Anonymous Data Sharing and Access Control Based on Blockchain and Attribute-Based Cryptography

doi:10.19678/j.issn.1000-3428.0065202

Abstract

Abstract:

Information security and privacy protection are critical requirements in the era of big data. Identity-based cryptography is a type of public-key cryptography that solves the main management problem of the traditional public key infrastructure.However, it will leak the identity information of the signer. The traditional attribute-based access control schemes achieve the dynamic expansion of subjects and fine-grained access to objects, but a centralized authority exists. This study proposes an anonymous data sharing and access control scheme based on blockchain and Attribute-Based Cryptography(ABC) to solve the above problems. Using the anonymity of Attribute-Based Signature(ABS), the reliability of data sources can be verified without knowing the user identity information before storing the data, and fine-grained access control is achieved through Attribute-Based Encryption(ABE). The distributed ABC system is used to enable users to cooperate in building an attribute authority. Authority creation and key distribution can only be performed when the users exceed a specified threshold. The experimental results show that the scheme can resist collusion and replay attacks. Under the condition that the number of concurrent requests is 1 000-5 000 and the number of attributes is 10-30, the total response time of the system does not exceed 120 ms, and the maximum throughput can reach 62 T/s, which satisfy the requirements of the actual environment.

Key words: blockchain, Attribute-Based Cryptography(ABC), access control, identity authentication, privacy protection

摘要：

信息安全和隐私保护是大数据时代的重要需求。基于身份的公钥密码体制解决了传统公钥基础设施体制的密钥管理问题，但会泄漏签名者的身份信息。传统基于属性的访问控制方案实现了主体的动态扩展和对客体的细粒度访问，但存在中心化的授权机构。为了解决上述问题，提出一种基于区块链与去中心化属性密码体制的匿名数据共享访问控制方案。利用属性签名的匿名性，在存储数据前无须已知用户身份信息即可验证数据来源的可靠性，通过属性加密实现细粒度的访问控制。采用分布式属性密码体制，使用户合作构建属性授权机构，当且仅当超过指定阈值的机构用户同意时才可进行机构创建和密钥分发。实验结果表明，该方案能抵抗合谋和重放攻击，在并发请求数为1 000~5 000和属性数为10~30的条件下，系统总响应时间不超过120 ms，最大吞吐量可达62 T/s，满足实际应用需求。

关键词: 区块链, 属性密码体制, 访问控制, 身份认证, 隐私保护

Jingyi WANG, Baixiang LIU, Ning FANG, Lingqi PENG. Anonymous Data Sharing and Access Control Based on Blockchain and Attribute-Based Cryptography[J]. Computer Engineering, 2023, 49(10): 41-52.

王静怡, 刘百祥, 方宁, 彭凌祺. 基于区块链与属性密码体制的匿名数据共享访问控制[J]. 计算机工程, 2023, 49(10): 41-52.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0065202

