摘要
信息安全和隐私保护是大数据时代的重要需求。基于身份的公钥密码体制解决了传统公钥基础设施体制的密钥管理问题,但会泄漏签名者的身份信息。传统基于属性的访问控制方案实现了主体的动态扩展和对客体的细粒度访问,但存在中心化的授权机构。为了解决上述问题,提出一种基于区块链与去中心化属性密码体制的匿名数据共享访问控制方案。利用属性签名的匿名性,在存储数据前无须已知用户身份信息即可验证数据来源的可靠性,通过属性加密实现细粒度的访问控制。采用分布式属性密码体制,使用户合作构建属性授权机构,当且仅当超过指定阈值的机构用户同意时才可进行机构创建和密钥分发。实验结果表明,该方案能抵抗合谋和重放攻击,在并发请求数为1 000~5 000和属性数为10~30的条件下,系统总响应时间不超过120 ms,最大吞吐量可达62 T/s,满足实际应用需求。
Information security and privacy protection are critical requirements in the era of big data.Identity-based cryptography is a type of public-key cryptography that solves the main management problem of the traditional public key infrastructure.However,it will leak the identity information of the signer.The traditional attribute-based access control schemes achieve the dynamic expansion of subjects and fine-grained access to objects,but a centralized authority exists.This study proposes an anonymous data sharing and access control scheme based on blockchain and Attribute-Based Cryptography(ABC)to solve the above problems.Using the anonymity of Attribute-Based Signature(ABS),the reliability of data sources can be verified without knowing the user identity information before storing the data,and fine-grained access control is achieved through Attribute-Based Encryption(ABE).The distributed ABC system is used to enable users to cooperate in building an attribute authority.Authority creation and key distribution can only be performed when the users exceed a specified threshold.The experimental results show that the scheme can resist collusion and replay attacks.Under the condition that the number of concurrent requests is 1000-5000 and the number of attributes is 10-30,the total response time of the system does not exceed 120 ms,and the maximum throughput can reach 62 T/s,which satisfy the requirements of the actual environment.
作者
王静怡
刘百祥
方宁
彭凌祺
WANG Jingyi;LIU Baixiang;FANG Ning;PENG Lingqi(School of Computer Science,Fudan University,Shanghai 200433,China;Shanghai Engineering Research Center of Blockchain,Shanghai 200433,China;Yiwu Research Institute,Fudan University,Yiwu 322000,Zhejiang,China;Shanghai Huahong Jitong Smart System Co.,Ltd.,Shanghai 201206,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2023年第10期41-52,共12页
Computer Engineering
基金
国家重点研发计划(2019YFB2101702)
国家自然科学基金(62272107,U19A2066)
广东省重点领域研发计划(2020B0101090001)
上海市科委科技创新行动计划(20222420800,20511102200)。
关键词
区块链
属性密码体制
访问控制
身份认证
隐私保护
blockchain
Attribute-Based Cryptography(ABC)
access control
identity authentication
privacy protection