摘要
在物联网环境下,传统访问控制方法采用集中式的决策实体进行访问控制授权,容易出现单点故障和数据篡改等问题,造成用户隐私数据的丢失及设备被他人非法占用。利用区块链的去中心化、不可篡改及可编程的特性,将区块链技术和访问控制技术相结合,提出一种新的物联网访问控制系统,并为该系统设计一个依托于超级账本的访问控制策略模型FACP。每个物联网设备根据FACP设置访问控制策略,只有符合访问控制策略的用户才可使用该设备,同时系统将用户划分为资源拥有者和资源请求者,以便于更好地区分不同需求的用户。实验结果表明,该系统可为物联网设备提供细粒度与动态的访问控制,且具有较高的吞吐量与较低的延迟,能够保证物联网设备访问控制的安全性及可靠性。
Traditional access control methods in the Internet of Things(IoT)environment use centralized decisionmaking entities for access control authorization,which is prone to single-point failures and data tampering problems,resulting in the loss of user privacy data and the illegal use of equipment by others.To address these issues,this paper proposes an IoT access control system using smart contract,which introduces the decentralized,tamper-resistant and programmable blockchain technique into access control,and on this basis designs an access control policy model FACP that relies on hyperledger fabric for the system.Each IoT device sets an access control policy based on FACP,and only users who comply with the access control policy can use the device.At the same time,in order to better distinguish users with different needs,the system divides users into two categories:resource owners and resource requesters.Experimental results show that the system can provide fine-grained and dynamic access control for IoT devices with high throughput and low latency,ensuring the security and reliability of IoT device access control.
作者
张江徽
崔波
李茹
史锦山
ZHANG Jianghui;CUI Bo;LI Ru;SHI Jinshan(College of Computer Science,Inner Mongolia University,Hohhot 010021,China;Inner Mongolia Autonomous Region Key Laboratory of Wireless Networking and Mobile Computing,Hohhot 010021,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2021年第4期21-31,共11页
Computer Engineering
基金
国家自然科学基金“命名数据网络环境下基于智能合约的隐私保护机制研究”(61962042)
内蒙古自然科学基金“命名数据无线移动自组织网络中数据转发与存储机制的研究”(2018MS06028)
赛尔网络下一代互联网技术创新项目“基于IPv6的智能家居的访问控制机制”(NGII20170415)
内蒙古自治区科技计划项目“基于区块链的全过程食品安全溯源管理系统关键技术”(2019GG376)。
关键词
物联网
区块链
智能合约
超级账本
访问控制
Internet of Things(IoT)
blockchain
smart contract
hyperledger fabric
access control