Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Chuan Zhang,Mingyang Zhao,Weiting Zhang,Qing Fan,Jianbing Ni,Liehuang Zhu

DOI: https://doi.org/10.1109/jsac.2023.3345392

IF: 16.4

2023-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Metaverse provides human-centric immersive communication experiences where humans can teleport across different virtual landscapes and build real-time communications via digital identities with others in the same landscape. Despite great benefits, a natural question in human-centric metaverse communications is how to secure digital content among humans. In this regard, blockchain has been widely applied due to its distinct features (e.g., decentralization, transparency, and immutability). Unfortunately, the inherent properties of the blockchain also hinder humans from further deploying preferences to flexibly govern the digital content (i.e., who can read and who can edit), limiting human-centric communication abilities. Some redactable blockchain-based solutions have been proposed, but most of them suffer from the issues of data and preference leakage. To address the issues, we propose a privacy-preserving identity-based data governance (IDRG) scheme for blockchain-empowered human-centric metaverse communications. Combining digital identities, IDRG cryptographically allows humans to govern readability and editability with the right downward compatibility (i.e., humans with editability are endowed with readability) while protecting policy privacy. Specifically, IDRG leverages the polynomial function technique to break through the bottleneck of the traditional identity-based encryption technique (i.e., a policy only contains a user) to achieve a policy for multiple users. Subsequently, the optimized policies are utilized to enrich chameleon hash-based redactable blockchains for comprehensive rights governance. Further, IDRG supports user accountability and revocation by combining the proxy re-encryption technique. Security analysis proves the security of IDRG under the chosen-ciphertext attack. Experiments on the FISCO blockchain platform demonstrate that IDRG requires approximately 0.1 s to process an encryption request, 0.01 s for a reading request, and 1 s for an editing request. Overall, IDRG achieves a 3x reduction in computational costs compared with state-of-the-art solutions.

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Junyu Lin,Libo Feng,Jinli Wang,Fei Qiu,Bei Yu,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1049/cmu2.12737

IF: 1.345

2024-03-03

IET Communications

Abstract:(1) A blockchain‐based efficient data‐sharing scheme is proposed, which employs the ciphertext policy attribute‐based encryption algorithm to enable fine‐grained sharing of data resources. (2) An anonymous identity authentication method based on ring signatures is proposed, which can effectively protect the user's identity privacy and transaction privacy. (3) Security analysis shows that the authors' scheme satisfies data confidentiality and anti‐collusion attack, which can effectively protect identity privacy and transaction privacy. In the era of 5G, billions of terminal devices achieve global interconnection and intercommunication, which leads to the generation of massive data. However, the existing cloud‐based data‐sharing mechanism faces challenges such as sensitive information leakage and data islands, which makes it difficult to achieve secure sharing across domains. In this paper, the authors propose a fine‐grained data‐sharing scheme based on blockchain and ciphertext policy attribute‐based encryption, and design a verifiable outsourced computation method to reduce the computational pressure of end users. Second, the authors comprehensively consider the user's identity privacy and transaction privacy, and propose a multi‐level privacy protection method based on ring signature and garbled bloom filter, which enhance the user's data privacy and availability, and prevent the traceability of requests. Finally, the authors design a set of interconnected smart contracts, and verify that their scheme can achieve secure and efficient data sharing through security analysis and performance testing.

engineering, electrical & electronic

Yifan Hu,Wei Xia,Jun Xiao,Chao Wu

2020-01-01

Abstract: With the increasing importance of data privacy protection, federated learning is becoming more widely used, and there are more frameworks for federated learning. However, the centralization of federated learning has always restricted the development of federated learning and the federated learning framework. Although there are some decentralized federated learning algorithms, these algorithms have some shortcomings and there is no framework that can quickly use these algorithms. In this paper,we proposed and implemented a blockchain-based decentralized federated learning framework called GFL \cite{GFL} and integrated two new blockchain-based decentralized federated learning mechanisms to try to try to make the decentralized federated learning algorithm better landed.

