Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (2): 137-.

Previous Articles     Next Articles

Blockchainbased Data Element Resources Sharing and Access  Control Scheme

  

  • Online:2023-02-01 Published:2023-01-24

基于区块链的数据要素资源共享及访问控制方案

王栋;李达;冯景丽;石竹玉;朴桂荣;   

  1. (国网数字科技控股有限公司(国网雄安金融科技集团有限公司)北京100053)
    (国家电网有限公司区块链技术实验室北京100053)
    (国网区块链科技(北京)有限公司北京100053)
  • 通讯作者: 王栋 硕士,高级工程师.主要研究方向为信息安全、区块链技术. wangdong@sgdt.sgcc.com.cn
  • 作者简介:王栋 硕士,高级工程师.主要研究方向为信息安全、区块链技术. wangdong@sgdt.sgcc.com.cn 李达 硕士,工程师.主要研究方向为能源区块链技术. lida@sgdt.sgcc.com.cn 冯景丽 硕士,工程师.主要研究方向为能源区块链技术. fengjl1024@163.com 石竹玉 硕士,工程师.主要研究方向为信息技术标准化. whu_shizhuyu@163.com 朴桂荣 博士,工程师.主要研究方向为信息安全与区块链技术. piao_gr@163.com

Abstract: The secure access control of data resources is the foundation of the industry chain. Attributebased encryption is widely used in finegrained access control to achieve secure data sharing, but there are many challenges, such as single authority, high trustbuilding cost, difficulty to revoke access, and single point of failure. In this paper, we propose a blockchainbased data resources access control scheme in the industry chain, which improves the security and flexibility of access control by designing a revocable multiauthority attributebased encryption algorithm. In addition, the blockchain with immutability, unforgeability, traceability and auditability is introduced to maintain the rights of data owners and reduce the cost of attribute management among attribute authorities. This scheme supports distributed attribute management and attributes updating without trusted authority to resist collusive attacks. The analysis results show that the proposed scheme can achieve secure and trustworthy data sharing in the industry chain.

Key words: access control, blockchain, attributebased encryption, multiauthority, revocable, industry chain

摘要: 数据资源的安全访问是数据要素在产业链中流通的基本要求.属性基加密被广泛应用于细粒度访问控制中来实现数据的安全共享,但存在授权机构单一、信任成本高、访问难撤销、单点失效等挑战.为此,提出了一种基于区块链的数据要素共享及访问控制方案,通过设计访问可撤销的多授权中心的属性基加密算法来提升访问的安全性和灵活性.此外,结合具有防篡改、防伪造、可追溯、可审计等特性的区块链技术保护数据拥有方的权益,降低属性机构之间管理属性的成本.该方案支持属性更新,并且支持无可信授权机构的分布式属性管理,以抵御共谋攻击.分析结果表明,所提出的方案可以实现安全可信的产业链数据共享.

关键词: 访问控制, 区块链, 属性基加密, 多授权, 可撤销, 产业链