Research On Identity Management And Data Sharing Mechanism Based On Consortium Blockchain

In large-scale multi-domain Internet of Things(IoT)application scenarios,crossdomain authentication and secure data exchange between different entities become increasingly important.Most of the existing centralized architectures have security issues such as single point of failure,privacy leakage,and illegal access.Even worse,the oneto-one authentication mode limits the rate of data exchange across domains,which may create the new data islands.Based on the above reasons,this thesis first proposes a consortium blockchain based multi-node cross-domain authentication scheme,named CBBMCA(Consortium Blockchain based Multi-node Cross-domain Authentication Scheme in IoT),which meet the needs of multi-node cross-domain data exchange in the IoT.Specifically,the local blockchain is responsible for recording the registration and identity information of any legal node in its local domain,while the consortium blockchain,as a trusted third party between domains,is responsible for verifying multi-node cross-domain authentication information.The scheme uses aggregated signatures to achieve batch verification to ensure efficiency,and uses the pseudonym mechanism to track the identity of malicious nodes while ensuring anonymity.The security and performance analysis proves that CBBMCA has superior security and efficient practicability.Secondly,under the trust environment established by CBBMCA,the Lagrange interpolation function is introduced to construct a signcryption message transmission scheme received by multiple receivers,which can protect the identities of multiple receiver nodes,solve the problem of anonymity of multiple receivers,and ensure security.Under the random oracle model of the Internet of Things,it can resist chosen ciphertext attack(CCA).Performance analysis shows that this scheme has obvious advantages in computing cost and ciphertext length,and the number of system public parameters is moderate,which is beneficial to system storage.At the same time,the decryption fairness of the receiver is satisfied,and the signcryption scheme is proved to be ciphertext indistinguishable under adaptively chosen ciphertext attack and unforgeable under adaptively chosen message attack under the random oracle model.Under the background of multi-node participation based on the alliance blockchain,the signcryption scheme can be applied to more scenes and has achieved good applicability.Finally,in order to meet the needs of different users to share data in the public cloud,a blockchain-assisted data sharing scheme with privacy protection and hierarchical ciphertext access control is proposed,named BC-HSABE(Blockchain-aided Hierarchical Attribute-based Encryption for Data Sharing).First,a layered encrypted data sharing system based on blockchain is designed,including the layered encrypted data sharing system architecture,the functions of different roles and entities in the sharing system,and the data sharing encryption scheme.Specifically,by using ciphertext policy attributebased encryption(CP-ABE),shared data and private data are encrypted hierarchically.Combined with searchable encryption technology,it realizes fine-grained access control and keyword ciphertext search.The BC-HSABE scheme implements attribute-based dynamic authority management.The data owner packs the keyword index into a transaction,which is stored on the blockchain after distributed verification by the blockchain nodes.The search process is carried out on the blockchain,which ensures the security of keywords.Safety analysis and experimental analysis showed that BC-HSABE scheme is safe and effective.