Xianglin Wu,Tianhao Meng,Jingwei Zhang,Qing Yang,Jintao Chen

DOI: https://doi.org/10.1007/s11227-024-06625-5

2025-01-01

Abstract:Exploring diverse education data applications through blockchain technology can offer innovative methods for smart education. Among them, storing multi-platform and multi-dimensional education data on the blockchain can enhance the system's ability to integrate and manage the data effectively. However, the system involves a large number of stakeholders. Furthermore, because the data are stored chronologically, relevant information may be distributed across multiple blocks. They will lead to security issues related to access and inefficient queries. We innovatively design an education data management system that combines access-control views with a consensus algorithm, effectively addressing the issue of low query performance for security data. Additionally, we propose a method that integrates main chain blocks and side blocks within a chained storage structure to recycle view blocks, effectively addressing the issue of block redundancy caused by non-periodic changes in the utilization of education data. For the proposed method, experiments are conducted on two education datasets to validate the efficiency of the proposed access control view in query performance and the effectiveness of the view maintenance consensus algorithm.

Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Jordi Paillisse,Jordi Subira,Albert Lopez,Alberto Rodriguez-Natal,Vina Ermagan,Fabio Maino,Albert Cabellos

DOI: https://doi.org/10.48550/arXiv.1901.03568

2019-01-11

Abstract:The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among different enterprises. In such situation, new problems arise that challenge classical solutions such as PKIs, which suffer from scalability and granularity concerns. In this paper, we present an extension to Group-Based Policy -- a widely used network policy language -- for the aforementioned scenario. To do so, we take advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization. Network administrators specify polices that are rendered into blockchain transactions. A LISP control plane (RFC 6830) allows routers performing the access control to query the blockchain for authorizations. We have implemented an end-to-end experimental prototype and evaluated it in terms of scalability and network latency.

Networking and Internet Architecture,Cryptography and Security

Wenbo Zhang,Xiaotong Huo,Zhenshan Bao

DOI: https://doi.org/10.1007/s11227-022-05010-4

2022-12-22

Abstract:In a large-scale networking scenario with massive distribution of devices, data are independently generated and maintained by multiple domains. To solve the problem of isolated data islands in multi-domain, this paper designs a multi-domain data sharing model based on consortium chain. Aiming at the problems of low efficiency and lack of consideration of intra-domain consensus processes in traditional data sharing schemes, this paper optimizes the security and efficiency of data sharing from two parts: inter-domain chain and intra-domain chain. To ensure fine granularity, flexibility and security of the access control process in inter-domain chain, this model combines the Attribute-Based Access Control (ABAC) with smart contract, and a permission grading mechanism is designed to solve the problem of low retrieval efficiency in this access control model through reducing the retrieval range by grading and matching Policy set. Considering the problem of high delay of node consensus in the large-scale networking environment of intra-domain chain, a layered practical Byzantine fault tolerance optimization (LPBFT) algorithm with introducing a reputation model is designed, which greatly improves the efficiency and security of the intra-domain consensus. The consortium chain model is designed and implemented from the perspectives of inter-domain and intra-domain, which optimized the security and efficiency of the multi-domain data sharing model. Finally, a prototype system is implemented based on Hyperledger Fabric, and the validity of the model is verified from the aspects of inter-domain access control and intra-domain consensus algorithm.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ao Zhang,Xiaoying Bai

DOI: https://doi.org/10.1007/978-981-15-2777-7_22

2019-01-01

Abstract:With the development of digital society, the number of Internet platforms increases rapidly and a huge amount of personal information is stored online. It is convenient for users to log in to all platforms with a common account. Third-party authorization protocols like OAuth 2.0 allow the delegation of access control to dedicated service providers. However, OAuth protocol follows the centralized approach to manage authorization and authentication information, which relies on a centralized party and makes it a target under attack. In practice, it is vulnerable to attacks like replay attack, cross-site request forgery (CSRF) attack, and so on. Also, the centralized party cannot provide customized access control for other platforms. To solve these problems, the paper proposes a consortium blockchain architecture and designs protocols for account management and distributed consensus. The paper discusses the potentials of the proposed approach to effectively address certain vulnerabilities in current OAuth-like authorization and authentication services with tolerable performance.

