应用区块链的数据访问控制与共享模型
|
摘要
数据已成为企业的重要资产.如何在企业内部对数据的访问权限进行有效控制、在企业之间安全共享数据一直是一个挑战.区块链中的分布式账本可以从某些方面解决上述问题,但是区块链所应用的非对称加密机制仅可进行一对一的安全传输,并不满足企业内部复杂的访问控制要求.提出一种应用区块链的数据访问控制与共享模型,利用属性基加密对企业数据进行访问控制与共享,达到细粒度访问控制和安全共享的目的.通过对比分析,该模型在安全性和性能上较好地解决了企业内部访问权限难控制、企业之间数据难共享的问题.
Data has become an important asset for an enterprise. How to effectively control access to data within an enterprise and securely share data between enterprises have been a challenge. Distributed ledger in blockchain can solve these problems in some ways.However, the asymmetric encryption mechanism applied by blockchain can only be transmitted peer to peer securely; it does not meet the complex access control requirements within the enterprise. This paper presents a model for data access control and sharing using block chain, and uses attribute based encryption to control and share enterprise data, so as to achieve the purpose of fine-grained access control and secure sharing. Through comparative analysis, the model can solve difficulties ofaccess control withinthe enterprise and sharing data between enterprises in security and performance.
Data has become an important asset for an enterprise. How to effectively control access to data within an enterprise and securely share data between enterprises have been a challenge. Distributed ledger in blockchain can solve these problems in some ways.However, the asymmetric encryption mechanism applied by blockchain can only be transmitted peer to peer securely; it does not meet the complex access control requirements within the enterprise. This paper presents a model for data access control and sharing using block chain, and uses attribute based encryption to control and share enterprise data, so as to achieve the purpose of fine-grained access control and secure sharing. Through comparative analysis, the model can solve difficulties ofaccess control withinthe enterprise and sharing data between enterprises in security and performance.
引文
[1]2018 China blockchain industry white paper.MIIT,2018(in Chinese).http://www.miit.gov.cn/n1146290/n1146402/n1146445/c6180238/part/6180297.pdf
[2]Swan M.Blockchain:Blueprint for a New Economy.O’Reilly Media Inc.,2015.
[3]Yuan Y,Wang FY.Blockchain:The state of the art and future trends.Acta Automatica Sinica,2016,42(4):481-494(in Chinese with English abstract).[doi:10.16383/j.aas.2016.c160158]
[4]Bitcoin traffic bulletin(redux).http://hashingit.com/analysis/44-bitcoin-traffic-bulletin-redux
[5]Yuan Y,Wang FY.Parallel blockchain:Concept,methods and issues.Acta Automatica Sinica,2017,43(10):1703-1712(in Chinese with English abstract).[doi:10.16383/j.aas.2017.c170543]
[6]Tsai WT,Yu L,Wang R,Liu N,Deng EY.Blockchain application development techniques.Ruan Jian Xue Bao/Journal of Software,2017,28(6):1474-1487(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5232.htm[doi:10.13328/j.cnki.jos.005232]
[7]Tsai WT,Blower R,Zhu Y,Yu L.A system view of financial blockchains.In:Proc.of the IEEE Symp.of Service-oriented System Engineering.IEEE,2016.450-457.[doi:10.1109/SOSE.2016.66]
[8]Zyskind G,Nathan O,Pentland A.Decentralizing privacy:Using blockchain to protect personal data.In:Proc.of the IEEE Security and Privacy Workshops.IEEE,2015.180-184.[doi:10.1109/SPW.2015.27]
[9]Zyskind G,Nathan O,Pentland A.Enigma:Decentralized computation platform with guaranteed privacy.2015.https://enigma.co/enigma_full.pdf
[10]Maymounkov P.A peer-to-peer information system based on the XOR metric.In:Proc.of the IPTPS.LNCS 2429,Springer-Verlag,2002.53-65.[doi:10.1007/3-540-45748-8_5]
[11]Ekblaw A,Azaria A,Halamka JD,MD,Lippman A.A case study for blockchain in healthcare:“MedRec”prototype for electronic health records and medical research data.Technical Report,5-56-ONC,Massachusetts Institute of Technology,2016.https://www.healthit.gov/sites/default/files/5-56-onc_blockchainchallenge_mitwhitepaper.pdf
[12]Stinson DR,Paterson M.Cryptography:Theory and Practice.4th ed.,CRC Press,2018.
