CN112261155A - Internet of things access control method with dynamic consensus based on block chains of alliances - Google Patents

Internet of things access control method with dynamic consensus based on block chains of alliances Download PDF

Info

Publication number
CN112261155A
CN112261155A CN202011513645.7A CN202011513645A CN112261155A CN 112261155 A CN112261155 A CN 112261155A CN 202011513645 A CN202011513645 A CN 202011513645A CN 112261155 A CN112261155 A CN 112261155A
Authority
CN
China
Prior art keywords
iot
access control
domain
chain code
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011513645.7A
Other languages
Chinese (zh)
Other versions
CN112261155B (en
Inventor
张伟哲
冯禹铭
方滨兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Harbin Institute of Technology
Original Assignee
Shenzhen Graduate School Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Harbin Institute of Technology filed Critical Shenzhen Graduate School Harbin Institute of Technology
Priority to CN202011513645.7A priority Critical patent/CN112261155B/en
Publication of CN112261155A publication Critical patent/CN112261155A/en
Application granted granted Critical
Publication of CN112261155B publication Critical patent/CN112261155B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an internet of things access control method with dynamic consensus based on a alliance block chain, which comprises the steps of dividing an internet of things scene into a plurality of IoT domains, wherein each IoT domain comprises an IoT gateway and IoT equipment, selecting the IoT gateway subjected to CA authentication as a peer node to be added into an alliance block chain network, deploying chain codes on the IoT gateway to provide access control, access strategy management and trust evaluation related interface functions, and connecting the IoT equipment with the IoT gateway in a corresponding domain and performing access control related data interaction by using an MQTT protocol; in addition, the method can dynamically select the IoT gateway as a consensus sequencing node according to the trust evaluation result of the IoT domain, and performs consensus sequencing by using a Raft consensus mechanism. The invention has the beneficial effects that: the invention provides an Internet of things access control method with dynamic consensus based on a block chain of an alliance, so as to realize high-efficiency and reliable access control.

