|
|
1.RELATED WORKAt present, there are three methods of data sharing privacy protection based on cloud environment. One is the method of member management. Member management service is composed of several infrastructures for managing user identity and privacy on the network. These services verify the user’s identity, register the user in the system, provide him / her with the certificates required to create and / or call transactions, and ensure that the information is not tampered with through digital certificate signature. For example, each node in hyperledger fabric network has its own certificate (secret key pair), Nodes with different roles have different permissions. The second is the access control of the application layer. All application accesses need to be authorized before they can get the decryption permission of data. The actual control problem of application access can be solved through data application authorization. For example, according to the application characteristics in private cloud environment, document[1] proposed an access control application scheme based on encryption system. The third is the data encryption method. Users upload encrypted data and decrypt it when needed[2]. In terms of secure data sharing and privacy protection, This paper proposes a blockchain based distributed personal data management system and automatic access control protocol to ensure that the private data controlled by users is not leaked. However, the defect is the support for multi-party integration and shared scenarios. Aiming at the problem of transaction privacy disclosure caused by blockchain transactions on public networks, the document proposes a hawk protocol, which agrees to encrypt the communication between the two parties to the contract. The protocol mainly focuses on transaction data and has no advantage over the processing capacity of business data. Document[3] uses an encrypted smart contract to protect public and private files through public and private keys, and provides audit and tracking. Xue Tengfei and others proposed a medical data sharing model based on blockchain in document[4], which encrypts and stores medical data files in a decentralized way. Only doctors designated by patients can view patients’ medical data, realizing patients’ control over their medical data. The above encryption scheme is only studied from the perspective of data encryption. In the big data environment, it is not necessary to encrypt all data, so there are some limitations. Document[5] proposes a decentralized data sharing framework, which realizes the user’s access request to shared medical data by verifying the user’s cryptographic key and realizing the user’s access request in a decentralized way, and tracks the data behavior and revokes malicious access in combination with smart contract and access control strategy. This scheme studies the characteristics of medical data and has some shortcomings in generality. Aiming at the multi-party data provision and use scenario of cloud computing, this paper studies the trusted data sharing scheme in the whole life cycle based on the double chain cooperation mechanism of public chain and local chain. Blockchain technology is a global consensus distributed ledger mechanism, which has the characteristics of whole process control and non tampering of data. Blockchain technology is decentralized, tamper proof and highly scalable. It is becoming another emerging technology that will have a significant impact on the future after big data, cloud computing, artificial intelligence, virtual reality and other technologies. This paper protects the data privacy of cloud platform based on blockchain and data encryption technology. The encryption system ensures that the ownership of data is controlled in the hands of data owners, and there will be no security risks such as tampering, illegal utilization and large-scale disclosure. Through blockchain intelligent contract, the privacy and security of platform data during business processing are effectively guaranteed. 2.SYSTEM DESIGNThe data sharing model based on blockchain is shown in Figure 1. Firstly, the data in the user’s original server is subject to blockchain accounting, and The tamper proof feature of blockchain can be used to ensure that ECs data will not be tampered with. Secondly, before the local data is uploaded to the cloud server, the asymmetric encryption technology of the state secret algorithm is adopted, and the encryption accuracy is accurate for each data content, which further ensures the data security. Even if the data is stolen, it cannot be cracked in batch [6]. The client can select the smart contract page for business access. According to the defined rules, the client uses the smart contract to complete the interaction, and only returns the business results without other results, so as to ensure that the data of the cloud platform is safer and more open.The blockchain platform adopts the joint query architecture