JP2017207979A - Alteration detection system and alteration detection method - Google Patents

Abstract

It is possible to detect tampering performed on data recorded in a database. A block chain database that stores a digest calculated using a hash function for predetermined data, a database that stores predetermined data, and a reference request for predetermined data when a reference request is received from the database. Whether or not the hash value is calculated from the extracted predetermined data using a hash function, and the hash value matches the digest corresponding to the predetermined data stored in the block chain database. And a reference processing unit that outputs the extracted predetermined data. [Selection] Figure 1

Description

  The present invention relates to a falsification detection system, a falsification detection method, and the like.

Conventionally, in a distributed system constructed by distributing a plurality of electronic computers, the database is centrally managed in one place. In the case of a configuration in which the database is concentrated in one place, transaction control is performed. In this case, as the system scale increases, the waiting time increases and the responsiveness deteriorates.

  Patent Document 1 discloses a technique for maintaining the consistency of common data between databases in a distributed system in real time, and managing the databases in a distributed manner according to the system configuration. In the distributed system described in Patent Document 1, a database is provided in each of a plurality of computer systems provided in a distributed manner so that information can be transmitted and received via communication means. These databases contain common data items that overlap with other databases. As a method for managing such a distributed system, Patent Document 1 first includes the identification information of the only computer system having the authority to change the contents of the data in overlapping common data items. Next, in response to a request to change the contents of common data, the computer system that has the authority changes the contents of the data, and changes the contents of the changed common data to another computer system that holds the common data. Rewritten to later contents.

JP-A-5-225027

  However, with the conventional technique as described in Patent Document 1, when the data recorded in the database is altered, it cannot be easily detected.

  In view of the above circumstances, an object of the present invention is to make it possible to detect tampering performed on data recorded in a database.

  The falsification detection system according to the present invention receives a blockchain database for storing a digest calculated using a hash function for predetermined data, a database for storing predetermined data, and a reference request for the predetermined data. , Extracting predetermined data from the database, calculating a hash value from the extracted predetermined data using a hash function, and the hash value stored in the block chain database and corresponding to the predetermined data, A reference processing unit that determines whether or not they match and outputs the extracted predetermined data.

  Note that in this specification and the like, the “unit” does not simply mean a physical configuration, but also includes a case where the functions of the configuration are realized by software. In addition, functions of one configuration may be realized by two or more physical configurations, or functions of two or more configurations may be realized by one physical configuration.

  According to the present invention, it is possible to detect tampering performed on data recorded in a database.

It is a block diagram which shows an example of the system configuration | structure of the tampering detection system in one Embodiment of this invention. It is a figure which shows an example of the functional block of the WEB server and database in one Embodiment of this invention. It is a figure which shows an example of the brand information table in one Embodiment of this invention. It is a figure which shows an example of the customer information table in one Embodiment of this invention. It is a figure which shows an example of the ownership information table in one Embodiment of this invention. It is a figure which shows an example of the functional block of the node in one Embodiment of this invention. It is a figure which shows a part of structure of the block chain in one Embodiment of this invention. It is a sequence diagram which shows the processing flow of the tampering detection system in one Embodiment of this invention. It is a figure which shows an example of the hardware constitutions of the management server in one Embodiment of this invention, and a terminal.

[Embodiment]
Hereinafter, one embodiment of the present invention will be described in detail. The following embodiments are examples for explaining the present invention, and are not intended to limit the present invention only to the embodiments. The present invention can be variously modified without departing from the gist thereof. Furthermore, those skilled in the art can employ embodiments in which the elements described below are replaced with equivalent ones, and such embodiments are also included in the scope of the present invention. Furthermore, positional relationships such as up, down, left, and right shown as needed are based on the display shown unless otherwise specified. Furthermore, various dimensional ratios in the drawings are not limited to the illustrated ratios.

<1. Overview of system configuration>
FIG. 1 shows an example of a system configuration of a falsification detection system 1 according to the present embodiment. The tampering detection system 1 according to the present embodiment can detect tampering applied to data stored in a database. In the present embodiment, as an example, it is assumed that data stored in a database is shareholder list related information. Other data stored in the database includes insurance policy information, credit information, bank transaction information, real estate transaction information, and the like.

