Qiwei Hu,Chenyu Huang,Guoqiang Zhang,Lingyi Cai,Tao Jiang

DOI: https://doi.org/10.1016/j.jisa.2024.103866

IF: 4.96

2024-01-01

Journal of Information Security and Applications

Abstract:The integration of blockchain technology with Access Control (AC) systems presents novel opportunities for enhancing data security within decentralized architectures, which is drawing increasing attention in Data Sharing (DS) applications. However, existing works reveal a gap in achieving accountability for anonymous access in the absence of a centralized trusted authority. To address this issue, this paper introduces InvisiReveal, a novel Blockchain-Based AC (BBAC) framework that achieves permission invisibility, access anonymity, and accountability without extra trust assumptions. Users in InvisiReveal generate anonymous credentials to authenticate their requests using Zero Knowledge Proof. To enable accountability, a novel blockchain-oriented verifiable commitment (BC-VC) protocol is designed that allows a user to commit a confidential traceable tag to the blockchain. The system could unveil a malicious requester’s identity by opening the tag commitment under collaboration with the victim user and blockchain. We implement a prototype of InvisiReveal to evaluate its practicality, where an access request is verified within 5 ms.

Taotao Wang,Shengli Zhang,Soung Chang Liew

DOI: https://doi.org/10.48550/arXiv.2301.02102

2023-01-05

Cryptography and Security

Abstract:A decentralized identity system that can provide users with self-sovereign digital identities to facilitate complete control over their own data is paramount to Web 3.0. The accounting system on blockchain is an ideal archetype for realizing Web 3.0 decentralized identity: users can create their accounts without registering with a central agent. Such an identity system is endowed with anonymity property: nobody knows the account's owner because the relationship between an account and the owner is invisible. Thus, user privacy is well protected even though the account's data is public. However, a disadvantage of such complete anonymity is that users can create multiple accounts without authentication to obfuscate their activities on the blockchain. In particular, the current anonymous blockchain account system cannot accurately register the social relationships and interactions between real human users, given the amorphous mappings between users and blockchain identities. Mistrust can be a major hurdle to the large-scale deployment of Web 3.0. This work proposes ZKBID, a zero-knowledge blockchain-account-based Web 3.0 decentralized identity scheme, to overcome endemic mistrust in blockchain account systems. ZKBID links souls (blockchain accounts) to humans (users) in a one-to-one manner to truly reflect the societal relationships and interactions between humans on the blockchain. With ZKBID, the users are accountable for their accounts anonymously, preserving privacy. ZKBID authenticates users using face match and then maps authenticated users to accounts. Zero-knowledge proofs encode the face match results, and user-account mappings employ linkable ring signatures to preserve anonymity. We implemented ZKBID and built a blockchain test network for evaluation purposes. Our tests demonstrate the effectiveness of ZKBID and suggest proper ways to configure ZKBID system parameters.

Mingxin Ma,Guozhen Shi,Fenghua Li

DOI: https://doi.org/10.1109/access.2019.2904042

IF: 3.9

2019-01-01

IEEE Access

Abstract:The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability, and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junhao Lai,Taotao Wang,Shengli Zhang,Qing Yang,Soung Chang Liew

2024-09-26

Abstract:Digital identity plays a vital role in enabling secure access to resources and services in the digital world. Traditional identity authentication methods, such as password-based and biometric authentications, have limitations in terms of security, privacy, and scalability. Decentralized authentication approaches leveraging blockchain technology have emerged as a promising solution. However, existing decentralized authentication methods often rely on indirect identity verification (e.g. using passwords or digital signatures as authentication credentials) and face challenges such as Sybil attacks. In this paper, we propose BioZero, an efficient and privacy-preserving decentralized biometric authentication protocol that can be implemented on open blockchain. BioZero leverages Pedersen commitment and homomorphic computation to protect user biometric privacy while enabling efficient verification. We enhance the protocol with non-interactive homomorphic computation and employ zero-knowledge proofs for secure on-chain verification. The unique aspect of BioZero is that it is fully decentralized and can be executed by blockchain smart contracts in a very efficient way. We analyze the security of BioZero and validate its performance through a prototype implementation. The results demonstrate the effectiveness, efficiency, and security of BioZero in decentralized authentication scenarios. Our work contributes to the advancement of decentralized identity authentication using biometrics.

