CN113162907A

CN113162907A - Attribute-based access control method and system based on block chain

Info

Publication number: CN113162907A
Application number: CN202110230381.2A
Authority: CN
Inventors: 祝幸辉; 赵振; 沈玉龙; 张涛; 郑乐乐; 穆旭彤; 付家瑄
Original assignee: Xidian University
Current assignee: Xidian University
Priority date: 2021-03-02
Filing date: 2021-03-02
Publication date: 2021-07-23

Abstract

The invention belongs to the technical field of information, and discloses an attribute-based access control method and system based on a block chain, wherein the attribute-based access control method comprises the following steps: each device is described by attributes defined in the system, and an attribute authority can distribute corresponding attributes for the devices according to the identity or the capability of the devices; while using the blockchain to record the distribution of attributes; a public and credible distributed account book for recording attribute transaction is maintained between attribute authorities; two parties participating in data interaction can complete the access control function only by performing some simple signature and hash operations. The attribute-based access control system comprises: intelligent Internet of things equipment; the attribute authority is an authorizer of the attribute; and (5) block chains. The invention can ensure the legal access and the data safety and avoid data leakage; the invention has strong flexibility of access control and strong expandability; meanwhile, the invention can save cost.

Description

Attribute-based access control method and system based on block chain

Technical Field

The invention belongs to the technical field of information, and particularly relates to an attribute base access control method and system based on a block chain.

Background

At present, the rapid increase of the number of devices in the internet of things brings new security risks and challenges to the internet of things system. Because the internet of things devices are widely distributed, strict security control is difficult to implement on the internet of things devices, and the internet of things devices are extremely vulnerable to various malicious attacks from the outside. Internet of things devices typically store a lot of valuable and sensitive data, so it is essential to protect internet of things devices from unauthorized access, as this often results in serious data leakage. As is well known, access control is one of the important techniques for securing data. Conventional access control techniques, such as autonomous access control (DAC), identity-based access control (IBAC), are not suitable for application in internet of things systems. Because of the large device cardinality in the internet of things, the large number of unknown identities makes it almost impossible for internet of things systems to build Access Control Lists (ACLs) for everyone. Another common technique forces access control (MAC) to be performed, usually under the control of a central administrator, which makes the system a single point of failure problem. Since the devices of the internet of things are widely distributed and may belong to different management organizations due to different positions or functions, a centralized access control mode is not suitable for the internet of things system.

Blockchains are another popular technology of interest to technology macros and enterprises. The essence of the method is that the method is an open and transparent distributed ledger, and the transaction between two parties is recorded efficiently in a verifiable mode. Once the data is uplinked, it cannot be tampered with unless a new consensus can be achieved between the nodes. The combination of the internet of things technology and the block chain technology is a trend with great development prospect, and the overall cost of the internet of things system is expected to be reduced while the safety is ensured. The blockchain can help the internet of things to establish a distributed, trusted and publicly verifiable database, so that billions of connectable devices can realize distributed trust through the blockchain.

The existing common access control methods mainly include the following methods: (1) access control is performed by using simple identity authentication methods such as a one-time password and a login password, and under the condition, an attacker can acquire corresponding authority of the platform by adopting brute force cracking or vulnerability attack and the like, so that data leakage is caused. (2) Authorization is implemented using a centralized authority and based on OAuth protocol. There is a lot of literature showing that it is almost impossible to run all OAuth logic in resource constrained devices, because the communication and computational overhead of OAuth protocols are too high for them. (3) Role-based access control (RBAC), a commonly used method for granting access rights to authorized users, grants users specific rights based on their role in the system. However, this approach is not suitable for internet of things systems, mainly because this type of access control is not flexible and scalable, and once assigned a role, can only access data in a fixed manner.

Through the above analysis, the problems and defects of the prior art are as follows:

(1) in the prior art, access control is performed by using simple identity authentication methods such as a one-time password and a login password, and under the condition, an attacker can acquire corresponding authority of a platform in modes such as brute force cracking or vulnerability attack, so that data leakage is caused.

