基于智能合约的日志安全存储与公平访问方法

doi:10.3969/j.issn.1671-1122.2022.07.004

摘要/Abstract

摘要：

当前信息系统存在日志数据易被篡改、伪造和删除的安全风险及未授权访问等问题。现有日志存储与访问研究方法大多利用可搜索加密技术实现,虽然实现了敏感日志数据的加密存储,但缺乏对密文搜索过程的公平性和密文数据访问权限控制等问题的研究。针对以上问题,文章设计了一种基于智能合约的日志安全存储与公平访问方法。智能合约作为可搜索加密过程的参与方,执行搜索陷门的对比和密文搜索结果的验证,从而无需第三方实体即可验证密文搜索过程的正确性,同时利用押金机制保障搜索过程中数据使用者与云服务器之间的公平支付。该方法将基于角色的访问控制策略嵌入可搜索加密过程,通过角色公钥与实体身份公钥的一对多映射,将可搜索加密扩展至多对多模式,同时实现了日志密文数据的授权访问。安全性分析和实验表明,该方法可以满足日志数据存储的完整性和机密性要求,通过智能合约和押金机制保证密文搜索过程的公平性与正确性,通过基于角色的访问控制避免数据的未授权访问。

关键词: 智能合约, 可搜索加密, 安全存储, 公平支付, 访问控制

Abstract:

Current information systems face security risks such as log data being easily tampered, forged and deleted, as well as unauthorized access to data. The existing research methods of log storage and access mostly use searchable encryption technology. Although the encrypted storage of sensitive log data is realized, there is a lack of research on the fairness of the ciphertext retrieval process and the control of ciphertext access rights. Aiming at the above research problems, this paper designed a method for secure storage and fair access of logs based on smart contracts. As a participant in the searchable encryption process, the smart contract performed the comparison of search trapdoors and the verification of ciphertext search results, so that the correctness of ciphertext search process could be verified without a third-party entity. At the same time, the deposit mechanism was used to ensure fair payment between data users and cloud storage servers during the search process. In this method, the role-based access control policy was embedded in the searchable encryption process. Through the one-to-many mapping between the role public key and the entity identity public key, the searchable encryption was extended to the many-to-many mode, and the authorized access of the log ciphertext data was realized. Experiments and analyses show that this method can meet the requirements of integrity and confidentiality of log data storage, ensure fairness and correctness of ciphertext retrieval process through smart contract and deposit mechanism, and avoid unauthorized access of data through role-based access control.

Key words: smart contract, searchable encryption, secure storage, fair payment, access control

中图分类号:

TP309

王健, 黄俊. 基于智能合约的日志安全存储与公平访问方法[J]. 信息网络安全, 2022, 22(7): 27-36.

WANG Jian, HUANG Jun. Smart Contract-Based Log Secure Storage and Fair Access Method[J]. Netinfo Security, 2022, 22(7): 27-36.

