Research On High-trusted Access Control Architecture Based On Blockchain In Cloud Environment

Cloud computing is a computing model that can provide sharing and support ubiquitous on-demand access,which can provide new data processing and services for all walks of life,greatly reducing users' storage and computing costs,and improving ease of use.It is currently widely used in many fields.However,with the development of cloud computing,the security problems it faces have become increasingly prominent,and have received extensive attention from academia and industry.Firstly,access control technology is one of the important means to protect sensitive data stored in the cloud such as enterprises and individuals in the cloud environment,however,cloud adopts a centralized access control mechanism,when it is attacked by hackers and illegally accessed by cloud internal administrators,easy to cause security and privacy issues.Secondly,because the cloud access control engine usually runs in a non-secure environment,it is also vulnerable to attacks to bring security and privacy issues.Thirdly,in the existing cloud access control system,encrypting and then uploading to the cloud is an effective way to protect the privacy of sensitive data outsourced to the cloud,but the key for data decryption is usually managed and stored by the user or a third-party trusted center,which is also prone to security and privacy issues.In order to solve the above-mentioned problems,this research starts from the following three aspects:Firstly,aiming at the problem that the existing cloud uses a centralized access control mechanism to be vulnerable to attacks,based on blockchain technology,proposed an access control framework with privacy protection called AuthPrivacyChain.In this scheme,first uses the blockchain account address for identity authentication,then redefines the access control permissions of cloud resources,encrypts them and stores them on blockchain,and then designs the process of access control,authorization,and authorization revocation in detail,and all process hasn't the participation of a third-party trusted institution,which can effectively prevent hackers and administrators from illegally accessing resources and protect authorized privacy.Secondly,in order to solve the issue of cloud access control engine running in a nonsecure environment,based on Intel SGX technology and further proposes a decentralized trusted access control based on SGX framework.The framework first uses Enclave remote authentication technology to establish a trusted communication channel to ensure communication security;then,all authorized transactions are published by user to blockchain,and keys used Enclave sealed for storage,which is safe and reliable.Finally,we design the access control,authorization,and authorization revocation process in detail,and the whole process runs in the isolated container Enclave provided by SGX,which provides a safe and reliable operating environment from the hardware level.Experiments show that the framework not only can effectively prevent internal and external attackers to attack,but also protect the confidentiality and integrity of the entire access control implementation process,and enhance the security of the entire access control systemFinally,aiming at the problem of insecure storage and management of keys used for data encryption and decryption,based on blockchain technology,proposed a threshold encryption protection scheme based on blockchain: STCChain.In this solution,the edge gateway encrypts the data uploaded by the Io T device with a symmetric key and stores it in the cloud.The symmetric key is encrypted by the public key generated by the edge gateway.In order to prevent the loss of the decryption private key and the disclosure of privacy,the private key uses Shamir algorithm segmentation and encrypt and publishes it on blockchain,ensuring the decentralized and secure storage of keys and protecting the privacy of keys.