摘要
频繁的数据交互与共享是工业物联网的典型特点之一。密文策略的属性加密(ciphertext-policy attribute-based encryption,CP-ABE)为数据交互与共享提供了安全的保障。然而基于单链的CP-ABE算法未将数据和属性进行隔离,链式结构的持续延伸导致数据共享与属性撤销效率低。为解决上述问题,提出一种基于双联盟链的工业物联网数据共享架构。该架构中的双链由属性联盟链和数据联盟链组成,通过两条联盟链分别将属性权限和数据存储独立管理,解决单链CP-ABE方案中属性和数据未分离问题。在属性联盟链中提出属性单向哈希链,解决属性批量撤销困难的问题。同时,采用链上链下协同存储机制存储共享数据,缓解单一区块链的存储压力。最后基于FISCO BCOS平台实现了上述的双联盟链架构。
Frequent data interaction and sharing were identified as typical characteristics of the Industrial Internet of Things(IIoT).Ciphertext-Policy Attribute-Based Encryption(CP-ABE)was recognized as providing a secure foundation for data interaction and sharing.However,traditional CP-ABE schemes based on a single blockchain were found to lack isolation between data and attributes,and the continuous expansion of the chain structure resulted in low efficiency in both data sharing and attribute revocation.To address these issues,a data sharing architecture for IIoT based on a dual consortium chain was proposed.In this architecture,the dual chain consisted of an attribute consortium chain and a data consortium chain,which independently managed attribute permissions and data storage,respectively,thereby resolving the inseparability of attributes and data inherent in single-chain CP-ABE schemes.Within the attribute consortium chain,an attribute one-way hash chain was introduced to overcome the challenges associated with batch attribute revocation.Additionally,a collaborative on-chain and off-chain storage mechanism was adopted to store shared data,alleviating the storage burden on any single blockchain.Finally,the described dual consortium chain architecture was implemented using the FISCO BCOS platform.
作者
李晓伟
张维江
段文钰
何远
杨邓奇
杨毅宇
LI Xiaowei;ZHANG Weijiang;DUAN Wenyu;HE Yuan;YANG Dengqi;YANG Yiyu(School of Mathematics and Computer Science,Dali University,Dali 671003,China)
出处
《网络与信息安全学报》
2025年第4期73-85,共13页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(62262001)
云南省兴滇人才计划项目(XDYC-QNRC-2022-0137)。
关键词
工业物联网
数据共享
双联盟链
属性单向哈希链
属性加密
industrial IoT
data sharing
dual consortium chain
unidirectional hash chain of attributes
attributebased encryption
