Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Suhui Liu,Jiguo Yu,Liquan Chen,Baobao Chai

DOI: https://doi.org/10.1109/tnsm.2022.3185237

2022-01-01

IEEE Transactions on Network and Service Management

Abstract:Public clouds have drawn increasing attention from academia and industry due to their high computational and storage performance. Attribute-based encryption (ABE) is the most promising technology to simultaneously achieve confidentiality and fine-grained access control of the cloud-stored data. However, traditional ABE that relies on centralized authority faces several key management issues, such as the key escrow, key distribution, key tracking, key update, and heavy communication and computing overhead for users, which will cause security concerns and impede its widespread application. On the other hand, blockchain technology preserves distributed ledgers to ensure the immutability and transparency of data, which can further solve the security vulnerabilities caused by system centralization. This paper proposes a blockchain-assisted transformation method to solve all the key management problems mentioned above in ciphertext-policy ABE by utilizing technologies such as secret sharing protocols. In addition, our transformation method realizes two additional benefits: outsourced decryption and efficient user revocation, which are extremely valuable for practical implementations. We simulate a demonstration by adopting the most popular permissioned blockchain, Hyperledger Fabric. The security and efficiency analysis reveals that the scheme obtained from our transformation method can achieve replayable chosen-ciphertext security with extremely efficient decryption.

computer science, information systems

Wei Liang,Yang Yang,Ce Yang,Yonghua Hu,Songyou Xie,Kuan-Ching Li,Jiannong Cao

DOI: https://doi.org/10.1109/tr.2022.3190932

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:With the advances and innovations in digital technologies, blockchain has empowered advancements in communications and networking, promising to build trust and establish secure decentralized communications networks. Unfortunately, current personal data privacy protection schemes still suffer from explicit storage, lack of data ownership and implementation of fine-grained access control by users, and lack of transparency and auditability of data. In this article, we propose a personal data privacy protection scheme based on consortium blockchain that stores original data encrypted with an improved Paillier homomorphic encryption mechanism, namely PDPChain, where users realize fine-grained access control based on ciphertext policy attribute-based encryption (CP-ABE) on blockchain. In this scheme, consortium blockchain combines distributed private clusters to store the encrypted data, improving data transmission efficiency, and guaranteeing user privacy and security through off-chain storage and on-chain transmission synergy. In addition, it is more lightweight encryption and demarcation, ultimately protecting personal data privacy and providing a secure and trusted way to obtain information for data mining. For the performance testing, data in the form of files are used as an example, and the scheme is designed and simulated on Hyperledger Fabric and InterPlanetary File System. Experimental results show that the improved Paillier encryption mechanism reduces the overall encryption and decryption elapsed time by 25 and encryption elapsed time by 48. Furthermore, the proposed CP-ABE access control method is adaptive to storing and sharing a massive amount of data. With the increase in the number of access control policies, the overall time-consuming of the scheme does not increase, and the time-consuming of decryption can also be stabilized at about 2 s.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Chao Yuan,Mi-xue Xu,Xueming Si,Bin Li

DOI: https://doi.org/10.1109/ICPADS.2017.00111

2017-01-01

Abstract:As a recently proposed public key primitive, attribute-base encryption(ABE) divided into Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE) is a highly promising tool for the management and protection of data. And Blockchain, as one of the core technologies of Bitcoin that is the most representative cryptocurrency, has received extensive attentions recently. Supervision and privacy protection are two difficulties in blockchain. In this paper, a new scheme combining blockchain and accountable CP-ABE is proposed. In this scheme, each change of the data is recorded on the blockchain. And the different permissions of access are realized through ABE. If a malicious user shares a decryption key illegally, it will be considered illegal. Similarly, if the authority generates a decryption key for any unauthorized user, it also will be considered illegal. This scheme allows any third party to publicly verify the identity of a decryption key. And it is achievable for an auditor to publicly audit whether a malicious user or the authority should be responsible for an exposed decryption key, and the key abuser cannot deny it. At last this scheme is applied to the management of electronic documents.

