计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (9): 16-25.doi: 10.11896/jsjkx.230500239

• 数据安全 • 上一篇    下一篇

基于区块链的云上数据访问控制模型研究

童飞1,2,3, 邵冉冉1,2   

  1. 1 东南大学网络空间安全学院 南京 211189
    2 教育部计算机网络和信息集成重点实验室(东南大学) 南京 211189
    3 紫金山实验室 南京 211111
  • 收稿日期:2023-05-31 修回日期:2023-07-09 出版日期:2023-09-15 发布日期:2023-09-01
  • 通讯作者: 童飞(ftong@seu.edu.cn)
  • 基金资助:
    国家自然科学基金(61971131);东南大学“至善青年学者”项目(2242021R41157)

Study on Blockchain Based Access Control Model for Cloud Data

TONG Fei1,2,3, SHAO Ranran1,2   

  1. 1 School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China
    2 Key Laboratory of Computer Network and Information Integration of Ministry of Education(Southeast University),Nanjing 211189,China
    3 Purple Mountain Laboratories,Nanjing 211111,China
  • Received:2023-05-31 Revised:2023-07-09 Online:2023-09-15 Published:2023-09-01
  • About author:TONG Fei,born in 1987,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include Internet of Things and ubiquitous networking intelligence & security.
  • Supported by:
    National Natural Science Foundation of China(61971131) and “Zhishan” Scholars Programs of Southeast University(2242021R41157).

PDF (PC)

2191

摘要: 区块链和基于密文策略的属性加密(Ciphertext Policy Attribute Based Encryption,CP-ABE)相结合的方案已经被广泛应用于云上共享数据的访问控制,但是这些方案中数据用户的隐私保护问题并未得到妥善解决。一些研究引入分布式多属性授权中心的基于属性的签名方案(Distributed Multi-Authority Attribute Based Signature,DMA-ABS)来保护数据用户的隐私,但当数据用户多次访问数据时需要进行重复的权限验证,这会带来多余的时间消耗问题。并且,在数据用户的属性和访问控制策略保持相对稳定的情况下,数据用户无限制地重复访问共享数据,会导致系统过载,影响正常的请求处理。这可能会引起云端数据的泄露,给云端数据的安全带来隐患。为了解决这些问题,文中提出了一个基于区块链的云上个人隐私数据访问控制方案。该方案首先将智能合约和多属性授权中心的CP-ABE方案结合,实现了云上个人隐私数据的细粒度访问控制,并引入DMA-ABS方案完成了对数据用户的匿名性身份验证,保护了数据用户的身份隐私;其次,基于比特币UTXO(Unspent Transaction Output)机制,设计了一种数字令牌token,实现了一次授权、多次访问的功能,即缩短了访问时间,又限制了访问次数;最后,在Hyperledger Fabric上进一步实现了访问控制流程,并与现有方案进行了访问时间开销的比较。实验结果表明,所提方案能够有效降低访问时间开销,提高访问效率。

关键词: 区块链, 访问控制, 基于密文策略的属性加密方案, 访问令牌, 智能合约

Abstract: The combination of blockchain and ciphertext policy sttribute based rncryption(CP-ABE) schemes has been widely used in the access control of sharing data on the cloud,but the privacy protection of data users in these schemes has not been solved.Some studies introduce distributed multi-authority attribute based signature schemes(DMA-ABS) to protect the privacy of data users,but when the data user accesses the data multiple times,it is necessary to perform repeated permission verification,which will cause unnecessary time consumption.And when the attributes and access control policies of data users are relatively unchanged,data users can access shared data repeatedly and infinitely,system overload and affect normal request processing.This may cause the leakage of cloud data, posing a hidden danger to the security of cloud data.At the same time,the behavior of data users changes dynamically.A data user who once perform well may have some malicious behaviors such as frequent access to data,illegal access to data,which brings hidden dangers to data security.Firstly,the smart contract is combined with the CP-ABE scheme of multi-attribute authority center to realize the fine-grained access control of personal privacy data in the cloud,and the distributed multi-authority attribute based signature scheme is introduced.The anonymous identity verification of data users is completed to protect the identity privacy of data users.Secondly,based on the idea of unspent transaction output(UTXO ) of Bitcoin,the digital token is designed to realize once authorization and multiple access.Finally,this scheme implements an access control process based on hyperledger fabric,and compares it with existing schemes in terms of access time overhead.The results indicate that the proposed scheme can effectively reduce access time overhead and improve access efficiency.

