An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain

Information (Switzerland) - Tập 11 Số 2 - Trang 111

Gabriel Nyame¹, Zhiguang Qin¹, Kwame Opuni-Boachie Obour Agyekum², Emmanuel Boateng Sifah²

¹School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China

²School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, 611731, China

Tóm tắt

Access control has become problematic in several organizations because of the difficulty in establishing security and preventing malicious users from mimicking roles. Moreover, there is no flexibility among users in the participation in their roles, and even controlling them. Several role-based access control (RBAC) mechanisms have been proposed to alleviate these problems, but the security has not been fully realized. In this work, however, we present an RBAC model based on blockchain technology to enhance user authentication before knowledge is accessed and utilized in a knowledge management system (KMS). Our blockchain-based system model and the smart contract ensure that transparency and knowledge resource immutability are achieved. We also present smart contract algorithms and discussions about the model. As an essential part of RBAC model applied to KMS environment, trust is ensured in the network. Evaluation results show that our system is efficient.

Từ khóa

Tài liệu tham khảo

Nonaka, I., and Takeuchi, H. (1995). The Knowledge-Creating Company: How Japanese Companies Create the Dynamics of Innovation, Oxford University Press.

Nemetz, M. (2006). A meta-model for intellectual capital reporting. International Conference on Practical Aspects of Knowledge Management, Springer.

Quintas, 1997, Knowledge management: A strategic agenda, Long Range Plan., 30, 385, 10.1016/S0024-6301(97)90252-1

Ogunseye, O.S., Folorunso, O., and Zhang, J. (2011). Preventing Social Engineering and Espionage in Collaborative Knowledge Management Systems (KMSs). Int. J. E-Adopt.

Chen, T.Y. (2009). A multiple-Layer knowledge management system framework considering user knowledge privileges. Int. J. Softw. Eng. Knowl. Eng.

Ferraiolo, D., Cugini, J., and Kuhn, D.R. (1995, January 11–15). Role based access control: Features and motivations. Proceedings of the 11th Annual Conference on Computer Security Applications, New Orleans, LA, USA.

Cruz, 2018, RBAC-SC: Role-Based Access Control Using Smart Contract, IEEE Access, 6, 12240, 10.1109/ACCESS.2018.2812844

Ferraiolo, D.F., Barkley, J.F., and Kuhn, D.R. (1999). A role-based access control model and reference implementation within a corporate intranet. ACM Trans. Inf. Syst. Secur.

Gupta, A., Kirkpatrick, M.S., and Bertino, E. (2013). A formal proximity model for RBAC systems. Comput. Secur.

Malik, A.K., and Dustdar, S. (2011, January 9–11). Sharing and Privacy-Aware RBAC in Online Social Networks. Proceedings of the 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, Boston, MA, USA.

Nonaka, I., Toyama, R., and Konno, N. (2000). SECI, Ba and Leadership: A Unified Model of Dynamic Knowledge Creation. Long Range Plan.

Ipe, 2003, Knowledge sharing Sharing in organizations: A conceptual framework, Hum. Resourc. Dev. Rev., 2, 337, 10.1177/1534484303257985

Panarello, A., Tapas, N., Merlino, G., Longo, F., and Puliafito, A. (2018). Blockchain and IoT Integration: A Systematic Survey. Sensors, 18.

Kshetri, 2017, Can Blockchain Strengthen the Internet of Things?, IT Prof., 19, 68, 10.1109/MITP.2017.3051335

Joshi, 2019, Evaluation of design alternatives of End-Of-Life products using Internet of things, Int. J. Prod. Econ., 208, 281, 10.1016/j.ijpe.2018.12.010

Queiroz, 2019, Blockchain adoption challenges in supply chain: An empirical investigation of the main drivers in India and the USA, Int. J. Inf. Manag., 46, 70, 10.1016/j.ijinfomgt.2018.11.021

Wang, 2019, Making sense of blockchain technology: How will it transform supply chains?, Int. J. Prod. Econ., 211, 221, 10.1016/j.ijpe.2019.02.002

Sandhu, 1996, Role-based access control models, Computer, 29, 38, 10.1109/2.485845

Xia, L., and Jing, J. (2006, January 6–9). An administrative model for role-based access control using hierarchical namespace. Proceedings of the Pacific Asia Conference on Information Systems (PACIS), Kuala Lumpur, Malaysia.