  As shown in FIG. 1, the falsification detection system 1 includes a WEB server 200 connected to a network N such as the Internet, a trust bank node 100A, a securities company node 100B, and an issuer (stock issuer) node 100C (hereinafter referred to as these). These nodes are simply referred to as “node 100”) and a database 300. For example, when an investor who owns shares wants to change information registered in the shareholder list, the list is updated by requesting the trust bank node 100A or the securities company node 100B to change the information.

  The network N is configured by a wireless network or a wired network. Examples of communication networks include mobile phone networks, PHS (Personal Handy-phone System) networks, wireless LAN (Local Area Network), 3G (3rd Generation), LTE (Long Term Evolution), 4G (4th GenerationMex), (Registered Trademark), infrared communication, Bluetooth (Registered Trademark), wired LAN, telephone line, power line network, IEEE 1394, and other networks.

  The node 100 is a computer connected to the network N, and examples thereof include a PC and a server device. The node 100 may be, for example, a mobile phone, a smartphone, a PC (Personal Computer), a PDA (Personal Digital Assistant), a tablet, a wearable terminal, a game machine, or the like. The trust bank node 100A, the securities company node 100B, and the issuer node 100C are connected to each other by P2P (Peer to Peer) and constitute a block chain.

  The WEB server 200 is a computer connected to the network N, and examples thereof include a PC and a server device. The WEB server 200 has a P2P connection with each of the nodes 100.

  The database 300 is a storage device that is connected to and managed by the WEB server 200 as an external storage of the WEB server 200 in the present embodiment. The database 300 is not limited to the configuration constructed on the WEB server, but may be constructed on a storage management server connected to the network N.

<2. WEB server 200, database 300>
The functional configuration of the WEB server 200 and the database 300 will be described with reference to FIG. FIG. 2 is a functional block diagram of the WEB server 200 and the database 300 according to the present embodiment.

(2-1. Database 300)
The database 300 includes a brand information table 331, a customer information table 332, and an ownership information table 333, each normalized using an ID as a key.

  FIG. 3 is a diagram illustrating an example of the brand information table 331. In the brand information table 331, as shown in FIG. 3, the brand ID, brand name, trading unit, and the like are stored in association with the brand ID. Furthermore, in this embodiment, each record of the brand information table 331 is stored in association with the ID of the transaction that updated the record by the processing of the WEB server 200 described later.

  FIG. 4 is a diagram illustrating an example of the customer information table 332. In the customer information table 332, as shown in FIG. 4, a customer ID, a customer name, an address, and the like are stored in association with the customer ID. Furthermore, in this embodiment, each record of the customer information table 332 is stored in association with the ID of the transaction that updated the record by the processing of the WEB server 200 described later.

  FIG. 5 is a diagram illustrating an example of the ownership information table 333. In the ownership information table 333, as shown in FIG. 5, the brand ID is stored in association with the ownership ID. Furthermore, in this embodiment, each record in the ownership information table 333 is stored in association with the ID of the transaction that updated the record by processing of the WEB server 200 described later.

(2-2. WEB server 200)
As shown in FIG. 2, the WEB server 200 includes an update processing unit 201 and a reference processing unit 202.
(2-2-1. Update Processing Unit 201)
When receiving an update request from the node 100 to the database 300, the update processing unit 201 executes a writing process. The update processing unit 201 performs write processing as
Write processing to the database 300 Write processing to the block chain DB 131 is performed.

-Write process to database 300 The update process part 201 updates the record on the database 300 according to the update request from the node 100 as a write process to the database 300. FIG. For the record update, it is preferable to use an existing language such as SQL, for example.

Write processing to the block chain DB 131 The update processing unit 201 uses a predetermined hash function for a record updated in the write processing to the database 300 as a write processing to the block chain DB 131 to be described later. It is also called “update record digest.” Is an example of an update digest.).

