基于区块链上策略密文检索的属性访问控制方案  

作　　者：陈立全 贾继广 王泽雨 于坤良 CHEN Li-Quan;JIA Ji-Guang;WANG Ze-Yu;YU Kun-Liang(School of Cyber Science and Engineering,Southeast University,Nanjing 210096,China)

机构地区：[1]东南大学网络空间安全学院,南京210096

出　　处：《密码学报》2023年第6期1165-1182,共18页Journal of Cryptologic Research

基　　金：国家自然科学基金(U22B2026,62002058);国家重点研发计划(2020YFE0200600)。

摘　　要：现有的基于属性访问控制(ABAC)技术大多利用中心化主体,而中心化的结构在使用中会带来可扩展性低、同步性弱和信任缺失等问题.区块链是一种去中心化的技术,有着可追溯、防篡改、可扩展等优点.基于这些特性,本文提出了一种基于区块链上策略密文检索的属性访问控制(BPCS-ABAC)方案,将区块链和智能合约技术引入传统的访问控制方案,使用智能合约技术实现了ABAC中对访问请求进行的细粒度判决,旨在解决传统访问控制技术过度依赖中心化实体以及访问控制策略数据的隐私性差等问题.此外,为了减少访问控制策略增多所带来的存储压力,同时增强访问控制策略的隐私性,BPCS-ABAC方案利用公钥可搜索加密技术对访问控制策略进行加密.仿真结果表明,本文提出的BPCS-ABAC方案的访问耗时、策略搜索耗时、陷门匹配耗时、密文、陷门的生成时间和空间消耗相比于已有方案在性能上具有优势.Most of the existing attribute-based access control(ABAC)techniques utilize centralized subjects,and the centralized structure brings problems such as low scalability,weak synchronization,and lack of trust.Blockchain is a decentralized technology with advantages such as traceability,tamper-proof,and scalability.Based on these characteristics,this paper proposes an attribute access control scheme based on policy ciphertext retrieval on blockchain(BPCS-ABAC),which introduces blockchain and smart contract technology into the traditional access control scheme and uses smart contract technology to realize fine-grained judgments on access requests in ABAC,aiming to solve the problems of traditional access control,i.e.,being over-relying on centralized entities and access control policy problems such as poor privacy of data.In addition,to reduce the storage pressure caused by the increase of access control policies and to enhance the privacy of access control policies,the BPCS-ABAC scheme uses public key searchable cryptography to encrypt the access control policies.Simulation results show that the proposed BPCS-ABAC scheme performs better than previous schemes in terms of access time,policy search time,trapdoor matching time,ciphertext and trapdoor generation time,and space consumption.

关 键 词：区块链 隐私保护 属性访问模型 可搜索加密 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]