(2) In resource-constrained devices, all OAuth logic cannot be run because the communication overhead and the computation overhead of the OAuth protocol are too high.

(3) The use of role-based access control in the prior art is not suitable for internet of things systems, mainly because this type of access control is not flexible enough and scalable and once assigned a role, can only access data in a fixed manner.

The difficulty in solving the above problems and defects is: the quantity and the scale of the equipment of the Internet of things are large, and the distribution range is wide, so that the interaction between the equipment is more complicated under the influence of different safety requirements and strategies. The internet of things has various types of equipment and different operating environments, and a set of general security strategy or model is difficult to develop to ensure the security of the network. The internet of things equipment generally has limited computing power and energy supply, and many traditional and mature security algorithms or protocols cannot be effectively applied to the internet of things equipment due to high computing overhead. Traditional internet of things systems require a centralized data center to collect, process and store data, which makes the data face serious privacy and security challenges. The centralized structure exposes the system to the risk of single point failure, and the data owner loses direct control over the data because the data is stored in the data center and not locally at the user end.

The significance of solving the problems and the defects is as follows: by solving the problems, the reliability of data storage of the Internet of things and the safety of data sharing can be improved to a certain degree, and the development of the Internet of things industry can be greatly promoted.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides an attribute-based access control method and system based on a block chain.

The invention is realized in such a way that a block chain-based attribute-based access control method comprises the following steps:

step one, each device is described by attributes defined in the system, and an attribute authority can distribute corresponding attributes for the devices according to the identity or the capability of the devices; while using the blockchain to record the distribution of attributes;

the attribute authority need only manage all the attributes defined in the system and distribute the attribute private key to the users having the corresponding attributes. This approach can effectively simplify access management, since the number of attributes is much less than the number of users in the system, which can greatly improve the efficiency and performance of the system.

Step two, a public and credible distributed account book for recording attribute transaction is maintained between attribute authorities;

the essence of the block chain is that a publicly verifiable distributed shared database is maintained collectively by means of decentralization and distrust, and data on the chain is effectively guaranteed to be not falsified and forged through various cryptographic algorithms, so that the problem of single-point failure of a traditional Internet of things access control scheme can be solved by means of the block chain, and the reliability of data storage in the Internet of things system is improved.

And step three, the two parties participating in the data interaction can complete the access control function only by performing some simple signature and hash operations.

The scheme provided by the invention only enables two communication parties to perform some simple signature and hash operations, so that the scheme provided by the invention can meet the requirements of insufficient computing capacity and energy supply of equipment in the Internet of things.

Further, in the first step, only the attribute set matched with the access policy is owned, and the access right is owned.

Further, in the second step, once recorded, the data in the block cannot be tampered, and anyone queries the record on the blockchain when needed.

Another object of the present invention is to provide an attribute-based access control system for implementing the block chain-based attribute-based access control method, the attribute-based access control system comprising:

the intelligent Internet of things equipment is responsible for collecting, processing and sharing data in the Internet of things system; the verification of the transaction is not participated, and only the reading authority of the block chain is possessed;

the attribute authority is an attribute authorizer and is also a manager of the block chain; each device needs to complete registration in an attribute authority before entering the system;

the block chain is a string of blocks connected by a hash function; each block contains two parts: a block head and a block body.

Further, the intelligent internet of things device does not participate in verification of the transaction, and the reading right of the block chain is specifically as follows:

obtaining access authorization of a data owner before sharing data, and proving the required permission for the data owner by using the attribute authorized by an attribute authorization mechanism;

the data owner allows the data consumer to access the data only if the attributes the data consumer has satisfy the access policy requirements set by the data owner.

