Yong Zhu,Xiao Wu,Zhihui Hu

DOI: https://doi.org/10.3390/electronics11010167

IF: 2.9

2022-01-05

Electronics

Abstract:Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ronghua Xu,Seyed Yahya Nikouei,Yu Chen,Erik Blasch,Alexander Aved

DOI: https://doi.org/10.1109/blockchain.2019.00082

2019-07-01

Abstract:Thanks to rapid technological advances in the Internet of Things (IoT), a smart public safety (SPS) system has become feasible by integrating heterogeneous computing devices to collaboratively provide public protection services. While service-oriented architecture (SOA) has been adopted by IoT and cyber-physical systems (CPS), it is difficult for a monolithic architecture to provide scalable and extensible services for a distributed IoT based SPS system. Furthermore, traditional security solutions rely on a centralized authority, which can be a performance bottleneck or single point failure. Inspired by microservices architecture and blockchain technology, this paper proposes a BLockchain-ENabled Decentralized Microservices Architecture for Smart public safety (BlendMAS). Within a permissioned blockchain network, a microservices based security mechanism is introduced to secure data access control in an SPS system. The functionality of security services is decoupled into separate containerized microservices that are built using a smart contract and deployed on edge and fog computing nodes. An extensive experimental study verified that the proposed BlendMAS is able to offer a decentralized, scalable and secured data sharing and access control to distributed IoT based SPS system.

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Cheng Huang,Liang Xue,Dongxiao Liu,Xuemin Shen,Weihua Zhuang,Rob Sun,Bidi Ying

DOI: https://doi.org/10.1109/jiot.2022.3154632

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Secure cross-domain authorization and authentication (AA) enable application service providers (ASPs) to allow users for resource access from different trusted domains. In this article, we propose a unified blockchain-assisted secure cross-domain AA framework for smart city, which can guarantee transparent cross-domain resource access while preserving user privacy. In the framework, ASPs can flexibly delegate their authentication capabilities to the blockchain, and users authorized by different ASPs can be authenticated by the blockchain where the authentication events are publicly audited and traced. Since the blockchain is publicly accessible, users’ sensitive identity attributes may be exposed during the authentication process. To address privacy leakage caused by the authentication events, several privacy-preserving techniques, including threshold-based homomorphic encryption, zero-knowledge proof, and random permutation, are exploited to hide users’ sensitive information on the blockchain. Moreover, to improve user revocation efficiency, we integrate a cryptographic accumulator and secure hash functions into the framework where ASPs are allowed to revoke their users through a global revocation contract. Our security analysis shows that the proposed framework can achieve all desirable security and privacy properties, and a proof-of-concept prototype has been developed to demonstrate the correctness and efficiency of the proposed framework.

Sheng Cao,Sixuan Dang,Yuan Zhang,Wei Wang,Nan Cheng

DOI: https://doi.org/10.1016/j.comcom.2021.03.023

IF: 5.047

2021-04-01

Computer Communications

Abstract:<p>Recent works have shown great potentials for enhancing satellite communications (SATCOM) in terms of security and privacy from blockchains and smart contracts. However, smart contracts deployed on the blockchain also suffer from various attacks, e.g., illegal trigger and access, continuous intrusion, which causes critical threats toward blockchain-based SATCOM. In this paper, we first design a token-based access control mechanism for smart contracts with dynamic adjustment of the access control rules (ACRs), which guarantees that only authorized users can trigger and execute specific smart contracts. We then propose an intrusion detection mechanism for smart contracts to detect attacks against smart contracts in an effective and real-time way. Based on these mechanisms, we propose an access control and intrusion detection framework, dubbed ACID, to resist various attacks while remaining all characteristics and functionalities of the underlying blockchain-based SATCOM system. We conduct a comprehensive evaluation, which demonstrates that ACID is secure, feasible, and efficient.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Yaoliang Chen,Shi Chen,Jiao Liang,Lance Warren Feagan,Weili Han,Sheng Huang,X. Sean Wang

DOI: https://doi.org/10.1016/j.is.2020.101590

IF: 3.18

2020-01-01

Information Systems

Abstract:Blockchain is an emerging data management technology that enables people in a collaborative network to establish trusted connections with the other participants. Recently consortium blockchains have raised interest in a broader blockchain technology discussion. Instead of a fully public, autonomous network, consortium blockchain supports a network where participants can be limited to a subset of users and data access strictly controlled. Access control policies should be defined by the respective data owner and applied throughout the network without requiring a centralized data administrator. As a result, decentralized data access control (DDAC) emerges as a fundamental challenge for such systems. However, we show from a trust model for consortium collaborative networks that current consortium blockchain systems provide limited support for DDAC. Further, the distributed, replicated nature of blockchain makes it even more challenging to control data access, especially read access, compared with traditional DBMSes. We investigate possible strategies to protect data from being read by unauthorized users in consortium blockchain systems using combinations of ledger partitioning and encryption strategies. A general framework is proposed to help inexperienced users determine appropriate strategies under different application scenarios. The framework was implemented on top of Hyperledger Fabric to evaluate feasibility. Experimental results along with a real-world case study contrasted the performance of different strategies under various conditions and the practicality of the proposed framework.

