Lingling Lu,Zhenyu Wen,Ye Yuan,Binru Dai,Peng Qian,Changting Lin,Qinming He,Zhenguang Liu,Jianhai Chen,Rajiv Ranjan

DOI: https://doi.org/10.1109/tdsc.2022.3228908

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Blockchain, a distributed and shared ledger, provides a credible and transparent solution to increase application auditability by querying the immutable records written in the ledger. Unfortunately, existing query APIs offered by the blockchain are inflexible and unscalable. Some studies propose off-chain solutions to provide more flexible and scalable query services. However, the query service providers (SPs) may deliver fake results without executing the real computation tasks and collude to cheat users. In this article, we propose a novel intelligent blockchain analytics platform termed iQuery , in which we design a game theory based smart contract to ensure the trustworthiness of the query results at a reasonable monetary cost. Furthermore, the contract introduces the second opinion game that employs a randomized SP selection approach coupled with non-ordered asynchronous querying primitive to prevent collusion. We achieve a fixed price equilibrium, destroy the economic foundation of collusion, and can incentivize all rational SPs to act diligently with proper financial rewards. In particular, iQuery can flexibly support semantic and analytical queries for generic consortium or public blockchains, achieving query scalability to massive blockchain data. Extensive experimental evaluations show that iQuery is significantly faster than state-of-the-art systems. Specifically, in terms of the conditional, analytical, and multi-origin query semantics, iQuery is 2 ×, 7 ×, and 1.5 × faster than advanced blockchain and blockchain databases. Meanwhile, to guarantee 100% trustworthiness, only two copies of query results need to be verified in iQuery , while iQuery 's latency is $2 \sim 134$ × smaller than the state-of-the-art systems.

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Duo Zhang,Shangping Wang,Qian Zhang,Yaling Zhang

DOI: https://doi.org/10.1109/tsc.2023.3311877

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing has brought great convenience to data storage and resource sharing, however, there are still concerns about data security and service quality. Attribute-based encryption (ABE) and searchable encryption (SE) are always adopted to achieve data access authorization and data retrieval on encrypted data in data sharing, respectively. But more efficient and accurate methods have been always pursued. Moreover, the spoofing attacks is another important aspect that raises concerns, especially when it comes to reliability of search results and online payments. Blockchain, an emerging technology that can be used to solve the problem of trust, has shown great application potential in finance and data sharing. Based on blockchain, we propose an attribute-based conjunctive keyword search (ABCKS) scheme with verifiability and fairness. In this paper, data privacy-preserving, fine-grained access control, and multi-keywords search can be supported simultaneously. Blockchain and smart contract are employed to facilitate the search result verification process and ensure fair payment in the trustless case. Furthermore, we reduce the user's decryption load to a constant level by performing partial decryption on the cloud side. Finally, the results of the performance evaluation indicate that our scheme has higher efficiency and security.

computer science, information systems, software engineering

Cheng Zhang,Yang Xu,Yupeng Hu,Jiajing Wu,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1109/tcc.2021.3057771

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Network storage services have benefited countless users worldwide due to the notable features of convenience, economy and high availability. Since a single service provider is not always reliable enough, more complex multi-cloud storage systems are developed for mitigating the data corruption risk. While a data auditing scheme is still needed in multi-cloud storage to help users confirm the integrity of their outsourced data. Unfortunately, most of the corresponding schemes rely on trusted institutions such as the centralized third-party auditor (TPA) and the cloud service organizer, and it is difficult to identify malicious service providers after service disputes. Therefore, we present a blockchain-based multi-cloud storage data auditing scheme to protect data integrity and accurately arbitrate service disputes. We not only introduce the blockchain to record the interactions among users, service providers, and organizers in data auditing process as evidence, but also employ the smart contract to detect service dispute, so as to enforce the untrusted organizer to honestly identify malicious service providers. We also use the blockchain network and homomorphic verifiable tags to achieve the low-cost batch verification without TPA. Theoretical analyses and experiments reveal that the scheme is effective in multi-cloud environments and the cost is acceptable.

Hongxia Zhang,Xingshu Chen,Xiao Lan,Hongjian Jin,Qi Cao

DOI: https://doi.org/10.1016/j.jisa.2020.102538

IF: 4.96

2020-12-01

Journal of Information Security and Applications

Abstract:<p>In many real resource access scenarios, the parties who require to establish communication may be unable to effectively identify and verify some authentication messages of the other party due to the use of completely different cryptography settings, making it difficult to authenticate each other in such scenarios. We usually define the above-mentioned problem as "cross-domain authentication". Although many research works have been devoted to solving the problem of entity authentication for cross-domain communication, the problem of "incomplete cross-domain" widely exists in existing works. Existing solutions based on some common underlying cryptography foundations greatly limit the application of such cross-domain authentication schemes. In order to solve the problem of "incomplete cross-domain", this paper proposes a thoroughly cross-domain authentication scheme based on blockchain technology, which can be used by participants from different domains that adopt totally different settings. Our security analysis demonstrates that the scheme is provably secure in the standard model and the experimental results show the efficiency of our scheme.</p>

computer science, information systems

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shengjun Zhang,Hang Zhou,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1109/iscc.2017.8024596

2017-01-01

Abstract:Data outsourcing has become quite popular in recent years. While the rapid development of cloud storage service, it brings about many new security challenges. One of the biggest concerns with cloud data storage is that of data integrity at untrusted cloud servers. For example, when individual users store important data files in cloud servers, the data files may be damaged or corrupted because of cloud server failures or malicious attackers. Our work focuses on the problem of ensuring the integrity of data storage in cloud computing. The prior approaches mainly solved static data and provide simple recovery method like PoRs or dealt with public verifiability of data integrity without recovery method like PDP. Our scheme proposed a novel Cross-encoding recovery (Cer) method based erasure code for reducing unnecessary network bandwidth cost and provided a new data structure named Dynamic Storage Table (DST) that supports dynamic data operations for cloud data storage applications. It is worth mentioning that we consider Counting Bloom Filter (CBF) in our solution which can verify the data integrity practically and efficiently. Meanwhile, we implemented a security system and performance analysis showing that the proposed scheme is highly efficient and provably secure.

LIU Xuejiao,CAO Tiancong,XIA Yingjie

DOI: https://doi.org/10.11959/j.issn.1000−436x.2023031

2023-01-01

Abstract:To solve the problems of data disclosure, uncontrolled data access, and inefficiency of cross-domain data sharing in the Internet of vehicles（IoV）, an efficient and secure cross-domain data sharing scheme of IoV under blockchain architecture was proposed. A blockchain was maintained by trusted authorities of different trust domains. A modified ciphertext-policy attribute-based encryption scheme was adopted to encrypt data, and encrypted data was stored in interplanetary file system（IPFS） with relevant information recorded on the blockchain, constructing a fine-grained and secure cross-domain data sharing scheme based on blockchain. A verification algorithm for cross-domain access based on the garbled Bloom filter was designed, and a smart contract executed fast decryption tests based on access policies on the blockchain, improving the access efficiency of a mass of ciphertext. A cross-domain data access method based on outsourcing decryption was designed,and the trusted authorities transformed ciphertexts while performing outsourcing decryption with complex bilinear pairing calculations, reducing the time overhead of vehicle decryption. Experiment results show that the proposed scheme is superior to other schemes in the process of cross-domain ciphertext transformation and vehicle decryption, and the cross-domain data access efficiency is increased by 60% on average.

Q. Tao,Q. Chen,H. Ding,I. Adnan,X. Huang,X. Cui

DOI: https://doi.org/10.1155/2021/6668339

IF: 1.968

2021-03-27

Security and Communication Networks

Abstract:The barriers of food enterprises and departments caused information asymmetry, which is the root cause of food safety incidents. Simultaneously, it is challenging to solve the information asymmetry by the existing cloud-based food supply-chain regulation system. Establishing a secure and reliable data sharing environment is an effective solution to the information island. Blockchain can construct a security network based on mathematical algorithms, eliminating the third party’s potential security risk, and realize transparently share data. In this paper, on the principle of metadata remaining in the food enterprises, we propose a blockchain-cloud fusion scheme based on Decentralized Attribute-Based Signature (DABS) to realize secure data sharing between departments. It constructs a decentralized and trusting environment for data owners to share data and achieves social co-governance of food safety based on the smart contract. It can also preserve the existing system architecture and complement the performance disadvantage of blockchain and cloud storage. The result achieved from security analysis shows that our scheme supports unconditional full anonymity and can resist collusion attacks of N-1 out of N corrupted attribute authorities.

