边缘计算与区块多链下的安全可信认证模型

doi:10.3778/j.issn.1673-9418.2206011

摘要/Abstract

摘要： 边缘计算模式引发的数据安全和隐私保护等问题是制约边缘计算发展的基础性问题，而区块链因自身扩展性瓶颈，在解决边缘计算中的安全问题时受到了限制。为了解决边缘侧的信任管理及区块链的扩展性问题，促进边缘计算与区块链协同发展，基于边缘计算与主从多链提出了分布式安全可信认证模型。首先，基于传统单链设计了主从多链结构，并集成边缘计算部署了三层体系架构；针对边缘侧的安全性问题，基于椭圆曲线加密算法（ECC）集成区块链加密技术设计了签名认证方案。其次，基于角色的访问控制模型（RBAC）结合智能合约对用户权限进行了细粒度划分，构建了域间访问控制模型（ID-RBAC），并给出了域内、域间详细的访问认证流程设计。实验结果表明，该模型安全可信，与传统部署方式的单链架构相比，该方案存储开销平均下降50%，时延也有明显的降低。与现有方案相比，该方案在吞吐量方面有更大的优越性，发送速率与吞吐量之比达到1∶1，能满足大规模物联网实际应用需求，具有高扩展性、高安全性。

关键词: 边缘计算, 区块多链, 跨域, 身份认证, 信任管理

Abstract: Issues such as data security and privacy protection caused by the edge computing model are fundamental problems that restrict the development of edge computing, while blockchain is limited in solving security problems in edge computing due to its own scalability bottleneck. In order to solve the trust management at the edge side and the scalability of blockchain, and promote the synergistic development of edge computing and blockchain, this paper proposes a distributed secure and trusted authentication model based on edge computing with master-slave multiple chains. Firstly, a master-slave multi-chain structure is designed based on traditional single chain and a three-tier architecture is deployed by integrating edge computing. A signature authentication scheme for edge computing security based on elliptic curve cryptography (ECC) integrated with blockchain cryptography is also proposed. Secondly, an inter domain-role-based access control (ID-RBAC) is constructed based on role-based access control(RBAC) combined with smart contracts for fine-grained division of user privileges, and a detailed access authen-tication process within and between domains is given. Experimental results show that the model is secure and trust-worthy, and the storage overhead of this scheme is reduced by about 50% on average and the latency is signi-ficantly reduced, compared with the single-chain architecture of traditional deployment methods. Compared with existing methods, the proposed scheme in this paper has greater superiority in throughput, with the ratio of sending rate to throughput reaching 1:1, which can meet the demand of large-scale IoT practical applications with high scalability and high security.

Key words: edge computing, multi-blockchain, cross-domain, authentication, trust management

黄敏敏, 袁凌云, 潘雪, 张杰. 边缘计算与区块多链下的安全可信认证模型[J]. 计算机科学与探索, 2023, 17(3): 733-747.

HUANG Minmin, YUAN Lingyun, PAN Xue, ZHANG Jie. Secure and Trusted Authentication Model Under Edge Computing and Multi-blockchain[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(3): 733-747.

