CN113761583A - Attribute-based access control method on block chain - Google Patents
Attribute-based access control method on block chain Download PDFInfo
- Publication number
- CN113761583A CN113761583A CN202111161060.8A CN202111161060A CN113761583A CN 113761583 A CN113761583 A CN 113761583A CN 202111161060 A CN202111161060 A CN 202111161060A CN 113761583 A CN113761583 A CN 113761583A
- Authority
- CN
- China
- Prior art keywords
- data
- policy
- attribute
- access
- subject
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses an access control method based on attributes on a block chain.A data owner encrypts and stores personal data on an interplanetary file system, and stores a returned file hash value in a block chain account book as a storage certificate, thereby solving the problems of single point failure and the like in the traditional scheme; secondly, decentralized access control based on attributes is implemented through a block chain, a trusted third party in the traditional scheme is replaced, and the problems of trust of people, opaqueness in the access process and the like are solved; and finally, sharing of the symmetric key among a plurality of attributes is realized through a linear integer secret sharing algorithm, a data requester has to possess a certain number of legal attribute private keys to recover the symmetric key, and the problems of key leakage and the like possibly existing in the traditional scheme are solved.
Description
Technical Field
The invention belongs to the technical field of cryptography and information security, and particularly relates to an attribute-based access control method on a block chain.
Background
Along with the popularization of the internet of things, big data and the like, the data brings convenience to people and brings a plurality of privacy problems. Therefore, how to realize secure sharing among multiple parties on the premise of ensuring data privacy and further fully exerting the application value of data becomes a primary concern of people. The conventional scheme proposes a plurality of access control methods, but most of them implement the access control of data through a central mechanism, which brings the following problems: (1) the central authority may provide false authorization to the data user for personal benefit; (2) the centralized access policy management has the problems of single point of failure and the like; (3) the access process is opaque.
The tamper-proof, non-forgeable nature of the blockchain provides some solutions to the above problems. Many scholars propose to implement access control of data through blockchain techniques. However, most schemes are dedicated to ensuring the integrity of files and the public transparency of the operation process, but neglect the privacy of resources, and have the problems of key leakage and the like; or only the user public key or the identity is used for carrying out access control, which is not suitable for fine-grained access control in complex scenes. Therefore, the realization of decentralized attribute-based fine-grained access control through a blockchain still has very important research value and significance.
Disclosure of Invention
The invention aims to provide an access control method based on attributes on a block chain, which solves the problems of trust and opaque access control process in the prior art.
The technical scheme adopted by the invention is that the access control method based on the attribute on the block chain is implemented according to the following steps:
step 1, a data owner locally encrypts personal data by using a symmetric encryption algorithm to obtain a ciphertext CT; the specific process is as follows:
EncryptkeySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)keySecret(data);
Step 2, the data owner uploads the ciphertext CT to an interplanetary file system;
step 3, the interplanetary file system returns an address hash of the ciphertext CTCT;
Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CTAnd use the address hashCTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the tokenForming a ciphertext token:
then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file systemCTCryptogram tokenUploading the access Policy based on the attribute to a block chain account book;
step 5, the data requester sends a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets the corresponding access strategy according to the attribute in the request of the data requester;
and 6, if yes, returning the file address hashCTSub-policy P satisfied by attributes of data requestoriTo the data requester;
step 7, the data requester receives the file address hashCTAnd PiThen according to hashCTSearching ciphertext data CT corresponding to the data resource data on the interplanetary file system;
step 8, returning the resource address hash by the interplanetary file systemCTThe corresponding ciphertext CT is sent to the data requester;
step (ii) of9. After receiving the ciphertext CT, the data requester sends a corresponding decryption request requestDecrypt (P) to the block chaini);
Step 10, after receiving the request, the blockchain parses the request, and then, the sub-policy P included in the request of the data requester is analyzediThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the KeyAnd sending to the data requester;
step 11, the data requester receives the ciphertext tokenThen, use the address hashCTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data.
