Muhammad Asif,Zeeshan Aziz,Maaz Bin Ahmad,Adnan Khalid,Hammad Abdul Waris,Asfandyar Gilani

DOI: https://doi.org/10.3390/s22072604

2022-03-29

Abstract:Security has always been the main concern for the internet of things (IoT)-based systems. Blockchain, with its decentralized and distributed design, prevents the risks of the existing centralized methodologies. Conventional security and privacy architectures are inapplicable in the spectrum of IoT due to its resource constraints. To overcome this problem, this paper presents a Blockchain-based security mechanism that enables secure authorized access to smart city resources. The presented mechanism comprises the ACE (Authentication and Authorization for Constrained Environments) framework-based authorization Blockchain and the OSCAR (Object Security Architecture for the Internet of Things) object security model. The Blockchain lays out a flexible and trustless authorization mechanism, while OSCAR makes use of a public ledger to structure multicast groups for authorized clients. Moreover, a meteor-based application is developed to provide a user-friendly interface for heterogeneous technologies belonging to the smart city. The users would be able to interact with and control their smart city resources such as traffic lights, smart electric meters, surveillance cameras, etc., through this application. To evaluate the performance and feasibility of the proposed mechanism, the authorization Blockchain is implemented on top of the Ethereum network. The authentication mechanism is developed in the node.js server and a smart city is simulated with the help of Raspberry Pi B+. Furthermore, mocha and chai frameworks are used to assess the performance of the system. Experimental results reveal that the authentication response time is less than 100 ms even if the average hand-shaking time increases with the number of clients.

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Christian Esposito,Massimo Ficco,Brij Bhooshan Gupta

DOI: https://doi.org/10.1016/j.ipm.2020.102468

2021-03-01

Abstract:<p>The platforms supporting the smart city applications are rarely implemented from scratch by a municipality and/or totally owned by a single company, but are more typically realized by integrating some existing ICT infrastructures thanks to a supporting platform, such as the well known FIWARE platform. Such a multi-tenant deployment model is required to lower the initial investment costs to implement large scale solutions for smart cities, but also imposes some key security obstacles. In fact, smart cities support critical applications demanding to protect the data and functionalities from malicious and unauthorized uses. Equipping the supporting platforms with proper means for access control is demanding, but these means are typically implemented according to a centralized approach, where a single server stores and makes available a set of identity attributes and authorization policies. Having a single root of trust is not suitable in a distributed and cooperating scenario of large scale smart cities due to their multi-tenant deployment. In fact, each of the integrated system has its own set of security policies, and the other systems need to be aware of these policy, in order to allow a seamless use of the same credentials across the overall infrastructure (realizing what is known as the single-sign-on). This imposes the problem of consistent and secure data replicas within a distributed system, which can be properly approached by using the blockchain technology. Therefore, this work proposes a novel solution for distributed management of identity and authorization policies by leveraging on the blockchain technology to hold a global view of the security policies within the system, and integrating it in the FIWARE platform. A detailed assessment is provided to evaluate the goodness of the proposed approach and to compare it with the existing solutions.</p>

computer science, information systems,information science & library science

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Ronghua Xu,Yu Chen,Erik Blasch,Genshe Chen

DOI: https://doi.org/10.48550/arXiv.1810.01291

2018-10-01

Cryptography and Security

Abstract:Space situation awareness (SSA) includes tracking of active and inactive resident space objects (RSOs) and assessing the space environment through sensor data collection and processing. To enhance SSA, the dynamic data-driven applications systems (DDDAS) framework couples on-line data with off-line models to enhance system performance. Using feedback control, sensor management, and communications reliability. For information management, there is a need for identity authentication and access control to ensure the integrity of exchanged data as well as to grant authorized entities access right to data and services. Due to decentralization and heterogeneity of SSA systems, it is challenging to build an efficient centralized access control system, which could either be a performance bottleneck or the single point of failure. Inspired by the blockchain and smart contract technology, this paper introduces BlendCAC, a decentralized authentication and capability-based access control mechanism to enable effective protection for devices, services and information in SSA networks. To achieve secure identity authentication, the BlendCAC leverages the blockchain to create virtual trust zones and a robust identity-based capability token management strategy is proposed. A proof-of-concept prototype has been implemented on both resources-constrained devices and more powerful computing devices, and is tested on a private Ethereum blockchain network. The experimental results demonstrate the feasibility of the BlendCAC scheme to offer a decentralized, scalable, lightweight and fine-grained access control solution for space system towards SSA.