Further, the attribute authority firstly distributes a pair of public and private keys for each managed device based on identity cryptography, and the public and private keys are used for performing mutual authentication and key agreement with other devices;

then, according to the identity, the characteristic or the role of each device, the device is authorized with proper attributes; the authorization of the attribute is recorded in a blockchain in a transaction form and serves as a consensus node of a alliance chain, an attribute authority puts the transaction into a transaction pool of the attribute authority after the transaction is generated, and the transaction is written into the blockchain after the attribute authority agrees with other attribute authorities;

once successfully logged, the data cannot be tampered unless a new consensus is reached between the consensus nodes; the consensus node can become a Byzantine node due to various malicious attacks, the proposed scheme allows a maximum of (n-1)/3 nodes to be Byzantine nodes, n being the total number of attribute authorities; each attribute authority has a pair of public and private keys, the public key is used for generating own address, the private key is used for signing the transaction, and each attribute authority keeps the private key properly.

Further, all transaction information contained in the block forms a block body, and a block head contains a hash value of a previous block head, a timestamp and a Merkle root of transaction data;

the blocks are connected in sequence to finally form a chain; the Merkle root is used for efficiently verifying the integrity of transaction data; the time stamp is used for displaying the time of block generation and ensuring that the blocks can be arranged in time sequence; the hash value of the last chunk header contains all the information associated with the chunk, ensuring the integrity of the chunk data.

Further, if some transaction data in the previous block is maliciously tampered, the Merkle root of the transaction data in the block will also change, thereby causing the hash value of the block head to change; the change is iteratively expanded to all subsequent blocks, and finally a cross chain is formed;

each block of zones is formed by attribute transactions packaged by the verifier from the transaction pool, one attribute transaction represents the authorization of the attribute authorization mechanism to the attribute, and the attribute is assigned to the target address.

By combining all the technical schemes, the invention has the advantages and positive effects that: the invention provides a new access control scheme based on attributes for an Internet of things system. The system no longer needs to create Access Control Lists (ACLs) or assign roles for each user. Each device may be described by attributes defined in the system for which the attribute authority will distribute the corresponding attributes according to their identity or capabilities. Only the set of attributes matching the access policy is owned for access rights. While the distribution of attributes is recorded using blockchains. The attribute authorities commonly maintain a public and credible distributed ledger recording attribute transactions. Once recorded, the data in the block cannot be tampered with, and anyone can query the records on the blockchain as needed. And moreover, the calculation of an access control protocol in the specific construction of the scheme is simplified, and both parties participating in data interaction can complete the access control function only by performing some simple signature and hash operations, so that the scheme is more suitable for equipment with limited computing capacity and energy supply in an Internet of things system. The invention can ensure the legal access and the data safety and avoid data leakage; the invention has strong flexibility of access control and strong expandability; meanwhile, the invention can save cost.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.

Fig. 1 is a flowchart of an attribute-based access control method based on a block chain according to an embodiment of the present invention.

Fig. 2 is a schematic structural diagram of an attribute-based access control system according to an embodiment of the present invention.

Fig. 3 is a schematic diagram of a working process of a PBFT protocol according to an embodiment of the present invention.

Fig. 4 is a schematic diagram of an access control protocol implementation procedure between Alice and Bob according to an embodiment of the present invention.

In the figure: 1. intelligent Internet of things equipment; 2. an attribute authority; 3. and (5) block chains.

Fig. 5 is a graph illustrating the average analysis results of thirty experiments provided by the embodiment of the present invention.

Fig. 6 is a schematic diagram illustrating the storage overhead of the access policy set by the device in the system according to the complexity and the fine granularity of the access policy, and is proportional to the number of attributes involved in the access policy.

Fig. 7 is a schematic diagram of the storage overhead of the session key provided by the embodiment of the present invention being proportional to the number of communication participants.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In view of the problems in the prior art, the present invention provides a block chain-based attribute-based access control method and system, which are described in detail below with reference to the accompanying drawings.

As shown in fig. 1, a method for controlling access to a property base based on a block chain according to an embodiment of the present invention includes:

s101: each device is described by attributes defined in the system, and an attribute authority can distribute corresponding attributes for the devices according to the identity or the capability of the devices; while the distribution of attributes is recorded using blockchains.