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Zhixin Ren,Enhua Yan,Taowei Chen,Yimin Yu

DOI: https://doi.org/10.1016/j.jksuci.2024.101969

IF: 9.006

2024-03-02

Journal of King Saud University - Computer and Information Sciences

Abstract:Nowadays, the integration of blockchain technology with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has drawn the researcher attention because it can provide key security auditing and transaction traceability in the context of data sharing. However, in a majority of existing blockchain-based CP-ABE schemes, private keys were still issued by one central authority that would lead to heavy computation, higher transaction costs, and restricted scalability within the decentralized system. To address these challenges, we present an enhancement approach towards utilizing distributed key management service (KMS) and zero-knowledge paradigms. In our improved novel blockchain system model, we define two types of blockchain nodes for the CP-ABE scheme through staking mechanism. Firstly, the proxy re-encryption nodes are introduced to offer secure multi-party management and distribution of the CP-ABE's master secret key, eliminating dependence on a central authority and producing proofs of re-encryption correctness. Secondly, the operator nodes can collect all transactional information in blockchain-based CP-ABE scheme and then send the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) proofs to verify the batch's integrity via smart contract. Subsequently, we employ the staking economic incentive model with reward determination and slashing in the decentralized blockchain system to ensure network security. Finally, simulation results validate the effectiveness of our proposed scheme in achieving secure and efficient data sharing. Even amidst the pressure of 100 simultaneous transactions, the average response time for a single node remains at an approximate 28 s. Additionally, there is a notable decrease in on-chain gas consumption, with a gas reduction exceeding 61%. Comparative analyses further indicate that our blockchain-based CP-ABE scheme, in conjunction with a decentralized KMS, offers a superior balance between computational efficiency and functional capability.

computer science, information systems

JoonYoung Lee,MyeongHyun Kim,KiSung Park,SungKee Noh,Abhishek Bisht,Ashok Kumar Das,Youngho Park

DOI: https://doi.org/10.3390/s23115173

2023-05-29

Abstract:Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.

Peng Li,Dehua Zhou,Haobin Ma,Junzuo Lai

DOI: https://doi.org/10.1016/j.sysarc.2023.103033

IF: 5.836

2023-11-27

Journal of Systems Architecture

Abstract:With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.ins.2020.12.035

IF: 8.1

2021-01-01

Information Sciences

Abstract:Attribute-based encryption (ABE) is considered to be one of the most suitable schemes for cryptographic access control in the big data environment. But it still faces many challenges to be applied in the Internet of Things (IoT). ABE is implemented based on bilinear pairing, which is considered to be an expensive operation. However, there are lots of IoT devices with constrained resources. Proxy re-encryption methods based on the cloud are proposed to reduce computing overhead on the user side, but an untrusted cloud may give incorrect computing results to mislead users. To solve this problem, an access control scheme with lightweight decryption based on ABE and blockchain technologies is proposed. We assume that the cloud is untrusted, and guarantee the accuracy of proxy re-encryption calculation based on blockchain. In addition, how to encourage users to obtain authorization through blockchain and record access behavior on the blockchain is a problem worthy of attention. This paper proposes a user credibility incentive mechanism, which calculates the user's credibility according to the user's access behavior and gives a reputation score, so as to dynamically adjust the endorsement protocol. Security analysis and experimental results show that the proposed method is reliable and efficient. (C) 2020 Elsevier Inc. All rights reserved.

Ying He,Haiyan Wang,Yuan Li,Ke Huang,Victor C. M. Leung,F. Richard Yu,Zhong Ming

DOI: https://doi.org/10.1109/jiot.2021.3099171

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user's attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang Li,Guangzong Zhang,Jianming Zhu,Xiuli Wang

DOI: https://doi.org/10.1007/978-981-16-5943-0_19

2021-01-01

Abstract:In the era of big data, data sharing and communication play a crucial role. The blockchain data sharing model based on ciphertext policy attributed-based encryption (CP-ABE) is an existing solution to data sharing. However, it puts the access policy and attributes directly on the blockchain, so every one in the blockchain can access these access policies and attributes, which will cause privacy leakage. To solve this problem, a privacy protection model based on zk-SNARK is proposed in this paper. The blockchain double-chain structure was applied in this model, and the fine-grained access control of data sharing was realized based on CP-ABE scheme. At the same time, zk-SNARK technologies were adopted to protect sensitive access policies and sensitive attributes from disclosure, effectively defending the privacy of users when data sharing in blockchain.

Jian Jiang,Yulong Gao,Yufei Gong,Zhengtao Jiang

DOI: https://doi.org/10.3390/s24144493

2024-07-11

Abstract:Although the copyright protection schemes supported by blockchain have significantly changed traditional copyright data management, there are still some data security challenges that cannot be ignored, especially the secure access and controllable management of copyright data. Quantum computing attacks also pose a threat to its security. Targeting these issues, we design and propose a blockchain copyright protection scheme based on attribute-based encryption (ABE). In this scheme, the security advantages of blockchain technology are utilized to ensure the authenticity and integrity of copyright data. Based on lattice cryptography and the decision ring learning with errors (R-LWE) problem, a new ABE algorithm that supports searchable ciphertext and policy updates is designed. Then, we introduce it into the blockchain copyright protection scheme, which enables secure access to copyright data and fine-grained control. In addition, the lattice cryptography can strengthen this scheme against quantum attacks. Through security analysis, our scheme can prove to be secure against adaptive chosen keyword attacks, selective chosen plaintext attacks, and adaptive chosen policy attacks in the random oracle model. More importantly, the comparison analysis and experimental results show that our proposed approach has lower computation costs and storage costs. Therefore, our scheme has better security and performance in copyright protection.