The present invention is also characterized in that,
step 4 is specifically implemented according to the following steps:
step 4.1, a data owner registers a user account on a block chain, wherein an owerId is used as an identification of a personal account, an owerName is used as a user name of the personal account, and the data owner can record personal information, a file resource address under the name of the data owner and an access control strategy through the account;
step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chainCTBecause the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, and the user identifier ownerId, the data file name resName and the file address hash are used as keysCTAs Value, storing data to the blockchain account book;
step 4.3, the data owner uploads the access Policy to the blockchain, and the uploaded content includes (policyId, Object, Policy), wherein, policyId refers to the only attribute-based access PolicyAn identifier, Object { resId, owerId, resName } indicates personal resource information of the data owner, where resId refers to the resource identifier, owerId refers to the personal identifier of the data owner for associating the user with the access Policy, resName refers to the resource name, Policy refers to the attribute-based access Policy, and is determined by the subject Policy PSubjectWith environment policy PEnvironmentIn combination, a data requestor can access data of a data owner only if both policies are satisfied, Policy format is:
Policy=PSubject∧PEnvironment
subject policy PSubjectAn access policy, P, comprising attributes of data requestors granted access to personal data resources by a data ownerSubjectComposed of many sub-strategies by disjunctive normal form, PSubjectExample formats of (d) are:
PSubject=P1∨P2∨...∨Pn
the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department and position of the data requesters, wherein the sub-policy has an example format as follows:
PEnvironmentrepresenting environment policies, such as time periods, the data owner sets the access time period of the personal resource, and if the access time of the data requester is not in the time period, the data requester is denied access;
the data owner can also implement dynamic management of updating, deleting and inquiring of the personal access policy through the block chain.
4.4, in order to ensure the security of the symmetric key, the data owner divides the secret number s associated with the key into a secret share corresponding to each attribute locally through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes;
LISS(PSubject,s)→(s1,s2,...sd)T: data owner inputs subject policy PSubjectAnd a secret number s, then the algorithm is based on PSubjectConstructing a strategy matrixAnd mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selectediI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ2,ρ3,...ρe)TD and e refer toRows and columns of; final calculationOutputting the secret share(s) corresponding to each attribute1,s2,...sd)TThen share s of the secretiDistribution to attribute Ψ (i);
the data owner according to the subject Policy P in the access PolicySubjectConstructing a corresponding strategy matrix:
first order Mo∈Z1×1Meaning that only one element, i.e. M, is present in the matrixo=[1]Simultaneously, a matrix M is supposed to be formed for Zd×eWherein c ∈ ZeRepresents the first column of M, r ∈ Zd×(e-1)All columns in M except the first are represented, and secondly, the following 3 construction rules are followed:
rules1: for each attribute in the access policy, M may be usedoRepresents;
rule 2: for any OR gate, i.e. PSubject=Pa∨PbLet aAndis a policy PaAnd strategy PbRespectively formed matrix, and then, constructing an OR gate matrixRepresentation by policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MORWherein M isORIs formed by two matrices MaAnd MbColumn vector c ofaAnd cbFormed in series, then daLine 1 is formed byaI.e. the matrix MaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd eaEach 0 is formed by connecting in series, and the specific expression is as follows:
rule 3: for any AND gate, i.e. PSubject=Pa∧Pb. LetAndis a policy PaAnd strategy PbRespectively formed matrix, then an AND gate matrix is constructedTo representBy policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MANDWherein M isANDIs formed by a column vector caAnd cb0 are connected in series, the second column is formed by caAnd cbAre formed in series, then daLine 1 is formed byaI.e. the matrix MaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd eaEach 0 is formed by connecting in series, and the specific expression is as follows:
step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchaini(ii) a Due to the subject policy PSubjectIs composed of many sub-policies, so the main attribute set of data requesterThe access right can be obtained as long as one of the sub-policies is satisfied;
thus, the data owner constructs a decryption token locally for each sub-policy, assuming that the data owner is targeting sub-policy PiDecryption token constructed as in equation (1)As shown in equation (2):
whereinThe secret share set corresponding to the attribute in the finger policy is expressed by equation (3), psi (i)n) Representation matrixRepresents the nth attributeAnd the nth attributeCorresponding to the nth secret valueAs shown in the formula (4),representing attributes in sub-policies in a policy matrixThe matrix formed by the corresponding row vectors is shown in equation (5):
step 4.6, the data owner stores the secret share corresponding to the attribute, namely the attribute private key, in the block chain, and the specific process is as follows:
data ownerAddress hash of ciphertext CT returned by using interplanetary file systemCTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithmForm aIs encrypted by the encryption keyThen the ciphertext tokenUploading to a block chain;
because the account book of the block chain stores data in a Key-Value form, the strategy P is matchediThe hashed value of the attribute in (1) is Hash (P)i) Is Key, encrypted decryption tokenData is stored for Value to the blockchain ledger.
