基于策略和属性隐藏的区块链访问控制方法研究
网络安全与数据治理 10期
杨志谋,文 强,张 帅,张功国,孙 锐
(1.中国人民解放军31202部队,广东广州510510; 2.重庆邮电大学通信与信息工程学院,重庆400065)
摘要: 针对访问控制过程中缺乏对用户隐私保护的问题,提出了一种基于策略和属性隐藏的区块链访问控制方案。首先,基于Hyperledger Fabric平台编写访问请求、属性管理和策略管理链码,搭建基本的基于属性的访问控制模型,实现了细粒度的访问控制。其次,使用AES对称加密算法和属性基加密算法将资源进行加密存储,再将存储地址和资源哈希上传到区块链上,确保数据的安全性和完整性。最后,使用Paillier同态加密算法将用户属性和访问策略加密并上传到区块链上,确保访问过程中用户的隐私安全。通过方案对比和仿真实验说明了本文方案能够有效保护用户的隐私。
中图分类号:TP309
文献标识码:A
DOI:10.19358/j.issn.2097-1788.2023.10.007
引用格式:杨志谋,文强,张帅,等.基于策略和属性隐藏的区块链访问控制方法研究[J].网络安全与数据治理,2023,42(10):40-48.
文献标识码:A
DOI:10.19358/j.issn.2097-1788.2023.10.007
引用格式:杨志谋,文强,张帅,等.基于策略和属性隐藏的区块链访问控制方法研究[J].网络安全与数据治理,2023,42(10):40-48.
Research on blockchain access control methods based on policy and attribute hiding
Yang Zhimou 1,Wen Qiang 1,Zhang Shuai 1,Zhang Gongguo 2,Sun Rui 2
(1.31202 Unit of People′s Liberation Army, Guangzhou 510510, China; 2. School of Communication and Information Engineering, Chongqing University of Posts and Communications, Chongqing 400065, China)
Abstract: Aiming at the lack of privacy protection in the process of access control, an access control scheme based on blockchain policy and attribute hiding is proposed. Firstly, access request, attribute management and policy management chain codes are written based on Hyperledger Fabric platform, and basic attribute based access control model is built to achieve finegrained access control. Secondly, the AES symmetric encryption algorithm and attributebased encryption algorithm are used to encrypt resources for storage, and then the storage address and resource hash are uploaded to the blockchain to ensure the security and integrity of the data. Finally, the Paillier homomorphic encryption algorithm is used to encrypt and upload user attributes and access policies to the blockchain, ensuring the privacy of users during access. Through comparison of schemes and simulation experimental results, it is proved that this scheme can effectively protect user privacy.
Key words : blockchain; access control; privacy protection; encryption algorithm
0 引言
随着通信技术、云计算和物联网等技术的飞速发展,大量的数据产生并存储在了互联网上,这些数据可能涉及用户的个人隐私,一旦泄露将会对用户安全造成巨大的威胁[1-2]。访问控制技术作为保护数据安全的重要技术之一[3],其通过预设的访问策略能够有效防止未经授权的访问和不当的使用。目前主流的访问控制方案分为基于角色的访问控制(Role Based Access Control,RBAC)[4]、基于权能的访问控制(Capability Based Access Control,CapBAC)[5]、基于属性的访问控制(Attributes Based Access Control,ABAC)[6]和基于属性基加密(Attribute Based Encryption,ABE)[7]的访问控制。其中,属性基加密以属性作为决策要素,通过与、或、非和门限操作能够制定细粒度的访问控制策略,实现从一对一加密到一对多加密的提升,使得它在数据发布和数据共享方面具有良好的应用前景。
本文详细内容请下载:https://www.chinaaet.com/resource/share/2000005737
作者信息:
杨志谋1,文强1,张帅1,张功国2,孙锐2
(1.中国人民解放军31202部队,广东广州510510;2.重庆邮电大学通信与信息工程学院,重庆400065)
此内容为AET网站原创,未经授权禁止转载。