Abstract
The heterogeneous access control information scattered around different organizations or units is difficult to be gathered and audited, however, easy to be maliciously tampered. Aiming at the problems, this paper presents a blockchain-based storage scheme to store access control information, which can protect information privacy and facilitate the audit work. This is achieved by exploiting consortium blockchain, cryptography technology. Based on the scheme, we define the format of Access Control Record (ACR), design upload and download protocols, and realize the signature and encryption process for ACRs in a simulation environment. Theoretical analyses demonstrate that the proposed storage scheme needs lower storage cost and has higher efficiency compared with existing schemes, and can resist typical malicious attacks effectively.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Generally, the access control information produced by application systems is stored and managed by respective organization or unit separately, which bring great troubles for information collection and audit. Besides, the access control information from different applications often has different formats, which also bring burdens to audit works. In addition, from the security perspective, the scattered access control information has a greater security risk.
Blockchain has the characteristics of persistency, immutability and auditability. Owing to its advantages, blockchain technology is applied to access control fields in literatures [2,3,4,5,6,7]. These literatures treat the blockchain as a credible storage entity to store access control rights or access control polices, or make it provide trusted computing as well as information storage, in which smarts contracts are utilized to authenticate visitors, verify access rights or access behaviors. Whatever the case, these literatures mainly focus on the security related to access control policies or access control models. Obviously these researches have different motivations from ours, but they give us good ideas to solve our problems.
Blockchain uses a universal ledger, and every node in the blockchain has the same one. That means the data stored in blockchain is maintained by all nodes. If the information in one node is tampered or destroyed, data authenticity cannot be affected, unless over 51% nodes are tampered. Since the distributed ledger in blockchain is tamper-resistant and strongly anti-attack, the blockchain network is very suitable for storing the access control information. Blockchain is divided into three types: public, private and consortium blockchain. Compared with the first two types, consortium blockchain can provide higher security for access control information, and is suitable for centralized and unified information supervision of administrative agency.
Unfortunately, the data stored in blockchain is often in plaintext. when an unauthorized intruder gets the access control information, he can easily analyze someone’s behaviors and working habits. The intrusion may lead to disastrous consequences, especially when the stolen information is related to important persons.
Aiming at the problems, we propose an ACR storage scheme based on consortium blockchain to ensure information reality and validity by using the auditability and immutability of blockchain technology, and preserve information privacy by using identity authentication and confidentiality mechanisms.
2 Related Work
2.1 Blockchain and Access Control
Blockchain technology uses distributed and decentralized computing and storage architecture, which solves the security problems caused by trust-based centralized model, and avoids data to be traced or tampered. At present, the researches on blockchain technology mainly focus on computing and storage power, furthermore, they can be classified into three types: only considering the security storage, only using the trusted computing capability, and combination of both [1].
For the researches and applications involving with access control and blockchain technology, a common approach is that a blockchain is regarded as a trusted entity to save access control policies and provide trusted computing through smart contracts.
Zhang Y et al. proposed an access control scheme based on Ethereum smart contracts which are responsible for checking the behaviours of the subject, and determine whether to authorize the access request according to predefined access control policies and dynamic access right validation [2]. Damiano et al. introduced blockchain to save access control policies, instead of traditional relational database [3]. Alansari et al. used blockchain to store access control policies, and utilize blockchain and trusted hardware to protect the policies [4, 5]. Liu H et al. presented an access control mechanism based on the hyper ledger, in which the policy contract provides access control polices for admin users, the access contract implements an access control method for normal users [6]. Wang et al. proposed a model for data access control and an algorithm based on blockchain technology. The model was divided into five layers, in which the contract layer provides smart contract services with major function of offering access control polices [7]. Only the accounts that meet specific attributes or levels are permitted to access data. Zhang et al. proposed a EMR (Electronic Medical Record) access control scheme based on blockchain, which uses smart contracts to implement access control policies. Only the users with permissions can access data [8].
The above studies mainly focus on saving access control policies through the blockchain and using smart contracts to manage the access control policies or authorization of user access control. Unfortunately, these studies rarely consider how to use blockchain technology to store the comprehensive information caused by various access control policies, user authority and user access behaviour for future audit and supervision.
2.2 Blockchain and Privacy Preservation
To reach consensus on the transactions among the nodes of blockchain network, all transactions are open, and that means the participants in the blockchain can easily view all transactions in the blockchain. However, not all transaction information is expected to be obtained by all participants, thereby causing a huge hidden security danger for privacy preservation.