Step 5 is specifically implemented according to the following steps:
first, the data requestor sends its own access request to the blockchain: request (Subject'attrsresId), where Subject'attrsThe block chain receives the request, analyzes the request, then searches corresponding Policy according to the resource identifier (resId) in the request, specifies that one resource corresponds to one access Policy, so that the identifier of the resource corresponds to the identifier of the Policy, namely, resId → policyId, and then judges the main attribute set of the data requesterWhether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfiedSubjectIf so, then determine if the access time accessTime is within the specified access timeI.e. the access between the start time startTime and the end time endTime is a valid access:
Policy.PEnvironment.startTime≤accessTime≤Policy.PEnvironment.endTime。
the step 11 is specifically implemented according to the following steps:
step 11.1,Data requestor gets ciphertext tokenThen, a symmetric encryption algorithm is executed locally to use the file address hash of the data ownerCTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained
Step 11.2, obtain the decryption tokenThereafter, the data requester locally executes a decryption algorithm to obtain a symmetric key secret about the ciphertext CT:
the algorithm is based first on the decryption tokenRow vector matrix ofSolving; where ξ is a known target vector,
get λ, then calculate:
a secret number s is obtained, which is then subjected to a hash algorithm:
keySecret=H(s),
a symmetric key secret is obtained,
and finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data: decryptkeySecret(CT)=data。
The invention has the beneficial effects that the attribute-based access control method on the block chain provides a decentralized attribute-based fine-grained access control method aiming at the problems that the access control process in the existing scheme is opaque, the central mechanism is not completely trusted, the key transmission process is possibly leaked and the like. Firstly, decentralized access control is implemented through the blockchain, a user can obtain a storage address of a data resource after verification of the blockchain, and each access is recorded on a blockchain account book, so that the access process is guaranteed to be transparent. Secondly, dividing the symmetric key into a secret share corresponding to each attribute through a linear integer secret sharing algorithm, encrypting the secret shares through a resource address, and storing the secret shares in a block chain account book. A user can obtain a resource address and an access sub-strategy met by the user only through verification of a block chain, then requests a corresponding ciphertext token from the block chain through the sub-strategy, decrypts the secret token through the resource address to obtain an attribute private key, and finally calculates plaintext data, so that the problems of key leakage and the like possibly existing in the traditional scheme are effectively solved.
Drawings
FIG. 1 is a model diagram of an attribute-based access control scheme on a blockchain;
fig. 2 is a timing diagram of an attribute-based access control scheme on a blockchain.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
The access control method based on the attribute on the block chain is implemented by combining the following steps with the figures 1-2:
step 1, the data owner encrypts personal data locally by using a symmetric encryption algorithm to obtain a ciphertext CT. The specific process is as follows:
EncryptkeySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)keySecret(data)。
And 2, uploading the ciphertext CT to an interplanetary file system by the data owner.
Step 3, the interplanetary file system returns an address hash of the ciphertext CTCT。
Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CTAnd use the address hashCTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the tokenForming a ciphertext token:
then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file systemCTCryptogram tokenAnd uploading the attribute-based access Policy to the blockchain account book.