computer science, information systems,telecommunications

Gaurav Deep,Rajni Mohana,Anand Nayyar,P Sanjeevikumar,Eklas Hossain

DOI: https://doi.org/10.3390/s19204444

2019-10-14

Abstract:Cloud computing has made the software development process fast and flexible but on the other hand it has contributed to increasing security attacks. Employees who manage the data in cloud companies may face insider attack, affecting their reputation. They have the advantage of accessing the user data by interacting with the authentication mechanism. The primary aim of this research paper is to provide a novel secure authentication mechanism by using Blockchain technology for cloud databases. Blockchain makes it difficult to change user login credentials details in the user authentication process by an insider. The insider is not able to access the user authentication data due to the distributed ledger-based authentication scheme. Activity of insider can be traced and cannot be changed. Both insider and outsider user's are authenticated using individual IDs and signatures. Furthermore, the user access control on the cloud database is also authenticated. The algorithm and theorem of the proposed mechanism have been given to demonstrate the applicability and correctness.The proposed mechanism is tested on the Scyther formal system tool against denial of service, impersonation, offline guessing, and no replay attacks. Scyther results show that the proposed methodology is secure cum robust.

LIU Xuejiao,ZHONG Qiang,XIA Yingjie

DOI: https://doi.org/10.11959/j.issn.1000−436x.2023080

2023-01-01

Abstract:To solve the problems of poor scalability, slow synchronization of authentication information, and high authentication overhead in cross-trust domain message authentication in the Internet of vehicles (IoV), an efficient authentication scheme for cross-trust domain of IoV based on a double-layer shard blockchain was proposed.A double-layer shard blockchain architecture was designed for lots of cross-trust domain message authentication by constructing blockchains on different entity levels in all domains to improve the scalability of the system and ensure secure and efficient sharing of cross-domain information.A blockchain sharding method based on the Metis graph partitioning algorithm for IoV was proposed to balance loads of each shard and adapt to the uneven distribution of authentication information on different road segments in IoV, thereby improving the efficiency of synchronizing a large number of authentication information on the chain.A batch authentication scheme based on certificateless public-key cryptography (CL-PKC) was proposed, which reduced the authentication overhead of cross-domain messages by enabling batch authentication of messages from different trust domains.Experimental results show that the proposed scheme effectively improves the authentication efficiency of cross-trust domain messages.Compared with other schemes, the proposed scheme reduces the computational overhead of a large number of cross-domain message authentication by more than 26.4%.

LEI Kai,SHU Fangxing,HUANG Lei,ZHANG Qichao

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020024

2020-01-01

Abstract:The domain name system (DNS) is an important internet infrastructure. However, current DNS utilizes centralized hierarchical structure with severe dependence on root server, which causes defects such as the risk of single-point failure and the abuse of central rights. Designing new decentralized DNS mainly focuses on transforming the domain name system from a single trust domain which relies on the center to multiple trust domains with the top-level domain name as the root parallel to each other, but also faces cross-domain credible challenges. To design a cross-domain trusted architecture, the concept of separating control and analysis was adopted, and a dual-blockchain DNS architecture was proposed. At data layer, a novel cross-domain verification was designed based on a one-way accumulator verification scheme, with the time complexity of the verification process O(N) reducing to O(1) nearly. The CDBFT algorithm was proposed by combining the DPoS mechanism and the BFT algorithm, whose average throughput reaches 736 TPS. The theoretical derivation and experimental results have demonstrated the advantages of this new DNS architecture on security, performance, and scalability.

Yang Xu,Cheng Zhang,Guojun Wang,Zheng Qin,Quanrun Zeng

DOI: https://doi.org/10.1109/tetc.2020.3005610

2021-07-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Since network storage services achieve widespread adoption, security and performance issues are becoming primary concerns, affecting the scalability of storage systems. Countermeasures like data auditing mechanisms and deduplication techniques are widely studied. However, the existing data auditing mechanism with deduplication cannot solve the problems such as high cost and reliance on trusted third parties in traditional approaches, and it also faces the problem of repeated auditing of data shared by multiple-tenant. This article proposes a blockchain-based deduplicatable data auditing mechanism. We first design a client-side data deduplication scheme based on bilinear-pair techniques to reduce the burden on users and service providers. On this basis, we achieve a trustworthy and efficient data auditing mechanism that helps to check data integrity by using both the blockchain technique and bilinear pairing cryptosystem. The blockchain system is used to record the behaviors of entities in both data outsourcing and auditing processes so that the corresponding immutable records can be used to not only ensure the credibility of audit results but also help to monitor unreliable third-party auditors. Finally, theoretical analysis and experiments reveal the effectiveness and performance of our scheme.