Yaoliang Chen,Shi Chen,Jiao Liang,Lance Warren Feagan,Weili Han,Sheng Huang,X. Sean Wang

DOI: https://doi.org/10.1016/j.is.2020.101590

IF: 3.18

2020-01-01

Information Systems

Abstract:Blockchain is an emerging data management technology that enables people in a collaborative network to establish trusted connections with the other participants. Recently consortium blockchains have raised interest in a broader blockchain technology discussion. Instead of a fully public, autonomous network, consortium blockchain supports a network where participants can be limited to a subset of users and data access strictly controlled. Access control policies should be defined by the respective data owner and applied throughout the network without requiring a centralized data administrator. As a result, decentralized data access control (DDAC) emerges as a fundamental challenge for such systems. However, we show from a trust model for consortium collaborative networks that current consortium blockchain systems provide limited support for DDAC. Further, the distributed, replicated nature of blockchain makes it even more challenging to control data access, especially read access, compared with traditional DBMSes. We investigate possible strategies to protect data from being read by unauthorized users in consortium blockchain systems using combinations of ledger partitioning and encryption strategies. A general framework is proposed to help inexperienced users determine appropriate strategies under different application scenarios. The framework was implemented on top of Hyperledger Fabric to evaluate feasibility. Experimental results along with a real-world case study contrasted the performance of different strategies under various conditions and the practicality of the proposed framework.

Zhaoqian Zhang,Jianbiao Zhang,Yilin Yuan,Zheng Li

DOI: https://doi.org/10.1109/jiot.2021.3117378

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:As the public cloud becomes one of the leading ways in data-sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This article proposes a fully policy-hidden CP-ABE scheme constructed on linear secret sharing scheme (LSSS) access structure and prime-order groups for public cloud data sharing. To help users decrypt, hidden vector encryption (HVE) with a "convert step" is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

computer science, information systems,telecommunications,engineering, electrical & electronic

Libo Feng,Junyu Lin,Fei Qiu,Bei Yu,Zhihua Jin,Jinli Wang,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1109/tnsm.2024.3371521

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Industrial big data has experienced from data silos due to its high potential value and strong security requirements, making it difficult to share securely across domains. Blockchain-based solutions allow nodes to establish access control to trusted data on unreliable or trustless networks, but still face issues such as inefficient data sharing and leakage of sensitive information. In this paper, we propose a blockchain-based access control scheme for privacy security and dynamic regulation. First, ciphertext policy attribute-based encryption (CP-ABE) is developed to gain fine-grained access to node resources, with verifiable outsourcing decryption method to significantly reduce computational pressure on end users. Second, a policy hiding method based on multi-chain architecture is proposed, which performs double hiding of attribute information and access policy information on the blockchain. Finally, a supervisory policy that incorporates dynamic trust assessment and smart contracts is proposed to achieve effective detection and hierarchical classification punishment of malicious behavior. Security analysis and experimental results show that our scheme can limit the complexity of terminal decryption at a constant level and effectively achieve secure and efficient access control in the industrial Internet environment.

computer science, information systems

Chenlei Liu,Feng Xiang,Zhixin Sun

DOI: https://doi.org/10.1155/2022/8497628

IF: 1.968

2022-04-12

Security and Communication Networks

Abstract:Information sharing has become an important application in modern supply chain management systems with business technology development. Because traditional supply chain information systems have problems such as easy data tampering, low information transparency, and interaction delays, blockchain has been taken consideration into supply chain information sharing research. Furthermore, blockchain technology is expected to provide decentralized supply chain information sharing solutions to enhance security, availability, and transparency. However, with the in-depth study of the application of blockchain technology in supply chain information sharing, people have found that the data stored publicly in the blockchain are still threatened by privacy leakage. In addition, due to the openness and accessibility of the blockchain, the lack of fine-grained access control is also apparent. In order to improve the security of data, we propose a novel privacy-preserving multiauthority attribute-based access control scheme for secure blockchain-based information sharing in a supply chain. In this scheme, blockchain stores encrypted supply chain information on distributed nodes. Multiple attribute authorities manage different attributes of users to achieve fine-grained access control and flexible authorization. Even if some attribute authorities fail, the user’s private key will not be leaked. In user secret key generation, we adopt an anonymous key generation protocol to realize the secure distribution of user keys by the attribute authorities. Furthermore, in order to meet the protection of communication privacy between blockchain nodes, properties of policy hiding and identity hiding are considered. Finally, we design experiments to analyze the performance of our scheme, including secret key sizes and running time of encryption and decryption.