S102: the attribute authorities commonly maintain a public and credible distributed ledger recording attribute transactions.

S103: two parties participating in data interaction can complete the access control function only by performing some simple signature and hash operations.

Those skilled in the art can also implement the method by using other steps, and the method for controlling access based on a block chain according to the present invention shown in fig. 1 is only one specific embodiment.

In S101, only the attribute set matching the access policy is owned, and the access right is owned.

In S102, once recorded, the data in the block cannot be tampered, and anyone can query the record on the block chain as needed.

As shown in fig. 2, an attribute-based access control system provided in an embodiment of the present invention includes:

the intelligent Internet of things equipment 1 is responsible for collecting, processing and sharing data in the Internet of things system. The verification of the transaction is not participated, and only the read authority of the block chain is possessed. In order to ensure legitimate access and security of data, data consumers need to obtain access authorization from the data owner before sharing the data. The data consumer uses the attributes authorized by the attribute authority to prove to the data owner the required rights of ownership. The data owner allows the data consumer to access the data only if the attributes the data consumer owns satisfy the access policy requirements set by the data owner. Data consumers are not trusted because they would be in tandem with each other, driven by the benefits, when they do not each have a set of attributes that satisfy the access policy set by the data owner, and may even attempt to maliciously tamper with the data on the blockchain or interfere with the process of the attribute authority reaching consensus.

The attribute authority 2 is the authority of the attribute and is also the manager of the blockchain. Each device needs to complete registration with the attribute authority before entering the system. The attribute authority firstly distributes a pair of public and private keys for each managed device based on identity cryptography, and the public and private keys are used for mutual authentication and key agreement with other devices. Each device would then be authorized with the appropriate attributes based on its identity, characteristics, or role. The authorization of the attribute is recorded in the blockchain in the form of transaction, and is used as a consensus node of the alliance chain, the attribute authority firstly puts the transaction into a transaction pool after the transaction is generated, and the transaction is written into the blockchain after the agreement is achieved with other attribute authorities. Once successfully logged, the data cannot be tampered with unless a new consensus is reached between the consensus nodes. The consensus node may become a byzantine node due to various malicious attacks, and the proposed scheme allows a maximum of (n-1)/3 nodes to be the byzantine node, with n being the total number of attribute authorities. Each attribute authority has a pair of public and private keys. The public key is used to generate its own address and the private key is used to sign the transaction. Each attribute authority keeps the private key properly, and no one can forge the label.

A chain of blocks 3 may be defined as a chain of blocks connected by a hash function. Each block contains two parts: a block head and a block body. All transaction information contained in the tile constitutes the tile body. The chunk header contains the hash value of the last chunk header, the timestamp, and the Merkle root of the transaction data. These blocks are connected in sequence, eventually forming a chain. The Merkle root is used to efficiently verify the integrity of transaction data. The time stamp is used to display the time of block generation and to ensure that the blocks are arranged in time sequence. The hash value of the last chunk header contains all the information associated with the chunk and is used to ensure the integrity of the chunk data. If some transaction data in the previous block is maliciously tampered, the Merkle root of the transaction data in the block will also be changed, thereby causing the hash value of the block head to change. This change will iteratively expand to all subsequent blocks, eventually forming a cross-chain. However, this new chain is not a consensus that all federation nodes have previously reached, so the cross-chain is not recognized. Therefore, the special structure of the block chain makes the block chain resistant to data tampering. In the scheme, each zone block is formed by attribute transactions packaged by the verifier from a transaction pool. An attribute transaction represents the authorization of the attribute by an attribute authority, assigning the attribute to the target address.

The technical solution of the present invention is further described with reference to the following specific examples.

