基于以太坊的改进物联网设备访问控制机制研究

doi:10.19678/j.issn.1000-3428.0057729

摘要/Abstract

摘要： 当前物联网设备节点动态性强且计算能力弱，导致物联网中的传统访问控制机制存在策略判决与策略权限管理效率较低、安全性不足等问题。提出基于以太坊区块链的物联网设备访问控制机制，结合基于角色的访问控制（RBAC）模型设计智能合约。对以太坊相关特性进行分析，建立结合用户组的改进RBAC模型。设计基于以太坊区块链技术的物联网设备访问控制架构及算法，通过编写图灵完备的智能合约实现物联网设备访问控制，融合以太坊区块链MPT树存储结构与星际文件系统对访问控制策略进行存储管理。在以太坊测试链上的实验结果表明，该机制具有较高的策略判决性能与安全性。

关键词: 区块链, 以太坊, 智能合约, 基于角色的访问控制模型, 物联网设备, 访问控制

Abstract: The high mobility and weak computation capabilities of Internet of Things(IoT) device nodes lead to some problems in the traditional access control mechanism of IoT,including low security,and inefficient management of policy decision and policy permissions.To address the problems,this paper proposes an access control mechanism for IoT devices based on Ethereum blockchain,and a smart contract designed by using the Role-Based Access Control (RBAC) model.First,this paper expounds the features of Ethereum and proposes an improved RBAC access control model combined with user groups.Then it designs the access control architecture and algorithm for IoT devices based on Ethereum blockchain technology,and writes Turing-complete smart contracts to realize access control for IoT devices.The storage structure of Ethereum blockchain MPT tree and InterPlanetary File System(IPFS) are used to store and manage access control strategies.The test results on the Ethereum test chain verify high security and policy decision performance of the proposed mechanism.

Key words: blockchain, Ethereum, smart contract, Role-Based Access Control(RBAC) model, Internet of Things(IoT) devices, access control

中图分类号:

TP309

张建国, 胡晓辉. 基于以太坊的改进物联网设备访问控制机制研究[J]. 计算机工程, 2021, 47(4): 32-39,47.

ZHANG Jianguo, HU Xiaohui. Research on Improved Access Control Mechanism of Internet of Things Devices Based on Ethereum[J]. Computer Engineering, 2021, 47(4): 32-39,47.

http://www.ecice06.com/CN/Y2021/V47/I4/32

图/表 9

20210425164748

20210425164751

20210425164754

20210425164757

20210425164801

20210425164804

20210425164807

20210425164810

20210425164813

参考文献

[1] FANG Liang,YIN Lihua,GUO Yunchuan,et al.A survey of key technologies in attribute-based access control scheme [J].Chinese Journal of Computers,2017,40(7):1680-1698.(in Chinese)房梁,殷丽华,郭云川,等.基于属性的访问控制关键技术研究综述[J].计算机学报,2017,40(7):1680-1698.
[2] SHI Jinshan,LI Ru.Survey of blockchain access control in Internet of things[J].Journal of Software,2019,30(6):1632-1648.(in Chinese)史锦山,李茹.物联网下的区块链访问控制综述[J].软件学报,2019,30(6):1632-1648.
[3] YUANYU Z,SHOJI K,YULONG S,et al.Smart contract-based access control for the Internet of things[J].IEEE Internet of Things Journal,2019,6(2):1594-1605.
[4] NDIBANJE B,LEE H J,LEE S G.Security analysis and improvements of authentication and access control in the Internet of things[J].Sensors,2014,14(8):14786-14805.
[5] YAVARI A,PANAH A S,GEORGAKOPOULOS D,et al.Scalable role-based data disclosure control for the Internet of things[C]//Proceedings of 2017 IEEE International Conference on Distributed Computing Systems.Washington D.C.,USA:IEEE Press,2017:2226-2233.
[6] LIU Qiang,ZHANG Hao,WAN Jiafu,et al.An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing Internet of things[J].IEEE Access,2017,5:7001-7011.
[7] CRUZ J P,KAJI Y,YANAI N.RBAC-SC:role-based access control using smart contract[J].IEEE Access,2018,6:12240-12251.
[8] OUECHTATI H,AZZOUNA N B.Trust-ABAC towards an access control system for the Internet of things[EB/OL].[2020-01-05].https://www.researchgate.net/publication/319980251_Trust-ABAC_Towards_an_Access_Control_System_for_the_Internet_of_Things.
[9] HEMDI M,DETERS R.Using REST based protocol to enable ABAC within IoT systems[C]//Proceedings of 2016 IEEE Annual Information Technology,Electronics and Mobile Communication Conference.Washington D.C.,USA:IEEE Press,2016:1-7.
[10] SHEN Haibo,LIU Shaobo.A context-aware capability-based access control framework for the Internet of things[J].Journal of Wuhan University(Natural Science Edition),2014,60(5):424-428.(in Chinese)沈海波,刘少波.面向物联网的基于上下文和权能的访问控制架构[J].武汉大学学报(理学版),2014,60(5):424-428.
[11] GUSMEROLI S,PICCIONE S,ROTONDI D.A capability-based security approach to manage access control in the Internet of things[J].Mathematical & Computer Modelling,2013,58(5/6):1189-1205.
[12] CHRISTIDIS K,DEVETSIKIOTIS M.Blockchains and smart contracts for the Internet of things[J].IEEE Access,2016,4:2292-2303.
[13] China Blockchain Technology and Industry Development Forum.White paper on China's blockchain technology and application development(2016)[EB/OL].[2020-01-05].http://www.cbdforum.cn/bcweb/index/article/rsr-6.html.(in Chinese)中国区块链技术和产业发展论坛.中国区块链技术和应用发展白皮书(2016)[EB/OL].[2020-01-05].http://www.cbdforum.cn/bcweb/index/article/rsr-6.html.
[14] FOTIOU N,SIRIS V A,POLYZOS G C.Interacting with the Internet of things using smart contracts and blockchain technologies[EB/OL].[2020-01-05].https://sofie.comnet.aalto.fi/images/4/4c/Spiot.pdf.
[15] Ethereum white paper(2013)[EB/OL].[2020-01-05].https://github.com/ethereum/wiki/wiki/White-Paper.
[16] GAO Yichen,ZHAO Bin,ZHANG Zhao.Research and implementation of a smart automatic contract generation method for Ethereum[J].Journal of East China Normal University(Natural Science),2020(5):21-32.(in Chinese)高一琛,赵斌,张召.面向以太坊的智能合约自动生成方法研究与实现[J].华东师范大学学报(自然科学版),2020(5):21-32.
[17] RADZIWILL N.Blockchain revolution:how the technology behind bitcoin is changing money,business,and the world[J].Quality Management Journal,2018,25(1):64-65.
[18] LIU Aodi,DU Xuehui,WANG Na,et al.Blockchain-based access control mechanism for big data[J].Journal of Software,2019,30(9):2636-2654.(in Chinese)刘敖迪,杜学绘,王娜,等.基于区块链的大数据访问控制机制[J].软件学报,2019,30(9):2636-2654.
[19] NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2020-01-05].https://bitcoin.org/bitcoin.pdf.
[20] DING Wei,WANG Guocheng,XU Aidong,et al.Research on key technologies and information security issues of energy blockchain[J].Proceedings of the CSEE,2018,38(4):1026-1034,1279.(in Chinese)丁伟,王国成,许爱东,等.能源区块链的关键技术及信息安全问题研究[J].中国电机工程学报,2018,38(4):1026-1034,1279.

选择文件类型/文献管理软件名称

选择包含的内容