Cryptography and Security

Abebe Diro,Lu Zhou,Akanksha Saini,Shahriar Kaisar,Pham Cong Hiep

DOI: https://doi.org/10.1016/j.jisa.2023.103678

IF: 4.96

2024-01-04

Journal of Information Security and Applications

Abstract:Identity sharing systems, regardless of their architectural models, share common vulnerabilities. These systems compel users to divulge personal information and furnish proof of identity for accessing services, leaving them susceptible to data breaches that can culminate in identity theft and jeopardize online data security. While blockchain technology offers a potential remedy, delivering enhanced security, immutability, and traceability, it simultaneously raises pertinent concerns surrounding privacy and transparency. The integration of zero-knowledge proof (ZKP) technology has emerged as a promising solution, particularly in enhancing privacy within the transparent blockchain ecosystem. Our paper conducts an exhaustive survey of the existing literature, with a particular focus on the assimilation of ZKP technology into blockchain for the secure sharing of user identities. We undertake a critical evaluation of the advancements achieved in this domain, pinpoint the formidable challenges that must be confronted, and uncover nascent opportunities for further exploration. Our contribution transcends the realms of mere summarization and analysis; we go a step further by offering recommendations drawn from real-world case studies and delineating future research directions.

computer science, information systems

Tao Feng,Pu Yang,Chunyan Liu,Junli Fang,Rong Ma

DOI: https://doi.org/10.1155/2022/1040662

2022-02-23

Wireless Communications and Mobile Computing

Abstract:The data generated in the Industrial Internet of Things (IIoT) has important research value. In the process of data sharing, data privacy, security, and data availability are important issues that cannot be ignored. This paper proposes a blockchain privacy protection scheme based on zero-knowledge proof to realize the secure sharing of data among data owners, cloud service providers, and semitrusted cloud servers. First, the method of combining zero-knowledge proof and smart contract is used to verify the availability of data between the data owner and the cloud service provider under the premise of protecting data privacy. Second, proxy reencryption technology is used to realize the secure sharing of data among authorized cloud service providers. In addition, data sharing transaction information between multiple parties and data hashes with digital signatures are stored on the blockchain to achieve public and verifiable data sharing information and data validity. Finally, the theoretical analysis of the scheme shows that the scheme meets the confidentiality requirements of security, integrity, and validity.

computer science, information systems,telecommunications,engineering, electrical & electronic

Konkin, Anatoly,Zapechnikov, Sergey

DOI: https://doi.org/10.1007/s11416-023-00466-1

2023-03-11

Journal of Computer Virology and Hacking Techniques

Abstract:Comprehensive adoption of distributed ledger technology and blockchain in enterprises might disrupt financial and other sectors. At the same time, there are some barriers to rolling out the technology in practice. One of the significant issues concerns information security and privacy in the blockchain. Some methods for private transactions such as mixed networks, ring signatures, and off-chain protocols address certain data privacy issues, but do not provide the blockchain characteristics such as decentralized storing systems and immutability verification of private data. This article examines zero-knowledge proof (ZKP) methods for corporate blockchain networks. The article reviews existing methods for private transactions, observes the implementation of ZKP methods, and discusses performance and scalability issues.

Dezhi Han,Yujie Zhu,Dun Li,Wei Liang,Alireza Souri,Kuan-Ching Li

DOI: https://doi.org/10.1109/tii.2021.3114621

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) devices are widely considered in smart cities, intelligent medicine, and intelligent transportation, among other fields that facilitate people's lives, producing a large amount of private data. However, due to the mobility, limited performance, and distributed deployment of IoT, traditional access control methods cannot support the security of private data's access control process in current IoT environments. To address such problems, this article proposes an auditable access control model, based on an attribute-based access control model, and manages the access control policy for private data through the request record, the response record, and the access record stored in the blockchain network. Additionally, a Blockchain-based auditable access control system is also proposed based on the auditable access control model, ensuring private data security in IoT environments and realizing effective management and auditable access to these data. Experimental results show that the proposed system can maintain high throughput while ensuring private data security for real application scenarios in IoT environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jie Li,Yuanyuan Lin,Yibing Li,Yan Zhuang,Yangjie Cao