Zhu et al. divided the privacy in blockchain into two categories: identity privacy and transaction privacy [9]. Transaction privacy refers to the transaction records stored in the blockchain and the knowledge behind them. Many researchers have carried out relevant researches on transaction privacy preservation.
In the medical field, the researches mainly focus on the sharing of patient information. Peterson et al. applied the blockchain technology to the sharing and exchange of medical records, which not only realize data sharing, but also protect patients’ privacy and security [10]. Shae and Tsai proposed a blockchain platform architecture to help medical clinical trials and precision medicine [11]. Wang et al. used a blockchain to store patient medical records and other files to realize cross-domain data sharing, and encrypt transaction data through asymmetric encryption technology to protect patient data privacy [12]. Zhai et al. applied blockchain technology to EMR sharing. In their proposed EMR sharing model, private and consortium blockchain are utilized simultaneously to store encrypted EMR by users and safety index records of EMR respectively [13]. Based on type and identity, they combine distributed key generation technology and proxy re-encryption scheme to realize data sharing among users, thus preventing data modification and resisting attacks. Xu et al. utilized the blockchain network to store electronic health records to realize safe sharing of medical data effectively [14]. In order to strengthen privacy protection for users’ data, they used cryptography technology, and achieve good security and performance.
In the above literatures, cryptography technology is used to protect the data security in transactions, and achieve good privacy preservation effect. However, these researches on blockchain and access control mainly focus on access control policy storage and user authorization with blockchain technology, few literatures research on how to store access control information in blockchain and how to protect its privacy.
Aiming at these problems, we obtain the access control related information from the user login logs, access control policies, user authorization records and etc. to build ACR based on ABAC (Attribute-Based Access Control) model, then upload the encrypted ACR to blockchain to guarantee the security and auditability of the access control information.
3 ACR Storage and Privacy Preserving Scheme
3.1 ACR Definition
It can improve information security to store access control related information into blockchain, such as user login records, access control policies, authorization record. However, it exists the following problems. First, due to the different access control mechanisms adopted by the participants in the blockchain network, the format of access control information is prone to be inconsistent, reducing the audit efficiency. Second, the log information recorded by system access control module is limited, and it cannot describe the whole access control behaviours of users.
This paper designs the format of ACR based on ABAC model, which integrate contents of access control related information from different sources to achieve fine grained management of access control and user behaviour tracking. ACR is defined as follows:
ACR (LogID, LoginUser, Time, ACA, PI, APUser, UserRights, Remarks)
The definition of the fields in ACR is as follows:
LogID: is the log number.
LoginUser: is the login name.
Time: is the login date and time of users.
ACA (Access Control Activities): represents access control activities related to users.
PI (Policy Information): means the access control policies related with users.
APUser (Access-Permitted User): user name assigned permissions
UserRights: rights owned by users
Remarks: is comments.
ACR originates from access control related information generated by diverse applications in various organizations, and is the preprocessed and aggregated results of the information. It can comprehensively contain the user’s operation behaviour based on access control policy, thus facilitating the future data audit.
3.2 ACR Storage Scheme Based on Blockchain
The storage scheme, illustrated in Fig. 1, is mainly divided into three parts: networks of organizations or units, consortium blockchain network to store ACRs, and the authority responsible for audit work.
ACR storage scheme.
As mentioned above, ACRs are gathered from various organizations or units, and then uploaded to the blockchain. When uploading ACRs, a smart contract is triggered, which executes a transaction according to its rules, and transfer the ACRs to the blockchain according to consensus mechanism. ACR stored in the blockchain acquires its immutability and traceability with the help of the tamper-resistant nature of blockchain.
In order to reduce the cost of uploading ACRs to blockchain, we set a threshold in the storage scheme. That means only when the number of ACR reaches a predetermined value, the ACRs can be uploaded by a smart contract, otherwise, they will wait until the number reaches the threshold.
Generally, blockchain can be categorized into three types: public blockchain, consortium blockchain and private blockchain. Each node in a public blockchain is anonymous and can join and leave freely. From respective of safety, this kind of open management mechanism is unsuitable for organizations. Besides, the public blockchain uses PoW (Proof of Work) consensus mechanism, which relies on computing power competition to guarantee the consistency and security of the data in blockchain. From this perspective, the public blockchain is also inappropriate for organizations or units. A consortium blockchain is initiated by organizations or units, and each node couldn’t join or exit the network until authorized. This feature ensures the data not to be tampered or erased, which can satisfy the data storage requirements in some extent. A private blockchain is regarded as a centralized network since it is fully controlled by one organization [15], and strictly speaking, it is not decentralized.