Yongtao Huang,I-Ling Yen,Farokh Bastani

2024-05-25

Abstract:The Internet of Things (IoT) necessitates robust access control mechanisms to secure a vast array of interconnected devices. Most of the existing IoT systems in practice use centralized solutions. We identify the problems in such solutions and adopt the blockchain based decentralized access control approach. Though there are works in the literature that use blockchain for access control, there are some gaps in these works. We develop a blockchain embedded access control (BEAC) framework to bridge the gaps. First, blockchain based solutions for access control require an enabling P2P network while existing P2P overlays do not support some required features. We develop a novel P2P infrastructure to seamlessly support our BEAC framework. Second, most of the works consider blockchain based access control for a single access control model, and we develop a generic blockchain mechanism and show that it can support the embedding of various access control models. Finally, existing works adopt existing blockchain mechanisms which may incur a high communication overhead. We develop a shortcut approach to improve the number of message rounds in the access protocol. Our experiments demonstrate the efficacy of our system, showing that the shortcut mechanism can reduces access time by approximately 43%.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Mohammed Amine Bouras,Boming Xia,Adnan Omer Abuassba,Huansheng Ning,Qinghua Lu

DOI: https://doi.org/10.7717/peerj-cs.455

2021-04-08

Abstract:Access control is a critical aspect for improving the privacy and security of IoT systems. A consortium is a public or private association or a group of two or more institutes, businesses, and companies that collaborate to achieve common goals or form a resource pool to enable the sharing economy aspect. However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure. Blockchain technology has its intrinsic feature of distribution, which can be used to tackle the centralized problem of traditional access control schemes. Nevertheless, blockchain itself comes with certain limitations like the lack of scalability and poor performance. To bridge the gap of these problems, here we present a decentralized capability-based access control architecture designed for IoT consortium networks named IoT-CCAC. A blockchain-based database is utilized in our solution for better performance since it exhibits favorable features of both blockchain and conventional databases. The performance of IoT-CCAC is evaluated to demonstrate the superiority of our proposed architecture. IoT-CCAC is a secure, salable, effective solution that meets the enterprise and business's needs and adaptable for different IoT interoperability scenarios.

Sayed Hadi Hashemi,Faraz Faghri,Roy H Campbell

DOI: https://doi.org/10.48550/arXiv.1710.00110

2017-09-30

Abstract:We present a mechanism that puts users in the center of control and empowers them to dictate the access to their collections of data. Revisiting the fundamental mechanisms in security for providing protection, our solution uses capabilities, access lists, and access rights following well-understood formal notions for reasoning about access. This contribution presents a practical, correct, auditable, transparent, distributed, and decentralized mechanism that is well-matched to the current emerging environments including Internet of Things, smart city, precision medicine, and autonomous cars. It is based on well-tested principles and practices used in a distributed authorization, cryptocurrencies, and scalable computing.

Cryptography and Security

Asma Jodeiri Akbarfam,Sina Barazandeh,Hoda Maleki,Deepti Gupta

DOI: https://doi.org/10.48550/arXiv.2303.14758

2023-03-26

Abstract:In general, deep learning models use to make informed decisions immensely. Developed models are mainly based on centralized servers, which face several issues, including transparency, traceability, reliability, security, and privacy. In this research, we identify a research gap in a distributed nature-based access control that can solve those issues. The innovative technology blockchain could fill this gap and provide a robust solution. Blockchain's immutable and distributed nature designs a useful framework in various domains such as medicine, finance, and government, which can also provide access control as opposed to centralized methods that rely on trusted third parties to access the resources. In existing frameworks, a traditional access control approach is developed using blockchain, which depends on predefined policies and permissions that are not reliable. In this research, we propose DLACB: Deep Learning Based Access Control Using Blockchain, which utilizes a deep learning access control mechanism to determine a user's permissions on a given resource. This proposed framework authenticates the users and logs the access requests on the blockchain to recognize malicious users. The results show that this proposed framework operates correctly for all possible scenarios.

Cryptography and Security

Lianshan Sun,Danni Zhou,Diandong Liu,Jingyan Tang,Yang Li

DOI: https://doi.org/10.1109/access.2023.3340887

IF: 3.9

2023-01-01

IEEE Access

Abstract:Access control is a widely used technology for securing sensitive resources of information systems, ranging from personal data managed by cloud-based data stores to sensitive data stream collected by smart devices. Existing access control systems mainly adopt centralized architecture and static access control models, including Access Control List, Role-based Access Control and Attribute-based Access Control. However, these systems fail to meet the increasing requirements of behavior based dynamic access control or requirements of owner initiated autonomous access control without relying on trustworthy third parties and suffer inherent drawbacks of a single point of failure or dishonesty. To this end, a novel blockchain-based and provenance enabled dynamic access control scheme called BPDAC is proposed. Specifically, it collects and stores data provenance on blockchain to enable behavior-based dynamic access control; in particular, the quick lookup table (QLT) structure is designed to speed up access control evaluation based on provenance with increasing complexity. It also provides specifications for formulating access control policy based on provenance. It utilizes a set of smart contracts on blockchain to enable decentralized and reliable autonomous access control. A prototype system is implemented on the Hyperledger Fabric and experiments are conducted to show that the proposed scheme is practically feasible and scalable in terms of the performance metrics of throughput and latency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhongyuan Yao,Heng Pan,Xueming Si,Weihua Zhu

