Research On Privacy Protection Access Control Technology Based On Blockchain

After more than 50 years of development and improvement,access control technology has become an important means to protect data security.It is indispensable and plays an important role in preventing users from illegal and unauthorized access to resources and ensuring the rational use of data.However,with the development of the times,the endless data security incidents also make the access control technology face new challenges.For example,how to develop from a single point to distributed,how to protect the privacy of key data in access control technology,and how to balance the advantages of new technologies and traditional models are all issues that need to be solved urgently.The research work of this thesis is mainly focused on solving the problems of the centralization of traditional access control technology and the privacy of access control policy data.Based on blockchain and cryptographic technology,two access control schemes are proposed.One is named BPR-RBAC(Blockchain-based Proxy Re-encryption Role-Based Access Control)and the other is named BCS-ABAC(Blockchain-based Ciphertext Search Attribute-Based Access Control),and systematically designed and implemented at the end of the thesis.For the BPR-RBAC scheme,to solve the problem of relying on centralized entities,and the privacy protection problem of access control policies,blockchain and proxy re-encryption are used in this thesis.First,the system model,security model,and design goals of the scheme are described in this thesis,and then the smart contract design and work process are described.Afterward the correctness and safety are analyzed and proved,and finally the experimental simulation is performed.In terms of security,the security of the BPR-RBAC scheme is proved from the difficult assumptions of DBDH(Discriminant Bilinear Diffie-Hellman)and the antiattack of the blockchain;in terms of functionality,compared with other solutions,BPR-RBAC has achieved design goals such as easy auditing of permissions and easy resource management;in terms of performance,we analyze from the perspectives of time and space,time-consuming for encryption,decryption,and re-encryption,and the difference between ciphertext and reencryption keys space consumption,compared with RBAC and other scheme models,BPRRBAC has higher decision performance,less time for encryption,decryption,and re-encryption,and lower storage space for ciphertexts and keys.For the BCS-ABAC scheme,to solve the problem of relying on centralized entities,blockchain is used in this thesis.However,due to the pressure of increasing access control policies,the public key searchable encryption feature is used to encrypt the access control policy,which protects the policy data privacy,and no need to store the re-encryption key,also the generated ciphertext only occupies a very small space,thereby reducing the storage pressure of the blockchain.First the system model,security model,and design goals of the program are described in this thesis,then elaborates the smart contract design and workflow,next the correctness,security,and complexity are analyzed and proved,and finally conducts an experimental simulation.In terms of safety,based on CDH(Computational Diffie-Hellman)difficulty assumptions,the safety of the BCS-ABAC scheme is proved;in terms of complexity,the computational complexity of BCS-ABAC is better than other schemes;in terms of performance,from time and space,it analyzes the access time consumption of BCS-ABAC,the generation time of ciphertext and trapdoor,and the space consumption of ciphertext and trapdoor.Comparison of ABAC and other scheme models proves the performance advantages of BCS-ABAC.Finally,the systematic design and realization of the two schemes are proposed in the thesis.First,starting from the overall system architecture,the system is divided into an access layer,an application layer,a service layer,and a data storage layer from top to bottom.Then,the specific implementation of each layer is elaborated in detail.The access layer selects and accesses users/devices and schemes types;the application/service layer implements the specific process of the schemes;the data storage layer explains the data form and content stored in the schemes.