Based on its distinctive characteristic, we choose the consortium blockchain in our scheme. The data saved in the consortium blockchain is not open, and only shared among the participants of the federation to ensure the data security.
Figure 2 shows the ACR upload and download process in more detail.
Upload and download process of ACR.
The component in Fig. 2 is demonstrated as follows:
-
1)
ACRP (Access Control Record Provider) is responsible for managing access control information from organizations or units. Firstly, ACRP preprocesses and integrates the access control information to produce ACRs, then uploads them to BCT.
-
2)
BCT (BlockChain Terminal) is a node of consortium blockchain. The node is used to realize the decentralized application of Ethereum, and isolates users and application systems in the internal network. Before uploading ACR, the BCT administrator need to create an account in the wallet and connect BCT to the blockchain network.
-
3)
TPA (Third Party Auditor), located in the authority, is in charge of ACR audit.
Blockchain cannot guarantee the perfect privacy preservation due to the intrinsic constraint [15], including privacy leakage, and the data privacy needs extra protection mechanism.
In our scheme, ACRP need to encrypts ACRs, then upload to BCT. BCT executes a transaction through a smart contract, and adds the execution results to the consensus process. After consensus, the transaction information with ACR ciphertext will be recorded in a universal ledger to ensure the data consistency in the blockchain.
To improve efficiency and reduce cost, some ACRs, named ACR set, are packed in one transaction. In this way, when ACR uploaded, ACR set only need to be signed one time, avoiding each ACR is signed separately. Obviously, it can greatly reduce the total cost to pack ACR set in one transaction. Meanwhile, ACR set can reduce the transferring time and the traffic between nodes in the blockchain, mitigating the burden of network.
Once TPA needs to audit ACR, it first sends a download request to corresponding ACRP. After receiving the request, ACRP first verifies the identity of TPA, then sends a response message.
Finally, TPA sends a request for downloading BCT to acquire the ACR ciphertext from the blockchain, and get the plaintext by decrypting data with symmetric keys. Then, the audit process can be carried out.
3.3 Upload and Download Protocols
Based on the scheme discussed in the previous section, we design the upload and download ACR protocols.
ACR Upload Protocol.
1) ACRP sends an upload request to TPA, and provides the identity information in the following format.
M1(ACRP→TPA): {IDProvider, R1||T1, PriKey_signProvider(R1)}
IDProvider is an identification of ACPR, which can uniquely identify an ACRP.
R1 is a random number, which is used to provide necessary information for authenticating ACRP.
PriKey_signProvider(R1) is a signature value with ACPR’s private key. The signature is sent with other fields of the message to TPA. Once the message is received, TPA validates the signature to verify ACRP’s identity by using ACRP’s public key.
T1 is a timestamp, which indicates message generation time. The timestamp is used to confirm the refresh interval, and it can prevent replay attacks.
2) After the identity of ACRP is verified, TPA will send the response messages to ACPR. The response message carries the corresponding symmetric key, and can be described as follows.
M2(TPA→ACRP): {PriKey_signAuditor (R1), T2, PubKey_EncryptProvider(key(a), Hash(R1||T2)}
PriKey_signAuditor (R1), the signature with TPA’s private key, is used to verify TPA’s identity.
T2 is a timestamp, and has the same meaning as T1 in message M1.
Key(a) is the symmetric key provided by TPA, which is used to encrypt the data. Hash(R1||T2) is used to enhance the transmission security of the symmetric key. For security, these two parameters are encrypted with ACPR’s public key.
3) ACRP signs the hash of ACR with its private key.
PriKey_sign Provider (Hash(ACR))
The hash value of ACP can help the TPA retrieve ACR when auditing, which is abbreviated as HASH_IDACR, and the signature value of HASH_IDACR is denoted by Sign_Hash(ACR).
4) Primary encryption.
ACRP encrypts both ACR and the result of previous step with its symmetric key key(p). The encrypted data is denoted by Sym_Encrypt(ACR, Sign_Hash(ACR)).
Sym_Encrypt key(p) (ACR, Sign_Hash(ACR))
5) Secondary encryption.
ACRP uses symmetric encryption algorithm to encrypt the result of last round, and the symmetric key used is key (a) provided by TPA.
Sym_Encrypt key(a) (Sym_Encrypt(ACR, Sign_Hash(ACR))
The encrypted result is denoted by Sym_Encrypt (Sym_Encrypt(ACR, Sign_Hash(ACR))).