  Next, the update processing unit 201 creates a transaction including the calculated update record digest. At this time, the update processing unit 201 assigns a unique ID (transaction ID) to the created transaction, and stores the transaction ID in association with the corresponding record in the updated table. Details of the transaction will be described later with reference to FIG. Further, the update processing unit 201 broadcasts the created transaction to the node 100 via the P2P network (an example of output).

  The broadcasted transaction is stored in a block and connected to a block chain by processing of the mining unit 104 of the node 100 described later.

(2-2-2. Reference processing unit 202)
When the reference processing unit 202 receives a reference request for data stored in the database 300 from the node 100, the reference processing unit 202 executes a reading process. The reference processing unit 202 performs read processing as follows:
An extraction process for the database 300, an extraction process for the block chain DB 131, and a matching process are performed.

Extraction Process for Database 300 When receiving a reference request from the node 100, the reference processing unit 202 extracts a corresponding record (raw data) from the database 300. Further, the reference processing unit 202 calculates a digest (hereinafter also referred to as “reference record digest”) from the records extracted from the database 300.

Extraction Processing for Block Chain DB 131 When the reference processing unit 202 receives a reference request from the node 100, the reference processing unit 202 extracts an update record digest of the corresponding record from the block chain DB 131. Specifically, the reference processing unit 202 refers to the record extracted by the extraction process on the database 300, and acquires the transaction ID corresponding to the record. Next, the reference processing unit 202 designates a transaction ID to the node 100 and transmits a data reference request via the P2P network. As a result, the reference processing unit 202 can acquire an update record digest corresponding to the specified transaction ID by processing of the node 100 described later.

-Matching process Next, the reference process part 202 collates the reference record digest calculated from the record extracted from the database 300, and the update record digest extracted from the block chain DB131. As described above, the data stored in the block chain DB 131 is data that has not been tampered with. Therefore, it is possible to detect tampering with the database 300 by matching the digest of the record extracted from the database 300 with the digest stored in the block chain DB 131.

  For example, when the matched digests match each other, the reference processing unit 202 transmits the record (raw data) extracted from the database 300 to the node 100 that made the reference request. In addition, for example, the reference processing unit 202 can output a record together with an alert when the matched digests do not match.

<3. Node 100>
Next, the functional configuration of the node 100 will be described with reference to FIG. FIG. 6 is a functional block diagram of the node 100 according to the present embodiment. As illustrated in FIG. 6, the node 100 includes a broadcast communication unit 101, a request unit 102, a response unit 103, a mining unit 104, and a storage unit 130. Further, as illustrated in FIG. 6, the block chain DB 131 is recorded in the storage unit 130. The block chain DB 131 is a distributed database stored in all nodes of the trust bank node 100A, the securities company node 100B, and the issuer node 100C.

(3-1. Block chain)
FIG. 7 is a diagram schematically illustrating a part of the data structure managed by the block chain DB 131 configured by the node 100. In the block chain DB 131, a plurality of blocks are managed in a daisy chain structure that is connected in a row.

FIG. 7 is a diagram illustrating an example of the structure of the (N + 1) th block among the blocks managed in the block chain DB 131. For example, the following values are stored in the (N + 1) th block header.
・ Nth block digest ・ Time stamp ・ Target ・ Nance

  The target is a value used when the node 100 performs mining using the existing PoW (Proof of Work) technology. Nonce refers to an arbitrary value. Specifically, mining is performed by repeatedly calculating the block header digest (mining) while changing the value of the nonce for the purpose of finding a nonce whose block header digest is equal to or less than the target. . Since the probability of a block header digest containing an arbitrary nonce being less than or equal to the target is extremely low, mining is an excessively expensive operation.

  A behavior when a block managed in the block chain DB 131 is falsified will be described. For example, if the Nth block has been tampered with, the value of the (N + 1) th block header (digest of the Nth block) will change. In this case, the digest of the (N + 1) th block header is not less than the target value. Therefore, in order to conceal that the Nth block has been tampered with, it is necessary to redo the mining of all the N + 1th and subsequent blocks and find an appropriate nonce again. However, since the probability that the digest of the block header containing an arbitrary nonce will be below the target is extremely small, this operation is very difficult.

