边缘计算中基于区块链的轻量级密文访问控制方案

密文策略属性基加密(ciphertext-policy attribute-based encryption, CP-ABE)技术可以在保证数据隐私性的同时提供细粒度访问控制.针对现有的基于CP-ABE的访问控制方案不能有效解决边缘计算环境中的关键数据安全问题,提出一种边缘计算环境中基于区块链的轻量级密文访问控制方案(blockchain-based lightweight access control scheme over ciphertext in edge computing, BLAC).在BLAC中,设计了一种基于椭圆曲线密码的轻量级CP-ABE算法,使用快速的椭圆曲线标量乘法实现算法加解密功能,并将大部分加解密操作安全地转移,使得计算能力受限的用户设备在边缘服务器的协助下能够高效地完成密文数据的细粒度访问控制;同时,设计了一种基于区块链的分布式密钥管理方法,通过区块链使得多个边缘服务器能够协同地为用户分发私钥.安全性分析和性能评估表明BLAC能够保障数据机密性,抵抗共谋攻击,支持前向安全性,具有较高的用户端计算效率,以及较低的服务器端解密开销和存储开销.

Blockchain-based Lightweight Access Control Scheme over Ciphertext in Edge Computing

Ciphertext-policy attribute-based encryption (CP-ABE) can provide fine-grained access control while guaranteeing data privacy. Considering that the existing CP-ABE-based access control schemes can not effectively address critical data security in edge computing, this study proposes a blockchain-based lightweight access control scheme over ciphertext (BLAC) in edge computing. In BLAC, a lightweight CP-ABE algorithm based on elliptic curve cryptography is designed, and fast elliptic curve scalar multiplication is adopted to realize algorithm encryption and decryption. Additionally, most of the encryption and decryption operations are securely transferred to make user devices with limited computing power efficiently complete the fine-grained access control process of ciphertext data with the assistance of edge servers. Meanwhile, a distributed key management method based on blockchain is designed, which enables multiple edge servers to collaboratively distribute private keys for users by blockchain. Security analysis and performance evaluation show that BLAC can guarantee data confidentiality, resist conspiracy attacks, and support forward security. Additionally, it has high user-side computational efficiency and low server-side decryption overhead and storage overhead.