[13]FIPS 180-2.Secure Hash standard.http://csrc.nist.gov/publications
[14]SEC 2:Recommended elliptic curve domain parameters.2010.http://www.secg.org/sec2-v2.pdf
[15]Sahai A,Waters B.Fuzzy identity-based encryption.In:Proc.of the EUROCRYPT.LNCS 3494,Springer-Verlag,2005.457-473.[doi:10.1007/11426639_27]
[16]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data.In:Proc.of the ACM Conf.on Computer and Communications Security.ACM Press,2006.89-98.[doi:10.1145/1180405.1180418]
[17]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption.In:Proc.of the IEEE Symp.on Security and Privacy.IEEE,2007.321-334.[doi:10.1109/SP.2007.11]
[18]Merkle RC.A digital signature based on a conventional encryption function.In:Proc.of the CRYPTO.LNCS 293,Springer-Verlag,1987.369-378.[doi:10.1007/3-540-48184-2_32]
[19]Hyperledger whitepaper-wg.https://wiki.hyperledger.org/groups/whitepaper/whitepaper-wg
[1]2018年中国区块链产业白皮书.工信部,2018. http://www.miit.gov.cn/n1146290/n1146402/n1146445/c6180238/part/6180297.pdf
[3]袁勇,王飞跃.区块链技术发展现状与展望.自动化学报,2016,42(4):481-494.[doi:10.16383/j.aas.2016.c160158]
[5]袁勇,王飞跃.平行区块链:概念、方法与内涵解析.自动化学报,2017,43(10):1703-1712.[doi:10.16383/j.aas.2017.c170543]
[6]蔡维德,郁莲,王荣,刘娜,邓恩艳.基于区块链的应用系统开发方法研究.软件学报,2017,28(6):1474-1487.http://www.jos.org.cn/1000-9825/5232.htm[doi:10.13328/j.cnki.jos.005232]
[2]Swan M.Blockchain:Blueprint for a New Economy.O’Reilly Media Inc.,2015.
[3]Yuan Y,Wang FY.Blockchain:The state of the art and future trends.Acta Automatica Sinica,2016,42(4):481-494(in Chinese with English abstract).[doi:10.16383/j.aas.2016.c160158]
[4]Bitcoin traffic bulletin(redux).http://hashingit.com/analysis/44-bitcoin-traffic-bulletin-redux
[5]Yuan Y,Wang FY.Parallel blockchain:Concept,methods and issues.Acta Automatica Sinica,2017,43(10):1703-1712(in Chinese with English abstract).[doi:10.16383/j.aas.2017.c170543]
[6]Tsai WT,Yu L,Wang R,Liu N,Deng EY.Blockchain application development techniques.Ruan Jian Xue Bao/Journal of Software,2017,28(6):1474-1487(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5232.htm[doi:10.13328/j.cnki.jos.005232]
[7]Tsai WT,Blower R,Zhu Y,Yu L.A system view of financial blockchains.In:Proc.of the IEEE Symp.of Service-oriented System Engineering.IEEE,2016.450-457.[doi:10.1109/SOSE.2016.66]
[8]Zyskind G,Nathan O,Pentland A.Decentralizing privacy:Using blockchain to protect personal data.In:Proc.of the IEEE Security and Privacy Workshops.IEEE,2015.180-184.[doi:10.1109/SPW.2015.27]
[9]Zyskind G,Nathan O,Pentland A.Enigma:Decentralized computation platform with guaranteed privacy.2015.https://enigma.co/enigma_full.pdf
[10]Maymounkov P.A peer-to-peer information system based on the XOR metric.In:Proc.of the IPTPS.LNCS 2429,Springer-Verlag,2002.53-65.[doi:10.1007/3-540-45748-8_5]
[11]Ekblaw A,Azaria A,Halamka JD,MD,Lippman A.A case study for blockchain in healthcare:“MedRec”prototype for electronic health records and medical research data.Technical Report,5-56-ONC,Massachusetts Institute of Technology,2016.https://www.healthit.gov/sites/default/files/5-56-onc_blockchainchallenge_mitwhitepaper.pdf
[12]Stinson DR,Paterson M.Cryptography:Theory and Practice.4th ed.,CRC Press,2018.
[13]FIPS 180-2.Secure Hash standard.http://csrc.nist.gov/publications
[14]SEC 2:Recommended elliptic curve domain parameters.2010.http://www.secg.org/sec2-v2.pdf
[15]Sahai A,Waters B.Fuzzy identity-based encryption.In:Proc.of the EUROCRYPT.LNCS 3494,Springer-Verlag,2005.457-473.[doi:10.1007/11426639_27]
[16]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data.In:Proc.of the ACM Conf.on Computer and Communications Security.ACM Press,2006.89-98.[doi:10.1145/1180405.1180418]
[17]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption.In:Proc.of the IEEE Symp.on Security and Privacy.IEEE,2007.321-334.[doi:10.1109/SP.2007.11]
[18]Merkle RC.A digital signature based on a conventional encryption function.In:Proc.of the CRYPTO.LNCS 293,Springer-Verlag,1987.369-378.[doi:10.1007/3-540-48184-2_32]
[19]Hyperledger whitepaper-wg.https://wiki.hyperledger.org/groups/whitepaper/whitepaper-wg
[1]2018年中国区块链产业白皮书.工信部,2018. http://www.miit.gov.cn/n1146290/n1146402/n1146445/c6180238/part/6180297.pdf
[3]袁勇,王飞跃.区块链技术发展现状与展望.自动化学报,2016,42(4):481-494.[doi:10.16383/j.aas.2016.c160158]
[5]袁勇,王飞跃.平行区块链:概念、方法与内涵解析.自动化学报,2017,43(10):1703-1712.[doi:10.16383/j.aas.2017.c170543]
[6]蔡维德,郁莲,王荣,刘娜,邓恩艳.基于区块链的应用系统开发方法研究.软件学报,2017,28(6):1474-1487.http://www.jos.org.cn/1000-9825/5232.htm[doi:10.13328/j.cnki.jos.005232]