阅读说明：本技术 移动边缘计算中基于区块链的跨域访问控制方法 (Cross-domain access control method based on block chain in mobile edge calculation ) 是由 林晖 胡嘉 汪晓丁 刘文新 于 2021-06-24 设计创作，主要内容包括：本发明公开了移动边缘计算中基于区块链的跨域访问控制方法；跨域请求用户端向其所在的源域内的网关节点发送跨域访问的跨域请求；源域内的网关节点对跨域请求用户端的域内信誉和综合信誉进行评估,并发送给目的域内的网关节点；目的域内的网关节点对接收到的跨域请求用户端的相关属性值进行验证评估,并返回将请求的结果；目的域同意所述跨域请求用户端的跨域请求后,则跨域请求用户端需要在目的域中的域内区块链上进行注册,以访问其所需要的资源；源域删除跨域请求用户端在源域的域内区块链上的数据资源访问权限；本发明以实现隐私保护为目标,利用区块链技术,来实现动态的信誉评估和跨域数据资源访问,保护不同域内数据资源的安全性。(The invention discloses a block chain-based cross-domain access control method in mobile edge calculation; a cross-domain request user side sends a cross-domain request of cross-domain access to a gateway node in a source domain where the cross-domain request user side is located; the gateway node in the source domain evaluates the in-domain credit and the comprehensive credit of the cross-domain request user side and sends the in-domain credit and the comprehensive credit to the gateway node in the target domain; the gateway node in the target domain verifies and evaluates the received related attribute value of the cross-domain request user side and returns a request result; after the target domain agrees with the cross-domain request of the cross-domain request user terminal, the cross-domain request user terminal needs to register on the intra-domain block chain in the target domain to access the required resources; deleting the data resource access authority of the cross-domain request user side on the intra-domain block chain of the source domain by the source domain; the invention aims to realize privacy protection, and utilizes the block chain technology to realize dynamic credit evaluation and cross-domain data resource access and protect the safety of data resources in different domains.)

1. A block chain-based cross-domain access control method in mobile edge calculation is characterized by comprising the following steps:

s1, the cross-domain request user side sends a cross-domain request of cross-domain access to the gateway node in the source domain where the cross-domain request user side is located so as to request data resources in the target domain;

s2, the gateway node in the source domain evaluates the in-domain reputation and the comprehensive reputation of the cross-domain request user side, and sends the comprehensive reputation of the cross-domain request user side to the gateway node in the target domain in a uniform format;

s3, the gateway node in the target domain verifies and evaluates the received related attribute value of the cross-domain request user side, returns the result of whether the cross-domain request is approved to the gateway node in the source domain, and returns the evaluation result to the cross-domain request user side by the gateway node in the source domain;

s4, after the destination domain agrees to the cross-domain request of the cross-domain request user, the cross-domain request user needs to register on the intra-domain blockchain in the destination domain to access the required resources;

and S5, the source domain deletes the data resource access right of the cross-domain request user terminal on the intra-domain block chain of the source domain.

2. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

the intradomain entities of the source and destination domains include the intradomain blockchain and the gateway node.

3. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

the cross-domain access is intra-domain chain access crossing different regions.

4. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

the intra-area block chain is a multi-channel block chain, so that data isolation of different security levels is realized, and a user can only access data according with the security level of the channel where the user is located.

5. The block chain-based cross-domain access control method in mobile edge computing according to claim 1, wherein the gateway node in the source domain and the gateway node in the destination domain are both intra-domain gateway nodes;

the gateway node in the domain updates the credit value of the cross-domain request user side through a credit evaluation intelligent contract;

the step S2 specifically includes:

s21, when the gateway node in the source domain receives the cross-domain request of the cross-domain request user terminal, the credit evaluation intelligent contract updates the current intra-domain credit value R of the cross-domain request user terminal according to the formulas (1) and (2)^dis；

R^dis＝R^sum+ξ (1)

Xi is the dynamic credit change value of the cross-domain request user side, m is the total category number of data levels, and k_sAnd kappa_fWeights set for access success and access failure at different data levels, AF_sAnd AF_fThe times of successful and failed access of the users, AF, corresponding to different data levels_totalThen the total number of user accesses of different data levels, R^sumIs the original reputation value of the cross-domain request user side in the source domain;

s22, calling a credit evaluation intelligent contract by the gateway node in the source domain, and calculating a comprehensive credit value R of the cross-domain request user side according to a formula (3)^syn；

Wherein k is the number of the areas where the cross-domain requesting client is located, pl and pl_maxThe priority of the cross-domain requesting user terminal in the source domain and the maximum priority, R, of the source domain^disIs the intra-domain reputation value of the cross-domain requesting user side in the source domain;

and S23, the gateway node in the source domain sends the comprehensive reputation value of the cross-domain request user side to the gateway node in the target domain, and the gateway node waits for evaluation and verification.

6. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

the gateway node in the target domain calls a cross-domain intelligent contract in an interaction chain to evaluate the cross-domain request;

the step S3 specifically includes:

s31, the cross-domain intelligent contract firstly judges the source domain where the cross-domain request user terminal is located, and judges whether the source domain belongs to the sub-domain of the target domain;

s32, if the source domain belongs to the sub-domain of the target domain, further judging the comprehensive credit value R of the cross-domain request user side^synWhether the domain of the purpose is satisfiedSet intra-domain threshold σ₁If the requirement is met, the cross-domain request of the cross-domain request user side is agreed; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s33, if the source domain does not belong to the sub-domain of the target domain, the cross-domain intelligent contract judges whether the cross-domain attribute item of the cross-domain request user side is matched with the attribute item set by the target domain, if not, the cross-domain request is rejected, and if so, the step S34 is executed;

s34, the cross-domain intelligent contract further judges whether the comprehensive credit value of the cross-domain request user side meets the threshold value sigma outside the domain set by the target domain₂Wherein the out-of-range threshold is greater than the in-range threshold, σ₂>σ₁(ii) a If yes, agreeing to the cross-domain request of the cross-domain request user side; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s35, the destination domain sends the cross-domain request result of the cross-domain request user terminal to the gateway node of the source domain, and the gateway node of the source domain forwards the cross-domain request result to the cross-domain request user terminal.

7. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

in step S4, the security level of the channel where the cross-domain request client is located determines the authority of the cross-domain request client to access data, the cross-domain request client can only access data resources corresponding to the security level of the channel where the cross-domain request client is located, and for data at the same security level, the cross-domain request client with high priority will first obtain access to the data.

8. The block chain-based cross-domain access control method in mobile edge computing according to claim 1,

the step S5 specifically includes:

the gateway node in the destination domain needs to broadcast on the interaction chainNotifying other edge areas that the cross-domain requesting user terminal is in the area, and recording the current cross-domain reputation value Q of the cross-domain requesting user terminal on the chain^disAnd the source domain clears the access authority of the cross-domain request user terminal to the data in the source domain.

Technical Field

The invention relates to the field of block chain technology and access control technology, in particular to a block chain-based cross-domain access control method in mobile edge calculation.

Background

With the rapid development of Mobile Edge Computing (MEC) technology, new service models and services based on MECs will exhibit an explosive growth trend, and the amount of data generated therein will also increase explosively. However, there are inherent security threats in the new service model based on MEC, especially data security threats during data access. These security threats will lead to unauthorized/unauthorized access, tampering and leakage of resource data, which affects the confidentiality and integrity of the data.

Ma et al (Ma M, Shi G, Li F. privacy-oriented block-based distributed key management for a hierarchical Access control in the IoT hierarchy [ J ] IEEE Access,2019,7:34045-34059.) propose a distributed key management mechanism based on block chains, run multiple block chains in the cloud to achieve cross-domain Access, and introduce multiple rights allocation and group Access modes to enhance extensibility. Gauhar et al (Gauhar A, Ahmad N, Cao Y, et al. xDBauth: Block chain based cross domain authentication and authorization frame for Internet of Things J. IEEE Access,2020,8: 58800-. Sun et al (Sun S, Chen S, Du R.Trusted and Efficient Cross-Domain Access Control System Based on Block chain [ J ]. Scientific Programming,2020.doi:10.1155/2020/8832568.) propose a block chain-Based trusted Cross-Domain Access Control System, Based on role mapping rules and Access policies, using block chain technology to realize user authentication and reliable Cross-Domain Access Control. Zhu et al (Zhu X, Zheng J, Ren B, et al, MicrothingsChain: Block-based Controlled Data Sharing Platform in Multi-domain IoT [ J ]. Journal of Networking and Network Applications,2021,1(1):19-27.) propose a Multi-domain Data Sharing mechanism, so that heterogeneous Data between different Applications can be accessed intra-domain and cross-domain through a block chain.

The existing access control method has the defects of poor strategy coarse granularity, poor expandability and accuracy, lack of internal attack consideration and the like, and cannot meet the requirement of data security in the practical application of MEC. Therefore, designing a cross-domain based access control method in combination with the characteristics of the moving edge calculation becomes a technical problem to be solved by those skilled in the art.

Disclosure of Invention

The technical problem to be solved by the invention is as follows: a cross-domain access control method based on block chains in mobile edge calculation is provided.

In order to solve the technical problems, the invention adopts the technical scheme that:

a cross-domain access control method based on block chains in mobile edge calculation comprises the following steps:

s1, the cross-domain request user side sends a cross-domain request of cross-domain access to the gateway node in the source domain where the cross-domain request user side is located so as to request data resources in the target domain;

s2, the gateway node in the source domain evaluates the in-domain reputation and the comprehensive reputation of the cross-domain request user side, and sends the comprehensive reputation of the cross-domain request user side to the gateway node in the target domain in a uniform format;

s3, the gateway node in the target domain verifies and evaluates the received related attribute value of the cross-domain request user side, returns the result of whether the cross-domain request is approved to the gateway node in the source domain, and returns the evaluation result to the cross-domain request user side by the gateway node in the source domain;

s4, after the destination domain agrees to the cross-domain request of the cross-domain request user, the cross-domain request user needs to register on the intra-domain block chain in the destination domain to access the required resources;

and S5, the source domain deletes the data resource access right of the cross-domain request user terminal on the intra-domain block chain of the source domain.

The invention has the beneficial effects that: the invention processes the cross-domain request by dynamically evaluating the credit value of the cross-domain request user side according to the user behavior, and realizes the cross-domain data resource access of users in different domains by a block chain cross-chain technology. And meanwhile, a multilevel block chain is adopted to realize hierarchical access to data with different security levels.

Drawings

Fig. 1 is a schematic flowchart of a block chain-based cross-domain access control method in mobile edge computing according to an embodiment of the present invention;

fig. 2 is a flowchart of a block chain-based cross-domain access control method in mobile edge computing according to an embodiment of the present invention.

Detailed Description

In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.

The most key concept of the invention is as follows: the reputation value of the cross-domain request user side is dynamically evaluated according to the user behavior, the cross-domain request is processed, cross-domain data resource access of users in different domains is achieved through a block chain cross-chain technology, and hierarchical access to data with different security levels is achieved through a multi-level block chain.

Referring to fig. 1 and fig. 2, a block chain-based cross-domain access control method in mobile edge calculation includes the steps of:

s1, the cross-domain request user side sends a cross-domain request of cross-domain access to the gateway node in the source domain where the cross-domain request user side is located so as to request data resources in the target domain;

s2, the gateway node in the source domain evaluates the in-domain reputation and the comprehensive reputation of the cross-domain request user side, and sends the comprehensive reputation of the cross-domain request user side to the gateway node in the target domain in a uniform format;

s3, the gateway node in the target domain verifies and evaluates the received related attribute value of the cross-domain request user side, returns the result of whether the cross-domain request is approved to the gateway node in the source domain, and returns the evaluation result to the cross-domain request user side by the gateway node in the source domain;

s4, after the destination domain agrees to the request of the cross-domain request user, the cross-domain request user needs to register on the intra-domain block chain in the destination domain to access the required resource;

and S5, the source domain deletes the data resource access right of the cross-domain request user terminal on the intra-domain block chain of the source domain.

Further, the intradomain entities of the source and destination domains include the intradomain blockchain and the gateway node.

Further, the cross-domain access is intra-domain chain access across different regions.

Furthermore, the intra-area block chain is a multi-channel block chain, so that data isolation of different security levels is realized, and a user can only access data which accords with the security level of the channel where the user is located.

Further, the gateway node in the source domain and the gateway node in the destination domain are both intra-domain gateway nodes;

the gateway node in the domain updates the credit value of the cross-domain request user side through a credit evaluation intelligent contract;

the step S2 specifically includes:

s21, when the gateway node in the source domain receives the cross-domain request of the cross-domain request user terminal, the credit evaluation intelligent contract updates the current intra-domain credit value R of the cross-domain request user terminal according to the formulas (1) and (2)^dis；

R^dis＝R^sum+ξ (1)

Xi is the dynamic credit change value of the cross-domain request user side, m is the total category number of data levels, and k_sAnd kappa_fWeights set for access success and access failure at different data levels, AF_sAnd AF_fThe times of successful and failed access of the users, AF, corresponding to different data levels_totalThen the total number of user accesses of different data levels, R^sumIs the original message of the cross-domain request user terminal in the source domainA reputation value;

s22, calling a credit evaluation intelligent contract by the gateway node in the source domain, and calculating a comprehensive credit value R of the cross-domain request user side according to a formula (3)^syn；

Wherein k is the number of the areas where the cross-domain requesting client is located, pl and pl_maxThe priority of the cross-domain requesting user terminal in the source domain and the maximum priority, R, of the source domain^disIs the intra-domain reputation value of the cross-domain requesting user side in the source domain;

and S23, the gateway node in the source domain sends the comprehensive reputation value of the cross-domain request user side to the gateway node in the target domain, and the gateway node waits for evaluation and verification.

Further, the gateway node in the target domain calls a cross-domain intelligent contract in an interaction chain to evaluate the cross-domain request;

the step S3 specifically includes:

s31, the cross-domain intelligent contract firstly judges the source domain where the cross-domain request user terminal is located, and judges whether the source domain belongs to the sub-domain of the target domain;

s32, if the source domain belongs to the sub-domain of the target domain, further judging the comprehensive credit value R of the cross-domain request user side^synWhether or not the intra-domain threshold value sigma set for the target domain is satisfied₁If the requirement is met, the cross-domain request of the cross-domain request user side is agreed; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s33, if the source domain does not belong to the sub-domain of the target domain, the cross-domain intelligent contract judges whether the cross-domain attribute item of the cross-domain request user side is matched with the attribute item set by the target domain, if not, the cross-domain request is rejected, and if so, the step S34 is executed;

s34, the cross-domain intelligenceThe contract further judges whether the comprehensive credit value of the cross-domain request user side meets the threshold value sigma outside the domain set by the target domain₂Wherein the out-of-range threshold is greater than the in-range threshold, σ₂>σ₁. If yes, agreeing to the cross-domain request of the cross-domain request user side; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s35, the destination domain sends the cross-domain request result of the cross-domain request user terminal to the gateway node of the source domain, and the gateway node of the source domain forwards the cross-domain request result to the cross-domain request user terminal.

Further, in step S4, the security level of the channel where the user is located determines the authority of the user to access the data, the user can only access the data resource corresponding to the security level of the channel where the user is located, and for the data under the same security level, the user with high priority will first obtain the access right to the data.

Further, the step S5 specifically includes:

the gateway node in the destination domain needs to notify other edge regions in an interactive chain in a broadcast mode, the cross-domain request user side is in the region, and the current cross-domain reputation value Q of the cross-domain request user side is recorded in the chain^disAnd the source domain clears the access authority of the cross-domain request user terminal to the data in the source domain.

From the above description, the invention is applied to cross-domain access in mobile edge computing, aims to realize privacy protection, and utilizes a block chain technology to realize dynamic reputation evaluation and cross-domain data resource access, thereby protecting the security of data resources in different domains.

Referring to fig. 1 and fig. 2, a first embodiment of the present invention is:

a cross-domain access control method based on a block chain in mobile edge calculation is characterized in that a system model is defined as follows: and each MEC edge region maintains an intra-region block chain and a gateway node, wherein the intra-region block chain is used for managing the access of users to the data resources of the region, and the gateway node is used for verifying the data. And maintaining an interaction chain between each MEC edge region for realizing cross-chain requests of users.

As shown in fig. 2, the block chain-based cross-domain access control method in mobile edge calculation includes the steps of:

s1, the cross-domain request user side sends a cross-domain request of cross-domain access to the gateway node in the source domain where the cross-domain request user side is located so as to request data resources in the target domain;

proceed to step S2;

s2, the gateway node in the source domain evaluates the in-domain reputation and the comprehensive reputation of the cross-domain request user side, and sends the comprehensive reputation of the cross-domain request user side to the gateway node in the target domain in a uniform format;

the step S2 specifically includes:

s21, when the gateway node in the source domain receives the cross-domain request of the cross-domain request user terminal, the credit evaluation intelligent contract updates the current intra-domain credit value R of the cross-domain request user terminal according to the formulas (1) and (2)^dis；

R^dis＝R^sum+ξ (1)

Xi is the dynamic credit change value of the cross-domain request user side, m is the total category number of data levels, and k_sAnd kappa_fWeights set for access success and access failure at different data levels, AF_sAnd AF_fThe times of successful and failed access of the users, AF, corresponding to different data levels_totalThen the total number of user accesses of different data levels, R^sumIs the original reputation value of the cross-domain request user side in the source domain;

s22, calling a credit evaluation intelligent contract by the gateway node in the source domain, and calculating a comprehensive credit value R of the cross-domain request user side according to a formula (3)^syn；

Wherein k is the number of the areas where the cross-domain requesting client is located, pl and pl_maxThe priority of the cross-domain requesting user terminal in the source domain and the maximum priority, R, of the source domain^disIs the intra-domain reputation value of the cross-domain requesting user side in the source domain;

and S23, the gateway node in the source domain sends the comprehensive reputation value of the cross-domain request user side to the gateway node in the target domain, and the gateway node waits for evaluation and verification.

Proceed to step S3;

s3, the gateway node in the target domain verifies and evaluates the received related attribute value of the cross-domain request user side, returns the result of whether the cross-domain request is approved to the gateway node in the source domain, and returns the evaluation result to the cross-domain request user side by the gateway node in the source domain;

the step S3 specifically includes:

s31, the cross-domain intelligent contract firstly judges the source domain where the cross-domain request user terminal is located, and judges whether the source domain belongs to the sub-domain of the target domain;

s32, if the source domain belongs to the sub-domain of the target domain, further judging the comprehensive credit value R of the cross-domain request user side^synWhether or not the intra-domain threshold value sigma set for the target domain is satisfied₁If the requirement is met, the cross-domain request of the cross-domain request user side is agreed; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s33, if the source domain does not belong to the sub-domain of the target domain, the cross-domain intelligent contract judges whether the cross-domain attribute item of the cross-domain request user side is matched with the attribute item set by the target domain, if not, the cross-domain request is rejected, and if so, the step S34 is executed;

s34, the cross-domain intelligent contract further judges the comprehensive credit of the cross-domain request user terminalWhether the value satisfies the out-of-domain threshold σ set for the destination domain₂Wherein the out-of-range threshold is greater than the in-range threshold, σ₂>σ₁. If yes, agreeing to the cross-domain request of the cross-domain request user side; otherwise, rejecting the cross-domain request of the cross-domain request user side;

s35, the destination domain sends the cross-domain request result of the cross-domain request user terminal to the gateway node of the source domain, and the gateway node of the source domain forwards the cross-domain request result to the cross-domain request user terminal.

Proceed to step S4;

s4, after the destination domain agrees to the request of the cross-domain request user, the cross-domain request user needs to register on the intra-domain block chain in the destination domain to access the required resource;

in step S4, the security level of the channel where the user is located determines the authority of the user to access the data, the user can only access the data resource corresponding to the security level of the channel where the user is located, and for the data in the same security level, the user with high priority will first obtain the access right to the data.

Proceed to step S5;

s5, the source domain deletes the data resource access right of the cross-domain request user side on the intra-domain block chain of the source domain;

the step S5 specifically includes:

the gateway node in the destination domain needs to notify other edge regions in an interactive chain in a broadcast mode, the cross-domain request user side is in the region, and the current cross-domain reputation value Q of the cross-domain request user side is recorded in the chain^disAnd the source domain clears the access authority of the cross-domain request user terminal to the data in the source domain.

In summary, the block chain-based cross-domain access control method in mobile edge computing provided by the present invention has the following beneficial effects:

(1) each edge area maintains an intra-area block chain, an interaction chain is constructed on the basic framework, and cross-area access of users among different areas is realized through cooperation among gateway nodes of different edge areas.

(2) Dynamically evaluating the user reputation through an intelligent contract; meanwhile, different priorities are distributed according to the user security level, and the user is stimulated to standardize the access behavior so as to improve the credit of the user.

The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.