Research On Lightweight Access Control Based On Blockchain In IoT Environment

With the rapid development of the Internet of Things(IoT),the data security of IoT has attracted more and more attention from academia and industry.Access control has always been the core technology to protect data security.However,most of the traditional access control models are based on a central trusted entity and adopt a centralized architecture,which has the disadvantages of single point of failure,low degree of user autonomy and poor system reliability,and can not be directly applied to the IoT.Blockchain technology has the characteristics of decentralization,tamper-proof,programmable distributed services and so on.At present,Blockchain 3.0 has been applied in various industries,including the field of IoT access control.Among them,the programmable feature can outsource some computing tasks to the blockchain,and the non-tamperable feature provides a carrier for the traceability and accountability of data access.Firstly,this paper studies the attribute-based encryption(ABE)access control methods in detail,and improves its important branch—Ciphertext Policy Attribute Based Encryption(CP-ABE),in terms of decryption calculation overhead and ciphertext storage overhead.In the improvement,the computing and storage capabilities of the blockchain are fully integrated.For example,the Blockchain is used to storage the system exposes parameters and data access records,and smart contracts are used to undertake certain computing tasks.Secondly,by improving the existing ABE control method,two lightweight access control methods in the IoT are proposed,which are based on LSSS matrix and "and" gate access structure,respectively.In the first scheme,it is necessary to introduce pre-decryption and smart contract correctness verification to solve the problem of low computing power caused by lightweight terminal equipment of the IoT,in which the Blockchain undertakes the task of verifying the correctness of pre-decryption.The second access control model is based on the "and" gate access structure,and through the idea of "binding attributes",to achieve the constant length of the data ciphertext,which reduces the storage pressure of the terminal equipment of the IoT,in which the Blockchain is used to record the data access records,to achieve the traceability and accountability of data access.Finally,the innovations and limitations of the proposed method are summarized,and look forward to the future research directions,in order to provide more lightweight,secure and efficient access control method for the IoT.