可更新属性的链上数据访问控制方法  被引量：6

作　　者：徐俊伟 袁景凌[1,2] 向广利[1] XU Jun-wei;YUAN Jing-ling;XIANG Guang-li(School of Computer Science and Artificial Intelligence,Wuhan University of Technology,Wuhan 430000,China;Hubei Key Laboratory of Internet of Things,Wuhan University of Technology,Wuhan 430000,China)

机构地区：[1]武汉理工大学计算机与人工智能学院,武汉430000 [2]武汉理工大学交通物联网湖北省重点实验室,武汉430000

出　　处：《小型微型计算机系统》2023年第2期429-434,共6页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(61303029)资助.

摘　　要：区块链中节点数据保持同步更新,使得链上数据公开透明.因此保护链上交易数据的隐私安全是必不可缺的,访问控制是保护隐私安全的重要手段之一.针对区块链中数据的隐私安全问题提出了一种属性基加密访问控制方法.首先将访问策略与节点属性通过智能合约部署到区块链当中,保证当前策略与节点属性相对应并且不可篡改;其次利用密文-策略属性基加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)方法对数据加密上链,使得链上数据在密文状态下进行存储.最后通过访问控制合约,对访问请求节点属性与区块应用的访问策略自动判定授权,实现链上数据访问控制.安全性分析及实验表明,该方法实现在访问策略更新、节点属性改变的条件下,实现对链上数据细粒度的访问控制.The data of nodes in the blockchain is updated synchronously,which makes the data on the chain open and transparent.Therefore,it is necessary to protect the privacy and security of transaction data on the chain,and access control is one of the important means to protect privacy and security.Aiming at the privacy and security of data in blockchain,an attribute based encryption access control method is proposed.Firstly,the access policy and node attributes are deployed to the blockchain through the smart contract to ensure that the current policy corresponds to the node attributes and cannot be tampered with;Secondly,ciphertext policy attribute-based encryption(CP-ABE)method is used to encrypt the data on the chain,so that the data on the chain can be stored in ciphertext state.Finally,through the access control contract,the attribute of the access request node and the access policy of the block application are automatically authorized to realize the data access control on the chain.The security and experimental analysis show that the method can achieve fine-grained access control of data on the chain under the condition of access policy update and node attribute change.

关 键 词：属性基加密 区块链 访问控制 隐私保护 数据共享 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]