  In this way, in the block chain DB 131, by using the PoW technology for creating a block, the cost for generating the block is increased, so that the data managed by the block chain is altered. Can be prevented.

  Next, the configuration of the body part of the block will be described. In the example of FIG. 7, a single transaction is stored in the body of the block. As described above, the transaction is broadcast to the P2P network by the update processing unit 201 in the WEB server 200.

  As shown in FIG. 7, an ID is assigned to the transaction. Further, the transaction includes an update record digest of a record in any one of the brand information table 331, the customer information table 332, and the ownership information table 333 described above. In addition, the structure by which the update record digest of several records of several tables is contained in one transaction may be sufficient.

(3-2. Broadcast communication unit 101)
The broadcast communication unit 101 transmits / receives data to / from other nodes connected via P2P via broadcast communication. Specifically, the broadcast communication unit 101 transmits and receives blocks generated by processing of the mining unit 104 described later. Also, the broadcast communication unit 101 can receive a transaction and a reference request from the update processing unit 201 and the reference processing unit 202 of the WEB server 200, respectively.

(3-3. Request unit 102)
The request unit 102 transmits an update request to the WEB server 200 when performing an update process on the brand information table 331, the customer information table 332, or the ownership information table 333 on the database 300. The update request is, for example, addition / change / deletion of a record.

(3-4. Response unit 103)
When there is a data reference request from the reference processing unit 202 of the WEB server 200, the response unit 103 refers to the transaction with the specified ID and transmits an update record digest included in the corresponding transaction. It is preferable that all nodes 100 transmit the digest to the WEB server 200. However, the present invention is not limited to this, and the node 100 that has received the response data from the other node 100 may be configured not to transmit the response data. In this case, only the node 100 with the fastest response can transmit the response data.

(3-5. Mining unit 104)
When a transaction is broadcast by the processing of the WEB server 200, the mining unit 104 performs a mining process on the transaction.
Specifically, the mining process is an operation in which the mining unit 104 creates a block having the structure shown in FIG. As the mining process, the node 100 repeatedly calculates the digest of the block header until the appropriate nonce described above is found while sequentially changing the nonce value. Note that the time stamp included in the block header shown in FIG. 7 is preferably the time when the node 100 received the transaction, for example. However, the present invention is not limited to this, and the mining unit 104 of the node 100 can store an arbitrary time stamp in the block header.

  Further, when the broadcast communication unit 101 receives a new block, the mining unit 104 can perform verification processing on the block. As the verification process, the mining unit 104 can verify, for example, whether the digest of the block header is below the target value and whether the transaction ID is a unique value.

<5. Processing sequence>
The sequence of write processing and read processing of the falsification detection system 1 according to the present embodiment will be described with reference to FIG. FIG. 8 is a sequence diagram showing a processing flow of the tampering detection system 1 according to the present embodiment. Note that the processes of S01, S11, and S21 to S22 shown in FIG. 8 are data write processes, and the processes of S13 and S23 to D26 are data read processes.

  For example, when an investor U requests to change the address registered in the customer information table 332 (S01) at any of the nodes 100 (for example, a request is sent to the trust bank node 100A) The trust bank node 100A transmits a request for updating the customer information table 332 to the WEB server 200 (S11).

  The update processing unit 201 of the WEB server 200 that has received the update request performs an update process on the corresponding record in the customer information table 332 in the database 300 (S21). Further, at this time, the update processing unit 201 calculates an update record digest from the updated record, and creates a transaction including the update record digest. Furthermore, the update processing unit 201 associates and stores the created transaction ID with the updated record. The update processing unit 201 broadcasts the created transaction to the P2P network (S22). Here, the processing target of the update processing unit 201 is the updated record, but the update operation to the record (operation to change the value of a data item in the table to another value) is the processing target, and the update is performed. The configuration may be such that an operation digest is calculated and a transaction including the update operation digest is created. That is, the data verification target may be the data itself or an operation on the data. In this case, the update processing unit 201 adds information regarding the performed update operation to the brand information table 331, the customer information table 332, and the ownership information table 333 each time an update operation is performed.