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Liang Tan,Na Shi,Keping Yu,Moayad Aloqaily,Yaser Jararweh

DOI: https://doi.org/10.1145/3433542

IF: 5.3

2021-06-15

ACM Transactions on Internet Technology

Abstract:Green Internet of things (GIoT) generally refers to a new generation of Internet of things design concept. It can save energy and reduce emissions, reduce environmental pollution, waste of resources, and harm to human body and environment, in which green smart device (GSD) is a basic unit of GIoT for saving energy. With the access of a large number of heterogeneous bottom-layer GSDs in GIoT, user access and control of GSDs have become more and more complicated. Since there is no unified GSD management system, users need to operate different GIoT applications and access different GIoT cloud platforms when accessing and controlling these heterogeneous GSDs. This fragmented GSD management model not only increases the complexity of user access and control for heterogeneous GSDs, but also reduces the scalability of GSDs applications. To address this issue, this article presents a blockchain-empowered general GSD access control framework, which provides users with a unified GSD management platform. First, based on the World Wide Web Consortium (W3C) decentralized identifiers (DIDs) standard, users and GSD are issued visual identity ( VID ). Then, we extended the GSD-DIDs protocol to authenticate devices and users. Finally, based on the characteristics of decentralization and non-tampering of blockchain, a unified access control system for GSD was designed, including the registration, granting, and revoking of access rights. We implement and test on the Raspberry Pi device and the FISCO-BCOS alliance chain. The experimental results prove that the framework provides a unified and feasible way for users to achieve decentralized, lightweight, and fine-grained access control of GSDs. The solution reduces the complexity of accessing and controlling GSDs, enhances the scalability of GSD applications, as well as guarantees the credibility and immutability of permission data and identity data during access.

computer science, information systems, software engineering

Mpyana Mwamba Merlec,Hoh Peter In

DOI: https://doi.org/10.1109/jiot.2024.3371504

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Integrating blockchain technology with the Internet of Things (IoT) facilitates seamless interaction between IoT devices and systems to securely share, access, and exchange data. However, ensuring adequate access control within blockchain-enabled IoT (BIoT) systems remains a significant challenge. It is often difficult to adapt existing access control mechanisms to the dynamic and context-dependent nature of IoT environments, necessitating a robust context-aware approach to ensure adequate security and the privacy of resources within BIoT systems. In this paper, we propose a novel smart contract-enabled context-aware access control (SC-CAAC) scheme for BIoT systems. It utilizes context-aware access control models that consider contextual information, including user profile, purpose, date, time, location, resource, and operating environment specifications, to make access control decisions. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data and resources are accessible only to authorized users. The proposed scheme leverages the immutability, transparency, and decentralization of a blockchain that is shared by multiple participants in a consortium network, removing the need for a central authority to record and audit access control policies and decisions and promoting accountability and trust. The implementation and evaluation of our proposed scheme using the Hyperledger Besu blockchain demonstrates its effectiveness and scalability in real-world scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Shuixiang Li,Ruixuan Li,Yu Zhang,Yongfeng Huang

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00093

2020-01-01

Abstract:The proliferation of mobile smartphones and the Internet has enabled people to stay online, gradually changing how people live and work. Particularly during epidemic isolation, people are more likely to communicate online via the Internet. Limited by the storage capacity and network bandwidth of mobile terminals, users are more likely to use the cloud to store and share data. However, data stored by centralized cloud services in a semi-trusted environment is at risk of being compromised, and most systems use cryptographic access control for the data, which failed to achieve fine-grained access control. In this paper, we propose a data access control system based on cloud and blockchain integration (CBI), which takes the decentralized, tamper-proof characteristics of blockchain and combines the advantages of cloud storage to design a novel integrated architecture, and designed a CBI-CP-ABE algorithm to implement attribute-based encryption for fine-grained access control. Experiments show that our proposed solution has similar performance to traditional data access control systems, and users have higher control and management rights over their data in the cloud so that they can store and share data more securely and keep track of their data usage.

