基于智能合约的日志安全存储与公平访问方法  被引量：2

作　　者：王健[1] 黄俊[1] WANG Jian;HUANG Jun(Beijing Key Laboratory of Security and Privacy in Intelligent Transportation,Beijing Jiaotong University,Beijing 100044,China)

机构地区：[1]北京交通大学智能交通数据安全与隐私保护技术北京市重点实验室,北京100044

出　　处：《信息网络安全》2022年第7期27-36,共10页Netinfo Security

基　　金：国家重点研发计划[2020YFB2103800];山东省重大科技创新工程[2019JZZY020128]。

摘　　要：当前信息系统存在日志数据易被篡改、伪造和删除的安全风险及未授权访问等问题。现有日志存储与访问研究方法大多利用可搜索加密技术实现,虽然实现了敏感日志数据的加密存储,但缺乏对密文搜索过程的公平性和密文数据访问权限控制等问题的研究。针对以上问题,文章设计了一种基于智能合约的日志安全存储与公平访问方法。智能合约作为可搜索加密过程的参与方,执行搜索陷门的对比和密文搜索结果的验证,从而无需第三方实体即可验证密文搜索过程的正确性,同时利用押金机制保障搜索过程中数据使用者与云服务器之间的公平支付。该方法将基于角色的访问控制策略嵌入可搜索加密过程,通过角色公钥与实体身份公钥的一对多映射,将可搜索加密扩展至多对多模式,同时实现了日志密文数据的授权访问。安全性分析和实验表明,该方法可以满足日志数据存储的完整性和机密性要求,通过智能合约和押金机制保证密文搜索过程的公平性与正确性,通过基于角色的访问控制避免数据的未授权访问。Current information systems face security risks such as log data being easily tampered,forged and deleted,as well as unauthorized access to data.The existing research methods of log storage and access mostly use searchable encryption technology.Although the encrypted storage of sensitive log data is realized,there is a lack of research on the fairness of the ciphertext retrieval process and the control of ciphertext access rights.Aiming at the above research problems,this paper designed a method for secure storage and fair access of logs based on smart contracts.As a participant in the searchable encryption process,the smart contract performed the comparison of search trapdoors and the verification of ciphertext search results,so that the correctness of ciphertext search process could be verified without a third-party entity.At the same time,the deposit mechanism was used to ensure fair payment between data users and cloud storage servers during the search process.In this method,the role-based access control policy was embedded in the searchable encryption process.Through the one-to-many mapping between the role public key and the entity identity public key,the searchable encryption was extended to the many-to-many mode,and the authorized access of the log ciphertext data was realized.Experiments and analyses show that this method can meet the requirements of integrity and confidentiality of log data storage,ensure fairness and correctness of ciphertext retrieval process through smart contract and deposit mechanism,and avoid unauthorized access of data through role-based access control.

关 键 词：智能合约 可搜索加密 安全存储 公平支付 访问控制 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]