Description

Internet of things access control method with dynamic consensus based on block chains of alliances
Technical Field
The invention relates to the technical field of Internet of things, in particular to an Internet of things access control method with dynamic consensus based on a block chain of alliances.
Background
The rapid development of high-speed networks and the wide distribution of internet of things devices bring new security risks and challenges to the internet of things environment. The devices of the internet of things often contain a large amount of sensitive data related to privacy, and most devices of the internet of things are difficult to implement strict and perfect security measures due to resource limitations. The access control can prevent unauthorized access actions from invading the privacy, and becomes a research content which is focused on in the field of internet of things. The traditional centralized access control method uses a centralized authorization entity, and is easy to generate the problem of single point of failure. In addition, due to the heterogeneity and the dynamic property of the internet of things equipment, the equipment in different organizations often needs interaction and cooperation, and the centralized access control method is difficult to meet the requirements in the internet of things scene.
The appearance of the block chain technology provides a new solution for access control in the environment of the internet of things. The blockchain has the characteristics of transparency, non-tampering and auditability, and can realize credible access control. However, in the existing access control scheme of the internet of things based on the block chain, a consensus algorithm, such as a workload certification (PoW) or a Practical Byzantine Fault Tolerance (PBFT), adopted in a consensus process results in lower transaction verification efficiency, thereby affecting access control performance and restricting application and popularization of the technology. In addition, the predetermined and unchangeable consensus node is difficult to adapt to the dynamic change of the network environment of the internet of things, and the safety and the fairness of the access control system are influenced.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides an access control method of the internet of things with dynamic consensus based on a block chain of a federation.
The invention provides an internet of things access control method with dynamic consensus based on a alliance block chain, which is characterized in that an internet of things scene is divided into a plurality of IoT domains, each IoT domain comprises an IoT gateway and IoT equipment, the IoT gateway which is authenticated by CA is selected as a peer node to be added into an alliance block chain network, chain codes are deployed on the IoT gateway to provide access control, access strategy management and trust evaluation related interface functions, and the IoT equipment is connected with the IoT gateway in the corresponding domain and performs access control related data interaction by using an MQTT protocol.
As a further improvement of the present invention, the chain code includes a policy management chain code, an access control chain code and a trust evaluation chain code, and the policy management chain code and the access control chain code are deployed on the same data channel to implement management of the access control policy and obtain access rights; the trust evaluation chain code is used for recording behavior characteristics collected from the IoT gateway and the IoT equipment node and calculating the comprehensive trust degree of the IoT domain, and the trust evaluation chain code is deployed on the other channel so as to realize the isolation of service data related to the access control strategy; a Raft consensus mechanism based on trust evaluation is designed by means of the trust evaluation chain code, the Raft consensus mechanism dynamically selects consensus sequencing nodes through comprehensive trust indexes of different IoT domains, and then performs consensus sequencing service verification transaction.
As a further improvement of the present invention, when a user accesses resources in other IoT devices through user equipment, an access control request is sent through an interface provided by a chain code, the chain code returns access rights according to an access control policy, and the user can obtain related resources according to the access rights; the administrator is responsible for maintaining and modifying the access control strategy on one hand, and is responsible for issuing various node CA certificates in the block chain network of the alliance on the other hand.
As a further improvement of the present invention, the access control policy includes a subject attribute, an object attribute, an environment attribute, and an action authority, the subject attribute is used to describe an attribute of a user or a manipulation device, the object attribute is used to describe an attribute of an access object, and the environment attribute includes: authorizing deadline, allowing access to an IP section and position information, wherein the action authority comprises reading, writing and executing; the subject attribute comprises an ID, a role, a member group where the subject attribute is located and a domain where the subject attribute is located, and the object attribute comprises an object ID and a device MAC value.
As a further improvement of the present invention, the policy management chain code provides functions of adding, deleting, updating, and searching for access control policies, and each access control policy is stored in the block chain state database in a Json format through the policy management chain code;
the access control chain code is used for providing authorization and authority delegation functions of access control, according to the provided subject attribute, object attribute and environment attribute, the access control chain code can inquire whether a corresponding access control strategy exists or not, and if the matched access control strategy is found, the corresponding action authority is returned; in addition, the access control chain code supports authority delegation, and a user can delegate the authority acquired by the user to other specified users so as to meet the requirements of different application scenes;
the trust evaluation chain code is used for recording the behavior characteristics of each device in the IoT domain and calculating the trust degree of the IoT domain according to the history; the overall trust level of the IoT domain is calculated from the following 5 items of data, including: average IP packet loss rate index, average IP packet repetition rate index, average transmission delay index, average access success rate index and gateway node performance index.
As a further improvement of the invention, the Raft consensus mechanism based on trust evaluation comprises:
step 1: the IoT gateway periodically calculates the comprehensive trust degree evaluation index of the IoT domain through the trust evaluation chain code;
step 2: according to the comprehensive trust evaluation indexes of all IoT domains, periodically and dynamically selecting an IoT gateway of the IoT domain with the comprehensive trust evaluation index higher than a set threshold value as a sequencing node;
and step 3: when a transaction is initiated, each IoT gateway needs to verify whether each transaction in the new block obtains endorsements of all necessary peers specified in the endorsement policy, if yes, step 4 is executed, otherwise, the transaction initiation is determined to be failed, and new transaction needs to be waited to be initiated again;
and 4, step 4: checking whether the specific transaction results of the required endorsement peers are the same, if so, executing the step 5, otherwise, confirming that the transaction initiation fails, and waiting to reinitiate a new transaction;
and 5: a dynamically selected group of sequencing nodes performs consensus sequencing on the received transactions by using a Raft algorithm, and then packs a batch of transactions together according to a block generation strategy to generate a new block;
