面向物联网的基于智能合约与CP-ABE的访问控制方案

An access control scheme for IoT based on smart contracts and CP-ABE

随着物联网设备数量激增,传统的集中式访问控制方案在面对当前大规模物联网环境时显得力不从心,现有的分布式访问控制方案存在高货币成本和处理访问请求的低吞吐量等问题。针对这些问题提出一种区块链智能合约结合密文策略属性基加密(ciphertext policy attribute based encryption,CP-ABE)实现对物联网资源的访问控制方案。以超级账本(Hyperledger Fabric)为底层网络,对功能令牌执行属性基加密,利用星际文件系统(interplanetary file system,IPFS)保存令牌密文,通过智能合约公开令牌获取地址实现一对多授权。进一步设计合约部署到区块链实现对令牌请求的去中心化权限评估,维护主体在特定资源对象上允许的操作,实现更为细粒度的属性访问控制。仿真实验及性能分析表明,所提方案与现有方案相比能够使数据所有者在更短的时间内完成对大量请求主体的安全访问授权,压力测试表明链码具有较好性能。

As the number of Internet of things(IoT)devices increases,traditional centralized access control solutions are inadequate for the current large-scale IoT environment.Existing distributed access control schemes suffer from high monetary costs and low throughput in processing access requests.To address these issues,a blockchain smart contract combined with ciphertext policy attribute based encryption(CP-ABE)was proposed to implement access control for IoT resources.Using Hyperledger Fabric as the underlying network,attribute-based encryption was applied to functional tokens,and token ciphertexts were stored using the interplanetary file system(IPFS).Through smart contracts,token retrieval addresses were publicly exposed to achieve 1-to-N authorization.Furthermore,contracts were designed to be deployed on the blockchain for decentralized permission evaluation of token requests,maintaining the allowed operations for subjects on specific resource objects,realizing more fine-grained attribute-based access control.Simulation experiments and performance analysis demonstrate that compared to existing solutions,this approach enables data owners to securely authorize access for a large number of requesting subjects in a shorter time frame.Stress tests show that the chaincode performs well.