA consensus mechanism, which has both the imtamability of blockchain and the manageability of the local environment. That is, blocks can only be generated by the authorized node and have nothing to do with the computing capacity of the node, so it can avoid the problem of 51% attack. And the height and hash value of the private chain block will also be stored on the public chain for protection at a certain frequency. If the private chain forks, it will inevitably lead to the change of the hash value of the generated block. By comparing the height and hash value of the block stored by the public chain, it can also be found in time. The scheme based on block chain and a chain of IPFS technology to achieve the protection mechanism, namely through the chain of public intelligent storage contract private information chain blocks the way of the protection of private data in the chain of and verification, by private contract storage chain intelligence file object IPFS address and hash value in the way of IPFS file object of protection and verification, The file object in IPFS can protect and verify the file information in local database. Every time archives through a RESTful interface access to archives, RESTful server in the background to certify the authenticity of the data, can be found in a timely manner and locate private block chain, IPFS data manipulation behavior, archives of their own can also through the local database and file object, found that the local data manipulation behavior and process.