step 6: and checking each transaction in the new block, checking whether the input and output depended by the transaction are in accordance with the state of the current block chain, adding the block to the local block chain after the input and output are finished, and modifying the world state.
As a further improvement of the invention, the IoT gateway acquires the loss rate of each IoT device IP packet, the repetition rate of each IoT device IP packet, the transmission delay of each IoT device, the access success rate of each IoT device from the IoT devices connected to the IoT gateway through the MQTT protocol, and calculates an average value as an index of the IoT domain; the performance data of the gateway node is directly collected from the gateway node; all IoT equipment IP packet loss rate, all IoT equipment IP packet repetition rate, all IoT equipment transmission delay, all IoT equipment access success rate and gateway node performance 5 kinds of data will be standardized to [0,100] integer data finally, through periodically collecting and calculating these data, they are written into the block chain account book through the trust evaluation chain code;
average IP packet loss rate index
Figure 818883DEST_PATH_IMAGE001
And average IP packet repetition rate index
Figure 177183DEST_PATH_IMAGE002
The calculation method of (a) is as follows:
Figure 836703DEST_PATH_IMAGE003
Figure 622257DEST_PATH_IMAGE004
and
Figure 281908DEST_PATH_IMAGE005
reflecting whether there is abnormal behavior of the IoT devices under the IoT gateway,
Figure 707815DEST_PATH_IMAGE006
average IP packet loss rates for IoT devices within an IoT domain,
Figure 972574DEST_PATH_IMAGE007
average IP packet repetition rates for the IoT devices within the IoT domain,
Figure 178297DEST_PATH_IMAGE008
and
Figure 528507DEST_PATH_IMAGE009
greater than 1;
mean transmission delay index
Figure 477877DEST_PATH_IMAGE010
The calculation method of (a) is as follows:
Figure 393880DEST_PATH_IMAGE011
Figure 36083DEST_PATH_IMAGE012
the average transmission delay of the IoT devices in the IoT domain, C is a constant less than 1,
Figure 873589DEST_PATH_IMAGE013
the value of (a) is associated with a particular application scenario;
average access success rate index
Figure 364001DEST_PATH_IMAGE014
The calculation method of (a) is as follows:
Figure 337773DEST_PATH_IMAGE015
Figure 698347DEST_PATH_IMAGE016
mean access success rate of IoT equipment in IoT domain is expressed
Figure 272417DEST_PATH_IMAGE016
Direct conversion to [0,100]An integer within the range;
gateway node performance index
Figure 314322DEST_PATH_IMAGE017
The calculation method of (a) is as follows:
Figure 657448DEST_PATH_IMAGE018
Figure 392186DEST_PATH_IMAGE019
gateway node performance index being a constant less than 1
Figure 187972DEST_PATH_IMAGE020
CPU utilization index by gateway node
Figure 299148DEST_PATH_IMAGE021
And memory utilization index
Figure 234130DEST_PATH_IMAGE022
To calculate.
Figure 405348DEST_PATH_IMAGE023
Figure 891693DEST_PATH_IMAGE024
And
Figure 72139DEST_PATH_IMAGE025
respectively representing CPU utilization and memory utilization data collected from the gateway node,
Figure 389857DEST_PATH_IMAGE026
and
Figure 466397DEST_PATH_IMAGE027
respectively maintaining the utilization rates of CPU and memory resources required by the normal operation of the basic service of the gateway node;
the above normalized set of evidence data
Figure 236776DEST_PATH_IMAGE028
The behavior characteristic information of one IoT domain is reflected, the behavior characteristic information is written into the block chain by calling the trust evaluation chain code, and the IoT gateway can calculate the comprehensive trust evaluation index of the IoT domain in which the IoT gateway is located by calling the trust evaluation chain code.
As a further improvement of the present invention, the step 1 comprises:
inputting: an IoT Domain ID number;
s1, setting the selected historical transaction times
Figure 424175DEST_PATH_IMAGE029
S2 setting initial value
Figure 599329DEST_PATH_IMAGE030
An IoT domain ID number, wherein the IDIoT domain ID number indicates that the ID number of the IoT domain is input into the parameter ID;
s3 when
Figure 838866DEST_PATH_IMAGE033
If so, repeatedly executing the steps S4-S9, otherwise, jumping out of the loop and executing the step S10;
S4:
Figure 829956DEST_PATH_IMAGE034
the function of the GetHistoryState () function is to obtain the history state,
Figure 653424DEST_PATH_IMAGE034
representing query acquisition to blockchain
Figure 71767DEST_PATH_IMAGE035
A history of (2);
s5 weight coefficient
Figure 551159DEST_PATH_IMAGE036
Wherein
Figure 80360DEST_PATH_IMAGE037
Is a constant of (-1, 0);
S6:
Figure 952809DEST_PATH_IMAGE038
S7:
Figure 542053DEST_PATH_IMAGE039
S8:
Figure 774320DEST_PATH_IMAGE040
S9:
Figure 107212DEST_PATH_IMAGE041
s10 comprehensive trust degree evaluation index
Figure 390426DEST_PATH_IMAGE042
And (3) outputting: the IoT domain synthesizes the trust level evaluation index.
As a further improvement of the invention, when the user obtains the access right, the following steps are executed:
step a: a user sends an access control request to an access control chain code in an alliance block chain;
step b: the access control chain code retrieves an access control strategy according to the subject, the object and the environment attribute and returns an access control authority;
step c: and the user accesses the resources on the IoT equipment through different IoT gateways according to the acquired access control authority.
As a further improvement of the invention, when the administrator modifies the access control policy, the following steps are executed:
step A: the administrator sends a request for modifying the access control strategy to the strategy management chain code in the block chain of the alliance;
and B: the strategy management chain code initiates a transaction proposal according to the request content;
and C: verifying the transaction according to a Raft consensus mechanism based on trust evaluation;
step D: and synchronously updating the access control strategy after the verification is successful by each IoT gateway.
The invention has the beneficial effects that: the invention provides an Internet of things access control method with dynamic consensus based on a block chain of an alliance, so as to realize high-efficiency and reliable access control.
Drawings
FIG. 1 is a diagram of an Internet of things access control infrastructure of the present invention;
FIG. 2 is a schematic diagram illustrating the operation of the access control of the Internet of things in the present invention;
fig. 3 is a schematic diagram illustrating role transition of IoT gateway when performing the Raft consensus in the present invention;
FIG. 4 is a flow chart of a trust-based Raft consensus mechanism in the present invention;
FIG. 5 is a flow chart of the present invention for a user to obtain access rights;
fig. 6 is a flow chart of administrator modifying access control policies in the present invention.
Detailed Description
The invention discloses an internet of things access control method with dynamic consensus based on a federation block chain. Given the relatively greater hardware configuration and computing power of IoT gateways, CA-certified IoT gateways are chosen to join a federated blockchain network as Peer (Peer) nodes, and chain codes are deployed on the IoT gateways to provide access control related interface functions. And the IoT device is connected with the IoT gateway in the corresponding domain and performs access control related data interaction using MQTT protocol. And constructing the alliance block chain network based on HyperLegger Fabric.
