Ke Huang,Xiaosong Zhang,Yi Mu,Fatemeh Rezaeibagha,Xiaojiang Du

DOI: https://doi.org/10.1016/j.ins.2020.07.016

IF: 8.1

2021-02-01

Information Sciences

Abstract:Internet-of-Things (IoT) envisions communications between heterogeneous devices and utilization of the associated data for smart decision making. Blockchain bridges the gap between widely-distributed IoT devices and the need for a universal trust-layer. When applying blockchain for IoT, some concerns can arise. Among them, scalability is a crucial factor because it decides whether blockchain can keep empowering IoT in the long term . According to a recent survey by Ali et al., some newly launched blockchains are suffering from powerful attacks (e.g. 51% attack) when the computing pool is small, and the number of participated nodes is inadequate (USENIX 2016). To ensure the scalability of initially-deployed blockchains, a proper countermeasure is important to be devised. Ateniese et al. proposed the notion of the redactable blockchain (EuroS&P 2017) which allows block history to be rewritten by using chameleon hash. However, the distribution and management of trapdoor key is crucial for the scalability of chameleon hash as well as redactable blockchain. To deal with the above problems, we propose two cryptographic schemes as the new theoretic tools for blockchain redaction: time updatable chameleon hash (TUCH) and linkable-and-redactable ring signature (LRRS). The use of TUCH and LRRS schemes enables redaction to take place scalably and anonymously where the spontaneous ring is generated for redaction, which costs little expenditures to rewrite a block content. Specifically, the redaction will be processed without assigning and splitting trapdoor key among multiple users in a complex way, and achieve transaction anonymity for users . What is more, we briefly instantiate how to build a redactable blockchain with update and anonymity (SRB) with our proposed TUCH and LRRS. While security analysis confirms that our proposals are theoretically secure, the experimental results show that our proposals are efficient for implementation purposes.

computer science, information systems

Meng Jia,Jing Chen,Kun He,Ruiying Du,Li Zheng,Mingxi Lai,Donghui Wang,Fei Liu

DOI: https://doi.org/10.1109/tifs.2022.3192716

IF: 7.231

2022-08-09

IEEE Transactions on Information Forensics and Security

Abstract:Blockchain is a technology with decentralization and immutability features and has been employed for auditing by many applications. However, immutability sometimes limits the application of blockchain technology. For example, vulnerable smart contracts on blockchain cannot be redacted due to immutability. The existing redactable blockchain solutions either have a low efficiency or violate the decentralization feature. Moreover, those solutions lack mechanisms for tracing redaction history and checking block consistency. In this paper, we present an efficient redactable blockchain with traceability in the decentralized setting. Specifically, we propose a decentralized chameleon hash function for redactable blockchain that every redaction must be approved by multiple blockchain nodes. We also design a redactable blockchain structure that maintains all redactions of a block and encodes the redacted blocks into an RSA accumulator. Then, we propose an efficient block consistency check protocol based on the RSA accumulator. Finally, we conduct experiments and compare our scheme with another decentralized redactable blockchain to demonstrate that our solution is efficient in practice.

computer science, theory & methods,engineering, electrical & electronic

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/TIFS.2022.3156808

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Immutability has been widely accepted as a fundamental property protecting the security of blockchain technology. However, this property impedes the development of blockchain because of the abuse of blockchain storage and legal obligations. To mitigate this issue, a novel construction of blockchain, called redactable blockchain, was introduced. It enables a central authority to issue the rewriting privilege to a particular party who can rewrite a registered object, e.g., a block or a transaction, in a controlled way. Unfortunately, the central authority must be fully trusted and is an obvious target suffering from various attacks. In this paper, we introduce a redactable blockchain controlled at a fine-grained level in a decentralized setting. In our solution, the rewriting privilege is issued by multiple authorities for reducing the vulnerability of the centralized setting. To formalize our solution, we introduce a novel cryptographic notion, called decentralized policy-based chameleon hash (DPCH), with the formal definition and security model. By applying several simple cryptographic tools, such as chameleon hash, digital signature, and multi-authority attribute-based encryption, we present the generic construction of DPCH along with rigorous security proofs. By applying RSA-based chameleon hash and BLS short signature, we give a practical instantiation of DPCH with performance evaluation. The comprehensive evaluation shows that our solution has superior performance than the state-of-the-art solution.