Key words: Blockchain, Access control, Ciphertext policy attribute based encryption, Access token, Smart contract

中图分类号: 

  • TP18
[1]SHARMA S.Expanded cloud plumes hiding Big Data ecosystem[J].Future Generation Computer Systems,2016,59:63-92.
[2]数安时代GDCA.CapitalOne数据泄露影响1.06亿人[EB/OL].https://www.sohu.com/a/330584204_604699.2019-07.
[3]隐查查.2022年国内外个人信息泄露大事件盘点[EB/OL].https://zhuanlan.zhihu.com/p/598514200.2023-01.
[4]RASORI M,LAMANNA M,PERAZZO P,et al.A Survey onAttribute-Based Encryption Schemes Suitable for the Internet of Things[J].IEEE Internet of Things Journal,2022,9(11):8269-8290.
[5]LI J G,ZHANG Y C,NING J T,et al.Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT[J].IEEE Transactionson Cloud Computing,2022,10(2):762-773.
[6]CHEN N Y,LI J G,ZHANG Y C,et al.Efficient CP-ABEScheme With Shared Decryption in Cloud Storage[J].IEEE Transactions on Computers,2022,71(1):175-184.
[7]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-PolicyAttribute-Based Encryption[C]//2007 IEEE Symposiumon Security and Privacy.2007:321-334.
[8]HUANG K Q.Secure Efficient Revocable Large UniverseMulti-Authority Attribute-Based Encryption for Cloud-Aided IoT[J].IEEE Access,2021,9:53576-53588.
[9]KAMALAKANTA S,ANKIT P,PADMALOCHAN B.PMTER-ABE:a Practical Multi-Authority CP-ABE with Traceability,Revocation and Outsourcing Decryption for Secure Access Control in Cloud Systems[J].Cluster Computing,2021,24(2):1525-1550.
[10]HIKHA M, ANSHUMAN K, GÜRKAN G,et al.A Survey on Role of Blockchain for IoT:Applications and Technical Aspects[J].Computer Networks,2023,227:109726.
[11]LSHEHRI S, RADZISZOWSKI S, RAJ R.Secure Access for Healthcare Datain the Cloud Using Ciphertext-Policy Attribute-Based Encryption[C]//2012 IEEE 28th Iternational Conference on Data Engineering Workshops.2012:143-146.
[12]EL GAFIF H,TOUMANARI A.Efficient Ciphertext-PolicyAttribute-Based Encryption Constructions with Outsourced Encryption and Decryption[J].Security and Communication Networks,2021,2021(3):1-17.
[13]LIU Z C,JIANG Z,WANG X,et al.Practical Attribute-Based Encryption:Outsourcing Decryption,Attribute Revocation and Policy Updating[J].Journal of Network and Computer Applications,2018,108:112-123.
[14]LI T,ZHANG J W,LIN Y X,et al.Blockchain-Based Fine-Grained Data Sharing for Multiple Groups in Internet of Things[J].Security and Communication Networks,2021,12(3):123-135.
[15]SREENIVASA Y R.A Secure and Efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records Sharing in Cloud Computing[J].Future Generation Computer Systems,2017,67(2):133-151.
[16]LI S X,LI R X,ZHANG Y,et al.CBI:A Data Access Control System Based on Cloud and Blockchain Integration[C]//2020 IEEE 22nd International Conferenceon High Performance Computing and Communications;IEEE 18th International Confe-rence on Smart City;IEEE 6th International Conference on Data Science and Systems.2020:715-721.
[17]ZOU Y P,PENG T,ZHONG W T,et al.Reliable and Controllable Data Sharing Based on Blockchain[C]//First International Conference on Ubiquitous Security.2021:448-461.
[18]MALAMAS V,KOTZANIKOLAOU P,DASAKLIS T,et al.A Hierarchical Multi Blockchain for Fine Grained Access to Medical Data[J].IEEE Access,2020,8:134393-134412.
[19]OKAMOTO T,TAKASHIMA K K.Decentralized Attribute-Based Signatures[C]//International Workshop on PublicKey Cryptography.2013:125-142.
[20]ZHANG Y R,HE D B,CHOO K R.BaDS:Blockchain-BasedArchitecture for Data Sharing with ABS and CP-ABE in IoT[J].Wireless Communications and Mobile Computing,2018,1(11):1-9.
[21]LI G,SATO H.A Privacy-Preserving And Fully Decentralized Storage and Sharing System on Blockchain[C]//2019 IEEE 43rd Annual Computer Software and Applications Conference.2019:694-699.
[22]BEIMEL A.Secure Schemes for Secret Sharing and Key Distribution[D].Technion:Israel Institute of Technology,1996.
[23]OKAMOTO T,KASUYUKI T.Decentralized Attribute-Based Encryption and Signatures[J].IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences,2020,E103.A(1):41-73.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发