In the invention, an access control method with dynamic consensus based on a block chain of a federation is provided to realize efficient and reliable access control. We have designed three types of chain codes as important components of the access control framework, including policy management chain codes, access control chain codes, and trust evaluation chain codes. The policy management chain code and the access control chain code are deployed on the same data channel so as to realize management of the access control policy and obtain access authority. The trust evaluation chain code is used for recording behavior characteristics collected from the IoT gateway and the IoT equipment node and calculating the comprehensive trust degree of the IoT domain, and the comprehensive trust degree is deployed on another channel so as to realize the isolation of business data related to the access control strategy. In addition, by means of a trust evaluation chain code, a Raft consensus mechanism based on trust evaluation is designed, the method dynamically selects consensus sequencing nodes through comprehensive trust indexes of different IoT domains, and then performs consensus sequencing service verification transaction. The method can realize quick and reliable consensus and reduce the influence of the deterioration of the network environment on the access control framework. In addition, the dynamic adjustment of the trust evaluation so as to select the reliable consensus node is beneficial to improving the safety and the robustness of the access control process.
In the present invention, there are 2 important roles, which are the user and the administrator, respectively. When a user needs to access resources in other internet of things equipment through user equipment (such as a computer, a notebook computer and a mobile phone), an access control request is sent through an interface provided by a chain code, the chain code can return access authority according to an access control strategy, and the user can obtain related resources according to the access authority. The administrator is responsible for maintaining and modifying the access control strategy on one hand, and is responsible for issuing various node CA certificates in the block chain network of the alliance on the other hand.
The access control policy consists of 4 parts, including: subject attributes, object attributes, environment attributes, and action permissions. The body attribute is used for describing attributes of a user or a manipulation device, including an ID, a role, a member group where the user is located, and a domain where the user is located. The object attribute is used to describe the attributes of the access object, including its ID and device MAC value. The environmental attributes include: authorization deadline, permission to access IP segment, location information. The action authority comprises: read, write, execute.
Table 1 access control policy description example
Figure 665419DEST_PATH_IMAGE043
The policy management chain code (PMC) provides functions of adding, deleting, updating, and searching for an access control policy, and a specific access control policy description is shown in table 1. Each access control policy is stored in a blockchain state database in Json format by a policy management chain code.
Access control chain codes (ACCs) are used to provide authorization for access control and rights delegation functionality. According to the provided subject attribute, object attribute and environment attribute, the chain code can inquire whether a corresponding access control strategy exists or not, and if the matched access control strategy is found, the corresponding action authority is returned. In addition, the chain code supports authority delegation, and a user can delegate the authority acquired by the user to other specified users so as to meet the requirements of different application scenarios.
The trust evaluation chain code (CEC) is used for recording the behavior characteristics of each device in the IoT domain and calculating the trust degree of the IoT domain according to the historical records. The overall trust level of the IoT domain is calculated from the following 5 items of data, including: average IP packet loss rate index, average IP packet repetition rate index, average transmission delay index, average access success rate index and gateway node performance index.
The invention adopts the Raft consensus algorithm as an important component of the consensus mechanism. The IoT gateway that becomes the sequencing node (Orderer) will adopt the Raft algorithm to perform consensus sequencing, verifying the validity of the transaction. As shown in fig. 3, the initial state IoT gateway is in Follower (Follower) state, and if the Follower does not receive heartbeat information of the Leader (Leader) within the election timeout period, it will transition to Candidate (Candidate) state. The timeout is a random number. If the IoT gateway becomes a candidate, then an RPC request is sent to the other nodes, assuming there are 2N +1 nodes in total and more than N +1 nodes received, it will be selected as the leader and begin the next phase of work, while the other candidates will change to follower states. Normally, the leader will continuously broadcast heartbeat information, and the follower will reset the timeout upon receiving the leader's heartbeat information. After the leader election is successful, the IoT gateway enters a log replication process to perform log recording and data submission, so that distributed consistency is achieved. For the Raft algorithm, the core consensus process is a log replication process, which is divided into two phases, one is logging and one is committing data. If the total number of nodes in the block chain is n, the number of communication times is n-1 in the log recording stage, the number of communication times is n-1 in the data submitting stage, and the total number of communication times is 2n-2, so that the communication complexity of the Raft consensus algorithm is O (n), and the consensus efficiency is higher.
The invention provides a comprehensive trust evaluation index aiming at an IoT domain, which becomes an important basis for dynamically selecting block chain sequencing nodes and modifying access control strategies, thereby realizing dynamic consensus. To compute the trust of the IoT domain, we collect evidence data from gateways and device nodes within the IoT domain to compute. And an MQTT protocol is adopted between the gateway node and the IoT equipment so as to simplify and realize faster communication. IoT domain evidence data that needs to be collected includes: the method comprises the following steps of losing the IP packet of each IoT device, repeating the IP packet of each IoT device, transmitting delay of each IoT device, access success rate of each IoT device and performance of a gateway node. The IoT gateway collects the first 4 kinds of data from the devices connected with the IoT gateway through the MQTT protocol, and calculates the average value as the index of the domain. The performance data of the gateway node is collected directly from the gateway node. These 5 data will eventually be normalized to [0,100] integer data. By periodically collecting and computing these data, they are written into the blockchain ledger by the trust evaluation chain code.
The comprehensive trust evaluation index calculation method provided by the invention comprises the following steps of firstly standardizing 5 evidence data.
(1) Average IP packet loss rate index
Figure 870135DEST_PATH_IMAGE044
And (2) average IP packet repetition rate index
Figure 990407DEST_PATH_IMAGE045
The calculation method of (a) is as follows:
Figure 331389DEST_PATH_IMAGE046
Figure 780213DEST_PATH_IMAGE047
and
Figure 206646DEST_PATH_IMAGE048
it can reflect whether there is abnormal behavior of the IoT device under the IoT gateway. Average IP packet loss rate of one IoT domain IoT device
Figure 396188DEST_PATH_IMAGE049
And average IP packet repetition rate
Figure 857256DEST_PATH_IMAGE050
At the lower time, the temperature of the alloy is lower,
Figure 5209DEST_PATH_IMAGE047
and
Figure 918939DEST_PATH_IMAGE048
tends to be 100. While following with
Figure 646592DEST_PATH_IMAGE049
And
Figure 758905DEST_PATH_IMAGE050
as this increases, the likelihood of an IoT domain having untrusted nodes also increases. The variation trend is consistent with the exponential function curve with the base number larger than 1. Therefore, the temperature of the molten metal is controlled,
