物联网中基于智能合约的访问控制方法  被引量：29

作　　者：杜瑞忠 刘妍[1,2] 田俊峰 Du Ruizhong;Liu Yan;Tian Junfeng(School of Cyber Security and Computer,Hebei University,Baoding,Hebei 071002;Key Laboratory on High Trusted Information System in Hebei Province(Hebei University),Baoding,Hebei 071002)

机构地区：[1]河北大学网络空间安全与计算机学院,河北保定071002 [2]河北省高可信信息系统重点实验室(河北大学),河北保定071002

出　　处：《计算机研究与发展》2019年第10期2287-2298,共12页Journal of Computer Research and Development

基　　金：国家自然科学基金项目（61572170,61170254）;河北省自然科学基金重点项目（F2019201290）;河北省自然科学基金项目（F2018201153）;河北大学研究生创新资助项目（hbu2019ss031)~~

摘　　要：针对物联网中设备资源受限、连接数量大、动态性强等特点,传统的集中式访问控制技术已不完全适用,如何在物联网环境中实现安全高效的访问控制授权成为亟待解决的关键问题.对此,提出一种基于层级区块链的物联网分布式体系架构(distributed architecture based on hierarchical blockchain for Internet of things,DAHB).在该架构中以基于属性的访问控制(attribute-based access control,ABAC)模型为基础,采用智能合约的方式实现对物联网设备基于属性的域内和跨域的灵活、动态、自动化的访问控制.同时,在属性度量中增加信任值与诚实度动态评估不同域间和设备间的信任关系,保证实体能够履行合约的信用能力和稳定性.理论分析和实验结果表明:该方案比现有方案更有效解决物联网访问控制中存在的轻量级、灵活性、细粒度和安全性问题.While Internet of things(IoT)technology has been widely recognized as an essential part in our daily life,it also brings new challenges in terms of privacy and security.In view of the limited resources,large number of connections and strong dynamics of the devices in the Internet of things,the traditional centralized access control technology is not fully applicable,and how to achieve secure and efficient access control authorization in the IoT environment has become an urgent problem to be solved.In this regard,a distributed architecture based on hierarchical blockchain for Internet of Things(DAHB)is proposed,which includes device layer,edge layer and the cloud layer.In this architecture,we combine the advantages of blockchain technology to realize flexible,dynamic and automatic access control for IoT devices based on ABAC model in the domain and across the domain by means of smart contract.At the same time,the credit value and honesty are added to the attribute metric to dynamically evaluate the trust relationship between different domains and devices.The theoretical analysis and experimental results show that this scheme is more effective than the existing schemes in solving the requirements of lightweight,flexibility,fine-grained and security in Internet of things(IoT)access control.

关 键 词：物联网 区块链 访问控制 信任度 智能合约 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]