Hongxia Zhang,Xingshu Chen,Xiao Lan,Hongjian Jin,Qi Cao

DOI: https://doi.org/10.1016/j.jisa.2020.102538

IF: 4.96

2020-12-01

Journal of Information Security and Applications

Abstract:<p>In many real resource access scenarios, the parties who require to establish communication may be unable to effectively identify and verify some authentication messages of the other party due to the use of completely different cryptography settings, making it difficult to authenticate each other in such scenarios. We usually define the above-mentioned problem as "cross-domain authentication". Although many research works have been devoted to solving the problem of entity authentication for cross-domain communication, the problem of "incomplete cross-domain" widely exists in existing works. Existing solutions based on some common underlying cryptography foundations greatly limit the application of such cross-domain authentication schemes. In order to solve the problem of "incomplete cross-domain", this paper proposes a thoroughly cross-domain authentication scheme based on blockchain technology, which can be used by participants from different domains that adopt totally different settings. Our security analysis demonstrates that the scheme is provably secure in the standard model and the experimental results show the efficiency of our scheme.</p>

computer science, information systems

Kai Fan,Hengrui Lu,Yuhan Bai,Yu Luo,Yintang Yang,Kuan Zhang,Hui Li

DOI: https://doi.org/10.1109/jiot.2023.3317451

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:To overcome the challenges of urbanization and population growth, smart cities use cutting-edge technologies such as IoT and AI to offer improved public services. Although these advancements have brought convenience, they have raised security and privacy concerns. Blockchain technology has the potential to address these concerns, but existing blockchain frameworks have issues of scalability and efficiency that hinder their ability to meet the smart city demands. In this paper, we propose a novel blockchain framework for smart cities, named SC-Chain. Specifically, SC-Chain incorporates a decentralized access mechanism that leverages threshold signatures and BFT-like consensus for efficient node registration and authentication in decentralized systems. Furthermore, we propose a consensus mechanism that utilizes verifiable random function (VRF) to achieve efficient miner node election, ensuring efficiency, fairness, and security in large-scale smart city systems. We demonstrate the effectiveness and feasibility of SC-Chain through theoretical analysis and simulations, showcasing its potential to enable the development of secure and efficient smart city infrastructure.

computer science, information systems,telecommunications,engineering, electrical & electronic

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Yuanyu Zhang,Mirei Yutaka,Masahiro Sasabe,Shoji Kasahara

DOI: https://doi.org/10.48550/arXiv.2009.02933

2020-09-07

Abstract:Efficient and reliable access control in smart cities is critical for the protection of various resources for decision making and task execution. Existing centralized access control schemes suffer from the limitations of single point of failure, low reliability and poor scalability. This paper therefore proposes a distributed and reliable access control framework for smart cities by combining the blockchain smart contract technology and the Attribute-Based Access Control (ABAC) model. The framework consists of one Policy Management Contract (PMC) for managing the ABAC policies, one Subject Attribute Management Contract (SAMC) for managing the attributes of subjects (i.e., entities accessing resources), one Object Attribute Management Contract (OAMC) for managing the attributes of objects (i.e., resources being accessed), and one Access Control Contract (ACC) for performing the access control. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to evaluate the monetary cost as well as to compare the proposed framework with an existing Access Control List (ACL)-based scheme. The experimental results show that although the proposed scheme consumes more money than the ACL-based scheme at the deployment stage, it introduces less monetary cost during the system running especially for large-scale smart cities.

Cryptography and Security,Information Theory

Yuhan Yang,Lijun Wei,Jing Wu,Chengnian Long,Bo Li

DOI: https://doi.org/10.1109/jiot.2021.3107443

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Vehicular ad-hoc network enhances driving safety and enables various intelligent transportation applications by adopting the revolutionary vehicular wireless communication technology. This has attracted a lot of attentions from both academia and industry in recent years. Given the sophistication of vehicular manufacturing and the heterogeneity of intelligent transport terminals, performing vehicular authentication is of great importance. The existing schemes have largely considered vehicle security and authentication within a single administrative domain, which lacks supervision of the authority and entity in the intelligent transportation system. In this article, we propose a multidomain vehicular authentication architecture by introducing blockchain technique to build distributed trust and share cross-domain information among multiple administrative domains. To guarantee the anonymity and traceability, a pseudonym-based privacy-preserving authentication method is proposed. Specifically, considering the supervision of authority and the resilience to key escrow, we design a two-phase pseudonym distribution mechanism with the assistance of a roadside unit (RSU) proxy. We conduct in-depth security analysis by comparing with existing works and deploy experiments to show the efficiency and feasibility of the proposed scheme in the multidomain scenario.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Lin,Debiao He,Sherali Zeadally,Xinyi Huang,Zhe Liu