Junke Duan,Wei Wang,Licheng Wang,Lize Gu

DOI: https://doi.org/10.1109/tifs.2024.3436925

IF: 7.231

2024-08-20

IEEE Transactions on Information Forensics and Security

Abstract:Immutability is widely recognized as one of the blockchain's key security attributes. However, in recent years, incidents involving the use of blockchain for disseminating illegal or malicious information have raised concerns over its strict immutability. To address these issues, redactable blockchains are proposed as a novel solution, permitting authorized content redactions without compromising the structural integrity of the blockchain. Unfortunately, current solutions are unable to restrict the abuse of redaction privilege, except for relying on a trusted authority or committee, which contradicts the trustlessness principle of blockchain. In this paper, we propose a controlled redactable blockchain protocol that allows for a limited number of redactions and supports a transparent setup. The cryptographic tools enabling this functionality are our proposed t-times chameleon hash (t-CH) and signature (t-CS) schemes, where generating more than t collisions will expose the trapdoor. We present security models, discrete logarithm-based instantiations, and formal security proofs for both t-CH and t-CS. Subsequently, we present the construction of our redaction protocol in both permissioned and permissionless settings. Finally, we experimentally demonstrate the effectiveness of the proposed protocol in practice.

computer science, theory & methods,engineering, electrical & electronic

Liushun Zhao,Deke Guo,Lailong Luo,Junjie Xie,Yulong Shen,Bangbang Ren

DOI: https://doi.org/10.1016/j.comnet.2024.110500

IF: 5.493

2024-05-14

Computer Networks

Abstract:Blockchain-based Internet of Things (IoT) data management is increasingly ubiquitous across smart cities, supply chains, e-health and other domains. The immutability of blockchain is crucial to securing these IoT data management systems. In actual application scenarios, redacting the on-chain IoT data is still desired or even legally required. Various redactable blockchain technologies have been suggested for breaking immutability and redacting on-chain data. However, conventional redactable blockchain technologies incur security and performance degradations like redact privileges abuse and key exposure, prior art merely reactively corrects rather than fundamentally forestalling such misuse. In this paper, we rethink the conflict between the immutability and redaction of blockchain-based IoT data systems and propose Tiger Tally as a secure redactable architecture to fundamentally forestall these vulnerabilities. Tiger Tally introduces a novel Targeted Policy-Based Chameleon Hash, along with tokenized redact privileges, to form integrated cryptography and access control mechanisms. We further propose a full lifecycle redactable blockchain framework with rigorous security proofs to instantiate Tiger Tally. Furthermore, to meet its practical needs, we introduce the proposed Tiger Tally to the comprehensive IoT data workflows. At last, proof-of-concept implementation and performance evaluation demonstrate that our Tiger Tally is practical for IoT data management systems and greatly reduces the time overhead caused by malicious modification by at least 73.0 % or even 3.26 times at the cost of 5.4 % incremental space overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yanxue Jia,Shi-Feng Sun,Yi Zhang,Zhiqiang Liu,Dawu Gu

DOI: https://doi.org/10.1145/3433210.3453091

2021-01-01

Abstract:The immutability of blockchain is crucial to the security of many blockchain applications, while it is still desired or even legally obliged to allow for redacting the contents of blockchain for some scenarios. In this work, we revisit the conflict between the immutability and redaction of blockchain, and put forward a new fine-grained redactable blockchain with a semi-trusted regulator, who follows our protocol but has a tendency to abuse his power. To the best of our knowledge, it is the first blockchain that not only supports the supervision of blockchain content, but also allows users themselves to manage their own data. To this end, we introduce a new variant of chameleon-hash function, named stateful Chameleon Hash with Revocable Subkey, which is important for building our redactable blockchain and may be of independent interest. We also propose a black-box construction from standard chameleon-hash functions, and prove its security properties under our proposed security notions. At last, we provide a proof-of-concept implementation. The evaluation results demonstrate that our redactable blockchain is practical and can be adopted with small additional overhead compared to the immutable blockchain.