6) ACRP transfers encrypted message containing encrypted ACR and hash value to BCT.
M 3(ACRP→BCT) :{Sym_Encrypt (Sym_Encrypt(ACR, Sign_Hash(ACR)))}
7) BCT publishes encrypted ACR to the blockchain network.
After receiving the ACR ciphertext, BCT publishes the encrypted data to each node in the blockchain network through smart contract and consensus mechanism.
ACR Download Protocol.
1) TPA sends a download request to ACRP and provides its identity information for authentication.
M4(TPA→ACRP): {IDAuditor, R2||T3, PriKey_signAuditor(R2)}
The message is designed the same as the request message of the upload protocol. The parameters of the message are defined as follows:
IDAuditor is the identification of TPA to which can uniquely identify a TPA.
R2 is a random number. Both IDAuditor and PriKey_signAuditor(R2) are used to realize the authentication of ACPR. When receiving the message, ACRP parses it and get the signature PriKey_signAuditor(R2). If the verification result is the same as R2, it shows that the request message is truly sent by TPA.
T3 is a timestamp to ensure the refresh interval.
2) When receiving the request, ACRP verifies TPA’s identity, and then responds to the sender.
M5(ACRP→TPA): {PriKey_signProvider(R2), T4, PubKey_EncryptAuditor(key(p), Hash(R2||T4)}
PriKey_signProvider(R2) is the signature value of ACRP for verifying the identity of ACRP.
T4 is also a timestamp, which effect is similar to T3.
key(p) is the symmetric key produced by ACRP which will be used to encrypt the ACR. Both Hash(R2||T4) and key(p) are encrypted simultaneously to ensure the key is uneasy to be cracked.
3) TPA sends a request of downloading ACR from BCT.
M6(TPA→BCT): {IDAuditor, R3||T5, PriKey_signAuditor(R3)}
The message is similar to the request of TPA sending to BCT, and the main differences between them are the destination address and some values of the fields in the messages. The first field of the message is IDAuditor, which is the identification of TPA. R3 is a random number, and T5 is a timestamp. R3 is signed with the private key of TPA to confirm the message is sent by TPA.
4) BCT transfers ACR ciphertext to TPA
M 7(BCT→TPA) :{Sym_Encrypt (Sym_Encrypt(ACR, Sign_Hash(ACR)))}
The message M7 contains the ciphertext of twice symmetric encryptions to ACR.
5) TPA parses the message and decrypts the ciphertext.
Decrypt key(p), key(a) {Sym_Encrypt (Sym_Encrypt(ACR, Sign_Hash(ACR)))}
TPA decrypts the ACR ciphertext with key (a) and key (p) to obtain the plaintext of ACR. Then, TPA can audit ACR data. Since the data is preprocessed and integrated before transferred to blockchain, and saved in the universe formats, it is much easier to audit ACR rather than the original data scattered over different applications and organizations.
4 Experiment and Analysis
4.1 Experiment Environment
In test experiment, we adopt a simulation environment. For a simulation environment, it needs to provide developing and running environment for smart contracts, including program language, operation carrier such as virtual machine and etc.
Common simulation test environment adopts EVM (Ethereum Virtual Machine) as the execution environment of smart contracts and Ropsten as the blockchain network. Ropsten is a blockchain test network officially provided by Ethereum, which provides EVM for executing smart contracts.
We build test environment through Ropsten and Lite-server, and EVM is supported by Ropsten, as shown in Fig. 3. ACR information is submitted to Ropsten test blockchain network through user interface. The Lite-server, located between Ropsten and UI, is responsible for the interaction with Ropsten and UI. Lite-server acts as the role of BCT.
Lite-server supports web3.js, which is a JavaScript library that encapsulates the RPC communication interface of Ethereum, and provides a series of rules, definitions and functions required for interacting with Ethereum. Ethereum wallet provides users querying services for digital currency balance and transaction information, and helps users save the Ethereum private key.
The administrator signs and encrypts ACR from UI (User Interface), then submits to Lite-server. Lite-server utilizes the smart storage contract and functions provided by web3.js to store ACR ciphertext into Ropsten.
Diagram of simulation test environment
We design a smart contract for storing ACR. The smart contract is developed in Truffle and programed with solidity programming language. Truffle, based on JavaScript, is a development and test framework of Ethereum, and supports smart contracts written with solidity language.
The smart contract realizes the function of storing ACR, which is called storage contract. By using the interface provided by web3.js, the storage contract is passed to the compiler, compiled into binary code, and deployed to the blockchain.