http://www.ecice06.com/EN/Y2023/V49/I10/41

Figures/Tables 17

Fig.1 General process

Fig.2 Overall architecture of anonymous data sharing and access control scheme

Fig.3 User data structure

Fig.4 DABC data structure

Fig.5 User attribute application data structure

Fig.6 DABC smart contract operation process

Fig.7 PLAT smart contract operation process

Fig.8 Experimental environment configuration

Fig.9 Comparison of the algorithm running time of the different schemes

Fig.10 Comparison of running time of AASetup and AttrGen algorithms

Fig.11 Comparison of running time of four

algorithms

Fig.12 Response time test results

Fig.13 Throughput test results

References 29

1	张亮, 刘百祥, 张如意, 等. 区块链技术综述. 计算机工程, 2019, 45(5): 1- 12. URL
	ZHANG L, LIU B X, ZHANG R Y, et al. Overview of blockchain technology. Computer Engineering, 2019, 45(5): 1- 12. URL
2	王强, 刘长春, 周保茹. 基于区块链的制造服务可信交易方法. 计算机集成制造系统, 2019, 25(12): 3247- 3257. URL
	WANG Q, LIU C C, ZHOU B R. Trusted transaction method of manufacturing services based on blockchain. Computer Integrated Manufacturing Systems, 2019, 25(12): 3247- 3257. URL
3	MOZUMDER M A I, SHEERAZ M M, ATHAR A, et al. Overview: technology roadmap of the future trend of metaverse based on IoT, blockchain, AI technique, and medical domain metaverse activity[C]//Proceedings of the 24th International Conference on Advanced Communication Technology. Washington D. C., USA: IEEE Press, 2022: 256-261.
4	AO Z Q, HORVATH G, ZHANG L Y. Is decentralized finance actually decentralized?A social network analysis of the Aave protocol on the Ethereum blockchain[EB/OL]. [2022-06-14]. https://arxiv.org/abs/2206.08401.
5	CHOI T M, SIQIN T N. Blockchain in logistics and production from Blockchain 1.0 to Blockchain 5.0: an intra-inter-organizational framework. Transportation Research Part E: Logistics and Transportation Review, 2022, 160, 102653. doi: 10.1016/j.tre.2022.102653
6	FERRAIOLO D, CUGINI J, KUHN D R. Role-Based Access Control(RBAC): features and motivations[C]//Proceedings of the 11th Annual Computer Security Application Conference. New York, USA: ACM Press, 1995: 241-248.
7	KUHN D R, COYNE E J, WEIL T R. Adding attributes to role-based access control. Computer, 2010, 43(6): 79- 81. doi: 10.1109/MC.2010.155
8	王秀利, 江晓舟, 李洋. 应用区块链的数据访问控制与共享模型. 软件学报, 2019, 30(6): 1661- 1669. URL
	WANG X L, JIANG X Z, LI Y. Model for data access control and sharing based on blockchain. Journal of Software, 2019, 30(6): 1661- 1669. URL
9	高振升, 曹利峰, 杜学绘. 基于区块链的访问控制技术研究进展. 网络与信息安全学报, 2021, 7(6): 68- 87. URL
	GAO Z S, CAO L F, DU X H. Research progress of access control based on blockchain. Chinese Journal of Network and Information Security, 2021, 7(6): 68- 87. URL
10	陈露, 相峰, 孙知信. 基于属性密码体制的区块链安全技术研究进展. 电子学报, 2021, 49(1): 192- 200. URL
	CHEN L, XIANG F, SUN Z X. A survey of blockchain security technologies based on attribute-based cryptography. Acta Electronica Sinica, 2021, 49(1): 192- 200. URL
11	陈泽宁, 张亮, 张双俊, 等. 基于区块链和去中心属性密码的访问控制身份方案. 中国科学: 信息科学, 2021, 51(8): 1345- 1359. URL
	CHEN Z N, ZHANG L, ZHANG S J, et al. Access control scheme on blockchain and decentralized attributed-based algorithm with identity. Scientia Sinica(Informationis), 2021, 51(8): 1345- 1359. URL
12	袁和昕, 刘百祥, 阚海斌, 等. 基于区块链和去中心不可否认属性签名的分布式公钥基础设施方案. 中国科学: 信息科学, 2022, 52(6): 1135- 1148. URL
	YUAN H X, LIU B X, KAN H B, et al. Distributed public key infrastructure scheme based on blockchain and decentralized undeniable attribute-based signature. Scientia Sinica(Informationis), 2022, 52(6): 1135- 1148. URL
13	SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2005: 457-473.
14	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2006: 89-98.
15	RIVEST R L, SHAMIR A, TAUMAN Y. How to leak a secret. Berlin, Germany: Springer, 2001.
16	CHAUM D, VAN HEYST E. Group signatures. Berlin, Germany: Springer, 1991.
17	BOYEN X. Mesh signatures[C]//Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2007: 210-227.
18	MAJI H K, PRABHAKARAN M, ROSULEK M. Attribute-based signatures[C]//Proceedings of Cryptographers' Track at the RSA Conference. Berlin, Germany: Springer, 2011: 376-392.
19	LI J, AU M H, SUSILO W, et al. Attribute-based signature and its applications[C]//Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. New York, USA: ACM Press, 2010: 60-69.
20	CHASE M. Multi-authority attribute based encryption. Berlin, Germany: Springer, 2007.
21	CAO D, ZHAO B K, WANG X F, et al. Multi-authority attribute-based signature[C]//Proceedings of the 3rd International Conference on Intelligent Networking and Collaborative Systems. Washington D. C., USA: IEEE Press, 2012: 668-672.
22	SUN J M, QIN J, MA J X. Securely outsourcing decentralized multi-authority attribute based signature[C]//Proceedings of International Symposium on Cyberspace Safety and Security. Berlin, Germany: Springer, 2017: 86-102.
23	方宁, 刘百祥, 阚海斌. 基于区块链和去中心可追踪属性签名的可控匿名认证方案. 中国科学: 信息科学, 2021, 51(10): 1706- 1720. URL
	FANG N, LIU B X, KAN H B. Controllable anonymous authentication scheme based on blockchain and decentralized traceable attribute-based signature. Scientia Sinica(Informationis), 2021, 51(10): 1706- 1720. URL
24	PEDERSEN T P. A threshold cryptosystem without a trusted party[C]//Proceedings of Workshop on the Theory and Application of of Cryptographic Techniques. Berlin, Germany: Springer, 1991: 522-526.
25	BEIMEL A. Secure schemes for secret sharing and key distribution[EB/OL]. [2022-06-14]. https://www.researchgate.net/publication/243781866_Secure_Schemes_for_Secret_Sharing_and_Key_Distribution.
26	SHAMIR A. How to share a secret. Communications of the ACM, 1979, 22(11): 612- 613.
27	BLAKLEY G R. Safeguarding cryptographic keys[C]//Proceedings of International Workshop on Managing Requirements Knowledge. Washington D. C., USA: IEEE Press, 2019: 313-318.
28	蔡永泉, 张恩, 贺警阳. 抗合谋攻击的(t, n)门限签名方案. 北京工业大学学报, 2011, 37(8): 1231- 1235. URL
	CAI Y Q, ZHANG E, HE J Y. (t, n) threshold signature scheme against collusion attack. Journal of Beijing University of Technology, 2011, 37(8): 1231- 1235. URL
29	RUJ S, STOJMENOVIC M, NAYAK A. Decentralized access control with anonymous authentication of data stored in clouds. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(2): 384- 394.