computer science, information systems,telecommunications

Haiping Si,Weixia Li,Nan Su,Tingting Li,Yanling Li,Chuanhu Zhang,Bacao Fernando,Changxia Sun

DOI: https://doi.org/10.1016/j.comcom.2024.05.012

IF: 5.047

2024-05-20

Computer Communications

Abstract:With the continuous maturation of blockchain technology and the increasing demands for various industry applications, data sharing and interoperability among different blockchain networks face significant challenges. Research on cross-chain interoperability mechanisms has facilitated data collaboration across organizations and industries, enhancing the value and utility of data. When engaging in cross-chain data interactions, access control ensures the security and privacy of data while promoting collaboration and information exchange among multiple chains. Attribute-based access control can provide fine-grained authorization support, matching complex business scenarios. However, publicly disclosed policies and attributes in a transparent blockchain network may pose privacy and security issues. To address these issues, this paper proposes a cross-heterogeneous multichain data access control scheme based on attributes and threshold homomorphic encryption, achieving fine-grained and secure cross-domain access control in cross-chain networks. This scheme uses the threshold Paillier cryptosystem to encrypt and conceal user attributes and access policies. Through smart contracts, homomorphic differential computation is performed on the ciphertext of policies and attributes, to protect data privacy. This solution leverages private key decryption shares from multiple relay nodes in the cross-chain network to jointly decrypt the computation results, providing secure access control in complex cross-chain scenarios. Security analysis and experimental results demonstrate that the proposed scheme ensures security with reasonable computational overhead, to meet the access control requirements in cross-chain networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lianshan Sun,Danni Zhou,Diandong Liu,Jingyan Tang,Yang Li

DOI: https://doi.org/10.1109/access.2023.3340887

IF: 3.9

2023-01-01

IEEE Access

Abstract:Access control is a widely used technology for securing sensitive resources of information systems, ranging from personal data managed by cloud-based data stores to sensitive data stream collected by smart devices. Existing access control systems mainly adopt centralized architecture and static access control models, including Access Control List, Role-based Access Control and Attribute-based Access Control. However, these systems fail to meet the increasing requirements of behavior based dynamic access control or requirements of owner initiated autonomous access control without relying on trustworthy third parties and suffer inherent drawbacks of a single point of failure or dishonesty. To this end, a novel blockchain-based and provenance enabled dynamic access control scheme called BPDAC is proposed. Specifically, it collects and stores data provenance on blockchain to enable behavior-based dynamic access control; in particular, the quick lookup table (QLT) structure is designed to speed up access control evaluation based on provenance with increasing complexity. It also provides specifications for formulating access control policy based on provenance. It utilizes a set of smart contracts on blockchain to enable decentralized and reliable autonomous access control. A prototype system is implemented on the Hyperledger Fabric and experiments are conducted to show that the proposed scheme is practically feasible and scalable in terms of the performance metrics of throughput and latency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie Zhang,Lingyun Yuan,Shanshan Xu

DOI: https://doi.org/10.48550/arXiv.2111.06544

2021-11-17

Abstract:In view of the security issues of the Internet of Things (IoT), considered better combining edge computing and blockchain with the IoT, integrating attribute-based encryption (ABE) and attribute-based access control (ABAC) models with attributes as the entry point, an attribute-based encryption and access control scheme (ABE-ACS) has been proposed. Facing Edge-Iot, which is a heterogeneous network composed of most resource-limited IoT devices and some nodes with higher computing power. For the problems of high resource consumption and difficult deployment of existing blockchain platforms, we design a lightweight blockchain (LBC) with improvement of the proof-of-work consensus. For the access control policies, the threshold tree and LSSS are used for conversion and assignment, stored in the blockchain to protect the privacy of the policy. For device and data, six smart contracts are designed to realize the ABAC and penalty mechanism, with which ABE is outsourced to edge nodes for privacy and integrity. Thus, our scheme realizing Edge-Iot privacy protection, data and device controlled access. The security analysis shows that the proposed scheme is secure and the experimental results show that our LBC has higher throughput and lower resources consumption, the cost of encryption and decryption of our scheme is desirable.

Cryptography and Security,Computers and Society