Computer Engineering and Applications ›› 2020, Vol. 56 ›› Issue (17): 41-47.DOI: 10.3778/j.issn.1002-8331.2002-0286

Previous Articles     Next Articles

Encrypted Data Sharing Scheme in Cloud Storage Based on Blockchain

LIANG Yanli, LING Jie   

  1. School of Computer, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2020-09-01 Published:2020-08-31

基于区块链的云存储加密数据共享方案

梁艳丽,凌捷   

  1. 广东工业大学 计算机学院,广州 510006

Abstract:

Attribute-Based Encryption(ABE) is an extension of identity-based encryption. Data is encrypted and decrypted under an access policy consisting of attributes. It is usually
used for fine-grained encrypted access control. However, in the traditional ABE encryption scheme, if a third party is dishonest, the key will be leaked, and the security of the system
cannot be guaranteed. In view of the above problems, a cloud storage encrypted data sharing scheme based on blockchain is proposed. The data owner stores the encrypted key in the
blockchain through a smart contract, and adds access time to the data. Only users who meet the access policy and access time can access the data. Since all smart contract calls are
stored in the blockchain, data can be traced. In addition, the existing information is used to partially encrypt the data in advance to improve the encryption efficiency, and the
entire attribute is hidden in the access policy by using an improved bloom filter. Security analysis and experiments show that this solution implements fine-grained access control, and
implements distributed storage through the introduction of blockchain, as well as hidden access policies, while ensuring encryption efficiency and security, it can provide fine-grained
access control.

Key words: attribute-based encryption, blockchain, smart contract, cloud storage

摘要:

基于属性加密(Attribute-Based Encryption,ABE)是基于身份加密的扩展,在属性组成的访问策略下对数据进行加密解密,通常用于细粒度的加密访问控制。然而,在传统的ABE加密方案中,如果第
三方不诚实,密钥将会被泄露,系统的安全将无法保障。针对上述问题,提出一种基于区块链的云存储加密数据共享方案。数据所有者通过智能合约将经过加密的密钥存储在区块链中,并为数据添加访问时间,
满足访问策略与访问时间的用户才能访问数据。由于区块链中存储着所有智能合约的调用,因此实现了数据的可追踪。此外,利用现有信息,对数据预先进行部分加密,以提高加密效率,并通过使用改进过的布
隆过滤器,将整个属性隐藏在访问策略中。安全性分析与实验表明,该方案通过属性基加密,并引进区块链实现分布式存储,以及隐藏访问策略,在保证加密效率和安全性的同时,可提供细粒度的访问控制。