Yue Wu,Zheming Lu,Faxin Yu,Xuexue Luo

DOI: https://doi.org/10.1007/978-981-15-3308-2_48

2019-01-01

Abstract:With the rapid achievement of internet technologies and digital multimedia, the strengthening of intellectual property rights remains an enormous challenge in digital right management (DRM). Toward the objective, the traditional DRM system relied on digital encryption and digital watermarking technology emphasizes much more on the encryption and decryption of digital property right than tracking digital property rights transaction and authorization, which is as important as encryption and decryption. To improve the situation, with the widely used blockchain and distributed ledgers technology (DLT) in a broad range of applications and different domains, this paper proposes a new DRM system named RCB (Rapid Consortium Blockchain)-DRM which has excellent ability to effectively trace the transaction of intellectual property matters and manage digital copyright with decentralization, tamper-proof, transparent digital date stored in master-slave rapid consortium blockchain. In the proposed master-slave rapid consortium blockchain, we adopt a new intelligent consensus mechanism (ICM) named PBS (Proof By System Nodes), improving the consensus efficiency, shortening the transaction confirmation time and improving the fault tolerance of the system, which can ensure the final consistency of each block and guarantee block generation stability without blockchain bifurcating.

Mohammed Alshehri,Brajendra Panda

DOI: https://doi.org/10.48550/arXiv.2001.04490

2020-01-13

Cryptography and Security

Abstract:People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users' data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the CP-ABE algorithm and blockchain concept to prevent fog nodes from violating end users' data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme's efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.

Chao Liu,Cankun Hou,Tianyu Jiang,Jianting Ning,Hui Qiao,Yusen Wu

DOI: https://doi.org/10.1109/tifs.2024.3427311

IF: 7.231

2024-07-26

IEEE Transactions on Information Forensics and Security

Abstract:Data-driven landscape across finance, government, and healthcare, the continuous generation of information demands robust solutions for secure storage, efficient dissemination, and fine-grained access control. Blockchain technology emerges as a significant tool, offering decentralized storage while upholding the tenets of data security and accessibility. However, on-chain and off-chain strategies are still confronted with issues such as untrusted off-chain data storage, absence of data ownership, limited access control policy for clients, and a deficiency in data privacy and auditability. To solve these challenges, we propose a permissioned blockchain-based privacy-preserving fine-grained access control on-chain and off-chain system, namely FACOS. We applied three fine-grained access control solutions and comprehensively analyzed them in different aspects, which provides an intuitive perspective for system designers and clients to choose the appropriate access control method for their systems. Compared to similar work that only stores encrypted data in centralized or non-fault-tolerant IPFS systems, we enhanced off-chain data storage security and robustness by utilizing a highly efficient and secure asynchronous Byzantine fault tolerance (BFT) protocol in the off-chain environment. As each of the clients needs to be verified and authorized before accessing the data, we involved the Trusted Execution Environment (TEE)-based solution to verify the credentials of clients. Additionally, our evaluation results demonstrated that our system (https://github.com/cliu717/AsynchronousStorage) offers better scalability and practicality than other state-of-the-art designs. We deployed our system on Alibaba Cloud and Tencent Cloud and conducted multiple evaluations. The results indicate that it takes about 2.79 seconds for a client to execute the protocol for uploading and about 0.96 seconds for downloading. Compared to other decentralized systems, our system exhibits efficient latency for both download and upload operations.

computer science, theory & methods,engineering, electrical & electronic

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Yiming Wu,Zhe‐Ming Lu,F. Richard Yu,Xiaobing Luo

2020-01-01

Abstract:With the rapid achievement of internet technologies and digital multimedia, the strengthening of intellectual property rights remains an enormous challenge in digital right management (DRM). Toward the objective, the traditional DRM system relied on digital encryption and digital watermarking technology emphasizes much more on the encryption and decryption of digital property right than tracking digital property rights transaction and authorization, which is as important as encryption and decryption. To improve the situation, with the widely used blockchain and distributed ledgers technology (DLT) in a broad range of applications and different domains, this paper proposes a new DRM system named RCB (Rapid Consortium Blockchain)-DRM which has excellent ability to effectively trace the transaction of intellectual property matters and manage digital copyright with decentralization, tamper-proof, transparent digital date stored in master-slave rapid consortium blockchain. In the proposed master-slave rapid consortium blockchain, we adopt a new intelligent consensus mechanism (ICM) named PBS (Proof By System Nodes), improving the consensus efficiency, shortening the transaction confirmation time and improving the fault tolerance of the system, which can ensure the final consistency of each block and guarantee block generation stability without blockchain bifurcating.

Yifan Hu,Wei Xia,Jun Xiao,Chao Wu

2020-01-01

Abstract:Federated learning(FL) is a rapidly growing field and many centralized and decentralized FL frameworks have been proposed. However, it is of great challenge for current FL frameworks to improve communication performance and maintain the security and robustness under malicious node attacks. In this paper, we propose Galaxy Federated Learning Framework(GFL), a decentralized FL framework based on blockchain. GFL introduces the consistent hashing algorithm to improve communication performance and proposes a novel ring decentralized FL algorithm(RDFL) to improve decentralized FL performance and bandwidth utilization. In addition, GFL introduces InterPlanetary File System(IPFS) and blockchain to further improve communication efficiency and FL security. Our experiments show that GFL improves communication performance and decentralized FL performance under the data poisoning of malicious nodes and non-independent and identically distributed(Non-IID) datasets.

Liang Zhang,Haibin Kan,Yang Xu,Jinhao Ran

DOI: https://doi.org/10.1007/978-3-030-92708-0_4

2021-01-01

Abstract:Data sharing methodology has recently been an active research area due to the development of information technology. As blockchain gets popular, decentralized storage mode becomes a favorable method for data sharing. Moreover, non-repudiation, confidentiality, revocability and fine-grained access are sometimes indispensable in practice. In light of these requirements, we propose a solution by combining decentralized ciphertext-policy attribute-based encryption (CP-ABE) and Software Guard eXtension (SGX) with blockchain. In our framework, the use of blockchain makes shared data publicly accessible and undeniable. To ensure confidentiality and fine-grained access control, we take advantage of decentralized CP-ABE to encrypt data. SGX is utilized as a key management service for the decentralized CP-ABE, making our data sharing methodology revocable without updating ciphertext. Overall, our methodology achieves privacy protection, revocability and decentralized fine-grained access. In addition, we perform experiments on Ethereum, and the results demonstrate that our approach is feasible.

Youyang Qu,Longxiang Gao,Tom H. Luan,Yong Xiang,Shui Yu,Bai Li,Gavin Zheng

DOI: https://doi.org/10.1109/jiot.2020.2977383

IF: 10.6

2020-06-01

IEEE Internet of Things Journal

Abstract:As the extension of cloud computing and a foundation of IoT, fog computing is experiencing fast prosperity because of its potential to mitigate some troublesome issues, such as network congestion, latency, and local autonomy. However, privacy issues and the subsequent inefficiency are dragging down the performances of fog computing. The majority of existing works hardly consider a reasonable balance between them while suffering from poisoning attacks. To address the aforementioned issues, we propose a novel blockchain-enabled federated learning (FL-Block) scheme to close the gap. FL-Block allows local learning updates of end devices exchanges with a blockchain-based global learning model, which is verified by miners. Built upon this, FL-Block enables the autonomous machine learning without any centralized authority to maintain the global model and coordinates by using a Proof-of-Work consensus mechanism of the blockchain. Furthermore, we analyze the latency performance of FL-Block and further derive the optimal block generation rate by taking communication, consensus delays, and computation cost into consideration. Extensive evaluation results show the superior performances of FL-Block from the aspects of privacy protection, efficiency, and resistance to the poisoning attack.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yaoliang Chen,Shi Chen,Jiao Liang,Lance Warren Feagan,Weili Han,Sheng Huang,X. Sean Wang

DOI: https://doi.org/10.1016/j.is.2020.101590

IF: 3.18

2020-01-01

Information Systems

Abstract:Blockchain is an emerging data management technology that enables people in a collaborative network to establish trusted connections with the other participants. Recently consortium blockchains have raised interest in a broader blockchain technology discussion. Instead of a fully public, autonomous network, consortium blockchain supports a network where participants can be limited to a subset of users and data access strictly controlled. Access control policies should be defined by the respective data owner and applied throughout the network without requiring a centralized data administrator. As a result, decentralized data access control (DDAC) emerges as a fundamental challenge for such systems. However, we show from a trust model for consortium collaborative networks that current consortium blockchain systems provide limited support for DDAC. Further, the distributed, replicated nature of blockchain makes it even more challenging to control data access, especially read access, compared with traditional DBMSes. We investigate possible strategies to protect data from being read by unauthorized users in consortium blockchain systems using combinations of ledger partitioning and encryption strategies. A general framework is proposed to help inexperienced users determine appropriate strategies under different application scenarios. The framework was implemented on top of Hyperledger Fabric to evaluate feasibility. Experimental results along with a real-world case study contrasted the performance of different strategies under various conditions and the practicality of the proposed framework.

