| 引用本文: |
-
冯飞尧,冯禹铭,张宇,张伟哲,姬东岑,方滨兴.面向非对称信任场景的域名资源数据交换技术[J].信息安全学报,已采用 [点击复制]
- FENG Feiyao,FENG Yuming,ZHANG Yu,ZHANG Weizhe,JI Dongcen,FANG Binxing.Domain Resource Data Exchange Technology for Asym-metric Trust Scenarios[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 由于当前域名系统(Domain Name System, DNS)管理体系采用中心制层次式的结构,域名资源所有权与控制权相分离,域名资源数据存在被删除或篡改的风险。国际间域名资源所有权保障相关参与方可通过交换彼此的域名资源数据来共同应对上述风险。然而,基于联盟式区块链的方案本质上要求各参与方两两之间互信,在各参与方复杂信任关系下大范围推广易受阻。为解决上述问题,本文提出了一种面向非对称信任场景的域名资源数据交换技术,基于非对称信任共识模型,允许成员自主选择信任集,并通过五阶段共识协议实现域名资源数据交换与一致性验证。针对拜占庭问题,设计了自配置签名集与多副本验证机制,支持各参与方灵活配置验证通过条件。全球地理分散的大规模实验结果表明,该技术具备良好的性能,有效提升了域名资源数据交换的灵活性与实用性。 |
| 关键词: 域名资源数据交换 非对称信任 分布式共识 去中心化 一致性验证 |
| DOI: |
| 投稿时间:2025-04-15修订日期:2025-07-31 |
| 基金项目: |
|
| Domain Resource Data Exchange Technology for Asym-metric Trust Scenarios |
|
FENG Feiyao1, FENG Yuming2, ZHANG Yu1, ZHANG Weizhe3, JI Dongcen2, FANG Binxing4
|
| (1.Harbin Institute of Technology;2.Peng Cheng Laboratory;3.Harbin Institute of Technology(Shenzhen);4.Guangzhou University) |
| Abstract: |
| Due to the centralized and hierarchical structure of the current Domain Name System (DNS) management system, the ownership and control of domain name resources are separated, making domain name resource data susceptible to deletion or tampering. International stakeholders involved in domain name resource ownership protection can mitigate these risks by exchanging domain name resource data. However, existing domain name resource data ex-change methods based on consortium blockchain inherently require mutual trust between participating entities, with all members collectively maintaining a fully consistent ledger. This limits flexibility and poses challenges for large-scale adoption in complex international trust relationships. To address these issues, this paper proposes a do-main name resource data exchange technology designed for asymmetric trust scenarios. The technology is based on an asymmetric trust consensus model, allowing members to independently select their trust sets and facilitating domain name resource data exchange and consistency verification through a five-phase consensus protocol be-tween data publishers and receivers. Furthermore, to tackle potential Byzantine node issues, the protocol incorpo-rates a self-configurable signature set and a multi-replica verification mechanism, enabling participants to flexibly configure verification criteria. Extensive large-scale experimental tests across globally distributed environments demonstrate that the proposed technology delivers excellent performance, significantly enhancing the flexibility and practicality of domain name resource data exchange. |
| Key words: domain name resource data exchange asymmetric trust distributed consensus decentralization consistency veri-fication |