The specific process is as follows:
step 4.1, the data owner first registers a user account number on the block chain, wherein the owerld is used as the identification of the personal account (the data owner is assigned by the system when the user registers), and the owername is used as the user name of the personal account. Through the account, the data owner can record personal information and file resource addresses and access control strategies under the name of the data owner.
Step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chainCT. Because the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, the user identifier ownerId (used for associating a user with a data file and indicating that the file belongs to the user ownerId), the data file name resName and the file address hash are used as keys, and the data file name resName and the file address hash are used as keysCTAs Value, data is stored to the blockchain ledger.
And 4.3, uploading the access Policy to the block chain by the data owner, wherein the uploaded content comprises the following contents: (policyId, Object, Policy), where policyId refers to a unique identifier for an attribute-based access Policy. Object indicates personal resource information of the data owner, where resId refers to a resource identifier, ownerId refers to a personal identifier of the data owner, for associating a user with an access policy, and resName refers to a resource name. Policy refers to an attribute-based access Policy, which is a body Policy PSubjectWith environment policy PEnvironmentIn combination, a data requestor can access the data of the data owner only if both policies are satisfied. The Policy format is:
Policy=PSubject∧PEnvironment
subject policy PSubjectRefers to an access policy consisting of attributes of data requestors that are granted access to personal data resources by the data owner. PSubjectComposed of many sub-strategies by disjunctive normal form, PSubjectExample formats of (d) are:
PSubject=P1∨P2∨...∨Pn
the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department, position, etc. can be used as the attributes of the data requesters, wherein the example format of the sub-policy is as follows:
PEnvironmentrepresenting environmental policies such as time periods, the data owner sets the access time period for the personal resource and will be denied access if the access time of the data requestor is not within this time period.
The data owner can also dynamically manage updating, deleting, inquiring and the like of the personal access policy through the block chain.
4.4, in order to ensure the security of the symmetric key keySecret, the data owner locally divides the secret number s associated with the keySecret into one secret share corresponding to each attribute through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes.
LISS(PSubject,s)→(s1,s2,...sd)T: data owner inputs subject policy PSubjectAnd a secret number s, then the algorithm is based on PSubjectConstructing a strategy matrixAnd mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selectediI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ2,ρ3,...ρe)TD and e refer toRows and columns. Final calculationOutputting the secret share(s) corresponding to each attribute1,s2,...sd)TThen will beSecret share siAnd distributes to attribute Ψ (i).
the data owner according to the subject Policy P in the access PolicySubjectConstructing a corresponding strategy matrix:
first order Mo∈Z1×1Meaning that only one element, i.e. M, is present in the matrixo=[1]. At the same time, suppose that a matrix M belongs to Zd×eWherein c ∈ ZeRepresenting the first column of M. r is formed as Zd×(e-1)Representing all columns in M except the first column. Next, the following 3 construction rules are followed.
Rule 1: for each attribute in the access policy, M may be usedoAnd (4) showing.
Rule 2: for any OR gate, i.e. PSubject=Pa∨Pb. LetAndis a policy PaAnd strategy PbEach forming a matrix. Then, an OR gate matrix is constructedRepresentation by policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MOR. Wherein M isORIs formed by two matrices MaAnd MbColumn vector c ofaAnd cbFormed in series, then daLine 1 is formed byaI.e. matrixMaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd ea0 are formed in series. The specific expression is as follows:
rule 3: for any AND gate, i.e. PSubject=Pa∧Pb. LetAndis a policy PaAnd strategy PbEach forming a matrix. Then, an AND gate matrix is constructedRepresentation by policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MAND. Wherein M isANDIs formed by a column vector caAnd cb0 are connected in series, the second column is formed by caAnd cbAre formed in series, then daLine 1 is formed byaI.e. the matrix MaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd ea0 are formed in series. The specific expression is as follows:
step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchaini. Due to the subject policy PSubjectIs composed of many sub-policies, so the main attribute set of data requesterAccess rights can be obtained as long as one of the sub-policies is satisfied.