Hongchen Guo,Xiaolong Tao,Mingyang Zhao,Tong Wu,Chuan Zhang,Jingfeng Xue,Liehuang Zhu

DOI: https://doi.org/10.3390/s23167105

IF: 3.9

2023-01-01

Sensors

Abstract:Currently, decentralized redactable blockchains have been widely applied in IoT systems for secure and controllable data management. Unfortunately, existing works ignore policy privacy (i.e., the content of users’ redaction policies), causing severe privacy leakage threats to users since users’ policies usually contain large amounts of private information (e.g., health conditions and geographical locations) and limiting the applications in IoT systems. To bridge this research gap, we propose PFRB, a policy-hidden fine-grained redactable blockchain in decentralized blockchain-based IoT systems. PFRB follows the decentralized settings and fine-grained chameleon hash-based redaction in existing redactable blockchains. In addition, PFRB hides users’ policies during policy matching such that apart from successful policy matching, users’ policy contents cannot be inferred and valid redactions cannot be executed. Some main technical challenges include determining how to hide policy contents and support policy matching. Inspired by Newton’s interpolation formula-based secret sharing, PFRB converts policy contents into polynomial parameters and utilizes multi-authority attribute-based encryption to further hide these parameters. Theoretical analysis proves the correctness and security against the chosen-plaintext attack. Extensive experiments on the FISCO blockchain platform and IoT devices show that PFRB achieves competitive efficiency over current redactable blockchains.

Hancheng Gao,Haiping Huang,Lingyan Xue,Fu Xiao,Qi Li

DOI: https://doi.org/10.1109/jiot.2023.3279893

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The integration of Internet of Things (IoT) with cloud-edge computing in cyber-physical systems has revolutionized the way healthcare enterprises manage electronic health records (EHRs). With more healthcare enterprises outsourcing encrypted EHRs to the cloud, searchable encryption is utilized to retrieve encrypted data, especially attribute-based searchable encryption (ABSE) can achieve fine-grained access control. However, ABSE usually requires a lot of computation, which imposes a serious burden on resource-limited devices. Moreover, ensuring fairness in data access is crucial in the healthcare domain, where both data users and owners may have conflicting interests. In order to overcome these problems, this paper proposes a searchable encryption scheme with fine-grained access control for cloud-based EHRs sharing assisted by blockchain. It transfers computing tasks to edge servers and enables users to control who has access to their EHRs. The adoption of blockchain and smart contracts guarantees data integrity and transaction fairness. Moreover, a consensus algorithm is designed for the higher efficiency of the proposed scheme. Finally, security analysis proves the proposed scheme resists adaptive chosen keyword attacks (CKA). Performance analysis further confirms it has more functionalities and is efficient for smart healthcare.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lipeng Wang,Zhi Guan,Zhong Chen,Mingsheng Hu

DOI: https://doi.org/10.1109/jiot.2023.3285211

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The general data protection regulation (GDPR) is a European Union (EU) data protection and privacy law. According to the GDPR, the data on a hosting platform must meet semantic consistency and data integrity requirements. Semantic consistency means that the data operation should comply with the GDPR, while data integrity is meant to ensure that the outsourcing data should be intact. The two terms are not interchangeable. For example, if a cloud service provider migrates data to foreign storage nodes without authorization of the data owner, the data integrity requirement of the GDPR is met but the semantic consistency requirement is not. How to ensure data integrity and compliance is the main challenge for a GDPR-compliant data supervision platform. To achieve this aim, we leverage a blockchain-based data management framework to check the data compliance, which can break the black box of the data hosting platform and demonstrate its logic to data owners, allowing for inspection. We propose a new provable data possession (PDP) scheme for the aforementioned framework that can check for semantic consistency and data integrity simultaneously. The verifier does not need to hold any audited data, which can reduce bandwidth usage. The verification result can be regarded as the proof for subsequent data recovery and accountability. Experimental results show higher efficiency of the PDP scheme.

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Yanhui Liu,Jianbiao Zhang,Jing Zhan

DOI: https://doi.org/10.1007/s10586-020-03190-3

2020-10-15

Cluster Computing

Abstract:Abstract With the development of the Internet of Things (IoT) field, more and more data are generated by IoT devices and transferred over the network. However, a large amount of IoT data is sensitive, and the leakage of such data is a privacy breach. The security of sensitive IoT data is a big issue, as the data is shared over an insecure network channel. Current solutions include symmetric encryption and access controls to secure the data transfer, but they have some drawbacks such as a single point of failure. Blockchain is a promising distributed ledger technology that can prevent the malicious tampering of data, offering reliable data storage. This paper proposes a distributed access control system based on blockchain technology to secure IoT data. The proposed mechanism is based on fog computing and the concept of the alliance chain. This method uses mixed linear and nonlinear spatiotemporal chaotic systems (MLNCML) and the least significant bit (LSB) to encrypt the IoT data on an edge node and then upload the encrypted data to the cloud. The proposed mechanism can solve the problem of a single point of failure of access control by providing the dynamic and fine-grained access control for IoT data. The experimental results of this method demonstrated that it can protect the privacy of IoT data efficiently.