(1.31202 Unit of People′s Liberation Army, Guangzhou 510510, China; 2. School of Communication and Information Engineering, Chongqing University of Posts and Communications, Chongqing 400065, China)
Abstract:
Aiming at the lack of privacy protection in the process of access control, an access control scheme based on blockchain policy and attribute hiding is proposed. Firstly, access request, attribute management and policy management chain codes are written based on Hyperledger Fabric platform, and basic attribute based access control model is built to achieve finegrained access control. Secondly, the AES symmetric encryption algorithm and attributebased encryption algorithm are used to encrypt resources for storage, and then the storage address and resource hash are uploaded to the blockchain to ensure the security and integrity of the data. Finally, the Paillier homomorphic encryption algorithm is used to encrypt and upload user attributes and access policies to the blockchain, ensuring the privacy of users during access. Through comparison of schemes and simulation experimental results, it is proved that this scheme can effectively protect user privacy.
Key words :
blockchain; access control; privacy protection; encryption algorithm
0 引言
随着通信技术、云计算和物联网等技术的飞速发展,大量的数据产生并存储在了互联网上,这些数据可能涉及用户的个人隐私,一旦泄露将会对用户安全造成巨大的威胁[1-2]。沙巴网址技术作为保护数据安全的重要技术之一[3],其通过预设的访问策略能够有效防止未经授权的访问和不当的使用。目前主流的沙巴网址方案分为基于角色的沙巴网址(Role Based Access Control,RBAC)[4]、基于权能的沙巴网址(Capability Based Access Control,CapBAC)[5]、基于属性的沙巴网址(Attributes Based Access Control,ABAC)[6]和基于属性基加密(Attribute Based Encryption,ABE)[7]的沙巴网址。其中,属性基加密以属性作为决策要素,通过与、或、非和门限操作能够制定细粒度的沙巴网址策略,实现从一对一加密到一对多加密的提升,使得它在数据发布和数据共享方面具有良好的应用前景。