Cheng Zhang,Zhifei Ni,Yang Xu,Entao Luo,Linweiya Chen,Yaoxue Zhang

DOI: https://doi.org/10.1016/j.jpdc.2021.02.026

IF: 4.542

2021-06-01

Journal of Parallel and Distributed Computing

Abstract:<p>Industrial data plays a key role in the industrial internet, and its secure collection problem has been highly valued by researchers. As Industrial Internet of Things (IIoT) devices are geographically dispersed and difficult to link, blockchain technology is usually introduced to solve the security management problem of industrial data. Unfortunately, the IIoT device is not stable, and it may leave incorrect messages in the blockchain, which will be permanently stored with potentially catastrophic consequences. As an effective solution, the redactable blockchain technology can allow people to modify the data on the blockchain. However, the existing redactable blockchain cannot guarantee industrial data security in the industrial internet due to requirements of trusted third parties, large overheads or lack of accountability mechanism. In this paper, we propose a trustworthy industrial data management scheme based on redactable blockchain in the industrial internet. To avoid additional burdens on industrial blockchain systems, a double-blockchain architecture is established to separate trapdoor management transactions. Distributed chameleon hash parameter generation and trapdoor recovery methods can avoid the security problems faced by the centralized organization. The fault-tolerant trapdoor recovery mechanism based on verifiable secret sharing technology as an alternative enhances the security of the system. The blockchain will record various information in the trapdoor management process and use it as evidence for accountability when disputes arise. The theoretical analysis and experiments show that the approach can effectively deal with malicious behaviors and has acceptable overhead.</p>

computer science, theory & methods

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2021.3107146

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As an immutable append-only distributed ledger, blockchain allows a group of participants to reach a consensus in an untrustworthy ecosystem. Immutability is a blockchain feature that persists data forever, but it is no longer legal in reality. Blockchain has unchangeable improper contents that violate laws. Moreover, data regulation toward “the right to be forgotten” requires blockchain must be modifiable. To address this problem, redactable blockchain has been introduced to relax immutability in a controlled way. However, once a participant is authorized, she/he can rewrite any content and no penalty for the malicious behavior that hinders the wide deployment of redactable blockchain in practice. In this paper, we introduce a new notion, dubbed k-time modifiable and epoch-based redactable blockchain (KERB) with a monetary penalty to control rewriting privileges and penalize malicious behaviors. Our solution is built up from simple building blocks: digital signatures and chameleon hashes. We give a formal definition and security models of KERB, and present a generic construction along with formal proofs. The extensive comparison and experimental analysis illustrate that our solution enjoys superior functionalities and performances than the state-of-the-art solutions.

Zhuo Xu,Xinyi Luo,Kaiping Xue,David Wei,Ruidong Li

DOI: https://doi.org/10.1109/icdcs57875.2023.00090

2023-01-01

Abstract:The immutability of blockchains is an important security feature, but applications and studies have shown that it poses some problems. For instance, harmful information and vulnerable programs can be permanently stored on public blockchains such as Bitcoin and Ethereum, causing continuous damage. Therefore, researchers proposed the redactable blockchain to delete or modify those harmful data. Existing schemes usually adopt the Chameleon hash function (CHF) to keep the block hash unchanged so that other blocks remain unaffected. However, these schemes suffer from two security problems: (i) (unknown-version) users cannot determine whether a received block is the up-to-date version because different versions have the same hash; and (ii) (lazy-redaction) miners have no motivations to update historical blocks, causing continuous spreading of data which should have been discarded. To solve the problems, we propose SEREDACT, a secure and efficient redactable blockchain protocol with verifiable modification. Specifically, we design a Merkle tree-based verification mechanism with efficient dynamic updating that supports quick version checks and forcible modification updates, and further integrate it with restricted redaction policies to guarantee security. Our security and performance analyses show that SEREDACT has adequate security as a redactable blockchain protocol and retains close efficiency compared with the immutable blockchain.

