CN117648706A - Access control method based on block chain and attribute encryption - Google Patents

Abstract

The invention discloses an access control method based on blockchain and attribute encryption, which belongs to the technical field of industrial Internet of things, and realizes one-to-many fine-grained data sharing, a semi-trusted cloud agent realizes a pre-decryption module with huge calculation amount, and the time complexity of terminal decryption can be controlled at a constant level; the double-chain architecture of the factory data chain and the privacy data chain is constructed to protect attribute information of users, a strategy hiding scheme of an attribute bloom filter is designed, and double hiding of attribute information and access strategy hiding is achieved.

Description

Access control method based on block chain and attribute encryption

Technical Field

The invention belongs to the technical field of industrial Internet of things, and particularly relates to an access control method based on blockchain and attribute encryption.

Background

The industrial Internet of things collects a large amount of basic data in a production process through various sensors, and performs deep data analysis and mining, so that the production process is optimized, and the production efficiency is improved. However, the mobility of mass data also causes security boundary of data management, resource stealing and other security incidents frequently, and great difficulty is brought to data management and protection. How to avoid data island and ensure information sharing among departments and organizations is an important problem to be solved currently. The access control technology realizes the data sharing between the access subject and the object by formulating a corresponding access strategy, can prevent users from illegally acquiring, tampering and destroying resources or data, is a very important mechanism for ensuring the security of the stored data of the users, and has important significance for the open sharing and the security management of the data.

The blockchain is used as a novel P2P distributed account book and calculation paradigm, solves the safety problem brought by the traditional trusted central authority, and is mainly characterized by a decentralised system architecture. The data on the blockchain is time sequence data which can not be tampered, and the value transfer is realized by fusing mechanisms such as cryptography, hash functions, intelligent contracts and the like. Therefore, the block chain technology and the access control technology are combined to construct a block chain-based decentralization access control framework, the single-point access control problem can be effectively solved, the transparency, verifiability and non-falsification of the whole life cycle of data are realized, and the block chain-based decentralization access control framework is an upgrade protection mechanism for traditional data storage and access control.

Attribute-based encryption Algorithm (ABE) is considered one of the most effective techniques in implementing access control of data in complex scenarios of cloud storage, blockchain, and the like. Ciphertext policy attribute encryption (CP-ABE) achieves "one-to-many" fine-grained access control by associating user identity information with a set of related attributes, and setting an access control policy for the ciphertext, where the ciphertext can be decrypted when the set of user attributes satisfies the access policy. However, in the internet of things environment, attribute-based cryptosystems are anyway challenged. Attribute encryption is based on bilinear pairing, which is a very expensive cryptographic operation. Due to the limitation of limited computing resources of the terminal of the Internet of things, research of outsourcing computing technology is promoted, and a computing and processing mode is converted from local to different places by outsourcing complex computing to a cloud service provider. However, the cloud server is a semi-trusted entity, and the user still needs to re-verify the correctness of the processing result of the cloud server through complex redundant calculation. Meanwhile, implementing an attribute-based access control model using a blockchain requires storing attribute information and access policy information of a user in the blockchain, which involve identity privacy of the user. However, in the blockchain network, all nodes have a copy of the blockchain, which is equivalent to that all information is transparent, so that the risk of privacy disclosure is increased. Privacy protection is required for these user sensitive information in the access control flow.

Chinese patent CN113779612B discloses a data sharing method and system based on blockchain and hidden policy attribute encryption, and the patent has the following problems: 1. decryption of ciphertext E (sk+URL) involves many bilinear peer-to-peer complex computations, all done by the data visitor, creating a significant burden on the terminal data visitor with limited computing resources. 2. The trusted attribute verification service verifies whether the attribute of the data visitor meets the access policy or not, but the attribute verification service is not deployed in the intelligent contract, the integrity and the accuracy of the verification result cannot be guaranteed, and single-point failure of the system can be possibly caused. 3. The data visitor does not verify and feed back whether the E (data) is the original ciphertext uploaded by the data owner, and an external attacker tampering with the ciphertext or a malicious uploading of the ciphertext by the data owner may cause a breakdown of the system.

Chinese patent CN114679271a discloses a blockchain privacy data access control method and system, in which attribute decryption steps are performed by the blockchain and returned to the data visitor to encrypt plaintext msg, dishonest nodes may steal the decryption result, and unsafe communication channels may leak plaintext. In addition, the access policy and the attribute set of the user are recorded in the blockchain in a plaintext form, and due to the transparency of the blockchain, all users can know the access policy information and the attribute information of the data visitor from the blockchain, and the identity privacy of the data visitor cannot be guaranteed.