Li Duan,Wenyao Xu,Wei Ni,Wei Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102897

IF: 5.836

2023-05-13

Journal of Systems Architecture

Abstract:In an open Internet-of-Things (IoT) environment, cloud-device collaborative development brings more functional services to users. However, privacy disclosure risks concerning service provision and users' accessing behavior also increase. Traditional privacy protection approaches involve a centralized system with a third-party administrative server, which has the risk of single-point failures and overlooks the issue of privacy information leakage concerning users' behaviors. Blockchain is a decentralized and traceable technology that provides a reliable solution for secure access by users. This paper proposes a novel blockchain-based secure access framework (BSAF) for cloud-device service collaborations with privacy protection. Specifically, a key matrix encryption mechanism is used to protect the privacy of users' behaviors, and a fully homomorphic encryption mechanism is designed to protect the privacy of service content. Two smart contracts are designed: a request verification smart contract to verify the access rights of users, and a behavior punishment smart contract to audit users' access behaviors. Comprehensive experiments on the Ethereum blockchain network show that the proposed BSAF framework outperforms existing schemes in latency reduction and cost saving, and is more suitable for low-profile IoT devices.

computer science, software engineering, hardware & architecture

Mohammed Amine Bouras,Boming Xia,Adnan Omer Abuassba,Huansheng Ning,Qinghua Lu

DOI: https://doi.org/10.7717/peerj-cs.455

2021-04-08

Abstract:Access control is a critical aspect for improving the privacy and security of IoT systems. A consortium is a public or private association or a group of two or more institutes, businesses, and companies that collaborate to achieve common goals or form a resource pool to enable the sharing economy aspect. However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure. Blockchain technology has its intrinsic feature of distribution, which can be used to tackle the centralized problem of traditional access control schemes. Nevertheless, blockchain itself comes with certain limitations like the lack of scalability and poor performance. To bridge the gap of these problems, here we present a decentralized capability-based access control architecture designed for IoT consortium networks named IoT-CCAC. A blockchain-based database is utilized in our solution for better performance since it exhibits favorable features of both blockchain and conventional databases. The performance of IoT-CCAC is evaluated to demonstrate the superiority of our proposed architecture. IoT-CCAC is a secure, salable, effective solution that meets the enterprise and business's needs and adaptable for different IoT interoperability scenarios.

Yongtao Huang,I-Ling Yen,Farokh Bastani

2024-05-25

Abstract:The Internet of Things (IoT) necessitates robust access control mechanisms to secure a vast array of interconnected devices. Most of the existing IoT systems in practice use centralized solutions. We identify the problems in such solutions and adopt the blockchain based decentralized access control approach. Though there are works in the literature that use blockchain for access control, there are some gaps in these works. We develop a blockchain embedded access control (BEAC) framework to bridge the gaps. First, blockchain based solutions for access control require an enabling P2P network while existing P2P overlays do not support some required features. We develop a novel P2P infrastructure to seamlessly support our BEAC framework. Second, most of the works consider blockchain based access control for a single access control model, and we develop a generic blockchain mechanism and show that it can support the embedding of various access control models. Finally, existing works adopt existing blockchain mechanisms which may incur a high communication overhead. We develop a shortcut approach to improve the number of message rounds in the access protocol. Our experiments demonstrate the efficacy of our system, showing that the shortcut mechanism can reduces access time by approximately 43%.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Libo Feng,Junyu Lin,Fei Qiu,Bei Yu,Zhihua Jin,Jinli Wang,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1109/tnsm.2024.3371521

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Industrial big data has experienced from data silos due to its high potential value and strong security requirements, making it difficult to share securely across domains. Blockchain-based solutions allow nodes to establish access control to trusted data on unreliable or trustless networks, but still face issues such as inefficient data sharing and leakage of sensitive information. In this paper, we propose a blockchain-based access control scheme for privacy security and dynamic regulation. First, ciphertext policy attribute-based encryption (CP-ABE) is developed to gain fine-grained access to node resources, with verifiable outsourcing decryption method to significantly reduce computational pressure on end users. Second, a policy hiding method based on multi-chain architecture is proposed, which performs double hiding of attribute information and access policy information on the blockchain. Finally, a supervisory policy that incorporates dynamic trust assessment and smart contracts is proposed to achieve effective detection and hierarchical classification punishment of malicious behavior. Security analysis and experimental results show that our scheme can limit the complexity of terminal decryption at a constant level and effectively achieve secure and efficient access control in the industrial Internet environment.

computer science, information systems

Jialu Hao,Cheng Huang,Wenjuan Tang,Yang Zhang,Shuai Yuan

DOI: https://doi.org/10.1109/TCSII.2021.3125500

2022-01-01

Abstract:Access control is essential in computer security systems to regulate the access to critical or valuable resources. Conventional access control models mainly rely on a centralized and trusted server to mediate each attempted access from client to resources, which face serious challenges of single point of failure and lack of transparency. In this brief, we propose a smart contract-based access control framework, which enables the owner to achieve resource access control in a reliable, auditable and scalable way. An access control contract is deployed on blockchain to manage attribute-based access policies of resources flexibly and make access decisions for clients credibly. A set of attributes is distributed to the clients through off-chain signatures signed by the owner to determine their privileges, without consuming the expensive on-chain storage space. Finally, we implement an experimental prototype on Ethereum test network and perform extensive experimental and theoretical analysis to evaluate its scalability and efficiency.

