基于区块链高效安全的多部门铁路工程数据访问控制策略  

作　　者：郑云水[1] 刘恒江 董昱[1] ZHENG Yunshui;LIU Hengjiang;DONG Yu(School of Automation and Electrical Engineering,Lanzhou Jiaotong University,Lanzhou 730070,China)

机构地区：[1]兰州交通大学自动化与电气工程学院,甘肃兰州730070

出　　处：《铁道科学与工程学报》2024年第6期2488-2498,共11页Journal of Railway Science and Engineering

基　　金：中铁三局集团电务工程有限公司资助项目(2018620001001295);甘肃省科学技术厅资助项目(20F8GA037(102230613045));中国铁路通信信号股份有限公司资助项目(QT-YB-2021-KY-01)。

摘　　要：针对铁路工程建设中各参建部门之间的数据资源,具有共享效率差、利用率低和安全程度不高的问题,提出一种基于区块链(Blockchain)铁路工程数据的共享及安全存储方案来弥补现有的铁路工程数据平台的不足。在工程建设平台中,引入了基于外包的属性加密技术(Outsourcing-Attribute Based Encryption technology, OABE)、区块链技术和星际文件系统(Interplanetary File System, IPFS)以及边缘节点(Edge Nodes, EN),并提出一种适用于铁路工程建设的多部门区块链与IPFS的协作网络。研究结果表明:当施工现场资源设备有限时,相比于较为传统基于云辅助的密文策略属性基加密技术(Ciphertext Policy Attribute Based Encryption, CP-ABE),通过将铁路工程数据外包给边缘节点,可以更好地为资源受限设备提供大量的计算,减轻设备的计算负担,确保了数据的安全性并且提高了设备的计算效率。而且将铁路工程数据存储在星际文件系统上,避免集中式的服务器机制在故障时造成数据的丢失和泄露。此外,通过使用区块链网络可以提高参建单位之间的数据资源共享效率,增强了数据的利用率,利用区块链的共识性来实现每个参建单位之间数据的一致性,确保了不同参建单位间的信任度。经过安全性证明,采用基于双线性迪菲赫尔曼指数假设(Decision q-Bilinear Diffie Hellman Exponent Assumption, q-BDHE)下具有不可区分性是安全的。实验结果表明,该策略在本地用户计算时间效率上与现有的带关键字搜索的外包属性基加密方案以及属性基加密的方案相比是最优的,可以很好地减轻现场设备的计算负担。The data resources among various participating departments in railroad engineering construction have the problems of poor sharing efficiency,low utilization rate,and inadequate security.To overcome the deficiencies of the existing railroad engineering data platform,this paper proposed a blockchain-based(Blockchain)railroad engineering data sharing and security storage scheme.Within the engineering construction platform,Outsourcing-Attribute Based Encryption technology(OABE),Blockchain technology Interplanetary File System(IPFS),and Edge Nodes(EN)were introduced.Edge Nodes(EN)proposed a collaborative network of multi-departmental blockchains and IPFS for railroad engineering construction.The research results show that when the construction site resources and equipment are limited,as compared to the more traditional cloud-assisted Ciphertext Policy Attribute Based Encryption(CP-ABE).Through outsourcing the railroad engineering data to the Edge Nodes,it can better provide a large number of computations for the resource-constrained equipment,reduce the computational burden of the equipment,and ensure that the equipment can be used for the construction of the railroad engineering.Outsourcing the railway engineering data to the edge nodes can better provide a large amount of computation for the resource-limited equipment,reduce the computation burden of the equipment,ensure data security,and improve the computation efficiency of the equipment.Moreover,storing railroad engineering data on the interstellar file system avoids data loss and leakage caused by centralized server mechanisms in case of failure.In addition,blockchain networks can improve the efficiency of data resource sharing between the participating units,enhance the data utilization rate,and utilize the blockchain’s consensus to realize data consistency between each participating unit.This ensures trust between different participating units.After security proof,it is safe to adopt the Decision q-Bilinear Diffie Hellman Exponent Assumption(q-BDHE)with indi

关 键 词：铁路工程数据 区块链 关键字搜索 外包属性基加密 安全性 

分 类 号：U285.8[交通运输工程—交通信息工程及控制]