A new access control scheme based on attributes is provided for the Internet of things system. The system no longer needs to create Access Control Lists (ACLs) or assign roles for each user. Each device may be described by attributes defined in the system for which the attribute authority will distribute the corresponding attributes according to their identity or capabilities. Only the set of attributes matching the access policy is owned for access rights. While the distribution of attributes is recorded using blockchains. The attribute authorities commonly maintain a public and credible distributed ledger recording attribute transactions. Once recorded, the data in the block cannot be tampered with, and anyone can query the records on the blockchain as needed. And moreover, the calculation of an access control protocol in the specific construction of the scheme is simplified, and both parties participating in data interaction can complete the access control function only by performing some simple signature and hash operations, so that the scheme is more suitable for equipment with limited computing capacity and energy supply in an Internet of things system.

The following entities are mainly involved in the present embodiment: attribute authority, block chain, intelligent thing networking equipment.

And the intelligent Internet of things equipment is responsible for collecting, processing and sharing data in the Internet of things system. The verification of the transaction is not participated, and only the read authority of the block chain is possessed. In order to ensure legitimate access and security of data, data consumers need to obtain access authorization from the data owner before sharing the data. The data consumer uses the attributes authorized by the attribute authority to prove to the data owner the required rights of ownership. The data owner allows the data consumer to access the data only if the attributes the data consumer owns satisfy the access policy requirements set by the data owner. Data consumers are not trusted because they would be in tandem with each other, driven by the benefits, when they do not each have a set of attributes that satisfy the access policy set by the data owner, and may even attempt to maliciously tamper with the data on the blockchain or interfere with the process of the attribute authority reaching consensus.

The attribute authority is the authority of the attribute and is also the manager of the blockchain. Each device needs to complete registration with the attribute authority before entering the system. The attribute authority firstly distributes a pair of public and private keys for each managed device based on identity cryptography, and the public and private keys are used for mutual authentication and key agreement with other devices. Each device would then be authorized with the appropriate attributes based on its identity, characteristics, or role. The authorization of the attributes will be recorded in the blockchain in the form of a transaction. As a consensus node of the federation chain, the attribute authority first puts the transaction into its own transaction pool after the transaction is generated, and the transaction is written into the blockchain after the agreement with other attribute authorities is achieved. Once successfully logged, the data cannot be tampered with unless a new consensus is reached between the consensus nodes. The consensus node may become a byzantine node due to various malicious attacks, and the proposed scheme allows a maximum of (n-1)/3 nodes to be the byzantine node, with n being the total number of attribute authorities. Each attribute authority has a pair of public and private keys. The public key is used to generate its own address and the private key is used to sign the transaction. Each attribute authority keeps the private key properly, and no one can forge the label.

Blockchain a blockchain may be defined as a chain of blocks connected by a hash function. Each block contains two parts: a block head and a block body. All transaction information contained in the tile constitutes the tile body. The chunk header contains the hash value of the last chunk header, the timestamp, and the Merkle root of the transaction data. These blocks are connected in sequence, eventually forming a chain. The Merkle root is used to efficiently verify the integrity of transaction data. The time stamp is used to display the time of block generation and to ensure that the blocks are arranged in time sequence. The hash value of the last chunk header contains all the information associated with the chunk and is used to ensure the integrity of the chunk data. If some transaction data in the previous block is maliciously tampered, the Merkle root of the transaction data in the block will also be changed, thereby causing the hash value of the block head to change. This change will iteratively expand to all subsequent blocks, eventually forming a cross-chain. However, this new chain is not a consensus that all federation nodes have previously reached, so the cross-chain is not recognized. Therefore, the special structure of the block chain makes the block chain resistant to data tampering. In the scheme, each zone block is formed by attribute transactions packaged by the verifier from a transaction pool. An attribute transaction represents the authorization of the attribute by an attribute authority, assigning the attribute to the target address.

The specific implementation process of the embodiment is as follows:

1. system initialization

Let λ be the safety parameter of the system. The system initialization algorithm takes the safety parameter lambda as input and outputs the global parameter of the system. The devices in the system share an elliptic curve defined over a finite field gf (p), G being the base point of the elliptic curve with the first order r, the system defines two hash functions,

attribute authority shares a master private key SK_MSKThe main private key is secretly stored by the attribute authority, and the corresponding main public key PK_MPK＝SK_MSKG is then disclosed to all devices in the system.