DOI: https://doi.org/10.3390/electronics13101901

IF: 2.9

2024-05-14

Electronics

Abstract:The Internet of Vehicles (IoV) connects an isolated individual on the road to share information, which can improve traffic efficiency. However, the promotion of information sharing brings the critical security issues of identity authentication, followed by privacy protection issues in the authentication process in the IoV. In this study, we designed a blockchain-based conditional privacy-preserving authentication scheme for the IoV (BPA). Our scheme implements zero-knowledge proof (ZKP) to verify the identities of vehicles, which moves the authentication process down to the Roadside Units (RSUs) and achieves decentralized authentication at the edge nodes. Moreover, blockchain technology is utilized to synchronize a consistent ledger across all RSUs for recording and disseminating vehicle authentication states, which enhances the overall authentication process efficiency. We provide a theoretical analysis asserting that the BPA ensures enhanced security and effectively protects the privacy of all participating vehicles. Experimental evaluations confirm that our scheme outperforms existing solutions in terms of the computational and communication overhead.

engineering, electrical & electronic,physics, applied,computer science, information systems

Hao Guo,Jieren Cheng,Janghao Wang,Tao Chen,Yuming Yuan,Hui Li,Victor S. Sheng

DOI: https://doi.org/10.1007/978-3-031-06788-4_48

2022-01-01

Abstract:While IoT devices provide people with richer and more complete services, they also generate a large amount of device data. The potential value of these data has spawned IoT data transactions. In the blockchain environment, due to its decentralization characteristics, the validity of transactions can be guaranteed, but the transaction information of the blockchain will be stored and visible by all nodes. The use of asymmetric encryption to realize data sharing on the blockchain faces the challenge of privacy. The risk of key leakage and flexible data sharing cannot be achieved Aiming at this problem, this paper proposes an IoT data transaction model in the blockchain environment, realizes multi-party IoT data sharing with the help of proxy re-encryption, and uses zero-knowledge proof to realize the identity verification mechanism. Finally, experiments show that the model is effective and feasible in terms of cost and efficiency.

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Wangjing Jia,Tao Xie,Baolai Wang

DOI: https://doi.org/10.1038/s41598-023-50209-x

IF: 4.6

2024-01-04

Scientific Reports

Abstract:With the increasing presence of blockchain-based distributed applications in various aspects of daily life, there has been a growing focus on the privacy protection of blockchain ledgers and the corresponding regulatory technologies. However, current mainstream solutions primarily concentrate on the verifiable encryption of blockchain transaction addresses and contents, neglecting the regulatory requirements for private transactions. Moreover, the few monitorable solutions suffer from issues such as excessive centralization and a single-minded approach to regulatory content. To address these deficiencies, this paper proposes a blockchain privacy-preserving scheme that supports multi-level regulation through the utilization of zero-knowledge proofs (zk-SNARKs) and attribute-based encryption (ABE). Firstly, by leveraging zk-SNARKs, this scheme achieves blockchain privacy-preserving within an account model, enabling the concealment of user transaction addresses and values. Secondly, by employing attribute-based encryption, a multi-level regulatory model is developed alongside the privacy protection measures, allowing for selective disclosure of transaction content. Finally, we analyze the security of the proposed scheme and compare it with other schemes, discussing its advantages in terms of privacy, security, and regulatory capabilities, we also provide a preliminary evaluation of the scheme's efficiency through experiments. In conclusion, the scheme demonstrates strong privacy by relying on mathematical proofs through zk-SNARKs to ensure security while comprehensively safeguarding content. It also achieves multi-level regulation on the foundation of privacy protection, with comprehensive regulatory coverage and decentralized regulatory authority.

multidisciplinary sciences

Jingting Xue,Chunxiang Xu,Yuan Zhang

DOI: https://doi.org/10.3837/tiis.2018.12.024

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:Smart home systems provide a safe, comfortable, and convenient living environment for users, whereby users enjoy featured home services supported by the data collected and generated by smart devices in smart home systems. However, existing smart devices lack sufficient protection in terms of data security and privacy, and challenging security and privacy issues inevitably emerge when using these data. This article aims to address these challenging issues by proposing a private blockchain-based access control (PBAC) scheme. PBAC involves employing a private blockchain to provide an unforgeable and auditable foundation for smart home systems, that can thwart illegal data access, and ensure the accuracy, integrity, and timeliness of access records. A detailed security analysis shows that PBAC could preserve data security against various attacks. In addition, we conduct a comprehensive performance evaluation to demonstrate that PBAC is feasible and efficient.

Jiahui Huang,Teng Huang,Huanchun Wei,Jiehua Zhang,Hongyang Yan,Duncan S. Wong,Haibo Hu

DOI: https://doi.org/10.1002/ett.4709

IF: 3.6

2022-12-20

Transactions on Emerging Telecommunications Technologies

Abstract:We present a privacy‐preserving model based on zk‐SNARKs and hash chain for efficient exchange of digital assets. The comprehensive experimental results show the practicality of zkChain. As a distributed public ledger technology in a peer‐to‐peer network, blockchain has been widely used in a variety of Internet interaction systems in recent years, such as market supervision, property rights protection, and digital identity. However, in blockchain environment, all historical transaction data are open and transparent, and adversaries may illegally access private transaction data, which makes privacy attacks a core issue that hinders the popularization and application of blockchain. Different privacy‐preserving technologies such as zerocoin and zerocash have been proposed. However, the large amount of proofs and the slow verification speed hinder the effective application of zero‐knowledge proofs (ZKPs) in blockchain. This article proposes a privacy‐preserving model based on zk‐SNARKs and hash chain for efficient transfer of assets, called zkChain. Different from traditional privacy‐preserving schemes, this scheme constructs a smaller proof based on hash chain, and the verification speed of the proof is faster. This scheme constructs ZKP based on the one‐way hash function and zk‐SNARKs. The proof is publicly recorded in the ledger after being verified by miners, and users use the proof to send privacy‐preserving transactions. In the above process, the zkChain scheme can achieve effective privacy protection of account balance and account address. We evaluated the computational and storage costs of the zkChain scheme based on libsnark, and establish a test network to evaluate the processing performance of the zkChain scheme.

telecommunications

Shunli Ma,Yi Deng,Debiao He,Jiang Zhang,Xiang Xie

DOI: https://doi.org/10.1109/tdsc.2020.2969418

2021-03-01

IEEE Transactions on Dependable and Secure Computing

Abstract:We introduce the abstract framework of decentralized smart contracts system with balance and transaction amount hiding property over account-model blockchain. To build a concrete system with such properties, we utilize a homomorphic public-key encryption scheme and construct a highly efficient non-interactive zero knowledge (NIZK) argument based upon the encryption scheme to ensure the validity of the transactions. Our NIZK scheme is perfect zero knowledge in the common reference string model, while its soundness holds in the random oracle model. Compared to previous similar constructions, our proposed NIZK argument dramatically improves the time efficiency in generating a proof, at the cost of relatively longer proof size.

computer science, information systems, software engineering, hardware & architecture

Yueran Zhuo

DOI: https://doi.org/10.54691/9xb96p64

2024-10-22

Abstract:In the context of the digital age, data privacy and security issues are increasingly prominent. Blockchain technology plays an important role in data sharing due to its transparency and immutability, but it also brings the risk of privacy leakage. Zero knowledge proof technology provides a solution for verifying data correctness without exposing data content, which is particularly important for blockchain as it can ensure the validity and compliance of transactions while protecting user privacy. Although zero knowledge proof is quite mature in theory, its application in blockchain systems still faces challenges such as computational efficiency, complexity of smart contracts, and system compatibility. This study aims to propose a privacy protection scheme that supports interactive zero knowledge proof by improving the homomorphic encryption Paillier algorithm, in order to enhance the privacy protection capability of blockchain systems and maintain system efficiency and security. The study will adopt an interdisciplinary approach, combining cryptography, computer science, and network security theory, to deeply analyze the application effect of zero knowledge proof technology in blockchain, explore its optimization space and applicability.