Thus, the data owner constructs a decryption token locally for each sub-policy, e.g. now the data owner constructs a decryption token for sub-policy PiA decryption token constructed (as shown in equation (1))Is (as shown in formula (2)):
whereinSecret share set corresponding to attribute in finger policy (as shown in formula (3)), psi (i)n) Representation matrixRepresents the nth attributeAnd the nth attributeCorresponding to the nth secret value(as shown in equation (4)).Representing attributes in sub-policies in a policy matrixThe corresponding row vectors in (a) form a matrix (as shown in equation (5)).
Step 4.6, the data owner stores the secret share corresponding to the attribute, i.e. the attribute private key, on the blockchain. The specific process is as follows:
address hash of ciphertext CT returned by data owner through interplanetary file systemCTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithmForm aIs encrypted by the encryption keyThen the ciphertext tokenUploading to a blockchain.
Because the account book of the block chain stores data in a Key-Value form, the strategy P is matchediThe hashed value of the attribute in (1) is Hash (P)i) (where H () is a one-way hash function) as Key to decrypt the encrypted tokenData is stored for Value to the blockchain ledger.
And 5, the data requester initiates a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets a corresponding access strategy according to the attribute in the request of the data requester. The specific process is as follows:
first, the data requestor sends its own access request to the blockchain: request (Subject'attrsresId), where Subject'attrsThe set of personal attributes containing the data requestor, i.e., the set of body attributes, the resId refers to the identity of the resource that is desired to be accessed. After receiving the request, the blockchain parses the request, and then looks up the corresponding Policy according to the resource identifier resId in the request (provide: one resource corresponds to one access Policy, so the identifier of the resource corresponds to the identifier of the Policy, i.e., resId → policyId). Then judges the Subject attribute set Subject of the data requester'attrsWhether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfiedSubject. If yes, then judging whether the access time accessTime is within the specified access time, namely the access between the start time startTime and the end time endTime is valid access:
Policy.PEnvironment.startTime≤accessTime≤Policy.PEnvironment.endTime
and 6, if yes, returning the file address hashCTSub-policy P satisfied by attributes of data requestoriTo the data requestor.
Step 7, the data requester receives the file address hashCTAnd PiThen according to hashCTAnd searching ciphertext data CT corresponding to the data resource data on the interplanetary file system.
Step 8, the interstellar file system returns a resource address hashCTThe corresponding ciphertext CT is provided to the data requestor.
Step 9, after receiving the ciphertext CT, the data requester sends a corresponding decryption request requestDecrypt (P) to the block chaini)。
Step 10, after the block chain receives the request, the block chain analyzes the request. Then, the sub-policy P contained in the request to the data requestoriThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the KeyAnd sent to the data requestor.
Step 11, the data requester receives the ciphertext tokenThen, use the address hashCTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data. The specific process is as follows:
in the step 11.1, the method comprises the following steps of,data requestor gets ciphertext tokene, executing symmetric encryption algorithm locally to use the file address hash of the data ownerCTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained
Step 11.2, get the decryption tokenThereafter, the data requester locally executes a decryption algorithm to obtain a symmetric key secret about the ciphertext CT:
the algorithm is based first on the decryption tokenRow vector matrix ofSolve (where ξ is one known target vector):
lambda is obtained. Secondly, calculating:
a secret number s is obtained. A hash algorithm is then performed on it:
keySecret=H(s),
resulting in the symmetric key secret.
And finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data:
DecryptkeySecret(CT)=data。
Claims (4)
1. the method for controlling access based on attributes on a block chain is characterized by comprising the following steps:
step 1, a data owner locally encrypts personal data by using a symmetric encryption algorithm to obtain a ciphertext CT; the specific process is as follows:
EncryptkeySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)keySecret(data);
Step 2, the data owner uploads the ciphertext CT to an interplanetary file system;
step 3,Address hash for returning ciphertext CT by interplanetary file systemCT;
Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CTAnd use the address hashCTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the tokenForming a ciphertext token:
then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file systemCTCryptogram tokenUploading the access Policy based on the attribute to a block chain account book;
step 5, the data requester sends a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets the corresponding access strategy according to the attribute in the request of the data requester;
and 6, if yes, returning the file address hashCTSub-policy P satisfied by attributes of data requestoriTo the data requester;
step 7, the data requester receives the file address hashCTAnd PiThen according to hashCTSearching ciphertext data CT corresponding to the data resource data on the interplanetary file system;
step 8, returning the resource address hash by the interplanetary file systemCTThe corresponding ciphertext CT is sent to the data requester;
step 9, after receiving the ciphertext CT, the data requester initiates a corresponding decryption request to the block chainrequestDecrypt(Pi);
Step 10, after receiving the request, the blockchain parses the request, and then, the sub-policy P included in the request of the data requester is analyzediThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the KeyAnd sending to the data requester;
step 11, the data requester receives the ciphertext tokenThen, use the address hashCTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data.
2. The method according to claim 1, wherein the step 4 is implemented by the following steps:
step 4.1, a data owner registers a user account on a block chain, wherein an owerId is used as an identification of a personal account, an owerName is used as a user name of the personal account, and the data owner can record personal information, a file resource address under the name of the data owner and an access control strategy through the account;
step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chainCTBecause the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, and the user identifier ownerId, the data file name resName and the file address hash are used as keysCTAs Value, storing data to the blockchain account book;
step 4.3, the data owner uploads the access Policy to the blockchain, and the uploaded content includes (policyId, Object, Policy), wherein, policyId refers to the baseThe unique identifier of the access Policy for the attribute, Object { resId, owerId, resName } indicates personal resource information of the data owner, where resId refers to the resource identifier, owerId refers to the personal identifier of the data owner for associating the user with the access Policy, resName refers to the resource name, Policy refers to the access Policy based on the attribute, and is defined by the subject Policy PSubjectWith environment policy PEnvironmentIn combination, a data requestor can access data of a data owner only if both policies are satisfied, Policy format is:
Policy=PSubject∧PEnvironment
subject policy PSubjectAn access policy, P, comprising attributes of data requestors granted access to personal data resources by a data ownerSubjectComposed of many sub-strategies by disjunctive normal form, PSubjectExample formats of (d) are:
PSubject=P1∨P2∨...∨Pn
the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department and position of the data requesters, wherein the sub-policy has an example format as follows:
PEnvironmentrepresenting environment policies, such as time periods, the data owner sets the access time period of the personal resource, and if the access time of the data requester is not in the time period, the data requester is denied access;
the data owner can also implement dynamic management of updating, deleting and inquiring the personal access strategy through the block chain;
4.4, in order to ensure the security of the symmetric key, the data owner divides the secret number s associated with the key into a secret share corresponding to each attribute locally through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes;
LISS(PSubject,s)→(s1,s2,...sd)T: data owner inputs subject policy PSubjectAnd a secret number s, then the algorithm is based on PSubjectConstructing a strategy matrixAnd mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selectediI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ2,ρ3,...ρe)TD and e refer toRows and columns of; final calculationOutputting the secret share(s) corresponding to each attribute1,s2,...sd)TThen share s of the secretiDistribution to attribute Ψ (i);