Disclosure of Invention

In view of the above, the present invention aims to provide an access control method based on blockchain and attribute encryption, which solves the problem of how to construct an access control architecture of blockchain based on CP-ABE algorithm, and realizes safe and efficient one-to-many fine granularity data sharing; designing an algorithm for outsourcing and calculating the verifiable CP-ABE in consideration of the fact that the decryption stage of the CP-ABE algorithm involves a plurality of complex calculations; the transparency of the blockchain exposes the uploaded access strategy information of the user, and a hiding algorithm of the access strategy is designed to hide the mapping between the original attribute and the access structure; the access control model based on the blockchain needs to store the attribute information of the user on the chain, and an efficient double-chain architecture is designed to store the attribute information of the user in an independent privacy data chain so as to ensure the attribute privacy safety of the user; a collaborative storage scheme of chain upper chain lower chain (IPFS+CSP) is constructed, and the storage pressure of the blockchain is relieved.

In order to achieve the above purpose, the present invention provides the following technical solutions:

an access control method based on block chain and attribute encryption, a safe and efficient industrial Internet of things data sharing system based on block chain, comprises the following steps:

in the data storage stage, an initialization algorithm is executed in the KMC, and a security parameter lambda and an attribute domain description U are used as inputs; when the DUN and the DON request to join the factory data chain for the first time, the factory data chain CA node provides a member registration service for it, and the CSP calculates the public-private key pair of the DUN and the DON; calculating workshop data ciphertext E before uploading workshop data by DON_ck (M) initiating a transaction request to a factory data chain to obtain system public parameters by storing the system public parameters in an IPFS interstellar file system DON, formulating an access strategy (M, ρ) of a symmetric key ck, and executing an attribute encryption algorithm; DON deletes the policy function rho and constructs an ABF to realize policy hiding;

in the data access phase, when an authorized device joins the factory data chain, the device selects the terminal decryption private key TSK andgenerating a terminal decryption public key TPK, and initiating a conversion key application to the KMC by the equipment carrying the TPK; setting a conversion key after the KMC receives a conversion key application of the equipment; when the DUN requests to access the workshop sharing data, acquiring a transaction containing the file metadata from a factory data chain, and checking whether the attribute of the transaction meets a set access policy; the cloud server receives the pre-decryption request of the DUN and executes a ciphertext conversion algorithm; the DUN performs final decryption of the workshop data ciphertext under the chain; after the DUN is decrypted to obtain the shop data m, it is compared with the hash value of the shop data m and the C obtained from the factory data chain_m Equal.

Further, the safe and efficient industrial Internet of things data sharing system of the blockchain consists of the following seven entities:

key management center KMC: KMC is completely trusted and is responsible for managing the attribute set of the user, generating attribute keys for each legal user according to the system initialization parameters, and storing the attribute keys in the privacy data chain;

data possession device DON: DON is the owner of the shop data, which is used to formulate access policies and perform attribute encryption, and can only access the data if the set of attributes owned by the data visitor meets the policies;

cloud server provider CSP: the CSP is a semi-trusted agent, receives and stores symmetric key ciphertext of the encrypted workshop data, and is responsible for providing data pre-decryption service for the DUN;

data usage device DUN: the DUN is an owner of the shop data, which initiates an access request to the factory data block chain, obtains pre-decrypted data from the cloud server, and performs final decryption under the chain, and is used to verify the correctness of the outsource decryption result and check whether the data is tampered;

blockchain: the system comprises two block chains, namely a privacy data chain for storing attribute related information and a factory data chain maintained by all nodes; the privacy data chain is independently maintained by an endorsement node, the endorsement node is simultaneously positioned in two block chains, and all attribute related information is stored; the factory data chain stores workshop metadata and access control information; DON and DUN are client nodes of the factory data chain, submitting transactions to the factory data chain;

the interplanetary file system IPFS: the interstellar file system stores the original ciphertext uploaded by DON;

the KMC issues public parameters in a factory data chain, generates attribute keys for nodes, and records the attribute keys in a privacy data chain; the DON encrypts workshop data by using a symmetric encryption algorithm and encrypts the symmetric key by attributes; then DON records the metadata in the factory data chain, uploads the ciphertext of the symmetric key in CSP, and stores the ciphertext of the workshop data in IPFS; the DUN requests the digital resource it wants to access from the factory data chain, which returns the conversion key and the metadata of the resource if its attributes meet the access policy; the DUN then requests the CSP for a pre-decryption service according to the conversion key to obtain a pre-decrypted symmetric key; finally, the DUN acquires ciphertext of the workshop data from the IPFS, and performs final decryption.

