计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230400080-7.doi: 10.11896/jsjkx.230400080

• 信息安全 • 上一篇    下一篇

基于联盟链的细粒度安全访问控制机制

田洪亮, 宪明杰, 葛平   

  1. 东北电力大学电气工程学院 吉林 吉林 132012
  • 发布日期:2024-06-06
  • 通讯作者: 宪明杰(xianmj97@163.com)
  • 作者简介:(xn_959697@163.com)

Fine Grained Security Access Control Mechanism Based on Blockchain

TIAN Hongliang, XIAN Mingjie, GE Ping   

  1. School of Electrical Engineering,Northeast Electric Power University,Jilin,Jilin 132012,China
  • Published:2024-06-06
  • About author:TIAN Hongliang,born in 1981,Ph.D,associate professor.His main research interests include IoT and blockchain.
    XIAN Mingjie,born in 1997,postgraduate.His main research interests include blockchain and access control.

PDF (PC)

273

摘要: 针对工业物联网存在数据规模庞大、访问安全性差以及隐私安全的问题,提出了基于联盟区块链并使用零知识令牌返回授权的安全访问控制机制,同时,应用IPFS星际文件系统进行链下存储以拓展区块链的可存储性。通过Hyperledger Fabric平台部署区块链网络并编写智能合约,定义访问过程的形式化表达,以更细粒度的模式实现本地和全局的访问授权,并对访问控制的模型和流程进行详细的阐述。最后,通过实验说明区块链网络对访问授权的延迟情况以及策略生成的平均延迟情况,并对比分析了模型的安全性和有效性。结果表明,所提机制在物联网访问控制方面具有安全性、有效性和低延迟性。

关键词: 区块链, 访问控制, 物联网, 智能合约, IPFS

Abstract: To solve the problems of huge data scale,poor access security and privacy security in industrial IoT,a data security access control mechanism based on blockchain combined with zero-knowledge token is proposed,while IPFS interstellar file system is applied for off-chain storage to expand the storability of blockchain.A blockchain network is built and smart contracts are deployed through the Hyperledger Fabric platform to define a formal representation of the access process to achieve local and global access authorization in a more fine-grained model,while the model and process of access control are elaborated.Finally,the security and effectiveness of the model are compared and analyzed,and the latency of the blockchain network for access authorization is illustrated through experiments.The results show that the proposed mechanism has security,effectiveness and low latency in IoT access control.

Key words: Blockchain, Access control, IoT, Smart contract, IPFS

中图分类号: 

  • TP393
[1]ZHANG P,LIU H Y,LI W J,et al.Industrial intelligent network-deepening and upgrading of industrial Internet[J].Journal of Communications,2018,39(12):134-140.
[2]SIKORSKI J,HAUGHTON J,KRAFT M.Blockchain techno-logy in the chemical industry:Machine-to-machine electricity market[J].Applied Energy,2017,195(JUN.1):234-246.
[3]LI Z,KANG J,YU R,et al.Consortium Blockchain for SecureEnergy Trading in Industrial Internet of Things[J].IEEE Transactions on Industrial Informatics,2017,PP(99):1-1.
[4]QIU C,YU F,YAO H,et al.Blockchain-Based Software-De-fined Industrial Internet of Things:A Dueling Deep Q-Learning Approach[J].IEEE Internet of Things Journal,2019,6(3):4627-4639.
[5]WANG J,HAN W,ZHANG H,et al.Trust and Attribute-Based Dynamic Access Control Model for Internet of Things[C]//2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC).2017.
[6]LENG J,YE S,ZHOU M,et al.Blockchain-Secured Smart Ma-nufacturing in Industry 4.0:A Survey[J].IEEE Transactions on Systems,Man,and Cybernetics:Systems,2021,51(1).
[7]YANG Q,LU R,RONG C,et al.Guest Editorial The Convergence of Blockchain and IoT:Opportunities,Challenges and Solutions[J].IEEE Internet of Things Journal,2019,6(3):4556-4560.
[8]LIU Q,ZHANG H,WAN J F,et al.An Access Control Model for Resource Sharing based on the Role-Based Access Control Intended for Multi-domain Manufacturing Internet of Things[J].IEEE Access,2017,5:7001-7011.
[9]NING Y E,YAN Z,WANG R C,et al.An Efficient Authentica-tion and Access Control Scheme for Perception Layer of Internet of Things[J].Applied Mathematics & Information Sciences,2014,8(4).
[10]GUSMEROLI S,PICCIONE S,ROTONDI D.A capability-based security approach to manage access control in the Internet of Things[J].Mathematical & Computer Modelling,2013,58(5/6):1189-1205.
[11]ZHANG Y,SHOJI K,SHEN Y,et al.Smart Contract-Based Access Control for the Internet of Things[J].IEEE Internet of Things Journal,2019,6(2):1594-1605.
[12]OSCAR N.Blockchain Meets IoT:An Architecture for Scalable Access Management in IoT[J].IEEE Internet of Things Journal,2018,5(2):1184-1195.
[13]ZHANG Y,LI B,LIU B,et al.An Attribute-Based Collaborative Access Control Scheme Using Blockchain for IoT Devices[J].Electronics,2020,9(2):285.
[14]BOURAS M,XIA B,ABUASSBA A,et al.IoT-CCAC:a blockchain-based consortium capability access control approach for IoT[J].PeerJ Computer Science,2021,7(3):e455.
[15]NOVO O.Scalable Access Management in IoT using Block-chain:a Performance Evaluation[J].IEEE Internet of Things Journal,2019,6(3):4694-4701.
[16]QI X,SIFAH E,AGYEKUM O,et al.Secured Fine-Grained Selective Access to Outsourced Cloud Data in IoT Environments[J].IEEE Internet of Things Journal,2019,6(6):10749-10762.
[17]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-Poli-cy.Attribute-Based Encryption[C]//IEEE Symposium on Security & Privacy.IEEE,2007.
[18]SUN S,CHEN S,DU R.Trusted and Efficient Cross-Domain Access Control System Based on Blockchain[J].Scientific Programming,2020,2020(10):1-13.
[19]XIE R N,LI H,SHI G Z,et al.Traceable access control mechanism based on blockchain[J].Journal of Communications,2020,41(12):82-93.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发