Ronghua Xu,Gowri Sankar Ramachandran,Yu Chen,Bhaskar Krishnamachari

DOI: https://doi.org/10.48550/arXiv.1909.10888

2019-09-21

Abstract:To promote the benefits of the Internet of Things (IoT) in smart communities and smart cities, a real-time data marketplace middleware platform, called the Intelligent IoT Integrator (I3), has been recently proposed. While facilitating the easy exchanges of real-time IoT data streams between device owners and third-party applications through the marketplace, I3 is presently a monolithic, centralized platform for a single community. Although the service oriented architecture (SOA) has been widely adopted in the IoT and cyber-physical systems (CPS), it is difficult for a monolithic architecture to provide scalable, inter-operable and extensible services for large numbers of distributed IoT devices and different application vendors. Traditional security solutions rely on a centralized authority, which can be a performance bottleneck or susceptible to a single point of failure. Inspired by containerized microservices and blockchain technology, this paper proposed a BLockchain-ENabled Secure Microservices for Decentralized Data Marketplaces (BlendSM-DDM). Within a permissioned blockchain network, a microservices based security mechanism is introduced to secure data exchange and payment among participants in the marketplace. BlendSM-DDM is able to offer a decentralized, scalable and auditable data exchanges for the data marketplace.

Distributed, Parallel, and Cluster Computing

Zixin Wang,Mingrui Cao,Hao Jiang,Bin Cao,Shuo Wang,Chen Sun,Mugen Peng

2024-08-04

Abstract:Dynamic spectrum sharing (DSS) between satellite and terrestrial networks has increasingly engaged the academic and industrial sectors. Nevertheless, facilitating secure, efficient and scalable sharing continues to pose a pivotal challenge. Emerging as a promising technology to bridge the trust gap among multiple participants, blockchain has been envisioned to enable DSS in a decentralized manner. However, satellites with limited resources may struggle to support the frequent interactions required by blockchain networks. Additionally,given the extensive coverage of satellites, spectrum sharing needs vary by regions, challenging traditional blockchain approaches to accommodate differences. In this work, a partitioned, self-governed, and customized dynamic spectrum sharing approach (PSC-DSS) is proposed for spectrum sharing between satellite access networks and terrestrial access networks. This approach establishes a sharded and tiered architecture which allows various regions to manage spectrum autonomously while jointly maintaining a single blockchain ledger. Moreover, a spectrum-consensus integrated mechanism, which decouples DSS process and couples it with blockchain consensus protocol, is designed to enable regions to conduct DSS transactions in parallel and dynamically innovate spectrum sharing schemes without affecting others. Furthermore, a theoretical framework is derived to justify the stability performance of PSC-DSS. Finally, simulations and experiments are conducted to validate the advantageous performance of PSC-DSS in terms of low-overhead, high efficiency, and robust stability.

Distributed, Parallel, and Cluster Computing

Lianshan Sun,Danni Zhou,Diandong Liu,Jingyan Tang,Yang Li

DOI: https://doi.org/10.1109/access.2023.3340887

IF: 3.9

2023-01-01

IEEE Access

Abstract:Access control is a widely used technology for securing sensitive resources of information systems, ranging from personal data managed by cloud-based data stores to sensitive data stream collected by smart devices. Existing access control systems mainly adopt centralized architecture and static access control models, including Access Control List, Role-based Access Control and Attribute-based Access Control. However, these systems fail to meet the increasing requirements of behavior based dynamic access control or requirements of owner initiated autonomous access control without relying on trustworthy third parties and suffer inherent drawbacks of a single point of failure or dishonesty. To this end, a novel blockchain-based and provenance enabled dynamic access control scheme called BPDAC is proposed. Specifically, it collects and stores data provenance on blockchain to enable behavior-based dynamic access control; in particular, the quick lookup table (QLT) structure is designed to speed up access control evaluation based on provenance with increasing complexity. It also provides specifications for formulating access control policy based on provenance. It utilizes a set of smart contracts on blockchain to enable decentralized and reliable autonomous access control. A prototype system is implemented on the Hyperledger Fabric and experiments are conducted to show that the proposed scheme is practically feasible and scalable in terms of the performance metrics of throughput and latency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary