(1.31202 Unit of People′s Liberation Army, Guangzhou 510510, China; 2. School of Communication and Information Engineering, Chongqing University of Posts and Communications, Chongqing 400065, China)
Abstract: Aiming at the lack of privacy protection in the process of access control, an access control scheme based on blockchain policy and attribute hiding is proposed. Firstly, access request, attribute management and policy management chain codes are written based on Hyperledger Fabric platform, and basic attribute based access control model is built to achieve finegrained access control. Secondly, the AES symmetric encryption algorithm and attributebased encryption algorithm are used to encrypt resources for storage, and then the storage address and resource hash are uploaded to the blockchain to ensure the security and integrity of the data. Finally, the Paillier homomorphic encryption algorithm is used to encrypt and upload user attributes and access policies to the blockchain, ensuring the privacy of users during access. Through comparison of schemes and simulation experimental results, it is proved that this scheme can effectively protect user privacy.
Key words : blockchain; access control; privacy protection; encryption algorithm
0 引言
隨著通信技術(shù)、云計(jì)算和物聯(lián)網(wǎng)等技術(shù)的飛速發(fā)展,大量的數(shù)據(jù)產(chǎn)生并存儲(chǔ)在了互聯(lián)網(wǎng)上,這些數(shù)據(jù)可能涉及用戶(hù)的個(gè)人隱私,一旦泄露將會(huì)對(duì)用戶(hù)安全造成巨大的威脅[1-2]。訪(fǎng)問(wèn)控制技術(shù)作為保護(hù)數(shù)據(jù)安全的重要技術(shù)之一[3],其通過(guò)預(yù)設(shè)的訪(fǎng)問(wèn)策略能夠有效防止未經(jīng)授權(quán)的訪(fǎng)問(wèn)和不當(dāng)?shù)氖褂谩D壳爸髁鞯脑L(fǎng)問(wèn)控制方案分為基于角色的訪(fǎng)問(wèn)控制(Role Based Access Control,RBAC)[4]、基于權(quán)能的訪(fǎng)問(wèn)控制(Capability Based Access Control,CapBAC)[5]、基于屬性的訪(fǎng)問(wèn)控制(Attributes Based Access Control,ABAC)[6]和基于屬性基加密(Attribute Based Encryption,ABE)[7]的訪(fǎng)問(wèn)控制。其中,屬性基加密以屬性作為決策要素,通過(guò)與、或、非和門(mén)限操作能夠制定細(xì)粒度的訪(fǎng)問(wèn)控制策略,實(shí)現(xiàn)從一對(duì)一加密到一對(duì)多加密的提升,使得它在數(shù)據(jù)發(fā)布和數(shù)據(jù)共享方面具有良好的應(yīng)用前景。