Jingning Zhang,Youshui Lu,Kun Wang,Yang Xu,Yong Qi,Xinpei Dong,Haoming Wang

DOI: https://doi.org/10.1007/978-3-030-60029-7_58

2020-01-01

Abstract:As a promising approach to extend cloud resource and service on the Internet-of-Things (IoT), edge computing has attracted significant attention. However, edge computing faces challenges in its decentralized management and data reliability. To meet this gap, many approaches propose to use blockchain technology to enable distributed storage and computation at the edge nodes, thus guaranteeing reliable access and control of the network. However, the resource-constraint nature of the edge node makes it difficult to store the entire chain as the data volume increases. To address this issue, we propose Re-chain, a re-writable blockchain with fixed storage. Re-chain supports re-writing of the onchain historical transactions in chronological order without changing the block hash, as a result, the total size of the blockchain will not increase. Our protocol is consensus-based and uses the proposed threshold trapdoor chameleon hash (TTCH) to constraint re-write operations. With this regards, Re-chain achieves both decentralized re-writing design and fault-tolerance at the same time. We provide security analysis and evaluation experiments to demonstrate the feasibility of Re-chain, the results show that the performance of Re-chain is acceptable when it is executed at a medium scale.

Shangxiong Yang,Shaowen Li,Wenjia Chen,Yawen Zhao

DOI: https://doi.org/10.3390/s24051667

IF: 3.9

2024-03-05

Sensors

Abstract:With the development of agricultural information technology, the Internet of Things and blockchain have become important in the traceability of agricultural products. Sensors collect real-time data in agricultural production and a blockchain provides a secure and transparent storage medium for these data, which improves the transparency and credibility of agricultural product traceability. However, existing agricultural product traceability solutions are limited by the immutability of the blockchain, making it difficult to delete erroneous data and modify the scope of data sharing. This damages the credibility of traceability data and is not conducive to the exchange and sharing of information among enterprises. In this article, we propose an agricultural product traceability data management scheme based on a redactable blockchain. This scheme allows agricultural enterprises to encrypt data to protect privacy. In order to facilitate the maintenance and sharing of data, we introduce a chameleon hash function to provide data modification capabilities. Enterprises can fix erroneous data and update the access permissions of the data. To improve the efficiency of block editing, our scheme adopts a distributed block editing method. This method supports threshold editing operations, avoiding single-point-of-failure issues. We save records of data modifications on the blockchain and establish accountability mechanisms to identify malicious entities. Finally, in this paper we provide a security analysis of our proposed solution and verify its effectiveness through experiments. Compared with the existing scheme, the block generating speed is improved by 42% and the block editing speed is improved by 29.3% at 125 nodes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shams Mhmood Abd Ali,Mohd Najwadi Yusoff,Hasan Falah Hasan

DOI: https://doi.org/10.3390/fi15010035

2023-01-13

Future Internet

Abstract:The continuous advancements of blockchain applications impose constant improvements on their technical features. Particularly immutability, a highly secure blockchain attribute forbidding unauthorized or illicit data editing or deletion, which functions as crucial blockchain security. Nonetheless, the security function is currently being challenged due to improper data stored, such as child pornography, copyright violation, and lately the enaction of the "Right to be Forgotten (RtbF)" principle disseminated by the General Data Protection Regulation (GDPR), where it requires blockchain data to be redacted to suit current applications' urgent demands, and even compliance with the regulation is a challenge and an unfeasible practice for various blockchain technology providers owing to the immutability characteristic. To overcome this challenge, mutable blockchain is highly demanded to solve previously mentioned issues, where controlled and supervised amendments to certain content within constrained privileges granted are suggested by several researchers through numerous blockchain redaction mechanisms using chameleon and non-chameleon hashing function approaches, and methods were proposed to achieve reasonable policies while ensuring high blockchain security levels. Accordingly, the current study seeks to thoroughly define redaction implementation challenges and security properties criteria. The analysis performed has mapped these criteria with chameleon-based research methodologies, technical approaches, and the latest cryptographic techniques implemented to resolve the challenge posed by the policy in which comparisons paved current open issues, leading to shaping future research directions in the scoped field.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.1007/978-3-031-57725-3_10