Figure 31754DEST_PATH_IMAGE051
and
Figure 684977DEST_PATH_IMAGE052
greater than 1.
(3) Mean transmission delay index
Figure 763791DEST_PATH_IMAGE053
The calculation method of (a) is as follows:
Figure 651982DEST_PATH_IMAGE054
in a communication network, transmission delay may occur due to data transmission between nodes due to various factors, but the transmission delay of the network should fluctuate within a normal range. Average transmission delay when IoT domain
Figure 892470DEST_PATH_IMAGE055
Less than a critical value
Figure 295639DEST_PATH_IMAGE056
We consider the IoT domain to be trusted. Average transmission delay when IoT domain
Figure 850248DEST_PATH_IMAGE055
Exceeds a critical value
Figure 389682DEST_PATH_IMAGE056
The likelihood of abnormal behavior within the IoT domain increases. Wherein C is a constant less than 1,
Figure 801072DEST_PATH_IMAGE056
is associated with a specific application scenario.
(4) Average access success rate index
Figure 911111DEST_PATH_IMAGE057
The calculation method of (a) is as follows:
Figure 787187DEST_PATH_IMAGE058
Figure 728599DEST_PATH_IMAGE059
the average access success rate of the IoT devices in the IoT domain is represented. Here will be
Figure 763420DEST_PATH_IMAGE059
Direct conversion to [0,100]An integer within the range.
(5) Gateway node performance index
Figure 423071DEST_PATH_IMAGE060
The calculation method of (a) is as follows:
Figure 585062DEST_PATH_IMAGE061
the performance indicator of the gateway node represents the resource consumption of the gateway node itself. This index will affect whether the gateway node has sufficient capacity to join the blockchain to perform the corresponding consensus task. Thus, the performance indicators of the gateway node are also used as evidence data for calculating the integrated trust value. Wherein the content of the first and second substances,
Figure 833510DEST_PATH_IMAGE062
gateway node performance index being a constant less than 1
Figure 852281DEST_PATH_IMAGE063
CPU utilization index by gateway node
Figure 920600DEST_PATH_IMAGE064
And memory utilization index
Figure 683020DEST_PATH_IMAGE065
To calculate.
Figure 536706DEST_PATH_IMAGE066
Figure 193558DEST_PATH_IMAGE067
And
Figure 827801DEST_PATH_IMAGE068
respectively representing CPU utilization collected from gateway nodesAnd memory utilization data.
Figure 315283DEST_PATH_IMAGE069
And
Figure 289056DEST_PATH_IMAGE070
respectively, the CPU and memory resource utilization rate required for maintaining the normal operation of the basic service of the gateway node.
The above normalized set of evidence data
Figure 649630DEST_PATH_IMAGE071
The behavior characteristic information of one IoT domain is reflected, and the behavior characteristic information is written into the block chain by calling the trust evaluation chain code. The IoT gateway may calculate the aggregate trust evaluation index for the IoT domain in which it is located by invoking the trust evaluation chain code. The specific calculation method is as follows:
inputting: IoT domain ID number output: IoT domain comprehensive trust degree evaluation index
S1, setting the selected historical transaction times
Figure 692541DEST_PATH_IMAGE072
S2 setting initial value
Figure 796763DEST_PATH_IMAGE073
IoT Domain ID number, IDIoT Domain ID number indicating that the ID number of IoT Domain is entered into parameter ID
S3 when
Figure 609047DEST_PATH_IMAGE074
If so, repeatedly executing the loop body from S4 to S9, otherwise, jumping out of the loop and executing S10;
S4:
Figure 952304DEST_PATH_IMAGE075
the function of the GetHistoryState () function is to obtain the history state,
Figure 50097DEST_PATH_IMAGE075
representing query acquisition to blockchain
Figure 732883DEST_PATH_IMAGE076
History of
S5 weight coefficient
Figure 684527DEST_PATH_IMAGE077
Wherein
Figure 452763DEST_PATH_IMAGE078
Is a constant of (-1,0)
S6:
Figure 351318DEST_PATH_IMAGE079
S7:
Figure 216505DEST_PATH_IMAGE080
S8:
Figure 27467DEST_PATH_IMAGE081
S9:
Figure 329004DEST_PATH_IMAGE082
S10 comprehensive trust degree evaluation index
Figure 516403DEST_PATH_IMAGE083
The invention provides a Raft consensus mechanism based on trust evaluation. The mechanism is divided into 2 steps, wherein the first step is to dynamically select which IoT gateways become ranking nodes (Orderer) based on the trust degree of each IoT domain, and the second step is to use a Raft algorithm to perform consensus ranking verification transaction.
For the first step, each IoT gateway calculates a domain aggregate trust from the history through a trust evaluation chain. According to the comprehensive trust degree of each domain, the IoT gateway with lower trust degree cannot become a ranking node and cannot participate in the consensus ranking of the second step. And selecting the gateway nodes in the domains as the sequencing nodes through the domains with the screened trust values higher than the threshold value. TheThe process will be triggered periodically to enable dynamic selection of the sequencing node. In addition, we set 3 thresholds
Figure 236097DEST_PATH_IMAGE084
Some countermeasures to cope with different risk levels according to different degrees of trust of the IoT domain are provided.
Table 2:
Figure 735736DEST_PATH_IMAGE085
for the second step, the trusted IoT gateway has been dynamically selected at this point to become the ranking node. When a transaction is initiated, each IoT gateway needs to verify whether each transaction in the new tile is endorsed by all the necessary peers specified in the endorsement policy. In addition, they need to check whether the specific transaction results of the required endorsement peers are the same. After the endorsement is verified, the trusted sorting node dynamically selected in the previous step will sort and package the submitted transactions. In this process, consensus will be performed using the Raft algorithm to ensure that ledger data in each IoT gateway is consistent.
In summary, as shown in fig. 4, the Raft consensus mechanism based on trust evaluation includes:
step 1: and the IoT gateway periodically calculates the comprehensive trust evaluation index of the IoT domain through the trust evaluation chain code.
Step 2: and according to the comprehensive trust evaluation indexes of all IoT domains, periodically and dynamically selecting the IoT gateway of the IoT domain with the comprehensive trust evaluation index higher than the set threshold value as a sequencing node.
And step 3: when a transaction is initiated, each IoT gateway needs to verify whether each transaction in the new block is endorsed by all necessary peers specified in the endorsement policy, if yes, step 4 is executed, otherwise, it is determined that the transaction initiation fails, and a new transaction needs to be restarted.
And 4, step 4: checking whether the specific transaction results of the required endorsement peers are the same, if so, executing step 5, otherwise, confirming that the transaction initiation fails, and waiting to initiate a new transaction again.
And 5: and carrying out consensus sorting on the received transactions by using a Raft algorithm through a group of dynamically selected sorting nodes, and then packaging a batch of transactions together according to a block generation strategy to generate a new block.
Step 6: and checking each transaction in the new block, checking whether the input and output depended by the transaction are in accordance with the state of the current block chain, adding the block to the local block chain after the input and output are finished, and modifying the world state.
As shown in fig. 5, when the user obtains the access right, the following steps are executed:
step a: the user sends an access control request to an access control chain code in the federation blockchain.
Step b: and the access control chain code retrieves an access control strategy according to the subject, the object and the environment attribute and returns access control authority.
Step c: and the user accesses the resources on the IoT equipment through different IoT gateways according to the acquired access control authority.
