| With the advent of the era of big data,the amount of data resource sharing between enterprises and departments has increased exponentially,and data sharing has become an important way of communication and cooperation between institutions.The demand for data sharing is increasing,and the important prerequisite for realizing data sharing is to ensure the credibility and security of the shared data.The traditional data storage mode usually adopts the centralized architecture for access control management.This architecture is vulnerable to hacker attacks,and there are security problems such as user trust,privacy disclosure,single point of failure and so on.In addition,the centralized architecture makes the data sharing party lose the control over the shared data.How to strengthen the data sharing Party’s control over the data so that the data sharing party can decide whether the visitors have the right to access resources,which is also a problem we must face in the process of data sharing.Blockchain has the characteristics of decentralization,tamper-proof and open verifiability.Combining it with access control technology can provide a new method to solve the above problems.In order to ensure the reasonable access and safe sharing of data in the cloud environment,we develop the following research work:(1)A purpose access control scheme based on blockchain and attribute encryption is proposed.First,in order to achieve more fine-grained access control with purpose,this scheme combines CP-ABE and Purpose-Based Access Control(PBAC)model to extend the access tree structure of CP-ABE.Secondly,the scheme adopts the mixed data encryption and decryption algorithm of the symmetric encryption algorithm and the CP-ABE algorithm with extended structure tree,which improves the efficiency of data sharing while ensuring the security and reliability of data resources.At the same time,this scheme uses blockchain technology to realize a distributed access control mechanism,which is different from the traditional centralized management structure.The data sharer uses smart contract technology to store the encrypted symmetric key on the chain and set the effective access time for the resources on the chain.The purpose of the data requesters to access the data and their own attributes must meet the requirements to obtain the symmetric key,and then they obtain the shared data through decryption.Finally,the verification analysis shows that the scheme has certain feasibility,fine granularity and security in terms of secure access control.(2)Aiming at the problems of user dynamic authorization and behavior trust in cloud data sharing,a data sharing scheme based on blockchain and trust evaluation is proposed.Firstly,in order to ensure the secure sharing of private data,the scheme uses the combination of blockchain and attribute encryption,and introduces the trust value attribute into the access strategy of attribute encryption.The data owner formulates the access strategy with trust interval according to the needs to avoid low trust value or unauthorized users from obtaining shared data.Secondly,the process of shared data storage and access is designed in detail.In view of the limited storage capacity on the blockchain,an "off-chain" storage model based on the Inter Planetary File System(IPFS)is adopted.The shared data is stored in the IPFS distributed network,and the hash value of the shared data,the data index address and the ciphertext generated by attribute encryption algorithm are stored on the chain,which effectively relieves the storage pressure of the blockchain and realizes the safe sharing and reliable storage of private data.Then,the user behavior trust evaluation model is designed by using the sliding window mechanism.By constructing the window structure,attenuation factor and penalty factor,the "slow rise and fast fall" of the trust value is realized,which improves the scalability and credibility of the trust evaluation model.Finally,the effectiveness of this scheme is analyzed through experiments.Compared with other schemes,this scheme has certain advantages in data integrity,scalability and dynamic authorization,so it has good applicability in cloud data sharing scenarios. |
