Research And Implementation On Blockchain-based Data Access Control Mechanisms

Currently,the number of devices connected to the Io T has increased day by day and these devices are accompanied by the generation of massive data.These data may contain the user's private information,including home address,age,and medical history,etc.If they are allowed to be accessed arbitrarily,it is prone to privacy leakage problems.How to manage the requests to these data is a major challenge we are facing.The Access Control technology is one of the widely used security protection technologies,which provides strong support of data protection for Io T devices.However,while using access control to ensure that data can be used legally,there are still maintain many problems.First of all,there are many Io T devices in large organizations or institutions and different users have different access rights to different data of different devices.However,most of the existing Io T devices can hardly provide proper access control for user.Secondly,in the Io T environment,cross-domain data requests occur from time to time and different domains do not trust each other.A safe and trusted third party is needed to manage these requests to avoid arbitrary access,which direct leads to user information leakage.In addition,traditional access control mechanisms all use centralized authorization servers,which are prone to single points of failure.Aiming at the coarse-grained access control mechanism of Io T devices,user information leakage and centralization problems in cross-domain data access,this article combining with Blockchain,Ethereum and Inter Planetary File System technologies and putting forward a novel access control mechanism.The main research and contributions are summarized in the following two aspects:(1)An efficient data access control framework based on Blockchain is proposed,which solves the problem of coarse-grained access control mechanisms in Io T devices and realizes the efficient use of data resources.Specifically,if there is a central certification authority in the system,it is prone to single-point failure.For this reason,Blockchain technology is introduced into the proposed access control framework,and the decentralized characteristics of Blockchain are used to solve it.In order to improve the efficiency of users requesting for resources,a new Token requesting mechanism is also proposed in the framework.Unlike the traditional token mechanism,the Token requesting mechanism here allows users to initiate access requests to multiple resources at the same time,avoiding user's frequent request operation.After the data access request initiated by the user is verified by the Token requesting mechanism,the access request that meets the access control rules will be given access right,and this right will be mapped to a token,then,the token will be returned to the requester.In response to the storage limitation of the Blockchain itself,the framework uses a distributed interplanetary file system to store user data.In order to prove the effectiveness of the proposed framework,we use smart contract to design the proposed framework,and perform deployment and functional testing of the smart contract.The experimental results show that compared with the existing access control mechanism,the proposed access control framework is safer and more efficient in data requests.(2)A Blockchain-based cross-domain data access control scheme is proposed,which solves the problem of user privacy leakage during cross-domain access,and realizes the sharing of data and information between cross-domain users.In view of the fact that different domains are not mutually trusting,a trusted third party is urgently needed to manage these cross-domain requests.The immutability and transparency of the Blockchain itself are also to guarantee it as a trusted third party.In addition,smart contracts are also designed,in which different domains are managed uniformly in the form of a unified alliance.Requests between different domains are verified by smart contracts deployed in advance,and the verification results are returned.The entire process described above are recorded on the Blockchain.In other words,any cross-domain access is under monitoring,which greatly reduces the risk of information leakage.In order to verify the effectiveness of the proposed scheme,firstly,the safety of the scheme was analyzed theoretically,and secondly,the Gas and time consumption required to execute each function in the scheme were tested and compared.The theoretical analysis and experimental results showed that the proposed scheme can bring more benefits to users compared with the existing solutions under the premise of less Gas and time consumption.