融合属性基加密和信用度的水利数据访问控制模型

Water Conservancy Data Access Control Model Combining Attribute Encryption and Credit Value

针对传统水利系统在数据交互过程中存在所有者对文件控制权弱、访问授权集中以及访问控制过程中的安全性问题,提出了一种融合属性基加密和信用度的水利数据访问控制模型。首先,文件经高级加密标准(advanced encryption standard,AES)加密上传至星际文件系统(interplanetary file system,IPFS),再将文件哈希值、IPFS地址哈希值以及访问策略等上传至数据链,达到分布式存储和数据所有权明确的目的。其次,用户利用访问策略对AES密钥进行属性基加密,实现用户对文件强控制权,达到仅满足策略的用户可访问和减轻授权集中压力的目的。最后,对用户信用度进行评估,利用数据链结合访问链的优势实现水利数据的分隔以及访问留痕的目的,提高系统的安全性。实验结果表明,所提模型的多区块链架构具有良好的运行性能且能够结合信用度评估动态控制用户权限,AES对称加密与多属性中心加密结合方式加密与解密效率具有优势,因此,该模型能够有效满足水利数据的访问控制需求。

Focusing on traditional water conservancy system,existing problems like the owner with weak file control rights,centralized access authorization and security issues in the process of access control,a data access control model that integrates attribute-based encryption and credit value was proposed.Firstly,the file was encrypted and uploaded to the interplanetary file system(IPFS)by advanced encryption standard(AES)algorithm,and then the file’s Hash value,IPFS address’s Hash value,and access strategy were uploaded to the data blockchain to achieve distributed storage and ensure clear ownership of data.Secondly,to achieve a strong control of the file,the users utilized the access strategy to encrypt the AES key based on attributes,such that only the legitimated user’s access was allowed and the pressure of authorization concentration was alleviated.Finally,the user’s credit value was evaluated.Meanwhile,data blockchain and access blockchain were utilized to realize water conservancy data separation and access traceability.The experimental results show that the multi-blockchain architecture of the proposed model has good operating performance and can dynamically control user permissions combined with credit evaluation.The combination of AES symmetric encryption and multi-attribute center encryption has advantages in encryption and decryption efficiency.Therefore,the model can effectively meet the access control requirements of water conservancy data.