Multi-organization collaborative data sharing scheme with dual authorization

doi:10.11772/j.issn.1001-9081.2023101494

Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (10): 3307-3314.DOI: 10.11772/j.issn.1001-9081.2023101494

• The 40th CCF National Database Conference (NDBC 2023) • Previous Articles

Multi-organization collaborative data sharing scheme with dual authorization

Huan ZHANG¹, Jingyu WANG¹(), Lixin LIU¹^,², Xiaoyu JIANG¹

^1.School of Information Engineering，Inner Mongolia University of Science and Technology，Baotou Inner Mongolia 014010，China
^2.School of Information，Renmin University of China，Beijing 100872，China

Received:2023-11-03 Revised:2023-12-17 Accepted:2023-12-26 Online:2024-10-15 Published:2024-10-10
Contact: Jingyu WANG
About author:ZHANG Huan， born in 1997， M. S. candidate. Her research interests include blockchain， access control， data security.
LIU Lixin， born in 1983， Ph. D. candidate， lecturer. Her research interests include data security and privacy protection， blockchain.
JIANG Xiaoyu， born in 1998， M. S. candidate. His research interests include blockchain， federated learning.
Supported by:
Inner Mongolia Natural Science Foundation(2020MS06009);Key Research and Development and Achievement Transformation Program of Inner Mongolia Autonomous Region(2022YFSH0044);Scientific Research Project of Inner Mongolia Universities and Colleges(NJZY23076);Fundamental Scientific Research Operating Expenses of Colleges and Universities Under Direct Subsidiarity of Inner Mongolia(2022-132)

双重授权的多组织协同数据共享方案

张欢¹, 王静宇¹(), 刘立新¹^,², 姜晓宇¹

^1.内蒙古科技大学信息工程学院，内蒙古包头 014010
^2.中国人民大学信息学院，北京 100872

通讯作者: 王静宇
作者简介:张欢（1997—），女，陕西渭南人，硕士研究生，CCF会员，主要研究方向：区块链、访问控制、数据安全
王静宇（1976—），男，河南开封人，教授，博士，CCF会员，主要研究方向 13734728816@126.com：大数据与信息安全、区块链、访问控制、隐私保护
刘立新（1983—），女，内蒙古通辽人，讲师，博士研究生，CCF会员，主要研究方向：数据安全与隐私保护、区块链
姜晓宇（1998—），男，山东德州人，硕士研究生，CCF会员，主要研究方向：区块链、联邦学习。
基金资助:
内蒙古自然科学基金资助项目(2020MS06009);内蒙古自治区重点研发和成果转化计划项目(2022YFSH0044);内蒙古高等学校科学研究项目(NJZY23076);内蒙古直属高校基本科研业务费资助项目(2022?132)

Abstract

Abstract:

In view of the lack of trust mechanism in the existing multi-organization collaborative data sharing framework， the problems of data privacy and security risks， data consistency and regulatory issues regarding the usage of shared data， with the help of the properties of blockchain， a multi-organization collaborative data sharing scheme with dual authorization was proposed to solve the access problem of collaborative management of shared data between various organizational entities through dual authorization. Firstly， Attribute-Based Access Control （ABAC） technology was utilized to manage shared data using a set of attributes of different organizations to achieve the first layer of authorization and prevent unauthorized access by unauthorized users. Secondly， based on access control， a multi-signature protocol was introduced for the second layer of authorization， regulating the access to shared data of collaborative organizations， thereby enhancing access security. Experimental results show that the when the number of collaborative organizations is 4，the overall time cost of system is 21 s. When the number of collaborative organizations increases to 10， the proposed scheme can still maintain low time overhead， so the proposed scheme can meet the needs of safety and practicability in actual production at the same time.

Key words: blockchain, data sharing, multi-organization collaboration, Attribute-Based Access Control (ABAC), multi-signature

摘要：

针对现有的多组织协同数据共享框架缺乏信任机制，存在数据隐私和安全风险、数据一致性和对共享数据使用的监管问题，借助区块链的特性，提出一种双重授权的多组织协同数据共享方案，通过双重授权方式解决各组织主体之间协同管理共享数据的访问问题。首先，使用基于属性的访问控制（ABAC）技术利用不同组织的一组属性管理共享数据，实现第1层授权，防止未经授权用户的非法访问；其次，基于访问控制，引入多重签名协议进行第2层授权，实现参与协同组织对共享数据访问的监管，提高访问的安全性。实验结果表明，当协同组织数为4时，系统整体时间开销为21 s；当协同组织数增加至10时，所提方案依旧能够保持较低的时间开销。因此所提方案能够同时满足实际生产中安全性和实用性的需求。

关键词: 区块链, 数据共享, 多组织协同, 基于属性的访问控制, 多重签名

CLC Number:

TP309.2

Huan ZHANG, Jingyu WANG, Lixin LIU, Xiaoyu JIANG. Multi-organization collaborative data sharing scheme with dual authorization[J]. Journal of Computer Applications, 2024, 44(10): 3307-3314.

