计算机科学与探索

• 学术研究 •    

边缘计算与区块多链下的安全可信认证模型

黄敏敏, 袁凌云, 潘雪, 张杰   

  1. 1.云南师范大学 信息学院,昆明 650500
    2.云南师范大学 民族教育信息化教育部重点实验室,昆明 650500

Secure and Trusted Authentication Model under Edge Computing and Multi-Block Chain

HUANG Minmin, YUAN Lingyun, PAN Xue, ZHANG Jie   

  1. 1.College of Information Science and Technology, Yunnan Normal University, Kunming Yunnan 650500, China
    2.Key Laboratory of Educational Information for Nationalities, Ministry of Education, Yunnan Normal University, Kunming Yunnan 650500, China

摘要: 边缘计算模式引发的数据安全和隐私保护等问题是制约边缘计算发展的基础性问题,而区块链因自身扩展性瓶颈,使其在解决边缘计算中的安全问题时受到了限制.为了解决边缘侧的信任管理及区块链的扩展性问题,促进边缘计算与区块链协同发展,本文基于边缘计算与主从多链提出了分布式安全可信认证模型.首先基于传统单链设计了主从多链结构,并集成边缘计算部署了三层体系架构;针对边缘侧的安全性问题,基于椭圆曲线加密算法(Elliptic Curve Cryptography,ECC)集成区块链加密技术设计了签名认证方案.其次,基于角色的访问控制模型(Role-Based Access Control,RBAC)结合智能合约对用户权限进行了细粒度划分,构建了域间访问控制模型(Inter domain-role-based access control,ID-RBAC),并给出了域内、域间详细的访问认证流程设计.实验结果表明,该模型安全可信,与传统部署方式的单链架构相比,该方案存储开销平均下降50%,时延也有明显的降低.与现有方案相比,本文方案在吞吐量方面有更大的优越性,发送速率与吞吐量之比达到1:1,能满足大规模物联网实际应用需求,具有高扩展性、高安全性.

关键词: 边缘计算, 区块多链, 跨域, 身份认证, 信任管理

Abstract: Issues such as data security and privacy protection caused by the edge computing model are fundamental problems that restrict the development of edge computing, while blockchain is limited in solving security problems in edge computing due to its own scalability bottleneck. In order to solve the trust management at the edge side and the scalability of blockchain, and promote the synergistic development of edge computing and blockchain, this paper proposes a distributed secure and trusted authentication model is proposed based on edge computing with master-slave multiple chains. Firstly, a master-slave multi-chain structure is designed based on traditional single chain and a three-tier architecture is deployed by integrating edge computing. A signature authentication scheme for edge computing security based on elliptic curve cryptography(ECC) integrated blockchain cryptography is also proposed. Secondly, an inter domain-role-based access control (ID-RBAC) is constructed based on Role-Based Access Control(RBAC) combined with smart contracts for fine-grained division of user privileges, and a detailed access authentication process within and between domains is given. The experimental results show that the model is secure and trustworthy, and the storage overhead of this scheme is reduced by about 50% on average and the latency is significantly reduced, compared with the single-chain architecture of traditional deployment methods. Compared with existing me-thods, our scheme in this paper has greater superiority in throughput, with the ratio of sending rate to throughput reaching 1:1, which can meet the demand of large-scale IoT practical applications with high scalability and high security.

Key words: edge computing, multi-blockchain, cross-domain, authentication, trust management