基于区块链的策略隐藏大数据访问控制方法

针对大数据应用中用户共享数据的访问控制由半可信云服务商实施所带来的隐私泄露、策略和访问日志易被篡改等问题, 提出一种基于区块链的策略隐藏大数据访问控制方法 (A policy-hidden big data access control method based on blockchain, PHAC). 该方法采用区块链技术实施访问控制以减少对服务商的信任依赖, 引入属性基加密(Attribute-based encryption, ABE)以及双线性映射技术, 实现在不泄露访问控制策略的前提下, 通过智能合约正确执行访问控制策略. 同时, 解耦访问控制策略, 简化用户策略的发布、更新和执行. 并应用链上和链下存储相结合方式, 解决智能合约和访问控制策略占用区块链节点资源不断增大的问题. 最后, 对该方法进行了理论分析和HyperLedger Fabric环境下的实验评估, 结果表明该方法能在策略隐藏情况下有效实现访问控制, 但不会给数据拥有者、区块链节点增加过多额外计算和存储开销.

A Policy-hidden Big Data Access Control Method Based on Blockchain

In the current big data application, the access control of user shared data is implemented by the incomplete trusted cloud service provider, which brings problems such as privacy disclosure, policy and access log easy to be tampered. To solve this problem, this paper presents a policy-hidden big data access control method based on blockchain (PHAC), which exploits blockchain technology to implement access control to reduce the reliance of data owners on cloud servers. Attribute-based encryption (ABE) and bilinear mapping are introduced to implement access control policies correctly through smart contracts without disclosing access control policies. Meanwhile, access control policies are decoupled to simplify their release, update and execution. The combination of on-chain and off-chain storage is applied to solve the problem that smart contracts and access control policies occupy too much blockchain node resources. Finally, theoretical analysis and comprehensive experiments in the HyperLedger Fabric environment have been conducted, which demonstrate the effectiveness of the proposed method. It can effectively implement access control while supporting access control policies hidden, however it does not impose too much extra computing and storage overhead on data owners and blockchain nodes.