隨著計算機網路的發展，使得數位身分認證越來越普及，由於傳統物理證件容易洩漏使用者的敏感個資，如:只要求驗證年齡，卻洩漏身分證上地址、姓名等其他資訊，如果為數位身分認證，就能利用事先設定的條件，來存取使用者特定的相關個資，來保護使用者的隱私權，我們常用以角色為基礎的存取控制(RBAC, Role-Based Access Control)來描述和設定使用者與服務提供者之間的存取權限關係，傳統物理證件通常會加上防偽特徵，但在電腦網路世界為了防止惡意用戶偽裝使用者身分，就必須透過第三方認證組織來認證使用者身分，然而隨著使用者數量的增加，頻繁的認證使第三方必須面對龐大的開銷。在本研究中，為了使數位身分認證能在不同組織間進行，而不透過第三方認證組織，我們引用區塊鏈技術來實現分散式的以角色為基礎的存取控制，解決組織間的信任問題，且區塊鏈擁有去中心、永久運行、共同維護、無法竄改和使用者匿名等優點，我們與其他實現系統比較，發現我們的系統能同時擁有不需第三方認證、完整log和不需組織間互相信任的特點，最後我們的實驗證明，系統的效能開銷與電腦效能無關，讓部屬成本降低，能達到更方便、更快速和更安全的以角色為基礎的存取控制。

With the development of computer network, digital identity authentication is more and more popular. As the traditional physical credentials easily leak the user's sensitive items (e.g. only need to verify the age but leak the identity of the ID card on the address, name and other information). For a digital identity, you will use the pre-set conditions to access the user-specific related to the protection of the user's privacy. We use Role-Based Access Control (RBAC) to describe and set the access relationship between the user and the service provider. Traditional physical credentials are usually accompanied by security features, but in the computer network world to prevent malicious users disguising the other user’s identity, it must be through a third party certification organization to authenticate the user identity. However, with the increase in the number of users, frequent certification so that third parties must face a huge overhead. In this study, we use Blockchain technology to implement a decentralized role-based access control scheme to address inter-organizational trust issues without the need for third-party organization certification. Blockchain has advantages of decentralization, permanent operation, common maintenance, to prevent tampering and user anonymity. Compared with the other implementation systems, our system can have the similar feature of the existing scheme without the need of a third party authentication, complete log or the mutual trust between organizations. Through experiments, we show that the system's performance overhead is acceptable, the cost is low, and it is convenient, faster and more secure than the traditional RBAC.

[1] David F. Ferraiolo, & Dennis M. Gilbert, & Nickilyn Lynch, “An examination of federal and commercial access control policy needs”, in NIST-NCSC National Computer Security Conference, pages 107-116, Baltimore, MD, September 20-23 1993.
[2] Ravi S, & Sandhu, “Lattice-based access control models”, IEEE Computer Society Press Los Alamitos, Vol. 26, Iss. 11, pp. 9-19, 1993.
[3] Satoshi Nakamoto, “Bitcoin: A peer-to-peer electronic cash system”, Retrieved 2017/06/11 from https://bitcoin.org/bitcoin.pdf.
[4] Markus Jakobsson, & Ari Juels, “Proofs of work and bread pudding protocols”, Retrieved 2017/03/26 http://www.hashcash.org/papers/bread-pudding.pdf.
[5] BitFury Group, “權益證明與工作量證明的比較”, Retrieved 2017/05/03 from http://menghaipasha.blogspot.tw/2016/09/blog-post.html.
[6] Plus500, Retrieved https://www.plus500.com/zh/Instruments/BTCUSD.
[7] Daniel Larimer, Retrieved 2017/06/11 from https://bravenewcoin.com/assets/Uploads/TransactionsAsProofOfStake10.pdf.
[8] Poloniex, Retrieved 2017/06/11 from https://poloniex.com/exchange#usdt_btc.
[9] IBM, Retrieved 2017/06/11 from http://www.adeptenterprise.com/.
[10] World Health Organization, Retrieved 2017/06/11 from http://www.who.int/whosis/whostat/2009/en/.
[11] Gem, Retrieved 2017/06/11 from https://gem.co/health/.
[12] PETER SMITH, Retrieved 2017/06/11 from https://blockchain.info/charts/blocks-size.
[13] PETER SMITH, Retrieved 2017/06/11 from https://blockchain.info/charts/hash-rate.
[14] R. Cohen, “Global Bitcoin Computing Power Now256 Times Faster Than Top 500 Supercomputers,Combined”, Retrieved 2013/11/28 from http://www.forbes.com/sites/reuvencohen/2013/11/28/globalbitcoin-computing-power-now-256-times-faster-than-top-500-supercomputers-combined/.
[15] Karthik Gollapudi, Retrieved 2017/06/11 from https://github.com/ethereum/wiki/wiki/White-Paper.
[16] T. Elgamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms’’, IEEE TRANSACTIONS ON INFORMATION THEORY, Vol. 31, Iss. 4, pp. 469-472, 1985.
[17] R. Housley, & W. Ford, & W. Polk, & D. Solo , “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, Retrieved 2017/06/28 from https://www.ietf.org/rfc/rfc2459.txt.
[18] Yuping Deng, & Xiaowei Guo, & Xiamu Niu1, “A New Design Scheme of Role-Based Access Control Based on PKI”, in Innovative Computing Information and Control, International Conference on (2006), Beijing, China, Aug. 30, 2006 to Sept. 1, 2006.
[19] Wei Zhou., & Christoph Meinel, “Implement role based access control with attribute certificates”, In Proceedings of the 6th International Conference on Advanced Communication Technology (ICACT2004), Korea, Feb 9-11, 2004.
[20] D.W. Chadwick, A. Otenko, “RBAC Policies in XML for X.509 Based Privilege Management”, In SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, Egypt, May 07-09, 2002.
[21] Su JS, Cao D, Wang XF, Sun YP, Hu QL. “Attribute-Based encryption schemes”, Journal of Software, Vol. 22, Iss.6, pp. 1299−1315, 2011.
[22] Yoneyama K, “Strongly secure two-pass attribute-based authenticated key exchange”, In Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography. , Japan , December 13-15, 2010.
[23] Yan Zhu, & Di Ma, & Chang Jun Hu, & Dijiang Huang, “How to use attribute-based encryption to implement role-based access control in the cloud”, In Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing, Hangzhou, China, May 08, 2013.
[24] Yan Zhu, & Dijiang Huang, & Chang-Jyun Hu, & Xin Wang, “From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services”, IEEE TRANSACTIONS ON SERVICES COMPUTING, Vol. 8, Iss. 4, pp. 601-616, 2015.
[25] Allison Lewko, & Brent Waters, “Decentralizing Attribute-Based Encryption”, In EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology Pages 568-588, Tallinn, Estonia, May 15-19, 2011.
[26] Matthew Green, & Susan Hohenberger, & Brent Waters, “Outsourcing the Decryption of ABE Ciphertexts”, In SEC'11 Proceedings of the 20th USENIX conference on Security Pages 34-34, San Francisco, CA, August 08-12, 2011.
[27] Microsoft, Retrieved 2017/06/11 from https://www.microsoft.com/.
[28] Microsoft TechNet, “Introducing AD FS 2.0”, Retrieved 2017/06/11 from https://technet.microsoft.com/en-us/library/adfs2-help-introducing(v=ws.10).aspx.
[29] MSDN, “An Introduction to Claims”, Retrieved 2017/06/11 from https://msdn.microsoft.com/en-us/library/ff359101.aspx.
[30] MSDN, “使用 WIF 與 ACS 在宣告感知 ASP.NET 應用程式中實作以角色為基礎的存取控制 (RBAC)”, Retrieved 2017/06/11 from https://msdn.microsoft.com/zh-tw/library/azure/gg185914.aspx.
[31] MSDN, “Federated Identity Management Interoperability” Retrieved 2017/06/11 from https://msdn.microsoft.com/en-us/library/ms996532.aspx.
[32] MSDN, “規劃 AD FS 部署”, Retrieved 2017/06/11 from https://msdn.microsoft.com/zh-tw/library/azure/dn151324.aspx.
[33] Parity, Retrieved 2017/06/11 from https://github.com/paritytech/parity.
[34] Read the Docs, Retrieved 2017/06/11 from http://solidity.readthedocs.io/en/latest/.
[35] Ethereum Community, Retrieved 2017/06/11 from https://etherscan.io/chart/gasprice.
[36] Hyperledger, Retrieved 2017/06/11 from https://www.hyperledger.org/.
[37] R3, Retrieved 2017/06/11 from https://www.r3.com/.
[38] Monax, Retrieved 2017/06/11 from https://monax.io/.