《计算机应用》唯一官方网站 ›› 2022, Vol. 42 ›› Issue (7): 2104-2111.DOI: 10.11772/j.issn.1001-9081.2021040626

• 网络空间安全 • 上一篇    

基于区块链与边缘计算的物联网访问控制模型

张杰1, 许姗姗1,2, 袁凌云1,3()   

  1. 1.云南师范大学 信息学院,昆明 650500
    2.教育部西部资源环境地理信息技术教育部工程研究中心(云南师范大学),昆明 650500
    3.教育部民族教育信息化教育部重点实验室(云南师范大学),昆明 650500
  • 收稿日期:2021-04-20 修回日期:2021-07-21 接受日期:2021-08-05 发布日期:2022-07-15 出版日期:2022-07-10
  • 通讯作者: 袁凌云
  • 作者简介:张杰(1997—),男,安徽芜湖人,硕士研究生,主要研究方向:物联网安全、区块链、访问控制、边缘计算
    许姗姗(1994—),女,河南驻马店人,硕士研究生,主要研究方向:湖泊表面水温、传感器;
  • 基金资助:
    国家自然科学基金资助项目(61561055);云南省基础研究专项(202101AT070098);云南省万人计划青年拔尖人才项目;云南师范大学研究生创新基金资助项目(ysdyjs2020148)

Internet of things access control model based on blockchain and edge computing

Jie ZHANG1, Shanshan XU1,2, Lingyun YUAN1,3()   

  1. 1.School of Information Science and Technology,Yunnan Normal University,Yunnan Kunming 650500,China
    2.GIS Technology Research Center of Resource and Environment in Western China,Ministry of Education (Yunnan Normal University),Yunnan Kunming 650500,China
    3.Key Laboratory of Educational Information for Nationalities,Ministry of Education (Yunnan Normal University),Yunnan Kunming 650500,China
  • Received:2021-04-20 Revised:2021-07-21 Accepted:2021-08-05 Online:2022-07-15 Published:2022-07-10
  • Contact: Lingyun YUAN
  • About author:ZHANG Jie, born in 1997, M. S. candidate. His research interests include internet of things security, blockchain, access control, edge computing.
    XU Shanshan, born in 1994, M. S. candidate. Her research interests include lake surface water temperature, sensor.
  • Supported by:
    National Natural Science Foundation of China(61561055);Yunnan Fundamental Research Program(202101AT070098);Young Talent Program of Yunnan Ten Thousand People Project, Graduate Innovation Fund of Yunnan Normal University(ysdyjs2020148)

摘要:

边缘计算的出现扩展了物联网(IoT)云-终端架构的范畴,在减少终端设备海量数据的传输和处理时延的同时也带来了新的安全问题。针对IoT边缘节点与海量异构设备间的数据安全和管理问题,并考虑到目前区块链技术广泛应用于分布式系统中数据的安全管理,提出基于区块链与边缘计算的IoT访问控制模型SC-ABAC。首先,提出集成边缘计算的IoT访问控制架构,并结合智能合约和基于属性的访问控制(ABAC)提出并设计了SC-ABAC;然后,给出工作量证明(PoW)共识算法的优化和SC-ABAC的访问控制管理流程。实验结果表明,所提模型对区块连续访问下的耗时随次数呈线性增长,连续访问过程中央处理器(CPU)的利用率稳定,安全性良好。本模型下仅查询过程存在调用合约的耗时随次数呈线性增长,策略添加和判断过程的耗时均为常数级,且优化的共识机制较PoW每100块区块共识耗时降低约18.37个百分点。可见,该模型可在IoT环境中提供去中心化、细颗粒度和动态的访问控制管理,并可在分布式系统中更快达成共识以确保数据一致性。

关键词: 物联网, 边缘计算, 区块链, 访问控制, 属性访问, 签名认证

Abstract:

The emergence of edge computing has expanded the scope of Internet of Things (IoT) cloud-terminal architecture. With the reduction of transmission and processing delays of massive data on terminal devices, it also brings new security issues. Aiming at the problem of data security and management issues between edge nodes of IoT and massive heterogeneous devices, and considering that blockchain technology is widely used in the security management of data in distributed systems, an IoT access control model Smart Contract for Attribute-Based Access Control (SC-ABAC) was proposed based on blockchain and edge computing. Firstly, an IoT access control architecture integrated with edge computing was proposed, and by combining smart contracts with Attribute-Based Access Control (ABAC), SC-ABAC was proposed and designed. Then, the optimization of Proof of Work (PoW) consensus algorithm and the access control management flow of SC-ABAC were given. Experimental results show that the time consumed by the proposed model increases linearly with the number of times under continuous access to the block, the Central Processing Unit (CPU) utilization rate is stable, and the CPU security is good during the continuous access process. In this model, the time consumption of calling contracts in the query process only increases linearly with the times, and the time consumptions of the strategy addition and judgment process are both constant. And the optimized consensus mechanism has about 18.37 percentage points less time consumption than PoW consensus per 100 blocks. Therefore, the proposed model can provide decentralized, fine-grained and dynamic access control management in the IoT environment, and can reach consensus faster in a distributed system to ensure data consistency.

Key words: Internet of Things (IoT), edge computing, blockchain, access control, attribute access, signature authentication

中图分类号: