摘要
区块链技术可解决物联网传统访问控制方案中管理集中、数据易丢失等问题,实现分布式、安全性高的访问控制,但容易忽视建立动态灵活的访问控制机制的重要性,当节点被破坏时无法自动捕捉网络的动态信息,并相应地调整其授权策略.本文设计了一种基于属性的物联网访问控制机制,具有辅助授权的信任和声誉系统,提出多维适配算法(MDAA),首先利用一个公有区块链和私有侧链,将敏感信息和公共数据分开存储,服务消费节点注册属性,服务提供节点定义访问门限策略;接着信任和声誉系统逐步量化网络中每个节点的信任和声誉评分,当服务消费节点发起访问请求后,智能合约验证服务消费节点是否满足访问门限策略要求的属性和信任声誉阈值,都满足则获得访问权限;最后依据节点间交互作用定期更新节点的信任和声誉评分,实现动态验证和授权.仿真结果表明,与TARAS算法、DADAC算法相比,MDAA支持双向信任评估,具有较好的算法收敛性,在确保授权安全的同时减少了处理访问控制的延迟,具有适用性.
Blockchain technology can solve the problems of centralized management and easy data loss in the traditional access control scheme of IoT to achieve distributed and high security access control,but it is easy to ignore the importance of establishing a dynamic and flexible access control mechanism such that the dynamic information of the network cannot be captured automatically when its node is damaged and its authorization policy is adjusted accordingly.This paper design an attribute-based access control mechanism for IoT with a trust and reputation system that assists authorization,and a multidimensional adaptation algorithm(MDAA)is proposed.Firstly,a public blockchain and a private sidechain are used to store sensitive information and public data separately,access threshold policies are defined by service consuming nodes register attributes and service providing nodes.Secondly,the trust and reputation system gradually quantifies the trust and reputation scores of each node in the network.when a service consumer node initiates an access request,the smart contract verifies whether the service consumer node satisfies thresholds of the attributes,trust and reputation required by the access threshold policy,the access privileges is available if satisfied.Finally,the trust and reputation scores of nodes are updated periodically based on interactions between nodes to achieve dynamic verification and authorization.Simulation results show that compared with TARAS algorithm and DADAC algorithm,MDAA supports twoway trust evaluation,has better algorithm convergence and reduces the delay in processing access control while ensuring authorization security,which is applicable.
作者
刘云
宋凯
陈路遥
朱鹏俊
LIUYun;SONG Kai;CHEN Lu-Yao;ZHU Peng-Jun(Faculty of Information Engineering and Automation,Kunming University of Science and Technology,Kunming 650500,China)
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2023年第6期129-137,共9页
Journal of Sichuan University(Natural Science Edition)
基金
国家自然科学基金(61761025)
云南省重大科技专项计划项目(202002AD080002)。
关键词
多维适配算法
信任和声誉系统
访问控制
区块链
物联网
Multidimensional adaptation algorithm
Trust and reputation systems
Access control
Blockchain
Internet of things
作者简介
刘云(1973-),男,云南昆明人,副教授,主要从事物联网、区块链和数据处理等研究。E-mail:liuyun@kmust.edu.cn;通讯作者:宋凯.E-mail:1612253143@qq.com。