Further, in the data storage phase, the method specifically comprises the following steps:

s11: the KMC executes an initialization algorithm, takes a security parameter lambda and an attribute domain description U as inputs, and selects a group G with prime order p and generator G and a group of random group elements s₁ ,s₂ …s_u Epsilon G, and selecting the random index alpha, a epsilon Z_p The method comprises the steps of carrying out a first treatment on the surface of the KMC calculates msk=α as master key, selects hash function H₁ ，...，H_f Mapping the attributes to an attribute bloom filter ABF; ABF is built based on a obfuscated bloom filter, using an array of a set of lambda bits; let L be_row To represent the bit length of the inserted line number, L_att To insert the bit length of the attribute, L_F For the string length of each position in the filter, L_F ＝L_row +L_att Whereby the system common parameters are defined as

Subsequently, KMC writes MPK into the trade and submits to the factory data chain;

s12: when DUN and DON first request to join factory data chainWhen the factory data chain CA node provides member registration service for the factory data chain CA node, and the factory data chain CA node receives application and authorizes public and private key pair PK_n And SK_n ；

S13: CSP first selects two large primes p 'and q', calculates n=p '×q',CSP then selects random integer +.>Make->Wherein gcd is the greatest common divisor and d is calculated such thatThereby obtaining its public and private key pair, wherein PK_csp ＝(e,n)，SK_csp ＝(d，n)；

S14: before the DON uploads the workshop data, the AES symmetric encryption algorithm is adopted to encrypt the workshop data m to obtain a symmetric ciphertext E_ck (m), where ck is a symmetrically encrypted key, while calculating the hash value C of m_m And the hash value C of ck_k The method comprises the steps of carrying out a first treatment on the surface of the DON encrypts its workshop data ciphertext E_ck (m) storing in IPFS interstage file system, and obtaining DHT (E) of ciphertext storage location_ck (m))；

S15: the DON initiates a transaction request to a factory data chain under the chain to obtain system public parameters, establishes an access strategy (M, ρ) of a symmetric key ck, and executes an attribute encryption algorithm; the inputs of the attribute encryption algorithm include system common parameters MPK, ck and (M, ρ), where M is a matrix of l×n, and the function ρ corresponds each row of M to an attribute, i.e., ρ is each row of M_i To attribute ρ_(i) Is mapped to; DON randomly selects a shared secret number s epsilon Z_p Sum vectorWherein d is₂ ,d₃ ,…，d_n For sharing secretA number s; for i=1, 2,..l, +.>And then randomly select t₁ ，...,t_l ∈Z_p Whereby the ciphertext of the symmetric key ck is calculated as

CT＝(C＝ck·e(g，g)^αs ，C′＝g^s ，

S16: the DON deletes the policy function ρ and constructs an ABF to implement policy hiding.

Further, the step S16 specifically includes the steps of:

s161: the DON firstly initializes an ABF according to the filter parameters in the MPK;

s162: the DON will access the row number row of each row in the matrix M_i Attribute att corresponding to it_i Binding to obtain a group of element List_row ＝{row_i ||att_i }_i∈[1,l] Wherein att_i ＝ρ(row_i )；

S163: for List_row Dividing each element epsilon of the code pattern by using an (gamma ) XOR secret sharing algorithm to generate gamma-1 elements with the length L_f Random secret value, and let

S164: att for each attribute_i The position of the hash function in the filter is calculated by f hash functions:

H₁ (att_i )，H₂ (att_i )，...，H_f (att_i )

wherein att is_i Is the z (0)<z.ltoreq.f) component r_z，ε Stored in H_z (att_i ) If the current location is already occupied when adding an element to the ABFWill r_z，ε Setting as the current existing components, and finally setting as random character strings for those unoccupied spaces not allocated;

s165: after the strategy hiding is completed, the DON stores the ciphertext CT in the CSP, submits the transaction to a factory data chain, and stores C_m ，C_k M, ABF and distributed hash table DHT of shop data (E_ck (m)) and sets the valid access period TimeLimit of the data.

Further, in the data access phase, the method specifically comprises the following steps:

s21: when an authorized device joins the factory data chain, c ε Z is first selected_p As own terminal decryption private key TSK and generates a terminal decryption public key tpk=g^c . Then the equipment carries TPK to initiate a key conversion application to KMC;

s22: after KMC receives the application of the conversion key of the equipment, corresponding attribute set S is issued for the KMC at first, and k E is randomly selectedSetting the conversion key to +.>The conversion key TK is used for supporting the pre-decryption service of the cloud server; KMC submits a transaction to a private data chain, the chain code will transform the key TK, the user' S set of attributes S and the public key PK of the device_m The association is stored in a private data chain;

s23: when the DUN requests to access the workshop shared data, firstly acquiring transaction containing the file metadata from a factory data chain, and checking whether the attribute of the transaction meets the set access strategy; if yes, the DUN initiates a data access request to the factory data link; endorsement node according to PK_n Inquiring an attribute set owned by equipment from a privacy data chain, and acquiring an access strategy (M, ρ) corresponding to a file; assuming that the timestamp of the DUN access satisfies the valid access deadline TimeLimit of the data, the function ρ is used to map the attribute to the corresponding row of the matrix M and to obtain its attribute matrix M_att If M is present_att If the attribute of DUN satisfies the access policy of the shared file, the factory data chain returns to C_k 、C_m Distributed hash table DHT (E_ck (m))；