Guangjun Wu,Shupeng Wang,Zhaolong Ning,Jun Li records,Jun Li

DOI: https://doi.org/10.1109/jiot.2021.3138104

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Recently, the rapid developments in the Internet of Medical Things (IoMT) enable smart devices to generate and transmit massive personal electronic medical records (EMRs). However, there are many sensitive attributes in an EMR, which could be accessed by external or internal unauthorized users for malicious purposes. In this article, we present a triple subject purpose-based access control (TS-PBAC) model, which is compatible with a blockchain-enabled reliable transaction network, and design an individual-centric security and privacy-preserving mechanism for access control with different purposes and roles in IoMT scenarios. Specifically, we design hierarchical purpose tree (HPT) and related policies to guarantee the legality of an external user with different purposes. To improve the privacy for sensitive attributes against an internal attacker, we design a local differential privacy (LDP)-based policy and role-based access control scheme in an edge computing paradigm to grant fine-granularity rights for authorized users. In addition, we introduce mutual evaluation metrics to evaluate data quality from a patient-and-medical-service level in an open anonymous network, only using logs kept in the blockchain. We test our approach by real-world EMRs with 100000 patients. The experimental results show that the proposed privacy-preserving scheme can better protect patient’s privacy than traditional access control policies in IoMT environments, and can make reliable and stable access control decisions between data publishers and data requesters with different purposes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhenwei Zhao,Xiaoming Li,Bing Luan,Weining Jiang,Weidong Gao,Subramani Neelakandan

DOI: https://doi.org/10.1016/j.ins.2023.01.020

IF: 8.1

2023-01-06

Information Sciences

Abstract:Smart Health Care offers efficient, sustainable, along with real-time human services, and the concept of enhanced Internet of Things (IoT) lies behind the emergence of this smart Health Care (HC). Nevertheless, the association of these IoT-centric sensors with other organizations generates security threats that an illegal user might utilize it owing to the data's openness. In the HC sector, data security and privacy are the prime concern in which the alteration in data values as sensors could modify the diagnosis process, which may cause serious health problems. The immutability and transparency of the blockchain make it a viable option for the safe storage and management of healthcare data. However, the Cloud Storage Server (CSS), consensus latency, majority attacks, Byzantine problem, uncomfortable data Throughput (TP), et cetera, make the blockchain vulnerable to healthcare data transmission. To solve the current disadvantages, a secure IoT was introduced in healthcare using Brooks Iyengar Quantum Byzantine Agreement-centered Blockchain Networking (BIQBA-BCN). This study ensures the sincerity and equity of health data exchange. Based on Blum Blum Shub and Okamoto Uchiyana Cryptosystem (OUCS) mutual authentica1tion, the proposed work provides an OUCS-based mutual authentication system (BBS-OUC). Attackers are prevented from entering the BCN, ensuring the storage remains trustworthy. In addition, the Key Weight Block Function-Quasi-Cyclic Moderate Density Parity Check (KWBF-QCMDPC) algorithm safeguards the confidentiality and dependability of IoT user data. The cryptosystem technique protects sensitive data when the blockchain platform is distributed. The proposed methodology, known as BIQBA-BCN, results in a security level that is %94 effective. Finally, the BIQBA-BC consensus mechanism is used to distribute data to the corresponding Hospital Server (HS). By achieving a higher data TP, lower delay, higher Success Rate (SR), shorter consensus latency, and node communication time, the experimental results show that the proposed methodology is exceptionally safe against assaults and highly scalable.

computer science, information systems

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.ins.2020.12.035

IF: 8.1

2021-01-01

Information Sciences

Abstract:Attribute-based encryption (ABE) is considered to be one of the most suitable schemes for cryptographic access control in the big data environment. But it still faces many challenges to be applied in the Internet of Things (IoT). ABE is implemented based on bilinear pairing, which is considered to be an expensive operation. However, there are lots of IoT devices with constrained resources. Proxy re-encryption methods based on the cloud are proposed to reduce computing overhead on the user side, but an untrusted cloud may give incorrect computing results to mislead users. To solve this problem, an access control scheme with lightweight decryption based on ABE and blockchain technologies is proposed. We assume that the cloud is untrusted, and guarantee the accuracy of proxy re-encryption calculation based on blockchain. In addition, how to encourage users to obtain authorization through blockchain and record access behavior on the blockchain is a problem worthy of attention. This paper proposes a user credibility incentive mechanism, which calculates the user's credibility according to the user's access behavior and gives a reputation score, so as to dynamically adjust the endorsement protocol. Security analysis and experimental results show that the proposed method is reliable and efficient. (C) 2020 Elsevier Inc. All rights reserved.