张欢, 王静宇, 刘立新, 姜晓宇. 双重授权的多组织协同数据共享方案[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 3307-3314.

Figures/Tables 13

Fig. 1 Schematic diagram of a case

Tab. 1 Variable symbols and their meanings

符号	含义	符号	含义
$M$	消息	$Z p$	具有模素数p的整数集
$P K ̂$	聚合公钥	$(p k i, s k i)$	签名者i的公私钥对
$s$	聚合签名	$a t t i$	签名者i的属性
$σ$	多重签名	$L a t t$	签名者的属性列表
$L p k$	签名者的公钥集	ℓ	多重签名协议中，输出哈希值的比特长度

Tab. 1 Variable symbols and their meanings

符号	含义	符号	含义
$M$	消息	$Z p$	具有模素数p的整数集
$P K ̂$	聚合公钥	$(p k i, s k i)$	签名者i的公私钥对
$s$	聚合签名	$a t t i$	签名者i的属性
$σ$	多重签名	$L a t t$	签名者的属性列表
$L p k$	签名者的公钥集	ℓ	多重签名协议中，输出哈希值的比特长度

Fig. 2 System model

Fig. 3 Process of access authorization

Fig. 4 Access control tree

Fig. 5 Validation process of smart contract

Tab. 2 Performance analysis comparison of different schemes

方案	细粒度访问控制	多方管理	数据一致性	安全性
文献［14］方案	×	√	√	×
文献［17］方案	√	×	×	×
文献［20］方案	×	×	×	×
本文方案	√	√	√	√

Tab. 3 Account address

账户序号	账户
1	0x55C8b0304bD4Fd7e5F68560EBAa87800119f18dF
2	0x5477fFACE1A1cBA4b3A51CcFe8689d8457F7B081
3	0x491F0096d54E78fdc0c9cDdD7fa4795491E020b7
4	0x0ABCb24405FA2D05a0e2d9dD2c586E55E48a1E9B
5	0x277Ba22D9b4272a3a408880479945a2E0a92008B
6	0xB8219A35516D62E2A3b9362bB2Aeb792FC4d6793
7	0xe97c4F08Df9bbbdE7D2eAbc68f8710313Ad7B0B8
8	0x2432871383F88684dC811189C65F68a6ca79e9f7
9	0xb69dbD73b9F25fd5764e7888392bFccb0f5Ad37C
10	0x433caFB2Ab00BD0c2FB37b8923B41fBb9232468D

Fig. 6 Authorization results of access policy

Tab. 4 Cost test results of smart contract

操作	GAS	ETH
部署合约	5 250 988	0.018 239 17
添加属性	205 756	0.000 776 78
添加策略	498 111	0.001 245 28
验证智能合约	3 697 562	0.009 243 91
返回结果	310 415	0.000 776 03

