2.845

2023影响因子

(CJCR)

  • 中文核心
  • EI
  • 中国科技核心
  • Scopus
  • CSCD
  • 英国科学文摘

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于区块链的策略隐藏大数据访问控制方法

林莉 储振兴 刘子萌 郭馥宾 解晓宇 张建标

林莉, 储振兴, 刘子萌, 郭馥宾, 解晓宇, 张建标. 基于区块链的策略隐藏大数据访问控制方法. 自动化学报, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178
引用本文: 林莉, 储振兴, 刘子萌, 郭馥宾, 解晓宇, 张建标. 基于区块链的策略隐藏大数据访问控制方法. 自动化学报, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178
Lin Li, Chu Zhen-Xing, Liu Zi-Meng, Guo Fu-Bin, Xie Xiao-Yu, Zhang Jian-Biao. A policy-hidden big data access control method based on blockchain. Acta Automatica Sinica, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178
Citation: Lin Li, Chu Zhen-Xing, Liu Zi-Meng, Guo Fu-Bin, Xie Xiao-Yu, Zhang Jian-Biao. A policy-hidden big data access control method based on blockchain. Acta Automatica Sinica, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178

基于区块链的策略隐藏大数据访问控制方法

doi: 10.16383/j.aas.c211178
基金项目: 国家自然科学基金(61502017), 北京市自然科学基金(M21039)资助
详细信息
    作者简介:

    林莉:北京工业大学信息学部副教授. 主要研究方向为大数据安全与隐私保护, 访问控制和区块链应用. 本文通信作者. E-mail: linli_2009@bjut.edu.cn

    储振兴:北京工业大学信息学部硕士研究生. 主要研究方向为区块链与访问控制. E-mail: tianzhenxingchu@163.com

    刘子萌:北京工业大学信息学部硕士研究生. 主要研究方向为区块链与云安全. E-mail: zimeng_liuu@163.com

    郭馥宾:北京工业大学信息学部硕士研究生. 主要研究方向为网络安全与区块链. E-mail: gfb18438607915@163.com

    解晓宇:北京工业大学信息学部硕士研究生. 主要研究方向为区块链与云计算. E-mail: 18733655212@163.com

    张建标:北京工业大学信息学部教授. 主要研究方向为信息安全与云计算. E-mail: zjb@bjut.edu.cn

A Policy-hidden Big Data Access Control Method Based on Blockchain

Funds: Supported by National Natural Science Foundation of China (61502017) and Natural Science Foundation of Beijing Municipality (M21039)
More Information
    Author Bio:

    LIN Li Associate professor at the Faculty of Information Technology, Beijing University of Technology. Her research interest covers big data security and privacy protection, access control, and blockchain application. Corresponding author of this paper

    CHU Zhen-Xing Master student at the Faculty of Information Technology, Beijing University of Technology. His research interest covers blockchain and access control

    LIU Zi-Meng Master student at the Faculty of Information Technology, Beijing University of Technology. Her research interest covers blockchain and cloud security

    GUO Fu-Bin Master student at the Faculty of Information Technology, Beijing University of Technology. His research interest covers network security and blockchain

    XIE Xiao-Yu Master student at the Faculty of Information Technology, Beijing University of Technology. Her research interest covers blockchain and cloud computing

    ZHANG Jian-Biao Professor at the Faculty of Information Technology, Beijing University of Technology. His research interest covers information security and cloud computing

  • 摘要: 针对大数据应用中用户共享数据的访问控制由半可信云服务商实施所带来的隐私泄露、策略和访问日志易被篡改等问题, 提出一种基于区块链的策略隐藏大数据访问控制方法 (A policy-hidden big data access control method based on blockchain, PHAC). 该方法采用区块链技术实施访问控制以减少对服务商的信任依赖, 引入属性基加密(Attribute-based encryption, ABE)以及双线性映射技术, 实现在不泄露访问控制策略的前提下, 通过智能合约正确执行访问控制策略. 同时, 解耦访问控制策略, 简化用户策略的发布、更新和执行. 并应用链上和链下存储相结合方式, 解决智能合约和访问控制策略占用区块链节点资源不断增大的问题. 最后, 对该方法进行了理论分析和HyperLedger Fabric环境下的实验评估, 结果表明该方法能在策略隐藏情况下有效实现访问控制, 但不会给数据拥有者、区块链节点增加过多额外计算和存储开销.
  • 图  1  基于区块链的数据安全共享通用场景

    Fig.  1  General scenarios of secure data sharing based on blockchain

    图  2  PHAC方法架构

    Fig.  2  Architecture of PHAC

    图  3  访问控制树示例

    Fig.  3  Example of access control tree

    图  4  图3示例对应的访问树

    Fig.  4  Corresponding access tree in Fig. 3 example

    图  5  PHAC的访问控制流程

    Fig.  5  Access control process of PHAC

    图  6  区块数据结构

    Fig.  6  Block data structures

    图  7  区块链平台存储的访问控制树示例

    Fig.  7  Example of access control tree stored on the blockchain platform

    图  8  访问策略事务更新

    Fig.  8  Update of access policy transaction

    图  9  链下存储结构

    Fig.  9  Storage structure under chain

    图  10  基于HyperLedger Fabric的PHAC实验拓扑

    Fig.  10  Experimental topology of PHAC based on HyperLedger Fabric

    图  11  T末端内部节点固定时访问控制树的加密时间

    Fig.  11  Access control tree encryption time when the internal node of T terminal is fixed

    图  12  属性值总数固定时的访问控制树加密时间

    Fig.  12  Access control tree encryption time when the total number of attribute values is fixed

    图  13  策略未隐藏下的策略判决时间

    Fig.  13  Policy decision time without policy hidden

    图  14  策略隐藏下的策略判决时间

    Fig.  14  Policy decision time under policy hidden

    图  15  访问者属性集对策略判决时间的影响

    Fig.  15  Influence of visitor attribute sets on policy decision time

    图  16  策略隐藏和策略未隐藏下的策略判决时间对比

    Fig.  16  Comparison of policy decision times under policy hidden and without policy hidden

    图  17  区块链平台存储开销

    Fig.  17  The storage overhead of blockchain platform

    表  1  本文方法PHAC和其他文献方法的对比

    Table  1  Comparison of the proposed PHAC with other literature methods

    方案群阶访问结构访问者密钥长度数据存储开销策略隐藏时加密开销访问控制判决计算开销
    文献[10]合数${(2+k)|G|}$${(1+|a|+|a|\sum_{i=1}^{n}n_i)|G|\;+}$
    $(1+{|a|)|G_T|}$
    ${(2+2|a|+2|a|\sum_{i=1}^{n}n_i)G\;+}$
    ${(1+|a|)G_T}$
    ${(1+|a|+k|a|)E\;+}$
    ${(2+|a|+k|a|)G_T}$
    文献[11]素数${8|G|}$${(8+\sum_{i=1}^{n}n_i)|G|+|G_T|}$${(14+\sum_{i=1}^{n}n_i)G+2G_T}$ ${nG+8E+8G_T}$
    文献[24]素数${k|G|}$${3|G|+|G_T|}$${(l+\sum_{i=1}^{n}n_i)G+3G_T}$ ${3E+2lG+B}$
    文献[29]素数LSSS${(10\sum_{i=1}^{n}k_i)|G|}$${(2+|a|\sum_{i=1}^{n}n_i)|G|+n|G_T|}$${(2+\sum_{i=1}^{|a|}i+4\sum_{i=1}^{n}i\;+}$
    ${4\sum_{i=1}^{l}i)G+(1+\sum_{i=1}^{l}i)G_T}$
    ${(3\sum_{i=1}^{n}i+\sum_{i=1}^{l}i)E\;+}$
    ${(1+\sum_{i=1}^{|a|}i)G_T+B}$
    文献[36]素数${(1+2n)|G|}$${(1+n+\sum_{i=1}^{n}n_i)|G|+|G_T|}$${(n+\sum_{i=1}^{n}n_i)G+3G_T}$ ${(1+3n)E+(1+3n)G_T}$
    文献[37]合数${(1+n)|G|}$${(1+\sum_{i=1}^{n}n_i)|G|+|G_T|}$${2(n+\sum_{i=1}^{n}n_i)G+2G_T}$ ${(1+n)E+(1+n)G_T}$
    PHAC素数${(2+k)|G|}$${(7+|a|+|a|\sum_{i=1}^{n}n_i)|G|\;+}$
    ${(3+|a|)|G_T|}$
    ${(7+|a|+|a|\sum_{i=1}^{n}n_i)G\;+}$
    ${(3+|a|)G_T}$
    ${(1+|a|+k|a|)E\;+}$
    ${(2+|a|+k|a|)G_T +B}$
    下载: 导出CSV
  • [1] Berdik D, Otoum S, Schmidt N, Porter D, Jararweh Y. A survey on blockchain for information systems management and security. Information Processing & Management, 2021, 58(1): 102397
    [2] 刘明达, 陈左宁, 拾以娟, 汤凌韬, 曹丹. 区块链在数据安全领域的研究进展. 计算机学报, 2021, 44(1): 1-27

