基于CPABE的分布式数据访问控制与共享方案

Distributed Data Access Control and Sharing Scheme Based on CPABE

目前“区块链+密文属性加密”数据共享方案仍通过一个或多个权威机构进行密钥生成、管理和分发工作,易造成授权机构审计难、加/解密开销大和密钥滥用的可能。针对以上问题,提出基于CPABE的分布式数据访问控制与共享方案,实现无授权机构参与下的可证明数据安全共享及其隐私保护技术。通过代理密钥封装技术对CP-ABE算法主密钥进行基于区块链的分布式管理,并采用区块链双链模型,实现了代理密钥封装机制(PKEM)与CP-ABE的算法功能安全隔离,提高系统运行效率和安全性;设计区块结构与数据格式规范,实现PKEM-CPABE算法的全过程管理和操作行为可追溯的链上监管。仿真实验分析表明,所改进的算法在保护数据隐私的同时,实现了高效率的安全共享机制。

At present,the data sharing scheme with blockchain & CP-ABE(ciphertext-policy attribute-based encryption)still uses one or more authority organizations to generate,manage and distribute keys,which is easy to cause single point failure of authorization agencies,high algorithm overhead and the possibility of secret keys leakage of node users.Therefore,this paper proposes a distributed data access control and sharing scheme based on decentralized CP-ABE to realize privacy protection and its provable data security.First of all,the master key(MSK)of the CPABE based on the block chain is distributed through the proxy key encapsulation mechanism,and in order to improve the efficiency and security of the system,the dual-chain model is adopted to realize the security isolation for the proxy key encapsulation mechanism(PKEM)and CP-ABE algorithm.Secondly,this paper designs the block structure and data format specification to manage the whole processes of PKEM-CPABE algorithm and the audible traceability operation behavior.Finally,the security and experimental analytics shows that the proposed algorithm not only protects data privacy,but also implements an efficient security sharing mechanism.