DOI: https://doi.org/10.1145/3397202

IF: 5.3

2021-03-10

ACM Transactions on Internet Technology

Abstract:The sensing-as-a-service (SaaS) model has been explored to address the challenge of intractability of managing a large number of sensors faced by future smart cities. However, how to effectively share sensor data without compromising confidentiality, privacy protection, and fair trading without third parties is one of critical issues that must be solved in the SaaS in smart cities. While blockchain shows promise in solving these issues, the existing blockchain-based data sharing (BBDS) systems are difficult to apply to SaaS in smart cities because of many unresolved issues such as requiring a customized blockchain, huge storage, communication and computation costs, and dependence on a third party to achieve fair trading. We propose a BBDS system model with its security requirements before we present a concrete construction by combining -protocol, Paillier encryption scheme, and any secure symmetrical encryption and signature schemes. To demonstrate the utility of our proposed BBDS system, we present a security analysis and compare our system with other solutions. We implement the prototype in Remix to analyze the gas cost, and we conduct experiments to evaluate the communication and computation costs of the BBDS system using symmetric encryption (advanced encryption standard (AES)) and a signature scheme (elliptic curve digital signature algorithm (ECDSA)).

computer science, information systems, software engineering

Xiangyu Xu,Jianfei Peng

DOI: https://doi.org/10.48550/arXiv.2110.14860

2021-10-28

Networking and Internet Architecture

Abstract:The smart city is an emerging notion that is leveraging the Internet of Things (IoT) technique to achieve more comfortable, smart and controllable cities. The communications crossing domains between smart cities is indispensable to enhance collaborations. However, crossing-domain communications are more vulnerable since there are in different domains. Moreover, there are huge different devices with different computation capabilities, from sensors to the cloud servers. In this paper, we propose a lightweight two-layer blockchain mechanism for reliable crossing-domain communication in smart cities. Our mechanism provides a reliable communication mechanism for data sharing and communication between smart cities. We defined a two-layer blockchain structure for the communications inner and between smart cities to achieve reliable communications. We present a new block structure for the lightweight IoT devices. Moreover, we present a reputation-based multi-weight consensus protocol in order to achieve efficient communication while resistant to the nodes collusion attack for the proposed blockchain system. We also conduct a secure analysis to demonstrate the security of the proposed scheme. Finally, performance evaluation shows that our scheme is efficient and practical.

Li Yunliang,Du Zhiqiang,Fu Yanfang,Zheng Xianghan

DOI: https://doi.org/10.1016/j.pmcj.2024.101878

IF: 3.848

2024-01-08

Pervasive and Mobile Computing

Abstract:Numerous users from diverse domains access information and perform various operations in multi-domain environments. These users have complex permissions that increase the risk of identity falsification, unauthorized access, and privacy breaches during cross-domain interactions. Consequently, implementing an access control architecture to prevent users from engaging in illicit activities is imperative. This paper proposes a novel blockchain-based access control architecture for multi-domain environments. By integrating the multi-domain environment within a federated chain, the architecture utilizes Decentralized Identifiers (DIDs) for user identification and relies on public/secret key pairs for operational execution. Verifiable credentials are used to authorize permissions and release resources, thereby ensuring authentication and preventing tampering and forgery. In addition, the architecture automates the authorization and access control processes through smart contracts, thereby eliminating human intervention. Finally, we performed a simulation evaluation of the architecture. The most time-consuming process had a runtime of 1074 ms, primarily attributed to interactions with the blockchain. Concurrent testing revealed that with a concurrency level of 2000 demonstrated that the response times for read and write operations were maintained within 1000 ms and 4600 ms, respectively. In terms of storage efficiency, except for user registration, which incurred two gas charges, all the other processes required only one charge.

computer science, information systems,telecommunications

Ke Yang,Da Li,Lei Zhou,Kai Cheng

DOI: https://doi.org/10.1088/1742-6596/2166/1/012042

2022-01-01

Journal of Physics: Conference Series

Abstract:Abstract The new power system presents new features such as massive, decentralized, multiple types of equipment and user access, more complex interactions, and faster response speed. The zero-trust security model still has problems such as the single-point failure risk of permission control and the inability to balance dynamic fine-grained permission adjustment and real-time response. Based on this, this paper proposes an adaptive dynamic access control model based on blockchain and token. First, build a decentralized authorization management architecture based on blockchain smart contracts to provide users with reliable and intelligent authorization services. Secondly, an authorization technology based on short-term tokens is proposed, which realizes adaptive dynamic access authority adjustment through user trust evaluation and smart contract automatic discrimination. Finally, an intelligent identity authentication mechanism based on user behavior data analysis is designed to support the adaptive update of tokens. Experiments have verified that this model has certain advantages in accurate and adaptive dynamic authorization, which can provide a reference for the improvement of the zero-trust model.

