Design And Implementation Of Distributed Access Control Mechanism Based On Blockchain

In recent years,with the rapid development of cloud computing and the Internet of Things,the nodes in the access control domain have shown such characteristics as massiveness,dynamics,and heterogeneity.This makes the traditional authorization mode of centralized access control,huge management costs and maintenance pressure.At the same time,because all access authorization relies on a single authority decision made by a centralized and trusted entity,there may be a problem with the transparency of authority decisions.In addition,when a single decision point fails,it will cause the entire access control system to stop running,so there is also a very obvious single point of failure.As a distributed technology paradigm,blockchain has the characteristics of decentralization,non-tampering,openness and transparency.These unique advantages are very suitable for solving the problems caused by the centralized authorization mode in the traditional access control model.Based on the attribute-based access control model(ABAC),the idea of blockchain distribution is integrated,and the B-ABAC model is proposed.Distributed optimization is performed on the authorization model,and a set of distributed access control mechanisms are formed by relying on smart contracts and consensus algorithm technology.The distributed access control prototype system was implemented based on the Hyperledger Fabric framework,which verified the feasibility of the distributed access control mechanism based on blockchain.The specific research contents of this thesis are as follows:(1)Depth studying of blockchain technology and access control technology,the distributed thinking of blockchain technology is integrated into the ABAC access control model,and the distributed access control model B-ABAC based on blockchain is proposed.(2)Redesign the flow of distributed access authorization based on the characteristics of blockchain.(3)Use smart contract technology to manage attributes and strategies in the model.(4)Depth studying of the Hyperledger Fabric framework of the alliance chain,verify the distributed access control mechanism in the real blockchain platform,and implement the distributed access control prototype system.The B-ABAC model in this thesis,the distributed decision network is used to replace the original decision point,and the improved consensus algorithm is used to maintain the consensus of the distributed decision network to eliminate the possibility of single point failure in the model.The access strategy and access records are stored on the chain.Since the data on the chain will not be tampered with,the entire access authorization process is more open and transparent and it is easy to audit,which solves the problem of transparency of single authority judgment.By using the attributes and strategies in the smart contract management model,human intervention during attribute creation and strategy formulation is reduced,thereby reducing the risks and costs of administrator maintenance.Through the test of the prototype system,under the condition of a throughput of 40 TPS,the entire authorization process takes 1.5 seconds,which can meet the needs of most access control scenarios.