of private chain and common chain. Firstly, the private chain generates blocks through smart contracts according to its own business needs, and submits the block header to the common chain. During data sharing, the data requester obtains the metadata of the data provider by retrieving the public chain data, and the data owner submits the data to the requester according to the authorization certificate. The specific process is shown in Figure 2. The structure of the block is shown in Figure 3. The accounting part of each block includes public chain part and private chain part, as well as identification, key and operation authority. In order to prove the validity of the data provided, the data provider adopts the following algorithm: (1)System initializationThe data provider maintains a private blockchain. The corresponding public key of the block node on the private chain is pk = PIDI, Private chain transaction ID is Triv = xi. The key generation algorithm is as follows: Given the security parameter k, return the system parameter and master key. System parameters include plaintext space and ciphertext space. Public system parameters and store the master key secret in the private key generator (PKG). Run BDH parameter generator G(k) to generate groups G1, G2 of large prime number Q and order q and bilinear mapping e:G1×G2 → G2, select the random generator P ∈ G1. Where G1 is the subgroup of the addition group composed of the point set on the elliptic curve EFP, and G2 is the subgroup of the multiplication group on the finite field Select the master key s and set the system public key pk = sP; Select the hash function that is secure in the sense of cryptography (meeting the requirements of random oracle): Enter the system parameters, master key and identity ID ∈ {0,1}*, and return the private key corresponding to the ID. Calculate (2)Data provider encryptionWhen providing data, obtain the public chain block height H and the transaction tpub corresponding to the public chain, as well as the public chain merkleproof path Tpub and private chain merkleproof path ppriv, and encapsulate the above information into the verification parameters of the provided data set. Send it to the cloud platform together with the encrypted data. Input system parameters, decryptor’s identity ID ∈ {0,1}* and plaintext M ∈ µ, calculate (3)Data user authentication dataThe data verifier verifies according to the verification parameters through the following steps.
3.SIMULATION ANALYSISIn order to verify the feasibility of the proposed algorithm, a cloud computing environment for testing is built in the laboratory[7]. The cloud environment adopts a server cluster composed of five workstations configured with Intel corei7cpu, 128GB, DDR4 memory, 512gb and SSD hard disk. The docker running environment is deployed on the cluster. The data sharing system is run based on the hyperledger fabric blockchain platform. The indicators of the system are counted. All data are the average of 10 experiments. The simulation system simulates the user to upload files to the cloud, and authorizes the file access authority to the data requester through the blockchain.In terms of privacy protection, the privacy options provided by cloud service providers to end users are very limited. First of all, users do not have control over all data, only a small part of them have privileges; Second, these options can only help users customize the way other people in the world access this information. Cloud service providers still have full access to these data, and they will use these data for various purposes. There are two servers running public chain service and private chain service respectively. There are 100 simulated data requesters. Figure 4 shows the time curve required by data requesting nodes on the public chain from request to data acquisition. With the increase of the number of requesting nodes, the node data synchronization time is roughly stable, indicating that the system is effective for file sharing. In terms of block generation efficiency, with the increase of the total number of blocks, as shown in Figure 5. It can be seen from the simulation data that the generation time of a single block is increasing, because the consensus algorithm in the blockchain needs to be synchronized among the members of the whole chain, and the increase in the total number of blocks leads to the longer update time. Because this algorithm adopts a secure data sharing model and algorithm, the average generation time is within a controllable range. Cloud service providers still have full access to these data, and they will use these data for various purposes. There are two servers running public chain service and private chain service respectively. There are 100 simulated data requesters. Table 1 compares the algorithm in this paper with several research results from five angles. It can be seen that this model has certain advantages on the whole. Table 1.Comparative analysis of algorithms.
