Research On Distributed Authentication And Access Control Based On Blockchain

Attribute-based encryption technology can achieve fine-grained access control by encryption in an untrusted environment and thus has become the promising encryption technology for data security storage and sharing.The biggest advantage of this technology is that the data owner can make their own access control policies and a file can be securely shared to multiple different users by encrypting it once.At the same time,a user can access multiple different data ciphertexts with only one key.The original ABE schemes rely on an attribute authority to distribute keys for users,which has the single of failure and scalability problems.So,it is difficult to apply to large-scale or distributed systems.To overcome this limitation,the single-authority ABE scheme was extended to the multi-authority and threshold multi-authority ABE scheme.However,the existing schemes implicitly rely on a trusted center to manage and verify the identity and attributes of all users.The existence of this trusted center also limits the scalability of the ABE scheme.The most typical challenge are the immediate revocation of user rights and the privacy protection of user identity information.In order to solve the above problems,the blockchain-based self-sovereign identity management is combined with ABE to implement distributed authentication and access control and protect the user identity privacy.First,a collaborative fine-grained access control scheme based on blockchain is designed.This scheme uses the blockchain-based self-sovereign identity management to replace the identity management and authentication center in the traditional KP-ABE scheme and combines the decentralized secret sharing technology to achieve the multi-manager collaborative KP-ABE scheme.This solution has the following advantages:(1)The decentraliced blockchain-based self-sovereign identity management platform replaces the implicit identity management and authentication center in traditional attribute-based cryptography technology,realizes the decentralized self-controlled identity management,and ensures the user's identity privacy.(2)Multiple managers cooperate to manage all the identity attribute sets of the system.As the attribute authority,they negotiate the public parameters of the cryptosystem and distribute the global key shares and secret keys of attribute to users.The user's final key is the combination of the global key shares and attribute secret keys,which realizes the principle of permission decentralization of access control and avoids the security problems caused by the single of failure.(3)By integrating the blockchain-based self-sovereign identity management and identity attribute revocation list mechanism,the decentralized identity identification and attriubute certificate number of the identity attribute issuer are used to as the index of the attribute revocation list to realize the immediate revoking of anonymous user rights.(4)Supports access control of different types of resources.If it is a data type,the selected attribute set is used to encrypt the data;if it is other types,a dynamic challenge response protocol is constructed to implement access control.Secondly,a distributed fine-grained access control scheme based on decentralizated and privacy protection of the blockchain is designed.This scheme integrates the decentralized blockchain-based self-sovereign identity management and threshold multi-authority CP-ABE scheme,and realizes a threshold multi-authority CP-ABE scheme without center and privacy protection.In addition to the above scheme,which uses blockchain to realize self-controlled identity management,the single of failure avoidance,and instant revocation of anonymous identitiy attributes in ABE.This solution also has the following advantages:(1)Decentralized anonymous attribute key distribution is achieved;(2)Anonymous resource access is achieved;(3)It has good scalability and supports dynamic joining and exiting of attribute authority.Finally,this article analyzes the security of the two schemes,and proves that the scheme has certain application value in zero-trust network and distributed cloud storage through performance analysis.