    Liu Ming-Da, Chen Zuo-Ning, Shi Yi-Juan, Tang Ling-Tao, Cao Dan. Reseacrch progress of blockchain in data security. Chinese Journal of Computers, 2021, 44(1): 1-27
    [3] 袁勇, 王飞跃. 可编辑区块链: 模型、技术与方法. 自动化学报, 2020, 46(5): 831-846

    Yuan Yong, Wang Fei-Yue. Editable blockchain: Models, techniques and methods. Acta Automatica Sinica, 2020, 46(5): 831-846
    [4] Maesa D D F, Mori P, Ricci L. Blockchain based access control. In: Proceedings of the 17th IFIP International Conference on Distributed Applications and Interoperable Systems. Cham, Switzerland: Springer, 2017. 206−220
    [5] Yang C, Tan L, Shi N, Xu B, Cao Y, Yu K. AuthPrivacyChain: A blockchain-based access control framework with privacy protection in cloud. IEEE Access, 2020, 8: 70604-70615 doi: 10.1109/ACCESS.2020.2985762
    [6] 刘敖迪, 杜学绘, 王娜, 李少卓. 基于区块链的大数据访问控制机制. 软件学报, 2019, 30(9): 2636-2654

    Liu Ao-Di, Du Xue-Hui, Wang Na, Li Shao-Zhuo. A blockchain-based access control mechanism for big data. Journal of Software, 2019, 30(9): 2636-2654
    [7] Maesa D D F, Mori P, Ricci L. Blockchain based access control services. In: Proceedings of the IEEE Conferences on Internet of Things, Green Computing and Communications, Cyber, Physical and Social Computing, Smart Data. New York, USA: IEEE, 2018. 1379−1386
    [8] 王秀利, 江晓舟, 李洋. 应用区块链的数据访问控制与共享模型. 软件学报, 2019, 30(6): 1661-1669 doi: 10.13328/j.cnki.jos.005742

    Wang Xiu-Li, Jiang Xiao-Zhou, Li Yang. Model for data access control and sharing based on blockchain. Journal of Software, 2019, 30(6): 1661-1669 doi: 10.13328/j.cnki.jos.005742
    [9] Maesa D D F, Mori P, Ricci L. A blockchain based approach for the definition of auditable access control systems. Computers & Security, 2019, 84: 93-119
    [10] 宋衍, 韩臻, 刘凤梅, 刘磊. 基于访问树的策略隐藏属性加密方案. 通信学报, 2015, 36(9): 119-126 doi: 10.11959/j.issn.1000-436x.2015135

