Research On Access Control For Consortium Blockchain Applications Based On K-anonymity And PBFT

Consortium blockchain,as one of the application modes of blockchain technology,mainly builds to achieve the sharing of transaction data between enterprises and widely uses in access control.The existing attribute based access control schemes store user attributes and access control policies in plaintext on the consortium blockchain to ensure the transparency of permissions.However,semi-honest nodes in the consortium blockchain may analyze and mine user sensitive information,posing a huge threat to user privacy and security.To solve the above problems,the researches on access control based on attribute encryption store user attributes,access control policies,and other permission related information in ciphertext on the consortium blockchain,but there are problems such as low data utility and permission vulnerabilities.At the same time,considering that the behavior of malicious nodes in the consortium blockchain is difficult to predict.During the entire process of access authorization,malicious nodes interference with user permission judgments,affecting their access to resources.In view of this,the paper studies CP-ABE access control in consortium blockchain applications based on k-anonymity and PBFT,further improving the rationality of access control policies and the credibility of access authorization,and promoting the development and application of consortium blockchain.The main work and results are summarised as follows:(1)A k-anonymity based consortium blockchain user data utility optimization method proposes to solve the problems of low user data utility,permission vulnerabilities,and semi-honest nodes leaking user privacy in access control.Firstly,the paper designs the workflow of a distributed anonymizer based on a distributed consistency algorithm.Secondly,a minimum information loss k-anonymity model constructs based on MILP,and the CPLEX solver uses to solve the model.Then,to address the shortcomings of the k-anonymity model,the paper designs a k-anonymity optimization algorithm.Finally,the k-anonymous optimization algorithm and the CPLEX solving model experimentally compare with existing methods.The results show that under the same privacy constraints,the average information loss of the k-anonymous optimization algorithm is smaller,which is consistent with the overall results of the CPLEX solving model.It has good data utility and provides data support for formulating highly available access control strategies.(2)A PBFT based consortium blockchain application access control scheme proposes to solve the problem of malicious nodes affecting access authorization in access control.Firstly,the paper develops access control policies based on anonymous user data.Secondly,the paper uses the encryption algorithm of CP-ABE to encrypt access control policies and data attributes,and stores the ciphertext on the consortium blockchain.Then,based on the PBFT algorithm,the paper executes the access authorization process,decrypts the ciphertext using the CP-ABE decryption algorithm,and verifies the decryption results.Finally,the paper designs access control management functions and smart contracts.(3)A kiwifruit traceability consortium blockchain application access control system implements to solve the problem of insufficient integration of access control with practical application scenarios and consortium blockchain characteristics.Firstly,the paper selects the open-source project Hyperledger Fabric to build the consortium blockchain network architecture.Secondly,the business data from the entire industry chain of kiwifruit traceability uses as a resource for end users to access,and the functions of access control strategy formulation and access authorization trusted verification test in different consortium blockchain environments.Finally,Hyperledger Caliper uses to test the ciphertext query performance of blockchain networks.The test results show that when the number of malicious nodes in the accounting node is less than 1/3 of the total number of nodes,the system can operates normally and has good availability and fault tolerance.When the transaction sending rate varies between 100 and 1500 TPS,the transaction throughput of ledger queries tends to stabilize after the transaction sending rate reaches300 TPS,and the average latency tends to stabilize after the transaction sending rate reaches400 TPS,meeting the performance requirements of consortium blockchain application systems and providing a new perspective for access control research in consortium blockchain applications.The k-anonymity based data utility optimization method in the paper provides user attribute information with high data utility for PBFT based access control schemes,facilitating the development of highly available access control strategies.The access control scheme based on PBFT provides a detailed design for the kiwifruit traceability application access control system,improving the security of the system.The kiwifruit traceability application access control system has verified the feasibility of data utility optimization methods and access control schemes...