S24: the cloud server receives the pre-decryption request of the DUN and executes a ciphertext conversion algorithm; the ciphertext conversion algorithm inputs a ciphertext CT with an LSSS scheme (M, ρ) and a conversion key TK associated with a DUN attribute set S and a terminal decryption public key TPK; cloud server orderIs defined as i= { I: ρ (i) ∈S; then let { ω }_i ∈Z_p }_i∈I Is a constant set such that if { lambda }_i The sum is calculated from the valid share of any secret s of the access matrix M_i∈I ω_i λ_i =s, the pre-decryption process is calculated as follows:

after the pre-decryption is completed, the CSP calculates the hash value of the intermediate decryption ciphertext CT' = (C, CT ")And generates a signatureTo provide verifiability and non-repudiation of the computed results; the CSP then adds CT' and signature Sign_CSP (CT') return to DUN;

s25: the DUN performs final decryption of the workshop data ciphertext under the chain;

s26: after the DUN is decrypted to obtain the shop data m, it is compared with the hash value of the shop data m and the C obtained from the factory data chain_m Equal;if not, indicating that the original shop data was not uploaded by the DON, the DUN submits an error report to the factory data chain.

Further, the step S25 specifically includes the steps of:

s251: DUN calculates a symmetric key ck=c/(CT ") from the intermediate ciphertext (C, CT') obtained from CSP^1/c The method comprises the steps of carrying out a first treatment on the surface of the The verification stage only needs to compare the result with the hash value stored in the factory data chain through one hash calculation, ifThe result of the pre-decryption of the CSP is correct; otherwise, the DUN records the error outsourcing calculation result of this CSP in the factory data chain:

s252: DUN passes through distributed hash table DHT (E_ck (m)) obtaining complete ciphertext E of plant data from IPFS_ck (m) decrypting using ck to obtain shop data m.

The invention has the beneficial effects that: the invention realizes the safe and efficient data sharing of fine granularity in the industrial Internet environment; the semi-trusted cloud agent realizes a pre-decryption module with huge calculation amount, and can control the time complexity of terminal decryption to be in a constant level; the factory data link is responsible for data interaction and completes access control, and the privacy data link maintains attribute information of the nodes; the mapping between the hidden attribute information and the access structure achieves the aim of hiding the access strategy.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objects and other advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the specification.

Drawings

In order to make the objects, technical solutions and advantageous effects of the present invention more clear, the present invention provides the following drawings for description:

FIG. 1 is a block chain based secure and efficient industrial Internet of things data sharing system and flowchart;

FIG. 2 is a timing diagram of data storage;

FIG. 3 is a timing diagram of data access.

Detailed Description

The invention provides an access control method based on block chain and attribute encryption, which is a safe and efficient industrial Internet of things data sharing system based on block chain, wherein the system structure and the flow are shown in figure 1 and consist of the following seven entities:

1) Key Management Center (KMC): the key management center is responsible for managing the attribute set of the user, generating an attribute key for each legal user according to the system initialization parameters, and storing the attribute key in the privacy data chain. We assume that it is fully trusted.

2) Data-holding Device (DON): the DON is the owner of the shop data. The DON formulates an access policy and performs attribute encryption, and data can be accessed only if the set of attributes owned by the data visitor satisfies the policy.

3) Cloud Server Provider (CSP): the CSP is a semi-trusted agent, receives and stores symmetric key ciphertexts of encrypted workshop data, and is responsible for providing data pre-decryption services for the DUN.

4) Data usage Device (DUN): DUN is the owner of the shop data. It initiates an access request to the chain of factory data blocks, obtains pre-decrypted data from the cloud server, and performs final decryption down the chain. The DUN can verify the correctness of the outer packet decryption result and check whether the data is tampered with.

5) Blockchain (Blockchain): in our solution, the entire system maintains two blockchains. A privacy data chain storing attribute related information and a factory data chain maintained by all nodes, respectively. In the whole data interaction flow, only the endorsement node needs to verify the attribute of the user, so that the privacy data chain is independently maintained by the endorsement node, the endorsement node is simultaneously positioned in two block chains, all attribute related information is stored, no extra communication overhead is needed when information exchange is carried out, and the risk of privacy information leakage can be reduced. The factory data chain stores the workshop metadata and the access control information, and ensures the safety, verifiability and non-falsification of the whole life cycle of workshop data sharing. DON and DUN are client nodes of the factory data chain to which transactions can be submitted without the need to maintain an entire blockchain ledger.

6) Interplanetary file system (IPFS): the interstage file system stores the original ciphertext uploaded by the DON. Due to the characteristic of distributed parallel storage, the efficiency of uploading and downloading files can be greatly improved, and therefore the throughput of the whole system is improved.

