Design And Implementation Of Chain Data Security System Based On Trusted Network

With the advent of the era of big data,cloud service storage has been more and more widely used.however,the existing cloud service storage depends on the cloud server,and the data is tampered with,or the data access authority is uncertain due to non-standard user permissions.As a kind of decentralized special database,blockchain can ensure that the data storage can not be tampered with,but in practice,users often need to selectively share the data and determine the access control authority of the data.and a single user usually has multiple information compared with identity,how to ensure the credibility of data storage,the ownership of user identity and their data sovereignty is the focus of the current blockchain technology.In order to ensure the credibility of data storage,establish an access control system to ensure the selective sharing of data,so that users can manage personal identity information and establish the mapping of user identity to user data,and ensure data sovereignty,at the same time,when users need to process their own uploaded data,to ensure the isolation and non-disclosure of the data processing process,this paper makes the following research.The main contents are as follows:1)To determine the integral chain data security system model,in order to solve the problem of user trusted identity and multiple identities,distributed identity is used to establish digital identity for user identity to ensure the credibility of digital identity.Clear distributed identity establishment and update process,using distributed storage to store user data files.The file identity is stored in the chain to guide the data requestor to download and restore the data file.The CP-ABE algorithm is used to encrypt the user attributes,so that the users who conform to the attributes can be decrypted to achieve selective data disclosure.In order to reduce the overhead of access control policy,a symbol-based access control policy generation algorithm is proposed,which uses the improved Kafka to achieve the consensus of block chain nodes.2)For the requirement of trusted data processing,using Docker to build a trusted container in the trusted execution environment,process the data in the container,carry out enclave authentication at startup,ensure that the container starts in the trusted execution environment,and make clear the process of container startup,operation,destruction and data export.for the image needed to establish the container,design the image vulnerability detection system IVDS,and use the image file retrieval to retrieve the vulnerability.Ensure that the image files used by the establishment container are vulnerable or vulnerable,and design a vulnerability assessment module to verify that the relevant Docker images are available.Finally,the blockchain platform is built and the above functions are realized,the feasibility of the chain data security system is confirmed,and the shortcomings of the prototype system and the future research direction are analyzed.