2. Device registration

Each device in the system has a unique ID as its distinguishable identification. When a device registers with the system, an attribute authority to which the device belongs generates an identity private key for the device based on its identity ID using the master private key.

3. Address generation

Each device in the system may apply for attribute i from an attribute authority via a self-generated address and its identity ID. To generate an address, the device first randomly selects

As a key SK_iTherefore kG is the corresponding public key PK_i. To generate an address corresponding to a public key, a device may pair PKs_iThe | ID (II here denotes concatenation) is hashed and then the hash value is encoded by Base58Check encoding. Thus, the address is:

Address＝Base58Check[H₂(PK_i||ID)]

4. attribute application

Each attribute authority has a pair of public and private keys. The public key is used for generating the address AA of the user, and the private key is used for signing the generated attribute transaction. When the device applies for the attribute, the attribute authority to which the device belongs can verify whether the applicant should have the attribute i of the application. If the device is authenticated, the attribute authority will generate an attribute transaction:

the attribute authority will then sign the hash of the attribute transaction and the timestamp, i.e., the attribute authority will sign the hash

And finally, the attribute authority packages the attribute transaction, the signature information and the time stamp together and puts the attribute transaction, the signature information and the time stamp into a transaction pool of the attribute authority.

These federation nodes will periodically pick a block creator. It is the responsibility of packing the transactions in the transaction pool into a block and broadcasting it to other federation nodes to reach consensus. The block creator will sort the transactions according to the time stamp and calculate the Merkle root for the selected attribute transaction. The chunk header contains the chunk header hash value of the last chunk, the timestamp generated by that chunk, and the Merkle root.

The block creator broadcasts this new block to other federation nodes using the PBFT protocol (the PBFT protocol working as shown in the figure below). In the preparation phase, each of the remaining federation nodes will verify the validity of the new chunk and broadcast it to others in the same manner. Once the 2f identical blocks are received, they will broadcast an acknowledgement to others in the preparation phase. If a node receives 2f +1 acknowledgements, it will append the new block to the end of the chain of blocks.

5. Access control

To share data between two devices, one being the data owner Bob and the other being the data consumer Alice, Bob needs to exercise access control over his data to prevent unauthorized devices from accessing his data. Only when the attribute set owned by Alice meets the access policy set by Bob, Alice can obtain the right to access Bob data. The access control protocol between Alice and Bob performs as shown in fig. 4:

alice uses its identity information to initiate a communication request to Bob, and then both use its identity information ID with the standard base Alice_AA communication request is initiated to Bob and both generate a session key K using standard identity-based authentication and key agreement protocols. Their subsequent communication generates a session key K from the authentication and key agreement protocol with identity. Their subsequent communications are encrypted by the session key K based on a symmetric key algorithm. For convenience of description, the present invention will omit the symmetric encryption process of the information exchange process described below.

Bob returns a random number N e to Z to Alice_rAnd Bob's own access policy P that indicates which property sets the device owns to obtain access authorization to its data.

And according to the attribute owned by the Alice, selecting an attribute subset meeting the access policy of the Bob. The attributes in the attribute subset are all distributed to addresses submitted by Alice by an attribute authority in the attribute application stage. And the Alice signs the random number N by using the private key corresponding to each address. Alice selects a subset of the attributes that satisfy the access policy set by Bob, along with the signature and public key pair corresponding to each attribute in the subset of attributes

Sent to Bob together.

PK submitted by Bob to Alice first_i||ID_ACarrying out hash operation and obtaining the hashThe value is encoded by Base58Check to get the corresponding address. Bob then queries the blockchain for the latest record for that address, and if the address was indeed distributed by the attribute authority for attribute i, then Bob reuses Alice's submitted public key PK_iVerifying signatures

Whether valid or not:

if all is true, it is stated that Alice does have ownership of the address, and the address is distributed by the Attribute Authority with the attributes that Alice claims. Finally, Bob verifies whether the attribute set submitted by Alice is sufficient for the access policy set by Alice.