As shown in FIG. 1, the KMC publishes common parameters in the factory data chain, generates attribute keys for nodes, and records them in the privacy data chain. The DON encrypts the shop data using a symmetric encryption algorithm and encrypts the symmetric key with an attribute. It then records the metadata in the factory data chain, uploads the ciphertext of the symmetric key in the CSP, and stores the ciphertext of the shop data in the IPFS. The DUN requests the digital resource it wants to access from the factory data chain, which returns the conversion key and the metadata of the resource if its attributes meet the access policy. The DUN then requests the pre-decryption service from the CSP based on the conversion key to obtain the pre-decrypted symmetric key. Finally, the DUN obtains the ciphertext of the shop data from the IPFS and performs final decryption.

In the whole access control scheme, we divide it into two phases of storage and data access, wherein the main symbols involved are shown in table 1.

TABLE 1

The method includes a data storage phase and a data access phase.

As shown in fig. 2, during the data storage phase, the following algorithm is included:

1) Setup (lambda, U). The initialization algorithm takes as input the security parameter lambda and the attribute field description U, which algorithm is executed by the KMC. KMC selects a group G with prime order p and generator G and a group of random group elements s₁ ,S₂ …s_u E G, which are associated with each attribute in the set of attributes, respectively. And selecting the random index alpha, a epsilon Z_p . Then KMC calculates msk=α as master key while selecting hash function H₁ ，...，H_f To map attributes to the attribute bloom filter ABF. ABF is built based on a obfuscated bloom filter, using an array of a set of lambda bits. Let L be_row To represent the bit length of the inserted line number, L_att To insert the bit length of the attribute, L_F For the string length of each position in the filter, L_F ＝L_row +L_att . Whereby the system common parameters are defined as

Subsequently, the KMC writes the MPK to the trade and submits to the factory datalink.

2) Machinery registration (). When the DUN and DON first request to join the factory data chain, the factory data chain CA node provides it with a member registration service, accepts the application and grants the public-private key pair PK_n And SK_n 。

3) CSPREquisition (). The algorithm is executed by the CSP. It first selects two large primes p 'and q', calculates n=p '/q',then CSP selects a random integer +.>Make->(gcd is the greatest common divisor) and d is calculated such that +.>Thereby obtaining its public and private key pair, wherein PK_csp ＝(e,n)，SK_csp ＝(d，n)。

4) PreEnc (m, ck). In order to solve the problem that the attribute-based encryption method is low in efficiency when the encryption and decryption data amount is large, before the DON uploads the workshop data, an AES symmetric encryption algorithm is adopted to encrypt the workshop data m to obtain a symmetric ciphertext E_ck (m) (ck is a symmetric encryption key) while calculating the hash value C of m_m And the hash value C of ck_k . DON encrypts its workshop data ciphertext E_ck (m) storing in IPFS interstage file system, and obtaining DHT (E) of ciphertext storage location_ck (m))。

5) Enc (MPK, ck, (M, ρ)). The algorithm is performed under the chain by the DON. The DON first initiates a transaction request to the factory data chain to obtain system public parameters, establishes an access strategy (M, ρ) of the symmetric key ck, and executes an attribute encryption algorithm. The inputs to the encryption algorithm include system common parameters MPK, ck and (M, ρ). M is a matrix of l x n, and the function ρ corresponds each row of M to an attribute, i.e., ρ is each row M of M_i To attribute ρ_(i) Is mapped to the mapping of (a). DON randomly selects a shared secret number s epsilon Z_p Sum vectorWherein d is₂ ,d₃ ,…，d_n For sharing the secret number s. For i=1, 2,..l, +.>Further, t1, is randomly selected_l ∈Z_p Whereby the ciphertext of the symmetric key ck is calculated as

CT＝(C＝ck·e(g，g)^αs ，C′＝g^s ，

6) PolicyHiding ((M, ρ)). The DON deletes the policy function ρ and constructs an ABF to implement policy hiding.

a) The DON first initializes an ABF based on the filter parameters in the MPK.

b) The DON will access the row number row of each row in the matrix M_i Attribute att corresponding to it_i Binding to obtain a group of element List_row ＝{row_i ||att_i }_i∈[1,l] Wherein att_i ＝ρ(row_i )。

c) For List_row Is split using an XOR secret sharing algorithm for (γ, γ). Generating gamma-1 pieces with length L_f Random secret value, and let

d) Att for each attribute_i The position of the hash function in the filter is calculated through f hash functions

H₁ (att_i )，H₂ (att_i )，...，H_f (att_i )

Wherein att is_i Is the z (0)<z.ltoreq.f) component r_z，ε Stored in H_z (att_i ) Is located at the position of (3). When adding an element to the ABF, if the current location is already occupied, the existing element will not be overridden, but r will be_z，ε Set to the currently existing component. Finally, for those empty slots that are not allocated, they are set as random strings.

e) After policy hiding is completed, the DON stores the ciphertext CT in the CSP. Then submit the transaction to the factory data chain, store C_m ，C_k M, ABF and distributed hash table DHT of shop data (E_ck (m)) and sets the valid access period TimeLimit of the data.