As shown in fig. 6, when the administrator modifies the access control policy, the following steps are performed:
step A: the administrator sends a request to modify an access control policy to a policy management chain code in the federation blockchain.
And B: and the strategy management chain code initiates a transaction proposal according to the request content.
And C: the transaction is verified according to a Raft consensus mechanism based on trust evaluation.
Step D: and synchronously updating the access control strategy after the verification is successful by each IoT gateway.
In the present invention, the environment deployment process: firstly, an access control system is required to be built on a block chain of the alliance, based on a HyperLegendr Fabric platform, a manager is responsible for creating certificates for all members (including Peer nodes, Orderer nodes and data channels), and IoT gateways in all IoT domains are used as Peer nodes to be added into a block chain network. And then, deploying the three chain codes (a policy management chain code, an access control chain code and a trust evaluation chain code) on the Peer node, wherein the policy management chain code and the access control chain code are added into the same data channel, and the trust evaluation chain code is deployed in the other data channel, so as to realize data isolation of a service layer.
And (3) a policy setting process: each access control strategy represents access control authority of a group of subjects and objects, and an administrator sets the access control strategy in a self-defined mode through a strategy management chain code (PMC), uploads the access control strategy to a block chain and stores the access control strategy in a State Database (SDB). The administrator has the right to add, modify, delete, query access control policies. The entire access-controlled transaction record is stored in the distributed ledger, so the access-control policy is auditable and traceable. It is worth mentioning that the consensus mechanism uses the trust-based Raft consensus method proposed by the present invention when a transaction occurs.
And (3) behavior characteristic acquisition process: the IoT gateway is responsible for collecting behavioral characteristic information from the IoT devices in the local domain on a regular basis. The IoT device will send data with behavioral characteristic information to the IoT gateway through the MQTT protocol. The IoT gateway, upon acquiring the data, will integrate and standardize the data with its own performance state. These standardized data are then written into the blockchain through the trust evaluation chain code to form a comprehensive behavioral profile record for the IoT domain. And finally, the chain code calculates the trust value of the IoT domain, and provides a basis for the dynamic selection of the sequencing node in the consensus process.
The access control execution process comprises the following steps: when a user needs to access an IoT device to obtain a resource, he first sends an access control request to an access control chain code (ACC). And then, the access control chain code retrieves the access control authority according to the subject attribute, the object attribute and the environment attribute, and if the access request is matched with the attribute described in the strategy, the access control authority described in the strategy is returned. After obtaining the access control rights, the user may access the IoT device through the IoT gateway.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. An Internet of things access control method with dynamic consensus based on a block chain of alliances is characterized in that: the method comprises the steps that an internet of things scene is divided into a plurality of IoT domains, each IoT domain comprises an IoT gateway and IoT equipment, the IoT gateways which are authenticated by CA are selected as peer nodes to join in a alliance block chain network, chain codes are deployed on the IoT gateways to provide access control, access policy management and trust evaluation interface functions, and the IoT equipment is connected with the IoT gateways in the corresponding domains and performs access control related data interaction by using an MQTT protocol;
the chain codes comprise a strategy management chain code, an access control chain code and a trust evaluation chain code, and the strategy management chain code and the access control chain code are deployed on the same data channel so as to realize the management of the access control strategy and acquire the access authority; the trust evaluation chain code is used for recording behavior characteristics collected from the IoT gateway and the IoT equipment node and calculating the comprehensive trust degree of the IoT domain, and the trust evaluation chain code is deployed on the other channel so as to realize the isolation of service data related to the access control strategy; a Raft consensus mechanism based on trust evaluation is designed by means of the trust evaluation chain code, the Raft consensus mechanism dynamically selects consensus sequencing nodes through comprehensive trust indexes of different IoT domains, and then performs consensus sequencing service verification transaction.
2. The internet of things access control method of claim 1, wherein: when a user accesses resources in other IoT equipment through user equipment, sending an access control request through an interface provided by a chain code, returning an access right by the chain code according to an access control strategy, and obtaining related resources by the user according to the access right; the administrator is responsible for maintaining and modifying the access control strategy on one hand, and is responsible for issuing various node CA certificates in the block chain network of the alliance on the other hand.
3. The internet of things access control method of claim 2, wherein: the access control policy comprises a subject attribute, an object attribute, an environment attribute and an action authority, wherein the subject attribute is used for describing attributes of a user or a manipulation device, and the object attribute is used for describing attributes of an access object.
4. The internet of things access control method of claim 3, wherein: the environmental attributes include: authorizing deadline, allowing access to an IP section and position information, wherein the action authority comprises reading, writing and executing; the subject attribute comprises an ID, a role, a member group where the subject attribute is located and a domain where the subject attribute is located, and the object attribute comprises an object ID and a device MAC value.
5. The internet of things access control method of claim 4, wherein: the policy management chain code provides functions of adding, deleting, updating and searching access control policies, and each access control policy is stored in the block chain state database in a Json format through the policy management chain code;
the access control chain code is used for providing authorization and authority delegation functions of access control, according to the provided subject attribute, object attribute and environment attribute, the access control chain code can inquire whether a corresponding access control strategy exists or not, and if the matched access control strategy is found, the corresponding action authority is returned; in addition, the access control chain code supports authority delegation, and a user can delegate the authority acquired by the user to other specified users so as to meet the requirements of different application scenes;
the trust evaluation chain code is used for recording the behavior characteristics of each device in the IoT domain and calculating the trust degree of the IoT domain according to the history; the overall trust level of the IoT domain is calculated from the following 5 items of data, including: average IP packet loss rate index, average IP packet repetition rate index, average transmission delay index, average access success rate index and gateway node performance index.