4.2 Experiment
The information administrator of organizations or units unifies and aggregates the information from access control logs, access control polices and authorization records. The finally integrated access control information is ACR, which will be encrypted and uploaded to blockchain. In the experiment, we get hundreds of ACRs from access control information. Table 1 shows a piece of ACR.
4.3 Analysis
Efficiency Analysis
Time Cost and Ciphertext Size. Literature [16] proposes a data encryption scheme for multi-channel access control of ad hoc network, and literature [17] presents a scheme for data access control, named DAC-MACS. Based on the two schemes, we conduct the comparison on the efficiency, and the results are shown in Table 2.
D is the size of a unit ciphertext. n is the number of ciphertext attribute. CertPID represents pseudonym certificate. TEncrypt and TDecrypt are the time consumed by encryption and decryption for a unit of ciphertext, respectively.
The time cost of scheme 1 for encryption and decryption is the same as that of our scheme, however, the amount of ciphertext in scheme 1 is larger than that of our scheme.
The proposed scheme has shorter encryption and decryption time, and smaller ciphertext size, as compared to scheme 2. The reason is that scheme 2 employs the CP-ABE algorithm, and the number of ciphertext attributes affects the encryption and decryption cost, and the size of ciphertext. Whereas, the proposed scheme is independent of the number of ciphertext attributes.
Storage Cost.
In Ethereum, every participant should pay cost for each storage transaction, and the cost is measured with gas. Supposing the storage smart contract is triggered to commit a transaction whenever BCT receives an ACR ciphertext, it will definitely leads to great gas cost.
In order to reduce the cost of uploading ACRs to blockchain network, we set a threshold. If the ACR number from organizations or units is less than the threshold, the storage contract is not executed, until the number reaches the threshold. Table 3 shows the storage gas cost measured in the uploading ACRs experiments. In the experiment, we set the threshold with 7. The second column in Table 3 lists the gas cost with threshold constraints, and the third one is that without threshold. Obviously, the storage cost with threshold is much lower than the other one.
The comparison experiment shows that our ACR storage scheme can effectively reduce the storage cost by setting threshold.
Security Analysis.
Security means ACR security, including storage security and transmission security.
Blockchain technology has the nature of immutability. The blockchain consists of a series of blocks, and each block holds the hash value of its previous block. If an attacker attempts to change the hash value of a block, he must have at least 50% computing power of the blockchain network. It’s almost impossible, therefore, the ACR stored in the blockchain is immutable.
According to the features of blockchain technology, the encrypted ACR is visible to all participants, however, it is almost impossible to get the plaintext of double encryption ACR for malicious attackers without decryption keys.
The above analyses show that the ACR stored in blockchain has high storage security. For transmission security, detailed analyses will be introduced next.
For the sake of secutiy analysis, we collect the messages mentioned in Sect. 3.3 in Table 4.
Resist Replay Attack.
The header of each block in blockchain contains a timestamp, and it is invalid for an attacker to replay a block during the creation of the block. Since the virtual currency used in blockchain in privacy preservation scheme has no physical value, replay attack against blockchain fork is meaningless for our scheme.
During the procedure of ACR upload and download, attackers may try to replay M2 or M5 to steal the symmetric keys for encryption. However, both M2 and M5 contain random number and timestamp. The random number makes M2 and M5 different in each round of communication, while the timestamp guarantees the message freshness.
Resist Man-in-the-Middle Attack.
Man-in-the-middle attack is that attackers intercept the message sent by each side of the communication and try to tamper with and resend the message. There are three messages, M1, M2 and M3, involved in uploading ACR. M1 and M2 are mainly composed of the random number newly generated, timestamp and signature, and M3 contains the ciphertext of ACR, so it doesn’t work to resend the messages. Without the private key for authentication, even if M1 or M2 is tampered and resent, the message cannot pass validation. The ciphertext in M3 has the hash value of ACR and the signature of the sender, these protective measures can effectively ensure data integrity.
The messages for downloading ACR, including M4, M5, M6 and M7, adopt the same design ideas as those in the upload protocol, therefore, they can also effectively resist man-in-the-middle attack.
Resist Fake Attack.
The attacker impersonates one participant of the blockchain and tries to obtain the plaintext of ACR. During the procedure of upload or download ACR, ACRP or TPA needs to use its own private key to sign random numbers in the messages to ensure data integrity and sender identity The attacker cannot complete the identity authentication without the private key, let alone obtain the plaintext data. Even if the attacker retransmits the intercepted message, it is impossible for the attacker to get any helpful information to crack the ACR ciphertext.