As shown in fig. 3, the data access phase specifically includes the following algorithm:

1) TermKeyGen (TPK). When authorizingWhen a device of (a) joins the factory data chain, the device first selects c e Z_p As own terminal decryption private key TSK and generates a terminal decryption public key tpk=g^c . And then, the device carries the TPK to initiate a conversion key application to the KMC.

2) KenGen (TPK). After receiving the application of the conversion key of the device, the KMC firstly issues a corresponding attribute set S for the device and randomly selectsSetting the conversion key to +.>

The conversion key TK is used to support the pre-decryption services of the cloud server. KMC submits a transaction to a private data chain, the chain code will transform the key TK, the user' S set of attributes S and the public key PK of the device_m The association is stored in a private data chain.

3) Access ((M, ρ), S). When the DUN requests access to the shop shared data, it first obtains the transaction containing the file metadata from the factory data chain, checking if its properties meet the set access policy. If so, the DUN initiates a data access request to the factory data chain. Endorsement node according to PK_n And querying the attribute set owned by the device from the privacy data chain, and acquiring the access strategy (M, ρ) corresponding to the file. Assuming that the timestamp of the DUN access satisfies the valid access deadline TimeLimit of the data, the function ρ is used to map the attribute to the corresponding row of the matrix M and to obtain its attribute matrix M_att If M is present_att If the attribute of DUN satisfies the access policy of the shared file, the factory data chain returns to C_k 、C_m Distributed hash table DHT (E_ck (m))。

Note that: since the mapping function ρ in the access policy has been deleted, it is necessary to reconstruct ρ during the verification process. An endorsement node or DUN maps the set of attributes to the corresponding locations of the filter ABF and recovers the line number associated with its attributes through XOR secret sharing.

4)TransForm (TK, CT). And the cloud server receives the pre-decryption request of the DUN and executes a ciphertext conversion algorithm. The algorithm inputs a ciphertext CT with LSSS scheme (M, p) and a conversion key TK associated with the DUN attribute set S and the terminal decryption public key TPK. Cloud server orderIs defined as i= { I: ρ (i) ∈S. Then let { ω }_i ∈Z_p }_i∈I Is a constant set such that if { lambda }_i The sum is calculated from the valid share of any secret s of the access matrix M_i∈I ω_i λ_i =s, the pre-decryption process is calculated as follows:

after the pre-decryption is completed, the CSP calculates the hash value of the intermediate decryption ciphertext CT' = (C, CT ")And generates a signatureTo provide verifiability and non-repudiation of the computed results. The CSP then returns CT 'and the signature SignCSP (CT') to the DUN.

5)Decrypt(TSK,(C，CT′)，E_ck (m)). The final decryption of the ciphertext of the shop data is performed under the chain by the DUN.

a) DUN calculates a symmetric key ck=c/(CT ") from the intermediate ciphertext (C, CT') obtained from CSP^1/c . The verification stage only needs to compare the result with the hash value stored in the factory data chain through one hash calculation, ifIt indicates that the pre-decryption result of the CSP is correct. Otherwise, the DUN records the error outsourcing calculation result of this CSP in the factory data chain:

b) DUN TongOver-distributed hash table DHT (E_ck (m)) obtaining complete ciphertext E of plant data from IPFS_ck And (m) decrypting by using the ck to obtain the workshop data m.

6)After the DUN decrypts the shop data m, it can be compared whether the hash value is equal to C obtained from the factory data chain_m Equal. If not, indicating that the original shop data was not uploaded by the DON, the DUN submits an error report to the factory data chain.

Finally, it is noted that the above-mentioned preferred embodiments are only intended to illustrate rather than limit the invention, and that, although the invention has been described in detail by means of the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention as defined by the appended claims.

Claims (6)

1. An access control method based on blockchain and attribute encryption is characterized in that: a safe and efficient industrial Internet of things data sharing system based on a block chain comprises the following steps:

in the data storage stage, an initialization algorithm is executed in the KMC, and a security parameter lambda and an attribute domain description U are used as inputs; when the DUN and the DON request to join the factory data chain for the first time, the factory data chain CA node provides a member registration service for it, and the CSP calculates the public-private key pair of the DUN and the DON; calculating workshop data ciphertext E before uploading workshop data by DON_ck (m) and stored in the IPFS interstellar file system; the DON initiates a transaction request to a factory data chain to obtain system public parameters, establishes an access strategy (M, ρ) of a symmetric key ck, and executes an attribute encryption algorithm; DON deletes the policy function rho and constructs an ABF to realize policy hiding;

in the data access stage, when authorized equipment joins a factory data chain, the equipment selects a terminal decryption private key TSK, generates a terminal decryption public key TPK, and initiates a conversion key application to a KMC by carrying the TPK; setting conversion after KMC receives device's conversion key applicationA secret key; when the DUN requests to access the workshop sharing data, acquiring a transaction containing the file metadata from a factory data chain, and checking whether the attribute of the transaction meets a set access policy; the cloud server receives the pre-decryption request of the DUN and executes a ciphertext conversion algorithm; the DUN performs final decryption of the workshop data ciphertext under the chain; after the DUN is decrypted to obtain the shop data m, it is compared with the hash value of the shop data m and the C obtained from the factory data chain_m Equal.