DOI: https://doi.org/10.1007/978-981-15-2777-7_20

2019-01-01

Abstract:Since its invention, the public blockchain has attracted more attention from both the academia and industry because of its fully decentralization and persistency features. However, the privacy issue in public blockchain is still challengeable. While there exists privacy preservation mechanisms proposed for the public blockchain, almost all of them can only solve partial of the privacy issue, either user privacy or data privacy indeed, in it. In this work, we present a decentralized access control encryption scheme which ensures user and data privacy simultaneously in public blockchain. With our cryptographic solution, the validity of one specific transaction can be publicly verified, while its content can only be retrieved by its intended receivers. Moreover, the origin of this transaction cannot be identified by any participant except the receivers in the network. Our analysis shows that our solution is really suitable to deploy in public blockchain and is proven secure under mathematical assumptions.

Wei Liang,Yang Yang,Ce Yang,Yonghua Hu,Songyou Xie,Kuan-Ching Li,Jiannong Cao

DOI: https://doi.org/10.1109/tr.2022.3190932

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:With the advances and innovations in digital technologies, blockchain has empowered advancements in communications and networking, promising to build trust and establish secure decentralized communications networks. Unfortunately, current personal data privacy protection schemes still suffer from explicit storage, lack of data ownership and implementation of fine-grained access control by users, and lack of transparency and auditability of data. In this article, we propose a personal data privacy protection scheme based on consortium blockchain that stores original data encrypted with an improved Paillier homomorphic encryption mechanism, namely PDPChain, where users realize fine-grained access control based on ciphertext policy attribute-based encryption (CP-ABE) on blockchain. In this scheme, consortium blockchain combines distributed private clusters to store the encrypted data, improving data transmission efficiency, and guaranteeing user privacy and security through off-chain storage and on-chain transmission synergy. In addition, it is more lightweight encryption and demarcation, ultimately protecting personal data privacy and providing a secure and trusted way to obtain information for data mining. For the performance testing, data in the form of files are used as an example, and the scheme is designed and simulated on Hyperledger Fabric and InterPlanetary File System. Experimental results show that the improved Paillier encryption mechanism reduces the overall encryption and decryption elapsed time by 25 and encryption elapsed time by 48. Furthermore, the proposed CP-ABE access control method is adaptive to storing and sharing a massive amount of data. With the increase in the number of access control policies, the overall time-consuming of the scheme does not increase, and the time-consuming of decryption can also be stabilized at about 2 s.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Uchi Ugobame Uchibeke,Sara Hosseinzadeh Kassani,Kevin A. Schneider,Ralph Deters

DOI: https://doi.org/10.48550/arXiv.1810.04607

2018-10-10

Cryptography and Security

Abstract:In recent years, the advancement in modern technologies has experienced an explosion of huge data sets being captured and recorded in different fields, but also given rise to concerns the security and protection of data storage, transmission, processing, and access to data. The blockchain is a distributed ledger that records transactions in a secure, flexible, verifiable and permanent way. Transactions in a blockchain can be an exchange of an asset, the execution of the terms of a smart contract, or an update to a record. In this paper, we have developed a blockchain access control ecosystem that gives asset owners the sovereign right to effectively manage access control of large data sets and protect against data breaches. The Linux Foundation's Hyperledger Fabric blockchain is used to run the business network while the Hyperledger composer tool is used to implement the smart contracts or transaction processing functions that run on the blockchain network.

Narges Dadkhah,Xuyang Ma,Katinka Wolter,Gerhard Wunder

DOI: https://doi.org/10.1109/ICBDA61153.2024.10607167

2024-09-30

Abstract:Storing big data directly on a blockchain poses a substantial burden due to the need to maintain a consistent ledger across all nodes. Numerous studies in decentralized storage systems have been conducted to tackle this particular challenge. Most state-of-the-art research concentrates on developing a general storage system that can accommodate diverse blockchain categories. However, it is essential to recognize the unique attributes of a consortium blockchain, such as data privacy and access control. Beyond ensuring high performance, these specific needs are often overlooked by general storage systems. This paper proposes a decentralized storage system for Hyperledger Fabric, which is a well-known consortium blockchain. First, we employ erasure coding to partition files, subsequently organizing these chunks into a hierarchical structure that fosters efficient and dependable data storage. Second, we design a two-layer hash-slots mechanism and a mirror strategy, enabling high data availability. Third, we design an access control mechanism based on a smart contract to regulate file access.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Liang Zhang,Haibin Kan,Honglan Huang

