计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (10): 372-379.doi: 10.11896/jsjkx.230700094

• 信息安全 • 上一篇    下一篇

基于智能合约的流数据授权撤销方案研究

门蕊蕊, 贾洪勇, 都金如   

  1. 郑州大学网络空间安全学院 郑州 450000
  • 收稿日期:2023-07-13 修回日期:2024-01-15 出版日期:2024-10-15 发布日期:2024-10-11
  • 通讯作者: 贾洪勇(hyjia@zzu.edu.cn)
  • 作者简介:(mrr0623@163.com)
  • 基金资助:
    河南省重大科技专项(221100210900-01);2021年中国高校产学研创新基金(2021ITA11021)

Study on Stream Data Authorization Revocation Scheme Based on Smart Contracts

MEN Ruirui, JIA Hongyong, DU Jinru   

  1. School of Cyber Science and Engineering,ZhengZhou University,Zhengzhou 450000,China
  • Received:2023-07-13 Revised:2024-01-15 Online:2024-10-15 Published:2024-10-11
  • About author:MEN Ruirui,born in 1999,postgra-duate.Her main research interests include cryptography and zero trust security.
    JIA Hongyong,born in 1975,Ph.D,lecture.His main research interests include cloud computing security and zero trust security of the IoT system.
  • Supported by:
    Management of Major Science and Technology of Henan Province(221100210900-01) and 2021 China University Industry University Research Innovation Fund(2021ITA11021).

PDF (PC)

237

摘要: 物联网设备和服务将实时生成的流数据加密后进行外包存储,并通过访问控制对用户进行授权,当用户的身份或权限发生变更时,需要撤销用户的权限。现有撤销方案通常存在密钥频繁更新和重加密密文的问题,导致撤销效率低下,灵活度不足,难以实现实时撤销,面临数据泄露风险。为解决流数据外包存储场景下的实时授权撤销问题,提出了一种基于智能合约的去中心化授权撤销方案。在边缘计算和区块链相结合的物联网架构下,将流数据按照时间间隔分块,使用HASH树生成与块对应的大量且唯一的密钥,并对分块数据进行对称加密;树节点创建访问令牌并通过代理重加密技术进行共享,实现了可更改的访问策略和高效动态数据共享;利用智能合约技术创建访问控制列表和不当行为列表,对用户权限进行定时撤销和即时撤销操作,实现了去中心化的实时授权撤销。安全性分析和仿真实验证明所提方案与其他相关的研究方案相比,提供了更好的安全性、功能、通信和计算成本,更具有效性。

关键词: 流数据, 边缘计算, 区块链, 智能合约, 访问控制, 授权撤销

Abstract: IoT devices and services encrypt real-time generated stream data for outsourced storage,and authorize users through access control.When the user's identity or permissions change,authorization to the user needs to be revoked.Existing revocation schemes have problems of frequent key updates and re-encrypted ciphertext,resulting in low revocation efficiency,insufficient flexibility,difficulty in achieving real-time revocation,and the risk of data leakage.In order to solve the real-time authorization revocation in the outsourcing storage scenario of streaming data,a decentralized authorization revocation scheme based on smart contracts is proposed.Under the IoT architecture combined with edge computing and blockchain,the streaming data is divided into blocks according to time intervals,and a large number of unique keys corresponding to the blocks are generated using the HASH tree,and the partitioned data is symmetrically encrypted.The tree nodes create access tokens and share them through proxy re-encryption technology,to implement modifiable access policies and efficient dynamic data sharing.By utilizing smart contract technology to create access control lists and misconduct lists,users are subjected to scheduled and immediate revocation operations,achieving decentralized real-time authorization revocation.Through security analysis and simulation experiments,it has been proven that this scheme provides better security,functionality,communication,and computing costs compared to other rela-ted research schemes,and is more effective.

Key words: Stream data, Edge computing, Blockchain, Smart contracts, Access control, Authorization revocation

中图分类号: 