2. The blockchain and attribute encryption based access control method of claim 1, wherein: the safe and efficient industrial Internet of things data sharing system of the blockchain consists of the following seven entities:

key management center KMC: KMC is completely trusted and is responsible for managing the attribute set of the user, generating attribute keys for each legal user according to the system initialization parameters, and storing the attribute keys in the privacy data chain;

data possession device DON: DON is the owner of the shop data, which is used to formulate access policies and perform attribute encryption, and can only access the data if the set of attributes owned by the data visitor meets the policies;

cloud server provider CSP: the CSP is a semi-trusted agent, receives and stores symmetric key ciphertext of the encrypted workshop data, and is responsible for providing data pre-decryption service for the DUN;

data usage device DUN: the DUN is an owner of the shop data, which initiates an access request to the factory data block chain, obtains pre-decrypted data from the cloud server, and performs final decryption under the chain, and is used to verify the correctness of the outsource decryption result and check whether the data is tampered;

blockchain: the system comprises two block chains, namely a privacy data chain for storing attribute related information and a factory data chain maintained by all nodes; the privacy data chain is independently maintained by an endorsement node, the endorsement node is simultaneously positioned in two block chains, and all attribute related information is stored; the factory data chain stores workshop metadata and access control information; DON and DUN are client nodes of the factory data chain, submitting transactions to the factory data chain;

the interplanetary file system IPFS: the interstellar file system stores the original ciphertext uploaded by DON;

the KMC issues public parameters in a factory data chain, generates attribute keys for nodes, and records the attribute keys in a privacy data chain; the DON encrypts workshop data by using a symmetric encryption algorithm and encrypts the symmetric key by attributes; then DON records the metadata in the factory data chain, uploads the ciphertext of the symmetric key in CSP, and stores the ciphertext of the workshop data in IPFS; the DUN requests the digital resource it wants to access from the factory data chain, which returns the conversion key and the metadata of the resource if its attributes meet the access policy; the DUN then requests the CSP for a pre-decryption service according to the conversion key to obtain a pre-decrypted symmetric key; finally, the DUN acquires ciphertext of the workshop data from the IPFS, and performs final decryption.

3. The blockchain and attribute encryption based access control method of claim 2, wherein: in the data storage stage, the method specifically comprises the following steps:

s11: the KMC executes an initialization algorithm, takes a security parameter lambda and an attribute domain description U as inputs, and selects a group G with prime order p and generator G and a group of random group elements s₁ ，s₂ …s_u Epsilon G, and selecting the random index alpha, a epsilon Z_p The method comprises the steps of carrying out a first treatment on the surface of the KMC calculates msk=α as master key, selects hash function H₁ ，...，H_f Mapping the attributes to an attribute bloom filter ABF; ABF is built based on a obfuscated bloom filter, using an array of a set of lambda bits; let L be_row To represent the bit length of the inserted line number, L_att To insert the bit length of the attribute, L_F For the string length of each position in the filter, L_F ＝L_row +L_att Whereby the system common parameters are defined as

Subsequently, KMC writes MPK into the trade and submits to the factory data chain;

s12: when the DUN and DON first request to join the factory data chain, the factory data chain CA node provides it with a member registration service, accepts the application and grants the public-private key pair PK_n And SK_n ；

S13: CSP first selects two large primes p 'and q', calculates n=p '×q',CSP then selects random integer +.>Make->Wherein gcd is the greatest common divisor and d is calculated such thatThereby obtaining its public and private key pair, wherein PK_csp ＝(e,n)，SK_csp ＝(d，n)；

S14: before the DON uploads the workshop data, the AES symmetric encryption algorithm is adopted to encrypt the workshop data m to obtain a symmetric ciphertext E_ck (m), where ck is a symmetrically encrypted key, while calculating the hash value C of m_m And the hash value C of ck_k The method comprises the steps of carrying out a first treatment on the surface of the DON encrypts its workshop data ciphertext E_ck (m) storing in IPFS interstage file system, and obtaining DHT (E) of ciphertext storage location_ck (m))；

S15: the DON initiates a transaction request to a factory data chain under the chain to obtain system public parameters, establishes an access strategy (M, ρ) of a symmetric key ck, and executes an attribute encryption algorithm; the inputs of the attribute encryption algorithm include system common parameters MPK, ck and (M, ρ), where M is oneThe function ρ will be for each row of MCorresponding to the attribute, i.e. ρ is each row M of M_i To attribute P_(i) Is mapped to; DON randomly selects a shared secret number S epsilon Z_p Sum vector->Wherein d is₂ ,d₃ ,…，d_n For sharing the secret number s; for->Calculate->Further randomly select->Whereby the ciphertext of the symmetric key ck is calculated as

S16: the DON deletes the policy function ρ and constructs an ABF to implement policy hiding.