图/表 11

图1

表1

表2

图2

图3

图4

表3

图5

图6

图7

图8

参考文献 15

[1]	LIAO Xiangke, LI Shanshan, DONG Wei, et al. Survey on Log Research of Large Scale Software System[J]. Journal of Software, 2016, 27(8): 1934-1947.
	廖湘科, 李姗姗, 董威, 等. 大规模软件系统日志研究综述[J]. 软件学报, 2016, 27(8):1934-1947.
[2]	WANG Cong, REN Kui, LOU Wenjing, et al. Toward Publicly Auditable Secure Cloud Data Storage Services[J]. IEEE Network, 2010, 24(4): 19-24. doi: 10.1109/MNET.2010.5510914 URL
[3]	DO H G, NG W K. Blockchain-Based System for Secure Data Storage with Private Keyword Search[C]// IEEE. 2017 IEEE World Congress on Services(SERVICES). New York: IEEE, 2017: 90-93.
[4]	POURMAJIDI W, MIRANSKYY A. Logchain: Blockchain-Assisted Log Storage[C]// IEEE. IEEE 11th International Conference on Cloud Computing(CLOUD). New York: IEEE, 2018: 978-982.
[5]	LV Jianfu, LAI Yingxu, LIU Jing. Log Security Storage and Retrieval Based on Combination of on-Chain and off-Chain[J]. Computer Science, 2020, 47(3): 298-303.
	吕建富, 赖英旭, 刘静. 基于链上链下相结合的日志安全存储与检索[J]. 计算机科学, 2020, 47(3):298-303.
[6]	BONEH D, CRESCENZO G D, OSTROVSKY R, et al. Public Key Encryption with Keyword Search[C]// Springer. International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2004: 506-522.
[7]	LI Huige, TIAN Haibo, ZHANG Fangguo, et al. Blockchain-Based Searchable Symmetric Encryption Scheme[J]. Computers & Electrical Engineering, 2019, 73: 32-45.
[8]	DU Ruizhong, TAN Ailun, TIAN Junfeng. Public Key Searchable Encryption Scheme Based on Blockchain[J]. Journal on Communications, 2020, 41(4): 114-122.
	杜瑞忠, 谭艾伦, 田俊峰. 基于区块链的公钥可搜索加密方案[J]. 通信学报, 2020, 41(4): 114-122.
[9]	CHEN Lanxiang, LEE W K, CHANG C C, et al. Blockchain Based Searchable Encryption for Electronic Health Record Sharing[J]. Future Generation Computer Systems, 2019, 95: 420-429. doi: 10.1016/j.future.2019.01.018 URL
[10]	AZARIA A, EKBLAW A, VIEIRA T, et al. Medrec: Using Blockchain for Medical Data Access and Permission Management[C]// IEEE. 2nd International Conference on Open and Big Data(OBD). New York:IEEE, 2016: 25-30.
[11]	FERRAIOLO D, CUGINI J, KUHN D R. Role-Based Access Control(RBAC): Features and Motivations[EB/OL]. [2021-12-11]. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916537.
[12]	DING Yi, JIN Jun, ZHANG Jinglun, et al. SC-RBAC: A Smart Contract Based RBAC Model for DApps[C]// Springer. International Conference on Human Centered Computing. Heidelberg: Springer, 2019: 75-85.
[13]	ZHANG Liang, ZHANG Hanlin, YU Jia, et al. Blockchain-Based Two-Party Fair Contract Signing Scheme[J]. Information Sciences, 2020, 535(11): 142-155. doi: 10.1016/j.ins.2020.05.054 URL
[14]	YANG Yang, LIN Hongrui, LIU Ximeng, et al. Blockchain-Based Verifiable Multi-Keyword Ranked Search on Encrypted Cloud with Fair Payment[J]. IEEE Access, 2019, 7: 140818-140832. doi: 10.1109/ACCESS.2019.2943356
[15]	YAN Xixi, YUAN Xiaohan, TANG Yongli, et al. Verifiable Attribute-Based Searchable Encryption Scheme Based on Blockchain[J]. Journal on Communications, 2020, 41(2): 187-198.
	闫玺玺, 原笑含, 汤永利, 等. 基于区块链且支持验证的属性基搜索加密方案[J]. 通信学报, 2020, 41(2):187-198.

符号	含义
$file$	日志明文数据
$file'$	解密后的日志明文数据
$\lambda $,$par$	公共密钥参数
$(p{{k}_{o}},s{{k}_{o}})$	DOs的角色公私密钥对
$(p{{k}_{u}},s{{k}_{u}})$	DUs的角色公私密钥对
$(p{{k}_{ido}},s{{k}_{ido}})$	DO的身份公私密钥对
$(p{{k}_{idu}},s{{k}_{idu}})$	DU的身份公私密钥对
$k$	加密文件的对称密钥
$Cfile$	对日志数据file加密后的密文
$Cfile'$	查询到的密文数据
$location$	CSP中密文存储的索引位置
$Index$	密文文件索引
$W$	关键词集合
$W'$	感兴趣的关键词集合
$CTkeyword$	关键词密文
$Sfile$	日志文件签名

符号	描述
$\$offer$	搜索单价
$\$deposit$	押金
$\$CSP$	CSP账户余额
$\$user$	DU账户余额
$\$balance$	押金账户余额
gasPrice	燃料单价
$\$cost$	一次搜索的实际花费
gasLimit	预估花费的最大燃料数量
gasUsed	实际花费的燃料数量

方法	完整性	机密性	访问控制	公平性	扩展性
文献[4,5]	√	×	×	×	×
文献[6-8]	√	√	×	×	×
文献[9,10]	√	√	√	×	×
本文方法	√	√	√	√	√