  • TP309
[1]MACIEL L,BALLINI R,GOMIDE F.Adaptive fuzzy modeling of interval-valued stream data and application in cryptocurrencies prediction[J].Neural Computing and Applications,2023,35(10):7149-7159.
[2]SRIRAMG S.Edge computing vs.Cloud computing:an overview of big data challenges and opportunities for large enterprises[J].International Research Journal of Modernization in Engineering Technology and Science,2022,4(1):1331-1337.
[3]ZHANG T,SHEN J,LAI C F,et al.Multi-server assisted data sharing supporting secure deduplication for metaverse healthcare systems[J].Future Generation Computer Systems,2023,140:299-310.
[4]RASORI M,PERAZZO P,DINI G,et al.Indirect revocable kp-abe with revocation undoing resistance[J].IEEE Transactions on Services Computing,2021,15(5):2854-2868.
[5]DAS S,NAMASUDRA S.Multiauthority CP-ABE-based Ac-cess Control Model for IoT-enabled Healthcare Infrastructure[J].IEEE Transactions on Industrial Informatics,2022,19(1):821-829.
[6]WANG W,HUANG H,YIN Z,et al.Smart contract token-based privacy-preserving access control system for industrial Internet of Things[J].Digital Communications and Networks,2023,9(2):337-346.
[7]SAIDI H,LABRAOUI N,ARI A A A,et al.DSMAC:Privacy-aware Decentralized Self-Management of data Access Control based on blockchain for health data[J].IEEE Access,2022,10:101011-101028.
[8]BURKHALTER L,HITHNAWI A,VIAND A,et al.Time-Crypt:Encrypted Data Stream Processing at Scale with Cryptographic Access Control [C]//17th USENIX Symposium on Networked Systems Design and Implementation.2020:1053-1062.
[9]CHOKSY P,CHAURASIA A,RAO U P,et al.Attribute based access control(ABAC) scheme with a fully flexible delegation mechanism for IoT healthcare[J].Peer-to-Peer Networking and Applications,2023,16(1):1445-1467.
[10]TAO J,CHEN X,MA J.Public Integrity Auditing for SharedDynamic Cloud Data with Group User Revocation[J].IEEE Transactions on Computers,2016,65(8):2363-2373.
[11]WU L,WANG J,ZEADALLY S,et al.Privacy-preserving auditing scheme for shared data in public clouds[J].The Journal of Supercomputing,2018,74(11):6156-6183.
[12]HÖGLUND J,FURUHED M,RAZA S.Lightweight certificate revocation for low-power IoT with end-to-end security[J].Journal of Information Security and Applications,2023,73:103424.
[13]SHAFAGH H,BURKHALTER L,RATNASAMY S,et al.Droplet:Decentralized Authorization and Access Control for Encrypted Data Streams[C]//USENIX Security Symposium.USENIX Association.2020:2469-2486.
[14]YANG Y,SHI R,LI K,et al.Multiple access control scheme for EHRs combining edge computing with smart contracts[J].Future Generation Computer Systems,2022,129:453-463.
[15]ZHANG R,LI J,LU Y,et al.Key escrow-free attribute based encryption with user revocation[J].Information Sciences,2022,600:59-72.
[16]YU K,TAN L,ALOQAILY M,et al.Blockchain-enhanced data sharing with traceable and direct revocation in IIoT[J].IEEE transactions on industrial informatics,2021,17(11):7669-7678.
[17]WIRAATMAJA C,ZHANG Y,SASABE M,et al.Cost-efficient blockchain-based access control for the internet of things[C]//2021IEEE Global Communications Conference.IEEE,2021:1-6.
[18]LI D,HAN D,CRESPI N,et al.A blockchain-based secure sto-rage and access control scheme for supply chain finance[J].The Journal of Supercomputing,2023,79(1):109-138.
[19]LIU J,LIU Z,SUN C,et al.A data transmission approach basedon ant colony optimization and threshold proxy re-encryption in wsns[J].Journal of Artificial Intelligence and Technology,2022,2(1):23-31.
[20]LIN S Y,ZHANG L,LI J,et al.A survey of application research based on blockchain smart contract[J].Wireless Networks,2022,28(2):635-690.
[21]SHI J F,WU H,GAO H R,et al.Overview of parallel execution models for blockchain smart contract transactions [J].Journal of Software,2022,33(11):4084-4106.
[22]AGRAWAL T K,ANGELIS J,KHILJI W A,et al.Demonstration of a blockchain-based framework using smart contracts for supply chain collaboration[J].International Journal of Production Research,2023,61(5):1497-1516.
[23]YIN Y Y,YE B Y,LIANG T T,et al.Research on multi-layer blockchain network model in edge computing scenario [J].Journal of Computer Science,2022,45(1):115-134.
[24]CHEN D,WANG H,ZHANG N,et al.Privacy-preserving encrypted traffic inspection with symmetric cryptographic techniques in IoT[J].IEEE Internet of Things Journal,2022,9(18):17265-17279.
[25]CASACUBERTA S,HESSE J,LEHMANN A.SoK:Oblivious Pseudorandom Functions[C]//2022 IEEE 7th European Symposium on Security and Privacy(EuroS&P).IEEE,2022:625-646.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发