基于区块链和可信执行环境的细粒度访问控制方案研究与应用——以物联网为例

Research and application of fine-grained access control scheme based on blockchain and trusted execution environment——A case study on the internet of things

新型物联网技术的普及使得物联网资源的访问和共享需求不断扩大,而现有的物联网访问控制技术显现出的访问策略粗粒度、弱可审计性、缺乏访问过程控制以及过度特权等问题,使物联网设备面临着极大的安全隐患和隐私威胁.基于此,提出了一种以区块链技术为基础的基于加密货币的访问控制模型(cryptocurrency-based access control, CcBAC),可为物联网提供细粒度、有效的可审计性和访问过程控制,并借助可信执行环境来提供更强大的安全性.介绍了访问控制模型的技术原理、特点、研究现状,详细阐述了CcBAC模型框架,并对其进行了形式化定义;同时,对模型中的函数进行了具体的描述,给出了本模型在一般应用场景中的访问控制流程;最后通过理论分析和实验评估验证了本模型的实用性和性能,证实本模型不仅能使资源所有者完全控制对其资源的访问,同时还兼顾访问控制的细粒度和可审计性.

Intelligence and convenience have been brought to our lives by the widespread use of IoT devices,but the issue of privacy leakage cannot be ignored.To address the problems widely existing in IoT environments,such as coarse-grained access policies,unverifiability of access records,lack of process control,and excessive permissions,a policy-based access control method is proposed.In this method,access control is implemented using blockchain technology,reducing reliance on third-party organizations.Additionally,uniform fine-grained access policies are established,and smart contracts are deployed to securely publish,update,and execute policies.Feasible execution environments are utilized to ensure the secure execution of off-chain access control policies.Finally,this method is theoretically analyzed and evaluated in multiple blockchain environments,and the results indicate that fine-grained policies for access control can be implemented by the resource owner through this solution,while ensuring high security and good performance.