通信学报 ›› 2020, Vol. 41 ›› Issue (12): 82-93.doi: 10.11959/j.issn.1000-436X.2020232

• 学术论文 • 上一篇    下一篇

基于区块链的可溯源访问控制机制

谢绒娜1,2, 李晖2, 史国振1, 郭云川3, 张铭2, 董秀则1   

  1. 1 北京电子科技学院密码科学与技术系,北京100070
    2 西安电子科技大学网络与信息安全学院,陕西 西安 710071
    3 中国科学院信息工程研究所,北京100093
  • 修回日期:2020-08-12 出版日期:2020-12-25 发布日期:2020-12-01
  • 作者简介:谢绒娜(1976- ),女,山西永济人,博士,北京电子科技学院副教授,主要研究方向为网络与系统安全、访问控制、密码工程。
    李晖(1968- ),男,河南灵宝人,博士,西安电子科技大学教授、博士生导师,主要研究方向为密码信息安全、信息论与编码理论。
    史国振(1974- ),男,河南济源人,博士,北京电子科技学院教授级高级工程师、硕士生导师,主要研究方向为网络与系统安全、嵌入式安全。
    郭云川(1977- ),男,四川营山人,博士,中国科学院研究员、博士生导师,主要研究方向为访问控制、形式化方法。
    张铭(1997- ),男,浙江宁波人,西安电子科技大学硕士生,主要研究方向为区块链、数据共享和流转控制。
    董秀则(1976- ),男,山东莒县人,北京电子科技学院副教授,主要研究方向为密码信息安全、密码工程。
  • 基金资助:
    国家重点研发计划基金资助项目(2016QY06X1203);国家重点研发计划基金资助项目(2017YFB0802705);国家重点研发计划基金资助项目(2016QY06X1203);国家自然科学基金资助项目(61932015)

Blockchain-based access control mechanism for data traceability

Rongna XIE1,2, Hui LI2, Guozhen SHI1, Yunchuan GUO3, Ming ZHANG2, Xiuze DONG1   

  1. 1 Department of Cryptography and Technology, Beijing Electronic Science and Technology Institute, Beijing 100070, China
    2 School of Cyber Engineering, Xidian University, Xi’an 710071, China
    3 Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Revised:2020-08-12 Online:2020-12-25 Published:2020-12-01
  • Supported by:
    The National Key Research and Development Program of China(2016QY06X1203);The National Key Research and Development Program of China(2017YFB0802705);The National Key Research and Development Program of China(2016QY06X1203);The National Natural Science Foundation of China(61932015)

摘要:

为提高数据访问流转控制的透明性、访问流转的可溯源,提出了一种基于区块链的可溯源访问控制机制。所提机制将访问控制策略以智能合约的形式部署在区块链上,通过执行分布式的智能合约实现访问控制策略的评估,确保整个访问授权过程的无中心、透明性和可溯源;采用链下和链上相结合的方式,将客体存储在链下数据服务器,通过客体存储地址和摘要值等信息生成客体索引存储在客体区块链上;日志区块链详细记录了客体访问授权过程和访问过程,任何错误行为都不可修改地记录在区块链上。通过安全性分析,所提机制在保证客体资源隐私性的前提下,实现了访问授权无中心、透明性和可溯源。

关键词: 区块链, 访问控制, 智能合约, 无中心, 可溯源

Abstract:

To improve the transparency and traceability of access control, a blockchain-based access control mechanism for data traceability and provenance was proposed.The proposed access control policy was transferred to the smart contract and deployed on the blockchain, and the access authorization evaluation was realized by executing the smart contract deployed on the blockchain to ensure the decentralization, transparency and traceability of the access control process.The manner of combining off-chain and on-chain was adopted, the object was stored in off-chain data server, and the object index was generated by the object storage address and hash value, and deployed on the object blockchain.The log of object access authorization and access were recorded in the log blockchain, any misbehavior was immutably recorded.The security analysis show that, the proposed mechanism achieve the properties of decentralization, transparency and traceability while ensuring the privacy of data.

Key words: blockchain, access control, smart contract, decentralized, traceability

中图分类号: 

No Suggested Reading articles found!