the data owner according to the subject Policy P in the access PolicySubjectConstructing a corresponding strategy matrix:
first order Mo∈Z1×1Meaning that only one element, i.e. M, is present in the matrixo=[1]Simultaneously, a matrix M is supposed to be formed for Zd ×eWherein c ∈ ZeRepresents the first column of M, r ∈ Zd×(e-1)Indicated in M except for the first columnAll remaining columns, secondly, follow the following 3 construction rules:
rule 1: for each attribute in the access policy, M may be usedoRepresents;
rule 2: for any OR gate, i.e. PSubject=Pa∨PbLet aAndis a policy PaAnd strategy PbRespectively formed matrix, and then, constructing an OR gate matrixRepresentation by policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MORWherein M isORIs formed by two matrices MaAnd MbColumn vector c ofaAnd cbFormed in series, then daLine 1 is formed byaI.e. the matrix MaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd eaEach 0 is formed by connecting in series, and the specific expression is as follows:
rule 3: for any AND gate, i.e. PSubject=Pa∧PbLet aAndis a policy PaAnd strategy PbAre each formed ofMatrix, then, an AND gate matrix is constructedRepresentation by policy PaFormed matrix MaAnd strategy PbFormed matrix MbCo-formed policy matrix MANDWherein M isANDIs formed by a column vector caAnd cb0 are connected in series, the second column is formed by caAnd cbAre formed in series, then daLine 1 is formed byaI.e. the matrix MaThe remaining columns except the first column and eb0 are formed in series, finally, dbColumn-1 is composed ofbAnd eaEach 0 is formed by connecting in series, and the specific expression is as follows:
step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchaini(ii) a Due to the subject policy PSubjectIs composed of many sub-policies, so the main attribute set of data requesterThe access right can be obtained as long as one of the sub-policies is satisfied;
thus, the data owner constructs a decryption token locally for each sub-policy, assuming that the data owner is targeting sub-policy PiDecryption token constructed as in equation (1)As shown in equation (2):
whereinThe secret share set corresponding to the attribute in the finger policy is expressed by equation (3), psi (i)n) Representation matrixRepresents the nth attributeAnd the nth attributeCorresponding to the nth secret valueAs shown in the formula (4),representing attributes in sub-policies in a policy matrixThe matrix formed by the corresponding row vectors is shown in equation (5):
step 4.6, the data owner stores the secret share corresponding to the attribute, namely the attribute private key, in the block chain, and the specific process is as follows:
address hash of ciphertext CT returned by data owner through interplanetary file systemCTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithmForm aIs encrypted by the encryption keyThen the ciphertext tokenUploading to a block chain;
3. The method according to claim 2, wherein said step 5 is implemented by the following steps:
first, the data requestor sends its own access request to the blockchain: request (Subject'attrsresId), where Subject'attrsContaining personal attribute sets of data requesters, i.e.A main body attribute set, resId refers to the identification of the resource that the block chain wants to access, after receiving the request, the block chain parses the request, then searches the corresponding Policy according to the resource identification resId in the request, specifies that one resource corresponds to one access Policy, so the identifier of the resource corresponds to the identifier of the Policy, namely resId → policyId, and then judges the main body attribute set of the data requesterWhether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfiedSubjectIf yes, then judging whether the access time accessTime is within the specified access time, namely the access between the start time startTime and the end time endTime is valid access:
Policy.PEnvironment.startTime≤accessTime≤Policy.PEnvironment.endTime。
4. the method according to claim 3, wherein said step 11 is implemented according to the following steps:
step 11.1,Data requestor gets ciphertext tokenThen, a symmetric encryption algorithm is executed locally to use the file address hash of the data ownerCTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained
Step 11.2, obtain the decryption tokenThereafter, the data requestor executes the decryption algorithm locally toObtain the symmetric key secret about the ciphertext CT:
the algorithm is based first on the decryption tokenRow vector matrix ofSolving; where ξ is a known target vector,
get λ, then calculate:
a secret number s is obtained, which is then subjected to a hash algorithm:
keySecret ═ h(s), resulting in a symmetric key keySecret,
and finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data: decryptkeySecret(CT)=data。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111161060.8A CN113761583A (en) | 2021-09-30 | 2021-09-30 | Attribute-based access control method on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111161060.8A CN113761583A (en) | 2021-09-30 | 2021-09-30 | Attribute-based access control method on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113761583A true CN113761583A (en) | 2021-12-07 |
Family
ID=78798572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111161060.8A Withdrawn CN113761583A (en) | 2021-09-30 | 2021-09-30 | Attribute-based access control method on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113761583A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114510734A (en) * | 2022-02-22 | 2022-05-17 | 光大科技有限公司 | Data access control method, device and computer readable storage medium |
CN114629684A (en) * | 2022-02-16 | 2022-06-14 | 深圳番多拉信息科技有限公司 | Permission token processing method, system, device and storage medium based on block chain |
CN114928499A (en) * | 2022-06-21 | 2022-08-19 | 重庆邮电大学 | Access control method based on block chain and trust system |
CN114978771A (en) * | 2022-07-26 | 2022-08-30 | 成都云智数安科技有限公司 | Data security sharing method and system based on block chain technology |
CN115051989A (en) * | 2022-06-10 | 2022-09-13 | 中国华能集团清洁能源技术研究院有限公司 | Refined distributed access control method based on block chain in industrial Internet of things |
-
2021
- 2021-09-30 CN CN202111161060.8A patent/CN113761583A/en not_active Withdrawn
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114629684A (en) * | 2022-02-16 | 2022-06-14 | 深圳番多拉信息科技有限公司 | Permission token processing method, system, device and storage medium based on block chain |
CN114510734A (en) * | 2022-02-22 | 2022-05-17 | 光大科技有限公司 | Data access control method, device and computer readable storage medium |
CN114510734B (en) * | 2022-02-22 | 2023-10-20 | 光大科技有限公司 | Data access control method, device and computer readable storage medium |
CN115051989A (en) * | 2022-06-10 | 2022-09-13 | 中国华能集团清洁能源技术研究院有限公司 | Refined distributed access control method based on block chain in industrial Internet of things |
CN115051989B (en) * | 2022-06-10 | 2024-04-05 | 中国华能集团清洁能源技术研究院有限公司 | Fine distributed access control method based on blockchain in industrial Internet of things |
CN114928499A (en) * | 2022-06-21 | 2022-08-19 | 重庆邮电大学 | Access control method based on block chain and trust system |
CN114928499B (en) * | 2022-06-21 | 2023-09-19 | 深圳建科网络科技有限公司 | Access control method based on block chain and trust system |
CN114978771A (en) * | 2022-07-26 | 2022-08-30 | 成都云智数安科技有限公司 | Data security sharing method and system based on block chain technology |
CN114978771B (en) * | 2022-07-26 | 2023-06-02 | 成都云智数安科技有限公司 | Data security sharing method and system based on blockchain technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112989415B (en) | Private data storage and access control method and system based on block chain | |
CN113761583A (en) | Attribute-based access control method on block chain | |
US10803194B2 (en) | System and a method for management of confidential data | |
CN112836229B (en) | Trusted data access control scheme for attribute-based encryption and block chaining | |
KR102025409B1 (en) | Data access management system based on blockchain and method thereof | |
Qin et al. | LBAC: A lightweight blockchain-based access control scheme for the internet of things | |
WO2019090988A1 (en) | Cryptography attribute-based access control method and system based on dynamic rule | |
Shafagh et al. | Droplet: Decentralized authorization and access control for encrypted data streams | |
CN113489733A (en) | Block chain-based content center network privacy protection method | |
CN104683099A (en) | Improved encrypted/decrypted content, and method and apparatus for issuing encrypted content | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
CN115242518B (en) | Medical health data protection system and method in mixed cloud environment | |
CN113987443A (en) | Multi-cloud and multi-chain collaborative electronic medical data security sharing method | |
Zhang et al. | DOPIV: Post-quantum secure identity-based data outsourcing with public integrity verification in cloud storage | |
Sumathi et al. | A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography | |
Li et al. | A privacy-preserving and fully decentralized storage and sharing system on blockchain | |
CN115567247A (en) | Decentralized multi-authority privacy protection data access control method and system | |
Cao et al. | Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control | |
Pareek et al. | Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance | |
Deng et al. | An efficient revocable attribute-based signcryption scheme with outsourced unsigncryption in cloud computing | |
Huang et al. | Privacy-preserving traceable attribute-based keyword search in multi-authority medical cloud | |
CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
Varri et al. | Practical verifiable multi-keyword attribute-based searchable signcryption in cloud storage | |
Nie et al. | Time-enabled and verifiable secure search for blockchain-empowered electronic health record sharing in IoT | |
CN115361126B (en) | Partial strategy hidden attribute encryption method and system capable of verifying outsourcing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211207 |
|
WW01 | Invention patent application withdrawn after publication |