Lilin, 2010, A permission model of Saas system based on RBAC, Comput. Appl. Softw., 27, 42

Li, Q., Xu, M., and Zhang, X. (2008, January 17–20). Towards a group-based RBAC model and decentralized user-role administration. Proceedings of the 2008 28th International Conference on Distributed Computing Systems Workshops, Beijing, China.

Alavi, 2001, Knowledge management and knowledge management systems: Conceptual foundations and research issues, MIS Q., 25, 107, 10.2307/3250961

Feng, 2004, Implementation of knowledge management systems and firm performance: An empirical investigation, J. Comput. Inf. Syst., 45, 92

Kostova, 1999, Transnational Transfer of Strategic Organizational Practices: A Contextual Perspective, Acad. Manag. Rev., 24, 308, 10.2307/259084

St. Rose, V. (2015). An Empirical Study of the Characteristics of the Role Based Access Control (RBAC) Model in Securing Knowledge Management (KM) and Knowledge Management Systems (KMS). [Ph.D. Thesis, Colorado Technical University]. ProQuest LLC; ISBN 978-0-3558-2647-0.

Bakar, 2015, A framework of secure KMS with RBAC implementation, ARPN J. Eng. Appl. Sci., 10, 1051

Fill, H.-G., and Felix, H. (2020, February 17). Knowledge Blockchains: Applying Blockchain Technologies to Enterprise Modeling. Available online: https://scholarspace.manoa.hawaii.edu/handle/10125/50398.

Wang, 2014, Extended Access Control and Recommendation Methods for Enterprise Knowledge Management System, IERI Procedia, 10, 224, 10.1016/j.ieri.2014.09.081

Farrell, S., and Housley, R. (2020, February 17). An Internet Attribute Certificate Profile for Authorization. Available online: https://tools.ietf.org/html/rfc3281.

Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. (2020, February 17). RFC 2693: SPKI Certificate Theory. Available online: https://tools.ietf.org/html/rfc2693.

Gutmann, 2004, Simplifying public key management, Computer, 37, 101, 10.1109/MC.2004.1266303

Charette, R. (2020, February 17). DigiNotar certificate authority breach crashes e-Government in The Netherlands. Available online: https://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands.

Lewko, A., and Waters, B. (2011, January 15–19). Decentralizing attribute-based encryption. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia.

Okamoto, T., and Katsuyuki, T. (March, January 26). Decentralized attribute-based signatures. Proceedings of the International Workshop on Public Key Cryptography, Nara, Japan.

Nakamoto, S. (2020, February 17). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: http://bitcoin.org/bitcoin.pdf.

Reyna, 2018, Enrique Soler, and Manuel Díaz. On blockchain and its integration with IoT. Challenges and opportunities, Future Gener. Comput. Syst., 88, 173, 10.1016/j.future.2018.05.046

Sifah, 2018, Chain-based big data access control infrastructure, J. Supercomput., 74, 4945, 10.1007/s11227-018-2308-7

Merkle, R.C. (1980, January 14–16). Protocols for Public Key Cryptosystems. Proceedings of the 1980 IEEE Symposium on Security and Privacy, Oakland, CA, USA.

Vanstone, 1992, Responses to NIST’s Proposal, Commun. ACM, 35, 50

National Institute of Standards and Technology (1994). Digital Signature Standard, FIPS Publication.

Koblitz, 1987, Elliptic curve cryptosystems, Math. Comput., 48, 203, 10.1090/S0025-5718-1987-0866109-5

Miller, 1986, Uses of elliptic curves in cryptography, Advances in Cryptology—Crypto ’85, Volume 218, 417, 10.1007/3-540-39799-X_31

Wood, G. (2020, February 17). Ethereum: A Secure Decentralised Generalised Transaction Ledger. Available online: https://gavwood.com/paper.pdf.

Dorri, 2019, LSB: A Lightweight Scalable Blockchain for IoT security and anonymity, J. Parall. Distribut. Comput., 134, 180, 10.1016/j.jpdc.2019.08.005

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA