Research On Multilevel Authentication And Access Control Based On Smart Contract And Zero Knowledge Proof

With the development of computer technology and applications,people pay more attention to the integrity,confidentiality and availability of systems and files.As a security protection technology,access control has been applied to various fields and it can effectively prevent unauthorized access to resources by illegal users.The traditional access control has shortcomings such as poor flexibility and low efficiency,and the role-based access control and attribute-based access control proposed later rely on a centralized entity to make access control decisions,which also brings a potential single point of failure.As a platform with certain storage and computing capabilities,the blockchain can well resist the single point of failure problem due to its distributed nature.The blockchain-based access control has attracted the attention of researchers.Most of the previous researchers implemented the existing access control model on the blockchain,or used the smart contracts to store the access policy agreed between the subject and the resource owner,and judged the validity of the request by querying the policy,but the latter only support one-to-one access.When the number of IoT devices is large,frequent interactions between devices will increase the complexity of the system.In this thesis,we design a lightweight access control scheme based on multilevel authentication that supports many-to-many access and low interaction frequency between devices on the blockchain.Meanwhile,we design the authentication schemes which are suitable for the blockchain environment.The details are as follows:1.Access control strategy based on multilevel authentication.In order to support many-to-many access and reduce the interaction between subjects and resource owners,this thesis uses the smart contract to implement access strategy based on multilevel authentication.The domain owner sets the security level and the corresponding authentication method for each level.The access requester can only access the resources under this level after passing the security authentication of the corresponding level.After the scheme is deployed on the blockchain,multiple pairs of subjects and resource owners do not need to interact,but only need to conduct low-frequency interactions with smart contracts to complete authentication or registration of resources.At the same time,in order to prevent malicious users from making frequent requests,the scheme designs a reasonable attack detection and malicious request punishment module.2.Applicable authentication scheme under blockchain.In the blockchain environment,the deployed smart contract source code and the transaction content of calling contract functions are publicly viewable.We first use the signature verification method to optimize password-based authentication.Secondly,the role is used as an attribute,and the role-based authentication is used to support cross-domain operations.Finally,the authentication based on non-interactive zero-knowledge proof is used to achieve zero leakage of authentication information,and the authentication function in the zeroknowledge proof is optimized and restricted.3.We implement the above authentication methods and access control scheme using smart contracts,conduct experiments on the laptop and Raspberry Pi to verify the feasibility of the scheme,and count the cost of specific operations and the response time of each operation.The experimental results show that,except that the response speed of the first access request is comparable to that of the previous theses,the response speed of subsequent access requests is about 3 times faster than that of other schemes using Raspberry Pi deployment.