Fig. 7 Time consumption of on-chain smart contract

Fig. 8 Time consumption of MuSig aggregation

Fig. 9 Average time delay of processing requests

References 28

1	LI T， ZHANG J， SHEN Y， et al. Hierarchical and multi-group data sharing for cloud-assisted industrial internet of things［J］. IEEE Transactions on Services Computing， 2023， 16（5）： 3425-3438.
2	PACI F， SQUICCIARINI A， ZANNONE N. Survey on access control for community-centered collaborative systems［J］. ACM Computing Surveys （CSUR）， 2018， 51（1）： 1-38.
3	张今，顾复，顾新建，等.基于区块链的多价值链协同数据共享方法［J/OL］.计算机集成制造系统：1-24（2022-07-15）［2023-12-15］. .
	ZHANG J， GU F， GU X J， et al. Blockchain-based data sharing method for multi-value chain collaboration ［J/OL］. Computer Integrated Manufacturing System：1-24 （2022-07-15）［2023-12-15］. .
4	JAIN M， JAILIA M. Blockchain-based data sharing approach considering educational data［J］. International Journal of Information Security and Privacy， 2022， 16（1）： 1-20.
5	ZHENG Q， GUO B， HU Y， et al. A secure and trusted data sharing scheme based on blockchain for government data［C］// Proceedings of the 2022 IEEE 24th International Conference on High Performance Computing and Communications. Piscataway： IEEE， 2022： 936-942.
6	LIANG X， ZHAO J， SHETTY S， et al. Integrating blockchain for data sharing and collaboration in mobile healthcare applications［C］// Proceedings of the 2017 IEEE 28th Annual International Symposium on Personal， Indoor， and Mobile Radio Communications. Piscataway： IEEE， 2017： 1-5.
7	SU Q， ZHANG R， XUE R， et al. An efficient traceable and anonymous authentication scheme for permissioned blockchain［C］// Proceedings of the 26th International Conference on Web Services. Cham： Springer， 2019： 110-125.
8	TAO Q， CHEN Q， DING H， et al. Cross-department secures data sharing in food industry via blockchain-cloud fusion scheme［J］. Security and Communication Networks， 2021， 2021： 6668339.
9	ZHANG Y， LUO Y， CHEN X， et al. A lightweight authentication scheme based on consortium blockchain for cross-domain IoT［J］. Security and Communication Networks， 2022， 2022： 9686049.
10	BAI L， FAN K， BAI Y， et al. Cross-domain access control based on trusted third-party and attribute mapping center［J］. Journal of Systems Architecture， 2021， 116： 101957.
11	JENIFA M， AMBIKA K. Enabling secure data sharing scheme in cloud storage group by verify using third party authentication［J］. International Journal of Research in Engineering， Science and Management， 2020， 3（7）： 29-35.
12	DEVRIENDT T， SHABANI M， BORRY P. Policies to regulate data sharing of cohorts via data infrastructures： an interview study with funding agencies［J］. International Journal of Medical Informatics， 2022， 168： 104900.
13	WANG R. Research on development method of application system based on blockchain［J］. International Journal of New Developments in Engineering and Society， 2019， 3（1）： 1901.
14	GAI K， SHE Y， ZHU L， et al. A blockchain-based access control scheme for zero trust cross-organizational data sharing［J］. ACM Transactions on Internet Technology， 2023， 23（3）： Article No. 38.
15	LI Y， DU Z， FU Y， et al. Role-based access control model for inter-system cross-domain in multi-domain environment［J］. Applied Sciences， 2022， 12（24）： 13036.
16	GHAZAL R， MALIK A K， RAZA B， et al. Agent-based semantic role mining for intelligent access control in multi-domain collaborative applications of smart cities［J］. Sensors， 2021， 21（13）： 4253.
17	蒋家昊，张璇，邓宏镜，等.基于区块链的多部门数据共享访问控制流程建模［J］.计算机集成制造系统，2022，28（10）：3202-3211.
	JIANG J H， ZHANG X， DENG H J， et al. Multi-department data sharing access control scheme on block chain［J］. Computer Integrated Manufacturing System， 2022， 28（10）： 3202-3211.
18	ISLAM M A， MADRIA S K. Attribute-based encryption scheme for secure multi-group data sharing in cloud［J］. IEEE Transactions on Services Computing， 2022， 15（4）： 2158-2172.
19	HAN D， PAN N， LI K-C. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection［J］. IEEE Transactions on Dependable and Secure Computing， 2020， 19（1）： 316-327.
20	HUANG H， CHEN X F， WANG J F. Blockchain-based multiple groups data sharing with anonymity and traceability［J］. SCIENCE CHINA Information Sciences， 2020， 63（3）： 130101.
21	WANG H， ZHENG Z， XIE S， et al. Blockchain challenges and opportunities： a survey［J］. International Journal of Web and Grid Services， 2018， 14（4）： 352-375.
22	邵奇峰，金澈清，张召，等.区块链技术：架构及进展［J］.计算机学报，2018，41（5）：969-988.
	SHAO Q F， JIN C Q， ZHANG Z， et al. Blockchain： architecture and research process［J］. Chinese Journal of Computers， 2018， 41（5）： 969-988.
23	DEEBAK B D， AL-TURJMAN F. Privacy-preserving in smart contracts using blockchain and artificial intelligence for cyber risk measurements［J］. Journal of Information Security and Applications， 2021， 58（14）： 102749.
24	PRINCE P B， LOVESUM S P J. Privacy enforced access control model for secured data handling in cloud-based pervasive health care system［J］. SN Computer Science， 2020， 1（5）： Article No. 239.
25	HU V C， FERRAIOLO D， KUHN R， et al. Guide to Attribute Based Access Control （ABAC） definition and considerations： NIST Special Publication 800-172 ［S/OL］. National Institute of Standards and Technology ［2023-10-01］. .
26	XUE K， GAI N， HONG J， et al. Efficient and secure attribute-based access control with identical sub-policies frequently used in cloud storage［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（1）： 635-646.
27	MAXWELL G， POELSTRA A， SEURIN Y， et al. Simple schnorr multi-signatures with applications to Bitcoin［J］. Designs， Codes and Cryptography， 2019， 87： 2139-2164.
28	SCHNORR C P. Efficient signature generation by smart cards［J］. Journal of Cryptology 1991， 4（3）： 161-174.