2024-01-01

Abstract:Chameleon hash (CH) is a trapdoor hash function. Generally it is hard to find collisions, but with the help of a trapdoor, finding collisions becomes easy. CH plays an important role in converting a conventional blockchain to a redactable one. However, most of existing CH schemes are too weak to support redactable blockchains. The currently known CH schemes serving for redactable blockchains have the best security of so-called “full collision resistance ( f-CR )”, but they are built either in the random oracle model or rely on heavy tools like the simulation-sound extractable non-interactive zero-knowledge (SSE-NIZK) proof system. Moreover, up to now there is no CH scheme with post-quantum f-CR security in the standard model. Therefore, no CH can support redactable blockchains in a post-quantum way without relying on random oracles. In this paper, we introduce a variant of CH, namely tagged chameleon hash (tCH). Tagged chameleon hash takes a tag into hash evaluations and collision finding algorithms. We define two security notions for tCH, restricted collision resistance ( r-CR ) and full collision resistance ( f-CR ), and prove the equivalence between r-CR and f-CR when tCH works in the one-time tag mode. We propose a tCH scheme from lattices without using any NIZK proof, and prove that its restricted collision resistance is reduced to the Short Integer Solution (SIS) assumption in the standard model. We also show how to apply tCH to a blockchain in one-time tag mode so that the blockchain can be compiled to a redactable one. Our tCH scheme provides the first post-quantum solution for redactable blockchains, without resorting to random oracles or NIZK proofs. Besides, we also construct a more efficient tCH scheme with r-CR tightly reduced to SIS in the random oracle model, which may be of independent interest.

Jianhao Li,Hui Ma,Jiabei Wang,Zishuai Song,Wenhan Xu,Rui Zhang

DOI: https://doi.org/10.1109/tifs.2023.3245406

IF: 7.231

2023-03-08

IEEE Transactions on Information Forensics and Security

Abstract:The immutability of blockchains is critical for cryptocurrencies, but an imperative need arises for the redaction of on-chain data due to privacy-protecting laws like GPDR. Recently, Ateniese et al. (EuroS&P 2017) proposed an elegant solution to this problem based on chameleon hash functions, followed by many subsequent works. While these works offered a solution to the permissioned blockchain, the approaches were not efficient enough for the permissionless setting, in terms of either security (which may cause inconsistent historical transactions) or performance (only up to a few hundred nodes). In this paper, we investigate this problem and present Wolverine, a redactable permissionless blockchain. First, we present a formal redactable blockchain model, carefully considering transaction consistency. Next, towards a practical scheme, we introduce the novel concept of non-interactive chameleon hash (NITCH). NITCHs dynamically distribute a trapdoor key among a group and each party in the group can compute its partial share without communicating with others. Anyone who possesses enough shares can then find a valid hash collision. To prevent the static group from being compromised after a sufficiently long time, we provide a generic transform from NITCHs to decentralized random beacons (DRBs) and design a committee evolution protocol based on DRBs that refresh the group after every fixed interval of time. Based on NITCH and the committee evolution protocol, we construct Wolverine which offers important features such as scalability, transaction consistency, and public accountability. Finally, we demonstrate the practicality of Wolverine by giving a proof-of-concept implementation based on Bitcoin in Golang.

computer science, theory & methods,engineering, electrical & electronic

Arpish R. Solanki

2024-06-27

Abstract:The integration of blockchain technology with the Internet of Things (IoT) presents a promising solution to enhance data security, integrity, and trust within IoT ecosystems. However, the immutable nature of blockchain technology conflicts with data redaction requirements mandated by data protection laws. This paper provides a comprehensive review of the current state of redactable blockchains and redaction mechanisms, particularly focusing on their application within IoT contexts. Through an extensive review of existing literature, this paper identifies key challenges and opportunities in implementing redactable blockchains for IoT data management. Various redaction mechanisms are explored, and the paper examines IoT implementations and use cases where redactable blockchains are employed to address data protection concerns.