参考文献

[1] 施巍松, 孙辉, 曹杰, 等. 边缘计算: 万物互联时代新型计算模型[J]. 计算机研究与发展, 2017, 54(5): 907-924.
SHI W S, SUN H, CAO J, et al. Edge computing—an emer-ging computing model for the Internet of everything era[J]. Journal of Computer Research and Development, 2017, 54(5): 907-924.
[2] YU Y. Mobile edge computing towards 5G: vision, recent progress, and open challenges[J]. China Communications, 2016, 13(S2): 89-99.
[3] HERBADJI A, GOUMIDI H, HARBI Y, et al. Blockchain for Internet of vehicles security[M]//Blockchain for Cyber-security and Privacy. Boca Raton: CRC Press, 2020: 159-197.
[4] 喻辉, 张宗洋, 刘建伟. 比特币区块链扩容技术研究[J]. 计算机研究与发展, 2017, 54(10): 2390-2403.
YU H, ZHANG Z Y, LIU J W. Research on scaling techno-logy of bitcoin blockchain[J]. Journal of Computer Research and Development, 2017, 54(10): 2390-2403.
[5] ZHENG Z B, XIE S A, DAI H N, et al. An overview of blockchain technology: architecture, consensus, and future trends[C]//Proceedings of the 2017 IEEE International Con-gress on Big Data, Honolulu, Jun 25-30, 2017. Washington: IEEE Computer Society, 2017: 557-564.
[6] 王慧, 王励成, 柏雪, 等. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报(自然科学版), 2020, 47(5): 28-39.
WANG H, WANG L C, BAI X, et al. Research on key tech-nology of blockchain privacy protection and scalability[J]. Journal of Xidian University (Natural Science), 2020, 47(5): 28-39.
[7] 谢英英, 石涧, 黄硕康, 等. 面向5G的命名数据网络物联网研究综述[J]. 计算机科学, 2020, 47(4): 217-225.
XIE Y Y, SHI J, HUANG S K, et al. Survey on Internet of things based on named data networking facing 5G[J]. Com-puter Science, 2020, 47(4): 217-225.
[8] LOU J, ZHANG Q, QI Z, et al. A blockchain-based key management scheme for named data networking[C]//Pro-ceedings of the 2018 1st IEEE International Conference on Hot Information-Centric Networking, Shenzhen, Aug 15-17, 2018. Piscataway: IEEE, 2018: 141-146.
[9] MA Z F, WANG X C, JAIN D K, et al. A blockchain-based trusted data management scheme in edge computing[J]. IEEE Transactions on Industrial Informatics, 2019, 16(3): 2013-2021.
[10] PAN J, WANG J, HESTER A, et al. EdgeChain: an edge-IoT framework and prototype based on blockchain and smart contracts[J]. IEEE Internet of Things Journal, 2018, 6(3): 4719-4732.
[11] 程冠杰, 黄诤杰, 邓水光. 基于区块链与边缘计算的物联网数据管理[J]. 物联网学报, 2020, 4(2): 1-9.
CHENG G J, HUANG Z J, DENG S G. Data management based on blockchain and edge computing for Internet of things[J]. Chinese Journal on Internet of Things, 2020, 4(2): 1-9.
[12] 曹雪莲, 张建辉, 刘波. 区块链安全、隐私与性能问题研究综述[J]. 计算机集成制造系统, 2021, 27(7): 2078-2094.
CAO X L, ZHANG J H, LIU B. Review on security, pri-vacy, and performance issues of blockchain[J]. Computer Integrated Manufacturing Systems, 2021, 27(7): 2078-2094.
[13] JIANG Y M, WANG C X, WANG Y W. A cross-chain solu-tion to integrating multiple blockchains for IoT data mana-gement[J]. Sensors, 2019, 19(9): 2042-2053.
[14] PYOUNG C K, BAEK S J. Blockchain of finite-lifetime blocks with applications to edge-based IoT[J]. IEEE Internet of Things Journal, 2019, 7(3): 2102-2116.
[15] CUI Z, XUE F, ZHANG S, et al. A hybrid blockchain-based identity authentication scheme for multi-WSN[J]. IEEE Tran-sactions on Services Computing, 2020, 13(2): 241-251.
[16] 毕娅, 张曙红, 冷凯君, 等. 基于双链区块链的制造服务集成平台框架[J]. 计算机集成制造系统, 2022, 28(4): 1177-1187.
BI Y, ZHANG S H, LENG K J, et al. Framework of manu-facturing service integration platform based on double-chain blockchain[J]. Computational Integrated Manufactu-ring Systems, 2022, 28(4): 1177-1187.
[17] ZHOU H, XU W, CHEN J, et al. Evolutionary V2X techno-logies toward the Internet of vehicles: challenges and oppor-tunities[J]. Proceedings of the IEEE, 2020, 108(2): 308-323.
[18] LI G, REN X, WU J, et al. Blockchain-based mobile edge computing system[J]. Information Sciences, 2021, 561: 70-80.
[19] CHUANG I H, HUANG S H, CHAO W C, et al. TIDES: a trust-aware IoT data economic system with blockchain-enabled multi-access edge computing[J]. IEEE Access, 2020, 8: 85839-85855.
[20] 张明德. PKI/CA与数字证书技术大全[M]. 北京: 电子工业出版社, 2015.
ZHANG M D. The complete guide to PKI/CA and digital certificate technology[M]. Beijing: Electronic Industry Press, 2015.
[21] ISLAM S H, BISWAS G P. A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication[J]. Journal of King Saud University-Computer and Information Sciences, 2017, 29(1): 63-73.
[22] 陈彦冰, 钟超然, 周超然, 等. 基于医疗联盟链的跨域认证方案设计[J]. 计算机科学, 2022, 49(S1): 537-543.
CHEN Y B, ZHONG C R, ZHOU C R, et al. Design of cross-domain authentication scheme based on medical con-sortium chain[J]. Computer Science, 2022, 49(S1): 537-543.
[23] 赵平, 王赜, 李芳, 等. 主从区块链容错异构跨域身份认证方案[J]. 计算机工程与应用, 2022, 58(22): 79-88.
ZHAO P, WANG Z, LI F, et al. Master-slave blockchain fault-tolerant heterogeneous cross-domain identity authenti-cation scheme[J]. Computer Engineering and Applications, 2022, 58(22): 79-88.
[24] ZHANG H, CHEN X, LAN X, et al. BTCAS: a blockchain-based thoroughly cross-domain authentication scheme[J]. Jour-nal of Information Security and Applications, 2020, 55: 102538.
[25] GUO S, WANG F, ZHANG N, et al. Master-slave chain based trusted cross-domain authentication mechanism in IoT[J]. Journal of Network and Computer Applications, 2020, 172: 102812.
[26] 史锦山, 李茹. 物联网下的区块链访问控制综述[J]. 软件学报, 2019, 30(6): 1632-1648.
SHI J S, LI R. Survey of blockchain access control in Inter-net of things[J]. Journal of Software, 2019, 30(6): 1632-1648.
[27] 余波, 台宪青, 马治杰. 云计算环境下基于属性和信任的RBAC模型研究[J]. 计算机工程与应用, 2020, 56(9): 84-92.
YU B, TAI X Q, MA Z J. Study on attribute and trust-based RBAC model in cloud computing[J]. Computer Engineering and Applications, 2020, 56(9): 84-92.
[28] XUAN S, ZHENG L, CHUNG I, et al. An incentive mecha-nism for data sharing based on blockchain with smart con-tracts[J]. Computers & Electrical Engineering, 2020, 83: 106587.