5 Conclusion and Future Work
In this paper, we propose a scheme for ACR storage and privacy preservation based on the consortium blockchain, and design the protocols of uploading and downloading ACR. The scheme has several main advantages. First, ACR provides a unified format which can integrates heterogeneous access control information. Then, the proposed scheme guarantees the secure storage of ACR based on the immutability of blockchain. Finally, the scheme protects ACR privacy by using the cryptography technology. The experimental results and theoretical analyses show that the scheme can guarantee the security and confidentiality of ACR, and bring great convenience for audit work.
Although the prososed scheme is effective for ACR storgae and privacy protection, it still exist some issues which need further research and discussion, for example, how to efficiently search ciphertext in blockchain, how to protect the privacy of transaction addresses. In future work, we will carry out in-depth studies on these issues.
References
Shi, J.S., Li, R.: Survey of blockchain access control in internet of things. J. Softw. 30(6), 1632–1648 (2019)
Zhang, Y., Kasahara, S., Shen, Y., et al.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)
DiFrancescoMaesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Chen, L.Y., Reiser, H.P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 206–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59665-5_15
Alansari, S., Paci, F., Sassone, V., et al.: A distributed access control system for cloud federations. In: ICDCS 2017: International Conference on Distributed Computing Systems, pp. 2131–2136. IEEE (2017)
Alansari, S., Paci, F., Margheri, A., et al.: Privacy-preserving access control in cloud federations. In: 2017 10th International Conference on Cloud Computing, pp. 757–760. IEEE (2017)
Liu, H., Han, D., Li, D.: Fabric-IoT: a blockchain-based access control system in IoT. IEEE Access. 8, 18207–18218 (2020)
Wang, X.L., Jiang, X.Z., Li, Y.: Model for data access control and sharing based on blockchain. J. Softw. 30(6), 1661–1669 (2019)
Zhang, Y.B., Cui, M., Zheng, L.J., et al.: Research on electronic medical record access control based on blockchain. Int. J. Distrib. Sens. Netw. 15(11), 1–13 (2019)
Zhu, L.H., Gao, F., et al.: Survey on privacy preserving techniques for blockchain technology. J. Comput. Res. Dev. 54(10), 2170–2186 (2017)
Peterson, K., Deeduvanu, R., Kanjamala, P., et al.: A blockchain-based approach to health information exchange networks (2016). https://www.healthit.gov/sites/default/files/12-55-blockchain-based-approach-final.pdf. Accessed 1 Oct 2020
Shae, Z., Tsai, J.J.P.: On the design of a blockchain platform for clinical trial and precision medicine. In: Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 1972–1980. IEEE (2017)
Wang, H., Song, Y.: Secure cloud-based EHR system using attribute-based cryptosystem and blockchain. J. Med. Syst. 42(8), 1–9 (2018). https://doi.org/10.1007/s10916-018-0994-6
Zhai, S.P., Wang, Y.J., Cen, S.J.: Research on the application of blockchain technology in the sharing of electronic medical records. J. Xidian Univ. 47(5), 103–112 (2020)
Xu, W.Y., Wu, L., Yan, Y.X.: Privacy-preserving scheme of electronic health records based on blockchain and homomorphic encryption. J. Comput. Res. Dev. 55(10), 2233–2243 (2018)
Zheng, Z.B., Xie, S.A., et al.: An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE 6th International Congress on Big Data, pp 557–564. IEEE (2017)
Li, M.F.: Multi-channel access control simulation of self-organizing network based on blockchain. Computer Simulation. 36(5), 480–483 (2019)
Yang, K., Jia, X., Ren, K., et al.: DAC-MACS: effective data access control for multi-authority cloud storage systems. In: International Conference on Computer Communications 2013, pp. 2895–2903. IEEE (2013)
Acknowledgement
The work described in this paper was supported by the National Key Research and Development Program of China (2018YFB1004100).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Shi, Y., Li, N., Hou, S. (2022). A Storage Scheme for Access Control Record Based on Consortium Blockchain. In: Qian, Z., Jabbar, M., Li, X. (eds) Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. WCNA 2021. Lecture Notes in Electrical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-19-2456-9_22
Download citation
DOI: https://doi.org/10.1007/978-981-19-2456-9_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2455-2
Online ISBN: 978-981-19-2456-9
eBook Packages: EngineeringEngineering (R0)