4.APPLICATION CASEWith the development of economy, the credit investigation data of banks based on stock credit business is far from enough to support the demand of Inclusive Finance. The source and cost of integrity data have become the biggest obstacle to the implementation of bank Inclusive Finance related products. Inclusive financial platform is a typical data sharing application scenario based on cloud computing. Limited by information security and privacy protection, government departments have a large number of authoritative personal and enterprise data and can not give full play to their maximum value[8]. In the process of social operation, commercial institutions need to pay a lot of repeated work in order to collect and verify these data, resulting in inefficient operation of commercial activities and great cost waste. The data sharing system designed in this paper can provide a highly adaptive solution for Inclusive Finance. On the one hand, financial institutions query and analyze data through metadata to achieve accurate portrait of customers, complete and reliable data and credibility. On the other hand, the customer data is stored in the private chain, and the private chain block is stored in the public chain. The calculation is carried out through the smart contract. Only the data results are returned, and the sensitive data will not be disclosed. The inclusive financial platform based on blockchain technology realizes multi-party secure data sharing, optimizes the allocation of financial resources through the opening of government data, and breaks through the problems of high cost and low efficiency caused by traditional inclusive financial information factors. According to the demand analysis of basic cloud computing business, the system is divided into four parts: management application layer, blockchain network, access layer and business department. Its logical structure is shown in Figure 6. The blockchain network module includes the blockchain public ledger, smart contract and various peer nodes to realize the data management function of the blockchain. The access layer realizes the interaction between data sets in business departments and blockchain data through SDK. The management application layer includes platform management, directory and authority management and various query applications to realize the man-machine interface of various applications. The blockchain network module includes the blockchain public ledger, smart contract and various peer nodes to realize the data management function of the blockchain. The “financial supermarket” column takes the “my Nanjing“ app application portal as the entrance and relies on the block chain Inclusive Finance underlying network to provide online financial services such as personal credit loan, business owner business loan and real estate mortgage to individuals enterprises. The system interface is shown in Figure 8. Since the pilot application, 13 banks including industrial and Commercial Bank of China, Bank of China, Bank of Jiangsu and Bank of Nanjing have joined this column to provide financial services and provide accurate and convenient financial services such as real estate mortgage loan, personal credit loan and business owner credit loan for individuals and enterprises. As of September 2019, individual consumer credit loans totaled 9.887 billion; Real estate mortgage loans totaled 106 million yuan; A total of 1729 pre evaluations of business owners’ loans, with a total evaluation amount of 247 million; Through the analysis of operation effect, every 100 million loan saves 340 people D labor cost for banks, and users do not spend more than 10 minutes from application to payment, which greatly improves the efficiency of loan application for citizens and small and medium-sized enterprises. In the next step, it is planned to accelerate the access of more banks, enrich personal enterprise financial products and optimize the user experience of financial supermarket column. 5.CONCLUDING REMARKSAiming at the uncontrollable problem of the data owner to the data uploaded to the cloud in the cloud computing environment, this paper proposes a secure data sharing model and algorithm based on the double chain structure. In the proposed scheme, in addition to the data placed on the cloud server itself is encrypted,cloud data can be opened to the outside world while ensuring security. Through simulation analysis and pilot application results, the cloud computing data sharing system based on blockchain can realize efficient and secure multi-party data sharing and collaboration. REFERENCESYang Haopu,
“Shen bin Research on access control application based on encryption system in private cloud environment,”
J.Application of electronic technology, 45
(7), 81
–84
(2019). Google Scholar
Zhang Shuguang,Xian Hequn,Wang Liming,
“Efficient encryption data deduplication method in cloud computing,”
J.Journal of communications, 39
(S1), 251
–262
(2018). Google Scholar
LINDER P,
“DEcryption contract enforcement tool (DE-CENT) : a practical alternative to government decryption backdoors,”
J.IACR Cryptology ePrint Archive, 245
(2016). Google Scholar
Xue Tengfei, Fu qunchao, Wang Zong,
“Research on medical data sharing model based on blockchain,”
J.Journal of automation, 2017
(9), 431555
–1562 Google Scholar
XIA Q,SIFAH E,SMAHI A,
“BBDS: blockchain-based data sharing for electronic medical records in cloud environments,”
J.Information, 8
(2), 44
(2017). https://doi.org/10.3390/info8020044 Google Scholar
Guo naiwang,Ni Weidong,
“Privacy protection and data sharing based on blockchain,”
J.Communication technology, 52
(8), 1982
–1986
(2019). Google Scholar
She Wei, Chen Jiansen, Liu Qi,
“A new blockchain technology for secure sharing of medical big data,”
J.Small microcomputer system, 40
(7), 1449
–1454
(2019). Google Scholar
Jin Yong, Xu Xuesong, Wang Gang,
“Research on secure sharing of e-government big data based on blockchain,”
J.Information security research, 4
(11), 1029
–1033
(2018). Google Scholar
|