computer science, information systems,telecommunications

GUI Zhiming,SUN Zhongxiang,HUANG Zhou

DOI: https://doi.org/10.13209/j.0479-8023.2022.120

2023-01-01

Abstract:The combination of spatial data and blockchain can provide decentralized, secure and trustworthy technical support for spatial data management, but there are currently problems such as low query rate, single type of query, and detachment from blockchain system. According to this problem, combined with the characteristics of high performance and rich function types of spatial database, a spatial query optimization method by integrating blockchain and database is proposed. The method integrates Hyperledger Fabric with spatial database, and differs from the traditional off-chain query method by proposing a blockchain-integrated spatial database method,embedding efficient spatial operation functions in smart contracts, and deploying the database in a distributed manner, so as to retain the original distributed query characteristics of the blockchain. In terms of tamper-proof, a hash-and-salt secure storage mechanism and double verification mechanism are used to strengthen the security. The experimental results show that the method has excellent performance and security.

Yangfei Lin,Jie Li,Shigetomo Kimura,Yuanyuan Yang,Yusheng Ji,Yangjie Cao

DOI: https://doi.org/10.1109/jiot.2021.3102236

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:The applications of Internet of Things have emerged in every aspect of people's life. The volume of data gathered can be enormous. Enterprises and personal consumers are increasingly reliant on cloud storage services instead of local storage. While they enjoy the convenience of cloud storage services, they also worry about the integrity of the cloud-stored data since they do not physically own the data. To enable public integrity auditing, third-party auditors as trusted ones verify data integrity on behalf of the data owner. However, the vulnerability of auditors should also be considered. We propose a consortium blockchain-based public integrity verification system (CBPIV). In CBPIV, the auditor behaviors are recorded in the consortium blockchain so that authorized parties can audit the auditor to see if the verification results are correct. A smart contract is deployed to check the behavior of the auditor automatically, which can trigger alerts for unusual behaviors. The evaluation on both security and performance shows that our proposed scheme is secure and alleviates the burden on data owners of limited computation capability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dongdong Yue,Ruixuan Li,Yan Zhang,Wenlong Tian,Yongfeng Huang

DOI: https://doi.org/10.1016/j.jpdc.2020.06.007

IF: 4.542

2020-12-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the popularity of the Internet of Things (IoT), data integrity verification in the edge cloud storage attracts attentions from many researchers. Due to the over dependence of the Third Party Auditor (TPA) and the dynamical nature of the IoT data, the traditional data integrity verification framework for cloud storage can hardly work. To satisfy the characteristics of the IoT and avoid the over dependence of the TPA, we propose a blockchain-based framework without TPA for data integrity verification in a decentralized edge-cloud storage (ECS) scenario in this paper. In our framework, we employ the Merkle tree with random challenging numbers for data integrity verification and analyze different Merkle tree structures to optimize the system performance. To solve the problem of limited resources and high real-time requirements, we further propose sampling verification and develop rational sampling strategies to make sampling verification more effective. The overhead and precision of the verification in ECS are studied by an optimal sample size strategy. Finally, a prototype system is implemented based on our framework and we conduct a series of experiments to evaluate the effectiveness of the proposed schemes. The experimental results show that our schemes can effectively improve the performance of data integrity verification.</p>

computer science, theory & methods

Bo Zhang,Boxiang Dong,Hui Wang

DOI: https://doi.org/10.48550/arXiv.1808.08313

2018-08-25

Abstract:Spurred by the development of cloud computing, there has been considerable recent interest in the Database-as-a-Service (DaaS) paradigm. Users lacking in expertise or computational resources can outsource their data and database management needs to a third-party service provider. Outsourcing, however, raises an important issue of result integrity: how can the client verify with lightweight overhead that the query results returned by the service provider are correct (i.e., the same as the results of query execution locally)? This survey focuses on categorizing and reviewing the progress on the current approaches for result integrity of SQL query evaluation in the DaaS model. The survey also includes some potential future research directions for result integrity verification of the outsourced computations.