DOI: https://doi.org/10.1145/3528416.3530228

2022-01-01

Abstract:Patient-centered healthcare data sharing and data usage consent are gaining popularity. Cross-enterprise document sharing (XDS) is the crucial system of sharing personalized healthcare data. Furthermore, dynamic consent is vital to the XDS system, because it respects people's autonomy and achieves recognition of data sovereignty. Because of its transparency, blockchain is a powerful system for managing storage and computing without a trusted third party. Besides, ciphertext-policy attribute-based encryption (CP-ABE) extends public-key encryption by implying access control policies in ciphertexts, making it suitable for protecting the privacy of individual healthcare data in versatile cases. Particularly, we use hospital name, "date" and "department" as attribute strings in the access control policies. Consequently, based on consortium blockchain and CP-ABE, we propose a patient-centered XDS and a dynamic consent framework. Compared with previous related literature, we make the proposed framework consistent with current practices and achieve favorable criteria, such as data confidentiality, data recoverability and time-aware ciphertext. Further, we conduct comprehensive experiments to show the feasibility and practicality.

Andrey Demichev,Alexander Kryukov

DOI: https://doi.org/10.48550/arXiv.2112.10693

2021-12-21

Abstract:The work presents a solution for completely decentralized data management systems in geographically distributed environments with administratively unrelated or loosely related user groups and in conditions of partial or complete lack of trust between them. The solution is based on the integration of blockchain technology, smart contracts and provenance metadata driven data management. Architecture, operation principles and algorithms developed provides fault-tolerant, safe and reliable management of provenance metadata, control of operations with data files, as well as resource access management in collaborative distributed computing systems. The latter refer to distributed systems formed by combining into a single pool of computer resources of various organizations (institutions) to work together in the framework of some project.

Distributed, Parallel, and Cluster Computing

Sara Rouhani,Rafael Belchior,Rui S. Cruz,Ralph Deters

DOI: https://doi.org/10.48550/arXiv.2006.04384

2020-06-08

Cryptography and Security

Abstract:Auditing provides an essential security control in computer systems, by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful to the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide trusted auditability required for access control systems. In this paper, we propose a distributed \ac{ABAC} system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requestors and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can process 5,000 access control requests with the send rate of 200 per second and a latency of 0.3 seconds.

Gajanan Badhe,Dr. Maithili Arjunwadkar

DOI: https://doi.org/10.46647/ijetms.2023.v07i04.082

2023-01-01

International Journal of Engineering Technology and Management Sciences

Abstract:Now a days the need for decentralized applications is increasing and blockchain provides the foundational technology for creating and developing them. The security and integrity of the blockchain network and its resources are supported by access controls, which is a crucial component of blockchain-based applications. This paper presents a study of various access control mechanisms, including smart contracts, consensus algorithms, and cryptographic protocols, to assess their benefits and limitations in different contexts of applications. The purpose of the paper is to present various access control systems in blockchain-based applications and their applicability and effectiveness in various use case scenarios.

Ronghua Xu,Yu Chen,Erik Blasch,Genshe Chen

DOI: https://doi.org/10.48550/arXiv.1810.01291

2018-10-01

Cryptography and Security

Abstract:Space situation awareness (SSA) includes tracking of active and inactive resident space objects (RSOs) and assessing the space environment through sensor data collection and processing. To enhance SSA, the dynamic data-driven applications systems (DDDAS) framework couples on-line data with off-line models to enhance system performance. Using feedback control, sensor management, and communications reliability. For information management, there is a need for identity authentication and access control to ensure the integrity of exchanged data as well as to grant authorized entities access right to data and services. Due to decentralization and heterogeneity of SSA systems, it is challenging to build an efficient centralized access control system, which could either be a performance bottleneck or the single point of failure. Inspired by the blockchain and smart contract technology, this paper introduces BlendCAC, a decentralized authentication and capability-based access control mechanism to enable effective protection for devices, services and information in SSA networks. To achieve secure identity authentication, the BlendCAC leverages the blockchain to create virtual trust zones and a robust identity-based capability token management strategy is proposed. A proof-of-concept prototype has been implemented on both resources-constrained devices and more powerful computing devices, and is tested on a private Ethereum blockchain network. The experimental results demonstrate the feasibility of the BlendCAC scheme to offer a decentralized, scalable, lightweight and fine-grained access control solution for space system towards SSA.