  When the created transaction is broadcast, the mining unit 104 of each node 100 executes a mining process. The node 100 that has completed the mining earliest broadcasts the block created by mining to register the created block at the end of the block chain (S12).

  Next, when inquiring about data registered in the database 300, the node 100 first transmits a registration content reference request to the WEB server 200 via the network N (S13). The reference processing unit 202 in the WEB server 200 extracts a record for which a reference request has been made from the database 300, and hashes the extracted record to calculate a reference record digest (S23). Further, the reference processing unit 202 designates a transaction ID corresponding to the extracted record, and transmits a data reference request to the node 100. As a result, the reference processing unit 202 acquires an update record digest from the node 100 (S24).

  The reference processing unit 202 matches the calculated reference record digest with the acquired update record digest, and verifies the validity of the data (S25). When the validity can be verified, the reference processing unit 202 transmits the raw data extracted from the database 300 to the node 100 (S26). When the processing target of the update processing unit 201 is an update operation, the reference processing unit 202 calculates a digest from information regarding the update operation of the table that is the target of the reference request. Further, the reference processing unit 202 matches the digest (update operation digest) acquired from the node 100 by specifying the transaction ID and the calculated digest.

  Thus, in the falsification detection system 1 according to the present embodiment, the data to be registered in the database 300 is hashed and registered on the block chain. Thus, tampering can be detected by matching the hash value of the data on the database 300 with the digest on the corresponding block chain.

<Hardware configuration>
Hereinafter, an example of the hardware configuration when the computer 100 implements the node 100 and the WEB server 200 described above in the first and second embodiments will be described with reference to FIG. The function of each device can be realized by dividing it into a plurality of devices.

  As illustrated in FIG. 9, the computer 800 includes a processor 801, a memory 803, a storage device 805, an input I / F unit 807, a data I / F unit 809, a communication I / F unit 811, and a display device 813.

  The processor 801 controls various processes in the computer 800 by executing a program stored in the memory 803. For example, the broadcast communication unit 101, the request unit 102, the response unit 103, the mining unit 104, the update processing unit 201, the reference processing unit 202, and the like of the node 100 are temporarily stored in the memory 803, It can be realized as a program operating on the processor 801.

  The memory 803 is a storage medium such as a RAM (Random Access Memory). The memory 803 temporarily stores a program code of a program executed by the processor 801 and data necessary for executing the program.

  The storage device 805 is a non-volatile storage medium such as a hard disk drive (HDD) or a flash memory. The storage device 805 stores an operating system and various programs for realizing the above-described configurations. In addition, the storage device 805 can also store a brand information table 331, a customer information table 332, an ownership information table 333, and a block chain DB 131. Such programs and data are referred to by the processor 801 by being loaded into the memory 803 as necessary.

  The input I / F unit 807 is a device for receiving input from the user. Specific examples of the input I / F unit 807 include a keyboard, a mouse, a touch panel, various sensors, and a wearable device. The input I / F unit 807 may be connected to the computer 800 via an interface such as a USB (Universal Serial Bus).

  A data I / F unit 809 is a device for inputting data from the outside of the computer 800. Specific examples of the data I / F unit 809 include a drive device for reading data stored in various storage media. The data I / F unit 809 may be provided outside the computer 800. In this case, the data I / F unit 809 is connected to the computer 800 via an interface such as a USB.

  The communication I / F unit 811 is a device for performing data communication with the external device of the computer 800 via the Internet N by wire or wireless. The communication I / F unit 811 may be provided outside the computer 800. In that case, the communication I / F unit 811 is connected to the computer 800 via an interface such as a USB.

  The display device 813 is a device for displaying various information. Specific examples of the display device 813 include a liquid crystal display, an organic EL (Electro-Luminescence) display, and a wearable device display. The display device 813 may be provided outside the computer 800. In that case, the display device 813 is connected to the computer 800 via, for example, a display cable.