Adla Padma,Mangayarkarasi Ramaiah

DOI: https://doi.org/10.1109/access.2024.3364078

IF: 3.9

2024-02-16

IEEE Access

Abstract:Building smart services for smart cities has become a significant focus of the Internet of Things (IoT). These IoT devices are able to sense their surroundings and react appropriately. Smart city applications emphasize the necessity of safe data sharing across heterogeneous devices. Certain behaviors taken while sharing could aim at compromising security, privacy, and integrity. The centralized repository that is currently in place made the majority of hacks possible. The sharing of sensitive data and authentication are essential stages in guaranteeing the security of applications associated with IoT. Blockchain and IoT are two widely used technologies, with IoT focusing on data collection via various devices and blockchain enabling data integrity. This paper introduces a novel blockchain-based framework to ensure the security and integrity aspects of IoT data. The proposed SecPrivPreserve framework ensures security through various phases including initialization, registration, data protection, authentication, data access control, validation, and data sharing and download. Diverse security mechanisms such as passwords (OTP), encryption, and hashing have been deployed in various phases to strengthen security merits confidentiality, privacy, and integrity. Since the SecPrivPreserve framework is simulated in a permissioned blockchain platform the merits and tamper-proof and non-repudiation are automatically considered. Moreover, data protection uses Chebyshev polynomials and interpolation. The presented framework has experimented with Fabric SDK. The experimental results of the proposed framework are compared with the BaseLine state-of-the-frameworks, The experimental analysis reveals that the proposed SecPrivPreserve approach achieved 34 Sec improvement in terms of responsiveness 94 Sec as computational time, encryption quality as 0.87 Sec and 0.82 Sec for detection rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jian Chen,Fei Lu,Yuanzhe Liu,Sheng Peng,Zhiming Cai,Fu Mo

DOI: https://doi.org/10.1016/j.ijcip.2024.100661

IF: 3.683

2024-01-25

International Journal of Critical Infrastructure Protection

Abstract:With an increasing demand for authenticated data exchange between jurisdictions, ensuring the privacy and security of data interactions is crucial for national security, public health, and economic vitality, becoming a fundamental national infrastructure. Current solutions can be categorized into two types: fully decentralized autonomous systems based on blockchains or centralized solutions that rely on authoritative centers such as certification authorities (CAs). In reality, a balance needs to be struck between guaranteed authority and privacy independence. A certain authority is needed as an authorization guarantee, and decentralization is required to ensure privacy and the independence of the authority. This paper proposes a novel scheme, CT-MA-ABE (Cross-Trust Multiple Authorization Attribute-Based Encryption), to address these issues by implementing MA-ABE for cross-border institutional authorization interactions, utilize blockchain certification authority (BCA) for credibility and encryption-based authorization to protect attribute data privacy. This solution integrates the role of 'notary' in cross-border interactions, addressing the supervision problem in fully decentralized approaches while also considering the trust issue in centralized systems. This paper also introduces the Universal Certificate Authority Pool (UCAP), an innovative hybrid federated authorization method, creatively utilizing the implied authorization conditions of attributes to create a flexible and transitive authorization mechanism based on attribute relationships and extensions, enhancing privacy protection and improving the speed of authorization matrix calculation. The successful deployment of the system between the legal jurisdictions in South China, Zhuhai and Macau as a critical infrastructure component for securing data interactions further demonstrates its effectiveness as a reliable and secure solution.