4. The blockchain and attribute encryption based access control method of claim 3, wherein: the step S16 specifically includes the following steps:

s161: the DON firstly initializes an ABF according to the filter parameters in the MPK;

s162: the DON will access the row number row of each row in the matrix M_i Attribute att corresponding to it_i Binding to obtain a group of elementsWherein att is_i ＝ρ(row_i )；

S163: for List_row Dividing each element epsilon of the code pattern by using an (gamma ) XOR secret sharing algorithm to generate gamma-1 elements with the length L_f Random secret value, and let

S164: att for each attribute_i The position of the hash function in the filter is calculated by f hash functions:

H₁ (att_i )，H₂ (att_i )，...，H_f (att_i )

wherein att is_i Is the z (0)<z.ltoreq.f) component r_z，ε Stored in H_z (att_i ) When adding an element to the ABF, if the current location is already occupied, r will be_z，ε Setting as the current existing components, and finally setting as random character strings for those unoccupied spaces not allocated;

s165: after the strategy hiding is completed, the DON stores the ciphertext CT in the CSP, submits the transaction to a factory data chain, and stores C_m ，C_k M, ABF and distributed hash table DHT of shop data (E_ck (m)) and sets the valid access period TimeLimit of the data.

5. The blockchain and attribute encryption based access control method of claim 2, wherein: in the data access stage, the method specifically comprises the following steps:

s21: when an authorized device joins the factory data chain, c ε Z is first selected_p As own terminal decryption private key TSK and generates a terminal decryption public key tpk=g^c . Then the equipment carries TPK to initiate a key conversion application to KMC;

s22: after receiving the application of the conversion key of the device, the KMC firstly issues a corresponding attribute set S for the device and randomly selectsSetting the conversion key to +.>The conversion key TK is used for supporting the pre-decryption service of the cloud server; KMC submits a transaction to a private data chain, the chain code will transform the key TK, the user' S set of attributes S and the public key PK of the device_m The association is stored in a private data chain;

s23: when the DUN requests to access the workshop shared data, firstly acquiring transaction containing the file metadata from a factory data chain, and checking whether the attribute of the transaction meets the set access strategy; if yes, the DUN initiates a data access request to the factory data link; endorsement node according to PK_n Inquiring an attribute set owned by equipment from a privacy data chain, and acquiring an access strategy (M, ρ) corresponding to a file; assuming that the timestamp of the DUN access satisfies the valid access deadline TimeLimit of the data, the function ρ is used to map the attribute to the corresponding row of the matrix M and to obtain its attribute matrix M_att If M is present_att If the attribute of DUN satisfies the access policy of the shared file, the factory data chain returns to C_k 、C_m Distributed hash table DHT (E_ck (m))；

S24: the cloud server receives the pre-decryption request of the DUN and executes a ciphertext conversion algorithm; the ciphertext conversion algorithm inputs a ciphertext CT with an LSSS scheme (M, ρ) and a conversion key TK associated with a DUN attribute set S and a terminal decryption public key TPK; cloud server orderIs defined as i= { I: ρ (i) ∈S; then let { ω }_i ∈Z_p }_i∈I Is a constant set such that if { lambda }_i The sum is calculated from the valid share of any secret s of the access matrix M_i∈I ω_i λ_i =s, the pre-decryption process is calculated as follows:

after the pre-decryption is completed, the CSP calculates the hash value of the intermediate decryption ciphertext CT' = (C, CT ")And generates a signatureTo provide verifiability and non-repudiation of the computed results; the CSP then adds CT' and signature Sign_CSP (CT') return to DUN;

s25: the DUN performs final decryption of the workshop data ciphertext under the chain;

s26: after the DUN is decrypted to obtain the shop data m, it is compared with the hash value of the shop data m and the C obtained from the factory data chain_m Equal; if not, indicating that the original shop data was not uploaded by the DON, the DUN submits an error report to the factory data chain.

6. The blockchain and attribute encryption based access control method of claim 5, wherein: the step S25 specifically includes the following steps:

s251: DUN calculates a symmetric key ck=c/(CT ") 1/C from the intermediate ciphertext (C, CT') obtained from CSP; the verification stage only needs to compare the result with the hash value stored in the factory data chain through one hash calculation, ifThe result of the pre-decryption of the CSP is correct; otherwise, the DUN records the error outsourcing calculation result of this CSP in the factory data chain:

s252: DUN passes through distributed hash table DHT (E_ck (m)) obtaining complete ciphertext E of plant data from IPFS_ck (m) use of ckAnd decrypting to obtain workshop data m.