[Other Embodiments]
Each embodiment described above is for facilitating understanding of the present invention, and is not intended to limit the present invention. The present invention can be changed / improved without departing from the spirit thereof, and the present invention includes equivalents thereof. Each embodiment is an exemplification, and it is needless to say that a partial replacement or combination of configurations shown in different embodiments is possible, and these are also included in the scope of the present invention as long as they include the features of the present invention. .

  For example, in the above-described embodiment, the configuration in which the falsification detection system 1 includes the WEB server 200 has been described. However, the present invention is not limited to this, and the falsification detection system 1 may not include the WEB server 200. In this case, each function implemented in the WEB server 200 is implemented on the node 100.

  In the described embodiment, the digest included in the transaction of the block chain DB 131 is described as being in units of records. However, the present invention is not limited to this. For example, the transaction may include a digest calculated for each table of the brand information table 331, the customer information table 332, and the ownership information table 333. The transaction may include a digest calculated from all the tables. When the transaction includes a digest calculated for each table, the update processing unit 201 of the WEB server 200 calculates a digest from the table including the updated record, and creates a transaction. On the other hand, the reference processing unit 202 calculates the digest from the table including the record that is the target of the reference request, and collates with the digest (table digest) acquired from the node 100.

  Furthermore, the update processing unit 201 may be configured to calculate the update record digest not from all items in the updated record but from only the item in the updated record for which tampering is desired. In this case, the transaction may include a digest calculated for an item for which tampering is desired. At this time, in the brand information table 331, the customer information table 332, and the ownership information table 333, a transaction ID is assigned for each item. The reference processing unit 202 calculates a digest from each item that is the target of the reference request, and matches the digest (digest of each item) acquired from the node 100 by specifying the transaction ID.

  In the described embodiment, the configuration has been described in which the update processing unit 201 assigns a unique ID when creating a transaction. However, the present invention is not limited to this, and the update processing unit 201 may be configured to assign an ID (brand ID, customer ID, ownership ID) assigned to the record updated in the writing process to the database 300 to the created transaction.

  Further, in the described embodiment, the configuration using the PoW technology for mining has been described, but the present invention is not limited to this. For example, the mining unit 104 may be configured to add a block to the end of the block chain regardless of whether the created block header is equal to or less than the target value. In this case, the block managed in the block chain DB 131 may be configured not to include a target and a nonce.

DESCRIPTION OF SYMBOLS 1 Tampering detection system 100 Node 101 Broadcast communication part 102 Request part 103 Response part 104 Mining part 131 Block chain DB
200 WEB Server 201 Update Processing Unit 202 Reference Processing Unit 300 Database 331 Brand Information Table 332 Customer Information Table 333 Ownership Information Table

Claims (5)

A blockchain database for storing a digest calculated using a hash function for predetermined data;
A database for storing the predetermined data;
When a reference request for the predetermined data is received, the predetermined data is extracted from the database, a hash value is calculated from the extracted predetermined data using the hash function, and the hash value is A reference processing unit that determines whether or not the digest corresponding to the predetermined data stored in the chain database matches, and outputs the extracted predetermined data;
A tamper detection system. The falsification detection system further updates the predetermined data to updated data on the database when an update request for the predetermined data is received, and uses the hash function for the updated data. An update processing unit that outputs the update digest calculated by
The blockchain database is
Further storing the update digest transmitted by the update processing unit;
The tampering detection system according to claim 1. The blockchain database is
It is constructed in a distributed manner on multiple nodes that are P2P connected to each other.
The tampering detection system according to claim 1 or 2. A digest storage step for storing a digest calculated using a hash function for predetermined data;
A data storage step for storing the predetermined data;
When a reference request for the predetermined data is received, the predetermined data stored in the data storage step is extracted, a hash value is calculated from the extracted predetermined data using the hash function, and the hash is calculated. A step of determining whether or not a value matches a digest corresponding to the predetermined data stored in the digest storage step, and outputting the extracted predetermined data;
A tamper detection method comprising: The falsification detection method further updates the predetermined data stored in the data storage step to updated data when an update request for the predetermined data is received, and the updated data A write step for outputting an update digest calculated using a hash function;
The digest storage step includes:
Further storing the output update digest;
The tampering detection method according to claim 4.

Images