[1]	Yang LIU, Shengjie ZHANG. A Secure Smart Contract Generation Method Based on Timed Automata [J]. Computer Engineering, 2023, 49(9): 137-143, 157.
[2]	Baohua HUANG, Huiying ZHENG, Xi QU, Ningjiang CHEN. Efficient Storage Access Control Scheme for Alliance Chain [J]. Computer Engineering, 2023, 49(8): 37-45.
[3]	Qun WANG, Fujuan LI, Xueli NI, Lingling XIA, Guangjun LIANG. Data Formation and Privacy Threat of Blockchain [J]. Computer Engineering, 2023, 49(8): 1-12.
[4]	Tianchen QIU, Xiaoying ZHENG, Yongxin ZHU, Songlin FENG. Federated Learning Architecture for Non-IID Data [J]. Computer Engineering, 2023, 49(7): 110-117.
[5]	HE Jianjiang, CHEN Yuling. DLIN Encryption-based Auditable Privacy-Preserving Scheme for Consortium Blockchain [J]. Computer Engineering, 2023, 49(6): 170-179.
[6]	CHEN Fuan, LIU Yi. Blockchain-based V2G Certificateless Ring Signcryption Privacy Protection Scheme [J]. Computer Engineering, 2023, 49(6): 34-41,52.
[7]	GAO Jianbo, ZHANG Jiashuo, LI Qingshan, CHEN Zhong. Detection Method for Rule Conflicts in RegLang Regulatory Contracts [J]. Computer Engineering, 2023, 49(5): 12-21,28.
[8]	PAN Xue, YUAN Lingyun, HUANG Minmin. Cross-Domain Trust Evaluation Model for IoT Based on Blockchain and Domain Trust Degree [J]. Computer Engineering, 2023, 49(5): 181-190.
[9]	WANG Qun, LI Fujuan, NI Xueli, XIA Lingling, LIANG Guangjun. Research on Blockchain Privacy Protection Mechanism [J]. Computer Engineering, 2023, 49(4): 1-13.
[10]	HUANG Jinrong, LIU Baixiang, ZHANG Liang, ZHANG Zhanpeng. Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens [J]. Computer Engineering, 2023, 49(4): 14-22.
[11]	BAI Shouzhen, CHEN Meijuan. Research on Layering and Sharding of Blockchain for Industrial Internet [J]. Computer Engineering, 2023, 49(3): 58-66,79.
[12]	TIAN Xiuxia, YANG Mingyi. Smart Contract-Based Access Control Mechanism in Home IoT [J]. Computer Engineering, 2023, 49(3): 18-28.
[13]	ZHANG Xiaojun, LIU Qing, ZHENG Shuang, WANG Xin, XUE Jingting, WANG Shixiong. Verifiable Cloud Data Sharing Scheme that Supports Privacy Protection [J]. Computer Engineering, 2023, 49(3): 49-57.
[14]	LIU Zekun, WANG Feng, JIA Hairong. Optimization Scheme of PBFT Algorithm Combining Dynamic Credit Mechanism [J]. Computer Engineering, 2023, 49(2): 191-198.
[15]	SU Ruiguo, YANG Jian, QIN Jiwei, WU Xiaoxiong, JIA Zhenhong. Research on Lightweight Consensus Algorithm Based on IoT Blockchain [J]. Computer Engineering, 2023, 49(2): 175-180.

Please choose a citation manager

Content to export