[1]	Tingwei CHEN, Jiacheng ZHANG, Junlu WANG. Random validation blockchain construction for federated learning [J]. Journal of Computer Applications, 2024, 44(9): 2770-2776.
[2]	Xiaoling SUN, Danhui WANG, Shanshan LI. Dynamic ciphertext sorting and retrieval scheme based on blockchain [J]. Journal of Computer Applications, 2024, 44(8): 2500-2505.
[3]	He HUANG, Yu JIN. Cloud data auditing scheme based on voting and Ethereum smart contracts [J]. Journal of Computer Applications, 2024, 44(7): 2093-2101.
[4]	Baoyan SONG, Junxiang DING, Junlu WANG, Haolin ZHANG. Consortium blockchain modification method based on chameleon hash and verifiable secret sharing [J]. Journal of Computer Applications, 2024, 44(7): 2087-2092.
[5]	Jiao LI, Xiushan ZHANG, Yuanhang NING. Blockchain sharding method for reducing cross-shard transaction proportion [J]. Journal of Computer Applications, 2024, 44(6): 1889-1896.
[6]	Meihong CHEN, Lingyun YUAN, Tong XIA. Data classified and graded access control model based on master-slave multi-chain [J]. Journal of Computer Applications, 2024, 44(4): 1148-1157.
[7]	Lipeng ZHAO, Bing GUO. Blockchain consensus improvement algorithm based on BDLS [J]. Journal of Computer Applications, 2024, 44(4): 1139-1147.
[8]	Gaimei GAO, Jin ZHANG, Chunxia LIU, Weichao DANG, Shangwang BAI. Privacy protection scheme for crowdsourced testing tasks based on blockchain and CP-ABE policy hiding [J]. Journal of Computer Applications, 2024, 44(3): 811-818.
[9]	Sunjie YU, Hui ZENG, Shiyu XIONG, Hongzhou SHI. Incentive mechanism for federated learning based on generative adversarial network [J]. Journal of Computer Applications, 2024, 44(2): 344-352.
[10]	Haifeng MA, Yuxia LI, Qingshui XUE, Jiahai YANG, Yongfu GAO. Attribute-based encryption scheme for blockchain privacy protection [J]. Journal of Computer Applications, 2024, 44(2): 485-489.
[11]	Yiting WANG, Wunan WAN, Shibin ZHANG, Jinquan ZHANG, Zhi QIN. Linkable ring signature scheme based on SM9 algorithm [J]. Journal of Computer Applications, 2024, 44(12): 3709-3716.
[12]	Deyuan LIU, Jingquan ZHANG, Xing ZHANG, Wunan WAN, Shibin ZHANG, Zhi QIN. Cross-chain identity authentication scheme based on certificate-less signcryption [J]. Journal of Computer Applications, 2024, 44(12): 3731-3740.
[13]	Keshuo SUN, Haiying GAO, Yang SONG. Multi-authority attribute-based encryption scheme for private blockchain over public blockchain [J]. Journal of Computer Applications, 2024, 44(12): 3699-3708.
[14]	Peng FANG, Fan ZHAO, Baoquan WANG, Yi WANG, Tonghai JIANG. Development， technologies and applications of blockchain 3.0 [J]. Journal of Computer Applications, 2024, 44(12): 3647-3657.
[15]	Yifan WANG, Shaofu LIN, Yunjiang LI. Highway free-flow tolling method based on blockchain and zero-knowledge proof [J]. Journal of Computer Applications, 2024, 44(12): 3741-3750.

Multi-organization collaborative data sharing scheme with dual authorization

双重授权的多组织协同数据共享方案

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 28

Related Articles 15

Recommended Articles

Metrics