    Song Yan, Han Zhen, Liu Feng-mei, Liu Lei. Attribute-based encryption with hidden policies in the access tree. Journal on Communications, 2015, 36(9): 119-126 doi: 10.11959/j.issn.1000-436x.2015135
    [11] 王海斌, 陈少真. 隐藏访问结构的基于属性加密方案. 电子与信息学报, 2012, 34(2): 457-461

    Wang Hai-Bin, Chen Shao-Zhen. Attribute-based encryption with hidden access structures. Journal of Electronics & Information Technology, 2012, 34(2): 457-461
    [12] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. New York, USA: 2006. 89−98
    [13] Boneh D, Franklin M. Identity-based encryption from the Weil pairing. SIAM Journal on Computing, 2003, 32(3): 586-615 doi: 10.1137/S0097539701398521
    [14] Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2005. 457−473
    [15] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of the 28th IEEE Symposium on Security and Privacy. Oakland, USA: IEEE, 2007. 321−334
    [16] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. New York, USA: 2007. 195−203
    [17] Zhou Z, Huang D, Wang Z. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Transactions on Computers, 2015, 64(1): 126-128 doi: 10.1109/TC.2013.200
    [18] 洪澄, 张敏, 冯登国. AB-ACCS: 一种云存储密文访问控制方法. 计算机研究与发展, 2010: 47(Suppl.): 259-265

    Hong Cheng, Zhang Min, Feng Deng-Guo. AB-ACCS: A cryptographic access control scheme for cloud storage. Journal of Computer Research and Development, 2010, 47(Suppl.): 259-265
    [19] Wang Y, Li F, Xiong J, Niu B, Shan F. Achieving lightweight and secure access control in multi-authority cloud. In: Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Helsinki, Finland: IEEE, 2015. 459−466
    [20] Jung T, Li X Y, Wan Z, Wan M. Privacy preserving cloud data access with multi-authorities. In: Proceedings of the 32nd IEEE Conference on Computer Communications. Turin, Italy: IEEE, 2013. 2625−2633
    [21] 关志涛, 杨亭亭, 徐茹枝, 王竹晓. 面向云存储的基于属性加密的多授权中心访问控制方案. 通信学报, 2015, 36(6): 120-130 doi: 10.11959/j.issn.1000-436x.2015142

    Guan Zhi-Tao, Yang Ting-Ting, Xu Ru-Zhi, Wang Zhu-Xiao. Multi-authority attribute-based encryption access control model for cloud storage. Journal on Communications, 2015, 36(6): 120-130 doi: 10.11959/j.issn.1000-436x.2015142
    [22] Lin H, Cao Z, Liang X, Shao J. Secure threshold multi authority attribute based encryption without a central authority. Information Sciences, 2010, 180(13): 2618-2632 doi: 10.1016/j.ins.2010.03.004
    [23] Ding X, Yang J. An access control model and its application in blockchain. In: Proceedings of the International Conference on Communications, Information System and Computer Engineering. Haikou, China: IEEE, 2019. 163−167
    [24] Ba Y, Hu X, Chen Y, Hao Z, Li X, Yan X. A Blockchain-based CP-ABE scheme with partially hidden access structures. Security and Communication Networks, 2021, 2021: 4132597
    [25] Wang S, Zhang Y, Zhang Y. A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access, 2018, 6: 38437-38450 doi: 10.1109/ACCESS.2018.2851611
    [26] 张建标, 张兆乾, 徐万山, 吴娜. 一种基于区块链的域间访问控制模型. 软件学报, 2021, 32(5): 1547-1564

    Zhang Jian-Biao, Zhang Zhao-Qian, Xu Wan-Shan, Wu Na. Inter-domain access control model based on blockchain. Journal of Software, 2021, 32(5): 1547-1564
    [27] Makhdoom I, Zhou I, Abolhasan M, Lipman J, Ni W. PrivySharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities. Computers and Security, 2020, 88: 101653 doi: 10.1016/j.cose.2019.101653
    [28] Gao S, Piao G, Zhu J, Ma X, Ma J. Trustaccess: A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain. IEEE Transactions on Vehicular Technology, 2020, 69(6): 5784-5798 doi: 10.1109/TVT.2020.2967099
    [29] Zhang Z, Zhang J, Yuan Y, Li Z. An expressive fully policy-hidden ciphertext policy attribute-based encryption scheme with credible verification based on blockchain. IEEE Internet of Things Journal, 2022, 9(11): 8681-8692 doi: 10.1109/JIOT.2021.3117378
    [30] 夏清, 窦文生, 郭凯文, 梁赓, 左春, 张凤军. 区块链共识协议综述. 软件学报, 2021, 32(2): 277-299 doi: 10.13328/j.cnki.jos.006150

    Xia Qing, Dou Wen-Sheng, Guo Kai-Wen, Liang Geng, Zuo Chun, Zhang Feng-Jun. Survey of blockchain consensus protocols. Journal of Software, 2021, 32(2): 277-299 doi: 10.13328/j.cnki.jos.006150
    [31] Zhang Y, Kasahara S, Shen Y, Jiang X, Wan J. Smart contract-based access control for the internet of things. IEEE Internet of Things Journal, 2018, 6(2): 1594-1605
    [32] Shparlinski I E. Communication complexity and Fourier coefficients of the Diffie-Hellman key. In: Proceedings of the 4th Latin American Symposium on Theoretical Informatics. Berlin, Germany: Springer, 2000. 259−268
    [33] Boneh D, Boyen X. Efficient selective identity-based encryption without random oracles. Journal of Cryptology, 2011, 24: 659-693 doi: 10.1007/s00145-010-9078-6
    [34] 杨浩淼, 孙世新, 李洪伟. 双线性Diffie-Hellman问题研究. 四川大学学报(工程科学版), 2006, 38(2): 137-140 doi: 10.3969/j.issn.1009-3087.2006.02.028

    Yang Hao-Miao, Sun Shi-Xin, Li Hong-Wei. Research on bilinear Diffie-Hellman problem. Journal of Sichuan University (Engineering Science Edition), 2006, 38(2): 137-140 doi: 10.3969/j.issn.1009-3087.2006.02.028
    [35] Ghayvat H, Pandya S, Bhattacharya P, Zuhair M, Rashid M, Hakak S, et al. CP-BDHCA: Blockchain-based confidentiality-privacy preserving big data scheme for healthcare clouds and applications. IEEE Journal of Biomedical and Health Informatics, 2021, 26(5): 1937-1948
    [36] Nishide T, Yoneyama K, Ohta K. Attribute-based encryption with partially hidden encryptor-specified access structures. In: Proceedings of the 6th International Conference on Applied Cryptography and Network Security. Berlin, Germany: Springer, 2008. 111−129
    [37] Lai J, Deng R H, Li Y. Fully secure cipertext-policy hiding CP-ABE. In: Proceedings of the 7th International Conference on Information Security Practice and Experience. Berlin, Germany: Springer, 2011. 24−39
    [38] 徐恪, 凌思通, 李琦, 吴波, 沈蒙, 张智超, 等. 基于区块链的网络安全体系结构与关键技术研究进展. 计算机学报, 2021, 44(1): 55-83

    Xu Ke, Ling Si-Tong, Li Qi, Wu Bo, Shen Meng, Zhang Zhi-Chao, et al. Research progress of network security architecture and key technologies based on blockchain. Chinese Journal of Computers, 2021, 44(1): 55-83
  • 加载中
图(17) / 表(1)
计量
  • 文章访问数:  959
  • HTML全文浏览量:  250
  • PDF下载量:  245
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-12-09
  • 录用日期:  2022-07-06
  • 网络出版日期:  2022-08-11
  • 刊出日期:  2023-05-20

目录

    /

    返回文章
    返回