基于PBFT的猕猴桃溯源联盟链应用访问控制方案  被引量：3

作　　者：景旭[1] 邢胜飞 JING Xu;XING Shengfei(College of Information Engineering,Northwest A&F University,Yangling,Shaanxi 712100,China)

机构地区：[1]西北农林科技大学信息工程学院,陕西杨凌712100

出　　处：《农业机械学报》2023年第1期183-195,共13页Transactions of the Chinese Society for Agricultural Machinery

基　　金：陕西省重点研发计划项目(2019ZDLNY07-02-01);国家重点研发计划项目(2020YFD1100601);上合组织成员国农业技术集成示范与标准化研究项目。

摘　　要：针对基于属性的联盟链应用访问控制模型可能存在拜占庭节点而导致属性信息、访问控制策略查询结果不可信的问题,结合猕猴桃溯源场景的实际需求,提出了一种基于PBFT的联盟链应用访问控制方案。该方案使用属性权威作为联盟链实体组织的属性证书颁发机构以及PBFT的查询验证节点,对访问请求内容生成签名并验证;属性证书中存储主体与权限相关的属性信息;基于PBFT对用户属性、数据属性、访问控制策略查询验证,确保访问控制过程的可信性。基于Hyperledger Fabric原型系统测试表明,当记账节点中的拜占庭节点少于节点总数1/3时系统能够正常运行;当交易发送率在100~1 500 TPS之间变化时,交易吞吐量在交易发送率达到300 TPS后趋于稳定,平均时延在交易发送率达到400 TPS后趋于稳定,满足联盟链猕猴桃溯源的应用需求。Aiming at the problem that attribute information and access control policies might be untrustworthy due to the existence of Byzantine nodes in the attribute-based consortium blockchain application access control model, combined with the actual needs of the kiwifruit traceability scenario, an access control scheme of kiwifruit traceability application based on PBFT and consortium blockchain was proposed. The attribute authority was used as the attribute certificate authority of the consortium blockchain entity organization and the query verification node to generate signatures and verify the access request contents. The attribute information related to the subject and the authority was stored in the attribute certificate. The user attributes, data attributes and access control policies based on the PBFT were verified to ensure the credibility of the access control process. The tests based on the Hyperledger Fabric prototype system showed that the system could work normally when the number of Byzantine nodes in the accounting node was less than 1/3. The total number of transactions submitted to the blockchain was 1 000, 2 000, 3 000, and the transaction sending rate was 100 TPS, 200 TPS, …, 1 400 TPS and 1 500 TPS, the transaction throughput was stable when the transaction sending rate was 300 TPS, and the average latency was stable when the transaction sending rate was 400 TPS. The scheme met the requirements of the consortium blockchain kiwifruit traceability application.

关 键 词：猕猴桃 溯源 联盟链 实用拜占庭容错算法 访问控制 属性证书 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]