engineering, multidisciplinary,computer science, information systems

Chenlei Liu,Feng Xiang,Zhixin Sun

DOI: https://doi.org/10.1155/2022/8497628

IF: 1.968

2022-04-12

Security and Communication Networks

Abstract:Information sharing has become an important application in modern supply chain management systems with business technology development. Because traditional supply chain information systems have problems such as easy data tampering, low information transparency, and interaction delays, blockchain has been taken consideration into supply chain information sharing research. Furthermore, blockchain technology is expected to provide decentralized supply chain information sharing solutions to enhance security, availability, and transparency. However, with the in-depth study of the application of blockchain technology in supply chain information sharing, people have found that the data stored publicly in the blockchain are still threatened by privacy leakage. In addition, due to the openness and accessibility of the blockchain, the lack of fine-grained access control is also apparent. In order to improve the security of data, we propose a novel privacy-preserving multiauthority attribute-based access control scheme for secure blockchain-based information sharing in a supply chain. In this scheme, blockchain stores encrypted supply chain information on distributed nodes. Multiple attribute authorities manage different attributes of users to achieve fine-grained access control and flexible authorization. Even if some attribute authorities fail, the user’s private key will not be leaked. In user secret key generation, we adopt an anonymous key generation protocol to realize the secure distribution of user keys by the attribute authorities. Furthermore, in order to meet the protection of communication privacy between blockchain nodes, properties of policy hiding and identity hiding are considered. Finally, we design experiments to analyze the performance of our scheme, including secret key sizes and running time of encryption and decryption.

computer science, information systems,telecommunications

Zaheer Khan,Abdul Ghafoor Abbasi,Zeeshan Pervez

DOI: https://doi.org/10.1002/cpe.5566

2019-11-11

Concurrency and Computation: Practice and Experience

Abstract:<p>Smart cities aim to provide smart governance with the emphasis on gaining high transparency and trust in public services and enabling citizen participation in decision making processes. This means on the one hand data generated from urban transactions need to be open and trustworthy. On the other hand, security and privacy of public data needs to be handled at different administrative and geographical levels. In this paper, we investigate the pivotal role of blockchain in providing privacy, self‐verification, authentication, and authorization of participatory transactions in open governance. We also investigate up to what extent edge computing can contribute toward management of permissioned sharing at specific administrative levels and enhance privacy and provide an economic approach for resource utilization in a distributed environment. We introduce a novel architecture that is based on distributed hybrid ledger and edge computing model. The architecture provides refined and secure management of data generated and processed in different geographical and administrative units of a city. We implemented a proof of concept of the architecture and applied it on a carefully designed use case, ie, citizen participation in administrative decisions through consensus. This use case highlights the need to keep and process citizen participation data at local level by deploying district chaincodes and only share consensus results through permissioned chaincodes. The results reveal that proposed architecture is scalable and provide secure and privacy protected environment for citizen participatory applications. Our performance test results are promising and show that under control conditions, the average registration time for a citizen transaction is about 42 ms, whilst the validation and result compilation of 100 concurrent citizens' transactions took about 2.4 seconds.</p>

Libo Feng,Junyu Lin,Fei Qiu,Bei Yu,Zhihua Jin,Jinli Wang,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1109/tnsm.2024.3371521

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Industrial big data has experienced from data silos due to its high potential value and strong security requirements, making it difficult to share securely across domains. Blockchain-based solutions allow nodes to establish access control to trusted data on unreliable or trustless networks, but still face issues such as inefficient data sharing and leakage of sensitive information. In this paper, we propose a blockchain-based access control scheme for privacy security and dynamic regulation. First, ciphertext policy attribute-based encryption (CP-ABE) is developed to gain fine-grained access to node resources, with verifiable outsourcing decryption method to significantly reduce computational pressure on end users. Second, a policy hiding method based on multi-chain architecture is proposed, which performs double hiding of attribute information and access policy information on the blockchain. Finally, a supervisory policy that incorporates dynamic trust assessment and smart contracts is proposed to achieve effective detection and hierarchical classification punishment of malicious behavior. Security analysis and experimental results show that our scheme can limit the complexity of terminal decryption at a constant level and effectively achieve secure and efficient access control in the industrial Internet environment.

computer science, information systems

Cong Zha,Yulei Wu,Zexun Jiang,Wenqian Zhao,Hao Yin

DOI: https://doi.org/10.1109/trustcom60117.2023.00155

2024-01-01

Abstract:Data authorization is the basis for the orderly sharing of medical data. Most of the applied decentralized authorization mechanisms rely on blockchain, but face the problems of privacy leakage and low efficiency. To solve these problems, we design a policy-driven decentralized authorization system named BAA, which protects user's behavior privacy in medical data sharing and improves efficiency of both on-chain and off-chain. In order to achieve these goals, BAA uses authorization tokens to represent permissions, protects privacy of the authorization process through hiding user behaviors, realizes batch data accessing by proposing a two-tier Merkle tree, and saves authorization data in a two-tier blockchain to improve on-chain efficiency. Extensive experimental results show that the overhead of cryptographic operations in BAA is acceptable compared to that in traditional authorization systems. In addition, throughput and latency of each operation in BAA can meet the efficiency needs of medical data authorization. The results also show that the preset authorization in blockchain is effective for reducing data user's waiting time and improving the efficiency of authorization.