Cryptography and Security

Xiaofeng Chen,Ying Gao

DOI: https://doi.org/10.48550/arXiv.2205.07054

2022-05-14

Abstract:Redactable blockchains allow modifiers or voting committees with modification privileges to edit the data on the chain. Trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data, and without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving the problem of multi-level editing requests and competing for modification privileges. In this paper, we propose CDEdit, a highly applicable redactable blockchain with controllable editing privilege and diversified editing types. The proposed scheme increases the cost of invalid or malicious requests by paying the deposit on each edit request. At the same time, the editing privilege is subdivided into request, modification, and verification privileges, and the modification privilege token is distributed efficiently to prevent the abuse of the modification privilege and collusion attacks. We use chameleon hashes with ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption (CP-ABE) to implement two editing types of transaction-level and block-level, and present a practical instantiation and security analysis. Finally, the implementation and evaluation show that our scheme only costs low-performance overhead and is suitable for multi-level editing requests and modification privilege competition scenarios.

Cryptography and Security

Wei Wang,Licheng Wang,Junke Duan,Xiaofei Tong,Haipeng Peng

DOI: https://doi.org/10.1109/tifs.2024.3431917

IF: 7.231

2024-08-18

IEEE Transactions on Information Forensics and Security

Abstract:Blockchain technology was originally designed to ensure data security and trustworthiness through decentralization and immutability. However, in recent years, the misuse of immutability limits the development of blockchain. To address this challenge, several redactable blockchain solutions have been proposed. However, existing solutions either struggle to maintain block consistency or compromise the decentralization principles of blockchain. In this paper, we present a novel redactable blockchain to address these issues. Firstly, we propose a decentralized trapdoor verifiable delay function (DTVDF) based on Wesolowski's verifiable delay function (VDF) scheme (EUROCRYPT'2019), which distributes trapdoor shares among a group of participants. Then, we leverage the proposed DTVDF to construct our redactable blockchain solution (DTRB), where redacting blocks requires consensus from threshold nodes. Moreover, DTRB provides accountability for malicious modifications and supports aggregate verification of redacted blocks, significantly improving the efficiency of our scheme. Through experimental analysis and comparison with existing solutions, our approach demonstrates superior performance.

computer science, theory & methods,engineering, electrical & electronic

Ke Huang,Xiaosong Zhang,Yi Mu,Fatemeh Rezaeibagha,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.1109/TII.2019.2943331

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advances of artificial intelligence (AI) propels big data processing and transmission for Internet of Things (IoT), by capturing and structuring big data produced by heterogeneous devices. While applying blockchain to manage IoT devices and associated big data, the blockchain itself suffers from abuse of decentralization from anonymous users. Specifically, it has been utilized to facilitate bl...

Hongchen Guo,Liren Chen,Xuhao Ren,Mingyang Zhao,Chunhai Li,Jingfeng Xue,Liehuang Zhu,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2024.3435729

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With integrity and traceability, blockchains have been widely applied in Internet of Things (IoT) systems. However, immutable blockchains contradict recent data regulations (e.g., the right to be forgotten in GDPR), making redactable blockchain-based IoT emerge as a promising paradigm. In this paradigm, IoT users can specify expressive policies (i.e., containing multiple logical AND and OR operators) to achieve controllable data editability. Unfortunately, existing related schemes with expressive policies face several issues: high communication costs, data privacy leakage (i.e., data can be read by all users), and inefficient user revocation. This paper proposes a privacy-preserving and revocable redactable blockchain scheme in IoT systems, named BlockENC. BlockENC allows owners to specify expressive policies for controlling which users can read or edit their data and ensures downward compatible privileges (i.e., editable users own the privilege of readable users but not vice versa) under only O(n) communication costs (O(n2) in other schemes). The punchline of BlockENC is to define readability policies as subsets of editability policies and introduce access control trees to embed these policies in distributing data decryption keys and chameleon hash trapdoors. Moreover, drawing inspiration from ciphertext division mechanisms in proxy re-encryption techniques, BlockENC creates globally unique random values to reconstruct user keys, converting updating all existing keys or ciphertexts when user revocation cases occur into simply invalidating corresponding keys. Security analysis proves that BlockENC is secure against chosen-plaintext attacks. Experiments on the FISCO blockchain platform show that BlockENC achieves around 5× computation and 10× communication improvement over related works.

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.