If Alice owns a set of attributes that satisfy Bob's access policy, then Bob will allow Alice to access its data. The data sharing process is also encrypted and protected by the session key K negotiated in the first step.

The technical effects of the present invention will be described in detail with reference to experiments.

The experimental environment is a machine which is loaded with Intel Pentium G620CPU, 2.60GHz and 2GB RAM and runs a Ubuntu Linux16.04LTS system. The scheme is based on a PBC library (version 0.5.14), and a supersingular curve y2 in a 512-bit finite field is selected to be a 160-bit elliptic curve group in x3+ x, so that 80-bit safety is realized. The experimental results are the average of thirty experiments. The analysis results are shown in FIG. 5.

As can be seen from fig. 5, signing the random number selected by Bob using the corresponding private key is a major computational overhead for Alice. The private key corresponds to an attribute that matches Bob's access policy. Therefore, as the number of attributes increases, the computational overhead also increases, and the two are in direct proportion. For Bob, in addition to verifying the signature provided by Alice, he needs to hash and encode each Alice submitted PK pair with Alice's ID to get the address to which the attribute was issued by the attribute authority. It is clear that Bob's computational overhead is also proportional to the number of attributes in the set of attributes that Alice satisfies her access policy. A C + + implementation of a high quality Elliptic Curve Digital Signature Algorithm (ECDSA) typically takes 2.87ms to compute a NIST256P signature once, and 6.34ms to verify the signature. The confidentiality and authenticity of the communication between Alice and Bob is guaranteed by the AES-128 algorithm. As can be seen from fig. 5, although Bob's computational overhead is higher than Alice's computational overhead as the number of attributes increases, the actual computational overhead is also reasonable and acceptable for these internet of things devices. That is, the attribute-based access control scheme using the blockchain of the present invention can be effectively applied in the context of the internet of things.

Results of the experiment

In the scheme of the invention, HyperledgerFabric is selected as a platform for constructing the block chain. It adopts modular architecture, provides high confidentiality, elasticity, flexibility and expandability. The invention operates the scheme on a desktop computer with a Ubuntu Linux16.04LTS system, wherein the desktop computer has an Intel Pentium G620CPU, a memory of 2.60GHz and a memory of 1 GB.

Storage overhead

As is well known, most devices in the internet of things are resource-constrained, so memory overhead is an important factor that must be considered. The internet of things devices do not have much storage space to allocate to additional data, other than the valuable data that must be stored. Therefore, the invention analyzes the storage overhead of the proposed scheme and explains the rationality of the scheme. The internet of things device mainly needs to store three additional data, namely global parameters, session keys and access policies.

Global parameters

All entities in the system of the internet of things share a same set of global parameters. It specifies the security parameters, the elliptic curve, the hash function involved, the public key of the attribute authority and the public key of each device. With these parameters, the attribute-based access control scheme of the present invention can be properly implemented. After the system is initialized, the size of the global parameter is fixed, and the storage overhead of the global parameter is obviously acceptable for the resource-limited devices in the internet of things.

Access policy

The storage overhead of the access policy set by the devices in the system depends on their complexity and fine granularity, and is proportional to the number of attributes involved in the access policy, as shown in fig. 6. It is clear from the figure that even if the number of attributes involved in the access policy set by the device is as high as 50, the storage overhead occupied by the access policy is only about 500 bytes. This is because attributes are actually numbers or words that describe the characteristics of a certain device. In the standard character encoding for electronic communications each number or letter takes only 1 byte. It is clear that the storage overhead of the access policy is reasonable and acceptable.

Session key

In the access control scheme of the present invention, two parties of communication need to authenticate each other first, and then negotiate a session key for subsequent interaction. In order not to renegotiate each time, they may assign a time limit to the negotiated session key and retain the session key for a period of time. The session key may be generated by any standard identity-based authentication and key agreement protocol. For example, the present invention uses an identity-based encryption algorithm to generate a 128-bit session key and uses AES-128 to secure subsequent communications. The storage overhead of the session key is proportional to the number of communicating participants. As shown in fig. 7, this portion of the storage overhead is almost negligible.

And (4) safety certification:

in order to be able to implement access control correctly, the proposed scheme must be resistant to collusion attacks. Sometimes some devices that do not have the attribute set that satisfies the access policy may be driven by interest to communicate with each other, so that they can jointly complete the authentication with the target device to obtain their data. This clearly defeats the purpose of implementing access control to ensure secure communication. Suppose Bob sets its own access policy X (Y V), which means that only devices with both attributes X and Y, or X and Z, can obtain access to Bob's data. Suppose Alice has only attribute X and Eve has only attribute Y. Obviously, if Alice is joined with Eve, then they will have a set of attributes that satisfy Bob's access policy. Since there is no global ID to bind all properties belonging to a user, Bob has difficulty distinguishing whether the properties submitted by the user are all owned by the same person. However, in the solution of the present invention, in order to obtain the address where the attribute i submitted by Alice is located, Bob needs to perform a hash operation on the public key submitted by Alice together with his identity ID _ a (a is a subscript), and encode the obtained hash value by Base58Check to the address, that is:

Address＝Base58Check[H₂(PK_i||ID_A)]

although Eve can give Alice its own attribute Y to complete collusion attack, which includes an address containing attribute Y, the address corresponding to the public key and the signature for the random number, the distinction of the identity information ID cannot be changed. If Alice shows the address of the attribute Y, the public key corresponding to the address and the signature of the attribute Y to Bob according to the protocol requirement, Bob finds the address:

Base58Check[H₂(PK_Y||ID_A)]

not equal to the address where the attribute Y submitted by Alice resides:

Base58Check[H₂(PK_Y||ID_E)]

in this way, Bob can discover that Alice and Eve are implementing collusion attacks and terminate the authentication with Alice. Therefore, the access control scheme of the present invention is effective against collusion attacks.

It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims

1. A block chain-based attribute-based access control method is characterized by comprising the following steps:

each device is described by attributes defined in the system, and an attribute authority can distribute corresponding attributes for the devices according to the identity or the capability of the devices; while using the blockchain to record the distribution of attributes;

a public and credible distributed account book for recording attribute transaction is maintained between attribute authorities;

two parties participating in data interaction can complete the access control function only by performing some simple signature and hash operations.

2. The blockchain-based attribute-based access control method of claim 1, wherein each device is described by attributes defined in the system, for which an attribute authority distributes corresponding attributes according to its identity or capabilities; and meanwhile, the distribution of the block chain for recording the attributes only has the access right if the attribute set matched with the access strategy is owned.

3. The blockchain-based attribute-based access control method of claim 1, wherein in the distributed ledger that commonly maintains a publicly trusted record "attribute transaction" between the attribute authorities, once recorded, the data in the block cannot be tampered with, and anyone queries the record on the blockchain when needed.

4. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:

5. An information data processing terminal, characterized in that the information data processing terminal is used for implementing the block chain-based attribute-based access control method of any one of claims 1 to 3.

6. An attribute-based access control system for implementing the block-chain-based attribute-based access control method according to any one of claims 1 to 3, wherein the attribute-based access control system comprises:

7. The attribute-based access control system of claim 6, wherein the smart internet of things device does not participate in verification of transactions, and the read right of owning the blockchain specifically is:

8. The attribute-based access control system of claim 6, wherein the attribute authority first distributes a pair of public and private keys for each managed device based on identity cryptography for mutual authentication and key agreement with other devices;

9. The attribute-based access control system of claim 6, wherein all transaction information contained in the tile constitutes a tile body, a tile header containing a hash value of a previous tile header, a timestamp, and a Merkle root of the transaction data;

10. The attribute-based access control system of claim 9, wherein if some transaction data in the previous block is tampered with maliciously, the Merkle root of the transaction data in the block will also change, thereby causing the hash value of the block header to change; the change is iteratively expanded to all subsequent blocks, and finally a cross chain is formed;