计算机科学 ›› 2023, Vol. 50 ›› Issue (9): 16-25.doi: 10.11896/jsjkx.230500239
童飞1,2,3, 邵冉冉1,2
TONG Fei1,2,3, SHAO Ranran1,2
摘要: 区块链和基于密文策略的属性加密(Ciphertext Policy Attribute Based Encryption,CP-ABE)相结合的方案已经被广泛应用于云上共享数据的访问控制,但是这些方案中数据用户的隐私保护问题并未得到妥善解决。一些研究引入分布式多属性授权中心的基于属性的签名方案(Distributed Multi-Authority Attribute Based Signature,DMA-ABS)来保护数据用户的隐私,但当数据用户多次访问数据时需要进行重复的权限验证,这会带来多余的时间消耗问题。并且,在数据用户的属性和访问控制策略保持相对稳定的情况下,数据用户无限制地重复访问共享数据,会导致系统过载,影响正常的请求处理。这可能会引起云端数据的泄露,给云端数据的安全带来隐患。为了解决这些问题,文中提出了一个基于区块链的云上个人隐私数据访问控制方案。该方案首先将智能合约和多属性授权中心的CP-ABE方案结合,实现了云上个人隐私数据的细粒度访问控制,并引入DMA-ABS方案完成了对数据用户的匿名性身份验证,保护了数据用户的身份隐私;其次,基于比特币UTXO(Unspent Transaction Output)机制,设计了一种数字令牌token,实现了一次授权、多次访问的功能,即缩短了访问时间,又限制了访问次数;最后,在Hyperledger Fabric上进一步实现了访问控制流程,并与现有方案进行了访问时间开销的比较。实验结果表明,所提方案能够有效降低访问时间开销,提高访问效率。
中图分类号:
[1]SHARMA S.Expanded cloud plumes hiding Big Data ecosystem[J].Future Generation Computer Systems,2016,59:63-92. [2]数安时代GDCA.CapitalOne数据泄露影响1.06亿人[EB/OL].https://www.sohu.com/a/330584204_604699.2019-07. [3]隐查查.2022年国内外个人信息泄露大事件盘点[EB/OL].https://zhuanlan.zhihu.com/p/598514200.2023-01. [4]RASORI M,LAMANNA M,PERAZZO P,et al.A Survey onAttribute-Based Encryption Schemes Suitable for the Internet of Things[J].IEEE Internet of Things Journal,2022,9(11):8269-8290. [5]LI J G,ZHANG Y C,NING J T,et al.Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT[J].IEEE Transactionson Cloud Computing,2022,10(2):762-773. [6]CHEN N Y,LI J G,ZHANG Y C,et al.Efficient CP-ABEScheme With Shared Decryption in Cloud Storage[J].IEEE Transactions on Computers,2022,71(1):175-184. [7]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-PolicyAttribute-Based Encryption[C]//2007 IEEE Symposiumon Security and Privacy.2007:321-334. [8]HUANG K Q.Secure Efficient Revocable Large UniverseMulti-Authority Attribute-Based Encryption for Cloud-Aided IoT[J].IEEE Access,2021,9:53576-53588. [9]KAMALAKANTA S,ANKIT P,PADMALOCHAN B.PMTER-ABE:a Practical Multi-Authority CP-ABE with Traceability,Revocation and Outsourcing Decryption for Secure Access Control in Cloud Systems[J].Cluster Computing,2021,24(2):1525-1550. [10]HIKHA M, ANSHUMAN K, GÜRKAN G,et al.A Survey on Role of Blockchain for IoT:Applications and Technical Aspects[J].Computer Networks,2023,227:109726. [11]LSHEHRI S, RADZISZOWSKI S, RAJ R.Secure Access for Healthcare Datain the Cloud Using Ciphertext-Policy Attribute-Based Encryption[C]//2012 IEEE 28th Iternational Conference on Data Engineering Workshops.2012:143-146. [12]EL GAFIF H,TOUMANARI A.Efficient Ciphertext-PolicyAttribute-Based Encryption Constructions with Outsourced Encryption and Decryption[J].Security and Communication Networks,2021,2021(3):1-17. [13]LIU Z C,JIANG Z,WANG X,et al.Practical Attribute-Based Encryption:Outsourcing Decryption,Attribute Revocation and Policy Updating[J].Journal of Network and Computer Applications,2018,108:112-123. [14]LI T,ZHANG J W,LIN Y X,et al.Blockchain-Based Fine-Grained Data Sharing for Multiple Groups in Internet of Things[J].Security and Communication Networks,2021,12(3):123-135. [15]SREENIVASA Y R.A Secure and Efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records Sharing in Cloud Computing[J].Future Generation Computer Systems,2017,67(2):133-151. [16]LI S X,LI R X,ZHANG Y,et al.CBI:A Data Access Control System Based on Cloud and Blockchain Integration[C]//2020 IEEE 22nd International Conferenceon High Performance Computing and Communications;IEEE 18th International Confe-rence on Smart City;IEEE 6th International Conference on Data Science and Systems.2020:715-721. [17]ZOU Y P,PENG T,ZHONG W T,et al.Reliable and Controllable Data Sharing Based on Blockchain[C]//First International Conference on Ubiquitous Security.2021:448-461. [18]MALAMAS V,KOTZANIKOLAOU P,DASAKLIS T,et al.A Hierarchical Multi Blockchain for Fine Grained Access to Medical Data[J].IEEE Access,2020,8:134393-134412. [19]OKAMOTO T,TAKASHIMA K K.Decentralized Attribute-Based Signatures[C]//International Workshop on PublicKey Cryptography.2013:125-142. [20]ZHANG Y R,HE D B,CHOO K R.BaDS:Blockchain-BasedArchitecture for Data Sharing with ABS and CP-ABE in IoT[J].Wireless Communications and Mobile Computing,2018,1(11):1-9. [21]LI G,SATO H.A Privacy-Preserving And Fully Decentralized Storage and Sharing System on Blockchain[C]//2019 IEEE 43rd Annual Computer Software and Applications Conference.2019:694-699. [22]BEIMEL A.Secure Schemes for Secret Sharing and Key Distribution[D].Technion:Israel Institute of Technology,1996. [23]OKAMOTO T,KASUYUKI T.Decentralized Attribute-Based Encryption and Signatures[J].IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences,2020,E103.A(1):41-73. |
|