Cryptography and Security

Yapeng Miao,Ying Miao,Xuexue Miao

DOI: https://doi.org/10.1002/cpe.8285

2024-09-29

Concurrency and Computation Practice and Experience

Abstract:Summary Cloud storage provides a convenient way of collaboration and sharing. An increasing number of users are becoming more open to sharing their data with others. Consequently, the integrity of shared data has started to draw significant attention due to the loss control of it. Remote data integrity techniques can solve this problem. To resist the collusion between the third party auditor and the cloud server, existing integrity auditing schemes utilize blockchain to replace the third party auditor to do some work. However, these schemes still involve collusion between the third party auditor and the miners and cannot guarantee the third party auditor to execute the auditing process honestly. Considering this, we propose a blockchain‐based transparent and certificateless data integrity auditing scheme. Specifically, we design the smart contract combining the commitment technology to generate the challenge information and record the auditing information. Besides, we combine certificateless cryptography and the blind technology to achieve the privacy‐preserving. The proposed scheme can resist collusion, improve the transparency of the auditing process, protect the data privacy and reduce the overhead of certificate management and key management. The security analysis and performance evaluation demonstrate the security and efficiency of the scheme.

computer science, theory & methods, software engineering

Li Yunliang,Du Zhiqiang,Fu Yanfang,Zheng Xianghan

DOI: https://doi.org/10.1016/j.pmcj.2024.101878

IF: 3.848

2024-01-08

Pervasive and Mobile Computing

Abstract:Numerous users from diverse domains access information and perform various operations in multi-domain environments. These users have complex permissions that increase the risk of identity falsification, unauthorized access, and privacy breaches during cross-domain interactions. Consequently, implementing an access control architecture to prevent users from engaging in illicit activities is imperative. This paper proposes a novel blockchain-based access control architecture for multi-domain environments. By integrating the multi-domain environment within a federated chain, the architecture utilizes Decentralized Identifiers (DIDs) for user identification and relies on public/secret key pairs for operational execution. Verifiable credentials are used to authorize permissions and release resources, thereby ensuring authentication and preventing tampering and forgery. In addition, the architecture automates the authorization and access control processes through smart contracts, thereby eliminating human intervention. Finally, we performed a simulation evaluation of the architecture. The most time-consuming process had a runtime of 1074 ms, primarily attributed to interactions with the blockchain. Concurrent testing revealed that with a concurrency level of 2000 demonstrated that the response times for read and write operations were maintained within 1000 ms and 4600 ms, respectively. In terms of storage efficiency, except for user registration, which incurred two gas charges, all the other processes required only one charge.

computer science, information systems,telecommunications

Qing Liu,Xiaojun Zhang,Jingting Xue,Rang Zhou,Xin Wang,Wei Tang

DOI: https://doi.org/10.1016/j.sysarc.2023.102898

IF: 5.836

2023-05-14

Journal of Systems Architecture

Abstract:Due to the sharp increase in industrial data, cloud computing has been integrated into intelligent Industrial Internet of Things systems to store and process massive data. Since core data are key factors in the industrial production process, any intercepted or altered data may cause severe consequences, and the integrity and confidentiality of outsourced industrial data have become extremely concerning security issues. In this paper, we focus on devising an enhanced blockchain-assisted certificateless public integrity checking (BA-CPIC) mechanism for industrial cloud storage systems. BA-CPIC contributes to checking outsourced industrial encrypted data, and exploits the smart contract in the Ethereum blockchain to provide assistance to users for checking malicious behaviors of auditors (e.g., colluding with industrial cloud servers or lazing checking). Besides, BA-CPIC preserves the identity privacy of users enjoying outsourced storage and blockchain-assisted integrity checking services. By contrast, some misbehaved users in industrial cloud storage systems could also be traced and revoked in due course. BA-CPIC avoids both inherent drawbacks of key escrow and complex certificate management, it is provided corresponding security analysis under the certificateless security model. The performance evaluation demonstrates the feasibility of BA-CPIC in the deployment of industrial cloud storage systems.

computer science, software engineering, hardware & architecture