6. The Internet of things access control method of claim 5, wherein the Raft consensus mechanism based on trust evaluation comprises:
step 1: the IoT gateway periodically calculates the comprehensive trust degree evaluation index of the IoT domain through the trust evaluation chain code;
step 2: according to the comprehensive trust evaluation indexes of all IoT domains, periodically and dynamically selecting an IoT gateway of the IoT domain with the comprehensive trust evaluation index higher than a set threshold value as a sequencing node;
and step 3: when a transaction is initiated, each IoT gateway needs to verify whether each transaction in the new block obtains endorsements of all necessary peers specified in the endorsement policy, if yes, step 4 is executed, otherwise, the transaction initiation is determined to be failed, and new transaction needs to be waited to be initiated again;
and 4, step 4: checking whether the specific transaction results of the required endorsement peers are the same, if so, executing the step 5, otherwise, confirming that the transaction initiation fails, and waiting to reinitiate a new transaction;
and 5: a dynamically selected group of sequencing nodes performs consensus sequencing on the received transactions by using a Raft algorithm, and then packs a batch of transactions together according to a block generation strategy to generate a new block;
step 6: and checking each transaction in the new block, checking whether the input and output depended by the transaction are in accordance with the state of the current block chain, adding the block to the local block chain after the input and output are finished, and modifying the world state.
7. The method of claim 6, wherein the IoT gateway collects the loss rate of IP packets of each IoT device, the repetition rate of IP packets of each IoT device, the transmission delay of each IoT device and the access success rate of each IoT device from the IoT devices connected with the IoT gateway through an MQTT protocol, and calculates an average value as the index of the IoT domain; the performance data of the gateway node is directly collected from the gateway node; all IoT equipment IP packet loss rate, all IoT equipment IP packet repetition rate, all IoT equipment transmission delay, all IoT equipment access success rate and gateway node performance 5 kinds of data will be standardized to [0,100] integer data finally, through periodically collecting and calculating these data, they are written into the block chain account book through the trust evaluation chain code;
average IP packet loss rate index
Figure 526077DEST_PATH_IMAGE001
And average IP packet repetition rate index
Figure 530942DEST_PATH_IMAGE002
The calculation method of (a) is as follows:
Figure 31194DEST_PATH_IMAGE003
Figure 779707DEST_PATH_IMAGE001
and
Figure 317523DEST_PATH_IMAGE002
reflecting whether there is abnormal behavior of the IoT devices under the IoT gateway,
Figure 227710DEST_PATH_IMAGE004
average IP packet loss rates for IoT devices within an IoT domain,
Figure 480837DEST_PATH_IMAGE005
average IP packet repetition rates for the IoT devices within the IoT domain,
Figure 33041DEST_PATH_IMAGE006
and
Figure 422434DEST_PATH_IMAGE007
greater than 1;
mean transmission delay index
Figure 769102DEST_PATH_IMAGE008
The calculation method of (a) is as follows:
Figure 384891DEST_PATH_IMAGE009
Figure 209627DEST_PATH_IMAGE010
the average transmission delay of the IoT devices in the IoT domain, C is a constant less than 1,
Figure 453527DEST_PATH_IMAGE011
the value of (a) is associated with a particular application scenario;
average access success rate index
Figure 974026DEST_PATH_IMAGE012
The calculation method of (a) is as follows:
Figure 201745DEST_PATH_IMAGE013
Figure 830172DEST_PATH_IMAGE014
mean access success rate of IoT equipment in IoT domain is expressed
Figure 194157DEST_PATH_IMAGE014
Direct conversion to [0,100]An integer within the range;
gateway node performance index
Figure 882628DEST_PATH_IMAGE015
The calculation method of (a) is as follows:
Figure 332063DEST_PATH_IMAGE016
Figure 764182DEST_PATH_IMAGE017
gateway node performance index being a constant less than 1
Figure 982674DEST_PATH_IMAGE018
CPU utilization index by gateway node
Figure 982991DEST_PATH_IMAGE019
And memory utilization index
Figure 657073DEST_PATH_IMAGE020
To calculate;
Figure 158462DEST_PATH_IMAGE021
Figure 231460DEST_PATH_IMAGE022
and
Figure 261733DEST_PATH_IMAGE023
respectively representing CPU utilization and memory utilization data collected from the gateway node,
Figure 685761DEST_PATH_IMAGE024
and
Figure 459682DEST_PATH_IMAGE025
respectively maintaining the utilization rates of CPU and memory resources required by the normal operation of the basic service of the gateway node;
the above normalized set of evidence data
Figure 793711DEST_PATH_IMAGE026
The behavior characteristic information of one IoT domain is reflected, the behavior characteristic information is written into the block chain by calling the trust evaluation chain code, and the IoT gateway can calculate the comprehensive trust evaluation index of the IoT domain in which the IoT gateway is located by calling the trust evaluation chain code.
8. The internet of things access control method according to claim 7, wherein the step 1 comprises:
inputting: an IoT Domain ID number;
s1, setting the selected historical transaction times
Figure 994885DEST_PATH_IMAGE027
S2 setting initial value
Figure 906210DEST_PATH_IMAGE028
IoT Domain ID number, ID
Figure 475032DEST_PATH_IMAGE029
The IoT domain ID number indicates that the ID number of the IoT domain is input into the parameter ID;
s3 when
Figure 788202DEST_PATH_IMAGE030
If so, repeatedly executing the steps S4-S9, otherwise, jumping out of the loop and executing the step S10;
S4:
Figure 301223DEST_PATH_IMAGE031
the function of the GetHistoryState () function is to obtain the history state,
Figure 434264DEST_PATH_IMAGE031
representing query acquisition to blockchain
Figure 815567DEST_PATH_IMAGE032
Figure 983243DEST_PATH_IMAGE033
Figure 526220DEST_PATH_IMAGE034
Figure 146557DEST_PATH_IMAGE035
Figure 206917DEST_PATH_IMAGE036
A history of (2);
s5 weight coefficient
Figure 229099DEST_PATH_IMAGE037
Wherein
Figure 945907DEST_PATH_IMAGE038
Is a constant of (-1, 0);
S6:
Figure 319120DEST_PATH_IMAGE039
S7:
Figure 42225DEST_PATH_IMAGE040
S8:
Figure 653335DEST_PATH_IMAGE041
S9:
Figure 944639DEST_PATH_IMAGE042
s10 comprehensive trust degree evaluation index
Figure 539568DEST_PATH_IMAGE043
And (3) outputting: the IoT domain synthesizes the trust level evaluation index.
9. The internet of things access control method according to claim 7, wherein when the user obtains the access right, the following steps are executed:
step a: a user sends an access control request to an access control chain code in an alliance block chain;
step b: the access control chain code retrieves an access control strategy according to the subject, the object and the environment attribute and returns an access control authority;
step c: and the user accesses the resources on the IoT equipment through different IoT gateways according to the acquired access control authority.
10. The internet of things access control method according to claim 7, wherein when the administrator modifies the access control policy, the following steps are performed:
step A: the administrator sends a request for modifying the access control strategy to the strategy management chain code in the block chain of the alliance;
and B: the strategy management chain code initiates a transaction proposal according to the request content;
and C: verifying the transaction according to a Raft consensus mechanism based on trust evaluation;
step D: and synchronously updating the access control strategy after the verification is successful by each IoT gateway.
CN202011513645.7A 2020-12-21 2020-12-21 Internet of things access control method with dynamic consensus based on block chains of alliances Active CN112261155B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011513645.7A CN112261155B (en) 2020-12-21 2020-12-21 Internet of things access control method with dynamic consensus based on block chains of alliances

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011513645.7A CN112261155B (en) 2020-12-21 2020-12-21 Internet of things access control method with dynamic consensus based on block chains of alliances

Publications (2)

Publication Number Publication Date
CN112261155A true CN112261155A (en) 2021-01-22
CN112261155B CN112261155B (en) 2021-03-16

Family

ID=74225802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011513645.7A Active CN112261155B (en) 2020-12-21 2020-12-21 Internet of things access control method with dynamic consensus based on block chains of alliances

Country Status (1)

Country Link
CN (1) CN112261155B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242237A (en) * 2021-05-08 2021-08-10 电子科技大学 Node equipment detection system based on industrial Internet of things and detection method thereof
CN113572734A (en) * 2021-06-24 2021-10-29 福建师范大学 Cross-domain access control method based on block chain in mobile edge calculation
CN113949642A (en) * 2021-10-19 2022-01-18 中国电子科技集团公司第二十研究所 Internet of things sensor node trust evaluation method based on block chain storage
CN114157487A (en) * 2021-12-03 2022-03-08 上海交通大学 Large-scale Internet of things access control method based on block chain technology
CN114338701A (en) * 2021-12-29 2022-04-12 四川启睿克科技有限公司 Block chain-based zero-trust system and access method for Internet of things
CN115051989A (en) * 2022-06-10 2022-09-13 中国华能集团清洁能源技术研究院有限公司 Refined distributed access control method based on block chain in industrial Internet of things
CN115529136A (en) * 2022-08-16 2022-12-27 云南师范大学 Lightweight block chain design method facing Internet of things and based on attribute access control
CN116170162A (en) * 2023-04-26 2023-05-26 湖南天河国云科技有限公司 Selective consensus method, computer storage medium, and terminal device
CN116896480A (en) * 2023-09-01 2023-10-17 广州红海云计算股份有限公司 Network security management system based on block chain
CN117978680A (en) * 2024-04-01 2024-05-03 北京大学 Heterogeneous Internet of things evaluation method and device and nonvolatile storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108647967A (en) * 2018-05-10 2018-10-12 北京京东尚科信息技术有限公司 Select the method, apparatus and common recognition node of block chain common recognition mechanism
CN108737348A (en) * 2017-04-21 2018-11-02 中国科学院信息工程研究所 A kind of internet of things equipment access control method of the intelligent contract based on block chain
CN109493056A (en) * 2018-12-04 2019-03-19 深圳市链联科技有限公司 A kind of block chain common recognition mechanism based on supply chain Ecological Information scene
CN109547527A (en) * 2018-10-12 2019-03-29 广西师范大学 Subregion in block chain based on credit mechanism is quickly known together method
CN109981689A (en) * 2019-04-29 2019-07-05 清华大学 Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things
CN110351381A (en) * 2019-07-18 2019-10-18 湖南大学 A kind of Distributed data share method that Internet of Things based on block chain is credible
US20190392437A1 (en) * 2017-12-05 2019-12-26 Bank Of America Corporation Real-time net settlement by distributed ledger system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737348A (en) * 2017-04-21 2018-11-02 中国科学院信息工程研究所 A kind of internet of things equipment access control method of the intelligent contract based on block chain
US20190392437A1 (en) * 2017-12-05 2019-12-26 Bank Of America Corporation Real-time net settlement by distributed ledger system
CN108647967A (en) * 2018-05-10 2018-10-12 北京京东尚科信息技术有限公司 Select the method, apparatus and common recognition node of block chain common recognition mechanism
CN109547527A (en) * 2018-10-12 2019-03-29 广西师范大学 Subregion in block chain based on credit mechanism is quickly known together method
CN109493056A (en) * 2018-12-04 2019-03-19 深圳市链联科技有限公司 A kind of block chain common recognition mechanism based on supply chain Ecological Information scene
CN109981689A (en) * 2019-04-29 2019-07-05 清华大学 Cross-domain logical is isolated by force and safety access control method and device under scenes of internet of things
CN110351381A (en) * 2019-07-18 2019-10-18 湖南大学 A kind of Distributed data share method that Internet of Things based on block chain is credible

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242237A (en) * 2021-05-08 2021-08-10 电子科技大学 Node equipment detection system based on industrial Internet of things and detection method thereof
CN113242237B (en) * 2021-05-08 2022-03-18 电子科技大学 Node equipment detection system based on industrial Internet of things and detection method thereof
CN113572734A (en) * 2021-06-24 2021-10-29 福建师范大学 Cross-domain access control method based on block chain in mobile edge calculation
CN113572734B (en) * 2021-06-24 2023-04-28 福建师范大学 Cross-domain access control method based on block chain in mobile edge calculation
CN113949642A (en) * 2021-10-19 2022-01-18 中国电子科技集团公司第二十研究所 Internet of things sensor node trust evaluation method based on block chain storage
CN114157487A (en) * 2021-12-03 2022-03-08 上海交通大学 Large-scale Internet of things access control method based on block chain technology
CN114338701B (en) * 2021-12-29 2023-03-07 四川启睿克科技有限公司 Block chain-based zero-trust system and access method for Internet of things
CN114338701A (en) * 2021-12-29 2022-04-12 四川启睿克科技有限公司 Block chain-based zero-trust system and access method for Internet of things
CN115051989A (en) * 2022-06-10 2022-09-13 中国华能集团清洁能源技术研究院有限公司 Refined distributed access control method based on block chain in industrial Internet of things
CN115051989B (en) * 2022-06-10 2024-04-05 中国华能集团清洁能源技术研究院有限公司 Fine distributed access control method based on blockchain in industrial Internet of things
CN115529136A (en) * 2022-08-16 2022-12-27 云南师范大学 Lightweight block chain design method facing Internet of things and based on attribute access control
CN115529136B (en) * 2022-08-16 2024-02-23 云南师范大学 Internet of things-oriented lightweight blockchain design method based on attribute access control
CN116170162A (en) * 2023-04-26 2023-05-26 湖南天河国云科技有限公司 Selective consensus method, computer storage medium, and terminal device
CN116896480A (en) * 2023-09-01 2023-10-17 广州红海云计算股份有限公司 Network security management system based on block chain
CN117978680A (en) * 2024-04-01 2024-05-03 北京大学 Heterogeneous Internet of things evaluation method and device and nonvolatile storage medium
CN117978680B (en) * 2024-04-01 2024-06-04 北京大学 Heterogeneous Internet of things evaluation method and device and nonvolatile storage medium

Also Published As

Publication number Publication date
CN112261155B (en) 2021-03-16

Similar Documents

Publication Publication Date Title
CN112261155B (en) Internet of things access control method with dynamic consensus based on block chains of alliances
CN112132447B (en) Block chain-based algorithm for evaluating and guaranteeing trust of computing power network
CN109871669B (en) Data sharing solution based on block chain technology
KR102002509B1 (en) Privite blockchain system including notarizing center and notarial method thereof
Yu et al. Interoperable strategies in automated trust negotiation
US7987495B2 (en) System and method for multi-context policy management
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
CN110365695A (en) The block chain data interactive method and device of changeable common recognition algorithm
CN105247529A (en) Synchronizing credential hashes between directory services
Krautsevich et al. Risk-aware usage decision making in highly dynamic systems
US10282461B2 (en) Structure-based entity analysis
US20210344508A1 (en) Hardware Security Module that Enforces Signature Requirements
CN112583810B (en) Zero trust method for context-based virtual network
MX2008013941A (en) Claim transformations for trust relationships.
CN105207780A (en) User authentication method and device
CN111950019A (en) Block chain-based Internet of things access control system and method
CN105991596A (en) Access control method and system
WO2023035065A1 (en) Methods and systems for fast consensus within distributed ledgers
Lone et al. Reputation driven dynamic access control framework for iot atop poa ethereum blockchain
CN112837023A (en) Business collaboration platform, method and device of organization and electronic equipment
CN112699136A (en) Cross-link certificate storage method and related device
WO2012001475A1 (en) Consigning authentication method
EP2585968A2 (en) Consigning authentication method
CN112037055A (en) Transaction processing method and device, electronic equipment and readable storage medium
Khalil et al. IoT-MAAC: Multiple attribute access control for IoT environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant