Libo Feng,Junyu Lin,Fei Qiu,Bei Yu,Zhihua Jin,Jinli Wang,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1109/tnsm.2024.3371521

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Industrial big data has experienced from data silos due to its high potential value and strong security requirements, making it difficult to share securely across domains. Blockchain-based solutions allow nodes to establish access control to trusted data on unreliable or trustless networks, but still face issues such as inefficient data sharing and leakage of sensitive information. In this paper, we propose a blockchain-based access control scheme for privacy security and dynamic regulation. First, ciphertext policy attribute-based encryption (CP-ABE) is developed to gain fine-grained access to node resources, with verifiable outsourcing decryption method to significantly reduce computational pressure on end users. Second, a policy hiding method based on multi-chain architecture is proposed, which performs double hiding of attribute information and access policy information on the blockchain. Finally, a supervisory policy that incorporates dynamic trust assessment and smart contracts is proposed to achieve effective detection and hierarchical classification punishment of malicious behavior. Security analysis and experimental results show that our scheme can limit the complexity of terminal decryption at a constant level and effectively achieve secure and efficient access control in the industrial Internet environment.

computer science, information systems

Weiming Tong,Luyao Yang,Zhongwei Li,Xianji Jin,Liguo Tan

DOI: https://doi.org/10.3390/s24031035

IF: 3.9

2024-02-06

Sensors

Abstract:To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

A. Sasikumar,Logesh Ravi,Malathi Devarajan,A. Selvalakshmi,Abdulaziz Turki Almaktoom,Abdulaziz S. Almazyad,Guojiang Xiong,Ali Wagdy Mohamed

DOI: https://doi.org/10.1109/access.2024.3354846

IF: 3.9

2024-01-01

IEEE Access

Abstract:The edge devices will produce enormous quantities of data daily as the Industrial Internet of Things (IIoT) expands in scope. Still, most IIoT data is stored in data centers, making it challenging to transfer data between domains safely. Smart logistic products have dramatically changed due to the prevalence of decentralized edge computing and blockchain in the industry sector. To address the need to exchange data between logistics networks, we proposed a novel decentralized hierarchical attribute-based encryption (HABE) scheme combining edge computing and blockchain. To begin, we offer an IoT data encryption strategy in which edge devices can send data to a nearby cloud network for data processing while maintaining privacy. In addition, we developed a blockchain-integrated data-sharing scheme that makes it possible for users to share data via the use of edge and cloud storage. In particular, an IoT device incorporates an encryption-based authentication system to verify users’ access rights at the network’s periphery in a decentralized manner. Using HABE, we provide a blockchain-integrated architecture for the IoT that protects user privacy. The suggested design utilizes the edge and cloud network paradigms and HABE to maintain privacy and works well with smart logistics applications. The authentication time of the proposed model is reduced by 1.5 times compared with the centralized model. The analyses and experimental findings show that the proposed blockchain-integrated edge computing architecture is better than the existing schemes in terms of data sharing, data privacy, and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qikun Zhang,Yongjiao Li,Ruifang Wang,Lu Liu,Yu‐an Tan,Jingjing Hu

DOI: https://doi.org/10.1002/int.22293

IF: 8.993

2020-10-07

International Journal of Intelligent Systems

Abstract:<p>With the widespread application of Industrial Internet of Things (IIoT) technology in the industry, the security threats are also increasing. To ensure the safe sharing of resources in IIoT, this paper proposes a data security sharing model based on privacy protection (DSS‐PP) for blockchain‐enabled IIoT. Compared with previous works, DSS‐PP has obvious advantages in several important aspects: (1) In the process of identity authentication, it protects users' personal information by using authentication technology with hidden attributes; (2) the encrypted shared resources are stored in off‐chain database of the blockchain, while only the ciphertext index information is stored in the block. It reduces the storage load of the blockchain; (3) it uses blockchain logging technology to trace and account for illegal access. Under the hardness assumption of Inverse Computational Diffe–Hellman (ICDH) problem, this model is proven to be correct and safe. Through the analysis of performance, DSS‐PP has better performance than the referred works.</p>

computer science, artificial intelligence

Wei,Bochao An,Ke Qiao,Jun Shen

DOI: https://doi.org/10.1109/jsac.2023.3310105

IF: 16.4

2023-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Digital twin (DT) constructs virtual counterparts of physical devices to monitor and optimize their life cycle processes. With the emergence of industry 4.0, Industrial Internet of Things (IIoT) has became the backbone of the DT by providing a fundamental way to transform physical devices to their virtual counterparts. With the deployment of IIoT, built-in sensors enable real-time collection of critical DT data involving various physical parameters associated with devices during their life cycle. However, traditional data sharing services rely on a centralized infrastructure, which inevitably brings severe security threats to share large volume of sensitive DT data derived from numerous sensors. To address the above issue, this paper presents a blockchain based Multi-users Oblivious Data Sharing scheme (MODS) for the digital twin system in the context of IIoT. MODS supports a broad range of security properties including confidentiality, obliviousness, and access control for the DT data stored on the blockchain. MODS adopts a hybrid design approach by combing trusted hardware and cryptography to achieve well balances between security and efficiency. To demonstrate the design advantages of MODS, we explore the design space of a multi-users oblivious data sharing scheme by using pure cryptographic approach, which incurs several design tradeoffs that must be addressed. We show that MODS performs well in these tradeoffs. A comprehensive evaluation has been conducted to demonstrate that MODS is practical to support secure data sharing via blockchain for IIoT.

Wenmin Li,Yang Chen,Fei Gao,Shuo Zhang,Hua Zhang,Qiaoyan Wen

DOI: https://doi.org/10.1109/jiot.2021.3128528

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:In the 6G era, Internet of Things (IoT) devices can form a blockchain network, which also faces the problems of data sharing. The data transmitted and stored through the network have the risk of privacy leaking. Encrypting the shared data can satisfy the need of the privacy, and retrieving the encrypted data can make the data used efficiently. However, to enable users to retrieve encrypted data and perform fine-grained authorization on their encrypted files is still a great challenge. Although attribute-based keyword search (ABKS) is a well-received solution to the challenge, there are still privacy and efficiency issues if the traditional ABKS schemes are directly used in blockchain data sharing. In order to solve the problems, this article proposes privacy protection data retrieval scheme with an inverted index, which is an application of attribute-based encryption. First, our scheme is proved secure against the outside keyword guessing attack (KGA) and chosen keyword attack (CKA) under the semitrusted model. Second, the scheme returns a multikeywords ranked result. Third, we analyze the efficiency of our scheme and verify it by simulation. The results show that our scheme has improvement in efficiency and can meet the data sharing needs of the blockchain network composed of IoT devices.

Zhigang Xu,Shiguang Zhang,Hongmu Han,Xinhua Dong,Zhiqiang Zheng,Haitao Wang,Wenlong Tian

DOI: https://doi.org/10.1155/2022/2410455

IF: 1.968

2022-10-01

Security and Communication Networks

Abstract:In the Internet of Things (IoT), data sharing security is important to social security. It is a huge challenge to enable more accurate and secure access to data by authorized users. Blockchain access control schemes are mostly one-way access control, which cannot meet the need for ciphertext search, two-way confirmation of users and data, and secure data transmission. Thus, this paper proposes a blockchain-aided searchable encryption-based two-way attribute access control scheme (STW-ABE). The scheme combines ciphertext attribute access control, key attribute access control, and ciphertext search. In particular, two-way access control meets the requirement of mutual confirmation between users and data. The ciphertext search avoids information leakage during transmission, thus improving overall efficiency and security during data sharing. Moreover, user keys are generated by the coalition blockchain. Besides, the ciphertext search and pre-decryption are outsourced to cloud servers, reducing the computing pressure on users and adapting to the needs of lightweight users in the IoT. Security analysis proves that our scheme is secure under a chosen-plaintext attack and a chosen keyword attack. Simulations show that the cost of encryption and decryption, keyword token generation, and ciphertext search of our scheme are preferable.

computer science, information systems,telecommunications

Zhendong Liu,Liang Meng,Qingyuan Zhao,Fei Li,Manrui Song,Dongxu Dai,Xiujuan Yang,Song Guan,Yue Wang,Hongliang Tian

DOI: https://doi.org/10.1155/2022/2381365

2022-10-16

Wireless Communications and Mobile Computing

Abstract:With the dramatically increasing deployment of intelligent devices, the Internet of Things (IoT) has attracted more attention and developed rapidly. It effectively collects and shares data from the surrounding environment to achieve better IoT services. For data sharing, the publish-subscribe (PS) paradigm provides a loosely coupled and scalable communication model. However, due to the loosely coupled nature, it is vulnerable to many attacks, resulting in some security threats to the IoT system, but it cannot provide the basic security mechanisms such as authentication and confidentiality to ensure the data security. Thus, in order to protect the system security and users' privacy, this paper presents a secure blockchain-based privacy-preserving access control scheme for the PS system, which adopt the fully homomorphic encryption (FHE) to ensure the confidentiality of the publishing events and leverage the ledger to store the large volume of data events and access crossdomain information. Finally, we analyze the correctness and security of our scheme; moreover, we deploy our proposed prototype system on two computers and evaluate its performance. The experimental results show that our PS system can efficiently achieve the equilibrium between the system cost and the security requirement.

computer science, information systems,telecommunications,engineering, electrical & electronic

Suhui Liu,Jiguo Yu,Chunqiang Hu,Mengmeng Li

DOI: https://doi.org/10.1155/2021/6682580

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Yue Wang,Tingyu Che,Xiaohu Zhao,Tao Zhou,Kai Zhang,Xiaofei Hu

DOI: https://doi.org/10.3390/s22093426

2022-04-30

Abstract:Due to the competitive relationship among different smart factories, equipment manufacturers cannot integrate the private information of all smart factories to train the intelligent manufacturing equipment fault prediction model and improve the accuracy of intelligent manufacturing equipment fault detection. The use of a low fault recognition rate model for smart factories will cause additional losses for them. In this work, we propose a blockchain-based privacy information security sharing scheme in Industrial Internet of Things (IIoT) to solve the sharing problem of private information in smart factories. Firstly, we abstract smart factories as edge nodes and build decentralized, distributed trusted blockchain networks based on Ethereum clients on simulated edge devices and propose an Intelligent Elliptic Curve Digital Signature Algorithm (IECDSA) to guarantee the ownership of shared information by edge nodes. Secondly, we propose the Reputation-based Delegated Proof of Stake (RDPoS) consensus algorithm to improve the security and reliability of the Delegated Proof of Stake (DPoS) consensus algorithm. Furthermore, we design and implement an incentive mechanism based on information attributes to increase the motivation of edge nodes to share information. Finally, the proposed solution is simulated. Through theoretical and simulation experiments, it is proved that the blockchain-based privacy information security sharing scheme in IIoT can improve the enthusiasm of edge nodes to share information on the premise of ensuring the security of information sharing.

Weiming Tong,Luyao Yang,Zhongwei Li,Jinxiao Zhao,Feng Pan,Liguo Tan

DOI: https://doi.org/10.1109/iccsie61360.2024.10698294

2024-01-01

Abstract:With the rapid development of the Industrial Internet of Things, a vast amount of data generates, collects, and processes, playing a crucial role in industrial production and operations. Addressing issues of privacy leakage, identity forgery, and data security during data transmission in IIoT, this paper proposes a data security transmission and privacy protection scheme based on blockchain technology. The scheme employs zero-knowledge proof algorithms for identity authentication of terminal devices to ensure the privacy of device information is not compromised, effectively preventing identity forgery and attacks. Additionally, it uses attribute-based encryption to secure the data's confidentiality. To ensure efficient data storage and the security of encryption keys, the scheme utilizes IPFS for on-chain querying and off-chain storage of data. The security of the proposed scheme is analyzed theoretically, and its computational overhead is evaluated experimentally. The results show that this scheme has lower computational overhead compared to other schemes, while significantly enhancing security and reliability.

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Ruidong Li,Hitoshi Asaeda,Jie Li

DOI: https://doi.org/10.1109/jiot.2017.2666799

2017-01-01

Abstract:In Information-Centric Internet of Things (ICIoT), Internet of Things (IoT) data can be cached throughout a network for close data copy retrievals. Such a distributed data caching environment, however, poses a challenge to flexible authorization in the network. To address this challenge, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However, in the existing CP-ABE scheme, publishers need to retrieve attributes from a centralized server for encrypting data, which leads to high communication overhead. To solve this problem, we incorporate CP-ABE and propose a novel Distributed Publisher-Driven secure data sharing for ICIoT (DPD-ICIoT) to enable only authorized users to retrieve IoT data from distributed cache. In DPD-ICIoT, newly introduced attribute manifest is cached in the network, through which publishers can retrieve the attributes from nearby copy holders instead of a centralized attribute server. In addition, a key chain mechanism is utilized for efficient cryptographic operations, and an automatic attribute self-update mechanism is proposed to enable fast updates of attributes without querying centralized servers. According to the performance evaluation, DPD-ICIoT achieves lower bandwidth cost compared to the existing CP-ABE scheme.

Qi Han,Yinghui Zhang,Hui Li

DOI: https://doi.org/10.1016/j.future.2018.01.019

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The term of Internet of Things (IoT) remarkably increases the ubiquity of the internet by integrating smart object-based infrastructures. How to achieve efficient fine-grained data access control while preserving data privacy is a challenge task in the scenario of IoT. Despite ciphertext-policy attribute-based encryption (CP-ABE) can provide fine-grained data access control by allowing the specific users whose attributes match the access policy to decrypt ciphertexts. However, existing CP-ABE schemes will leak users’ attribute values to the attribute authority (AA) in the phase of key generation, which poses a significant threat to users’ privacy. To address this issue, we propose a new CP-ABE scheme which can successfully protect the user’s attribute values against the AA based on 1-out-of-n oblivious transfer technique. In addition, we use Attribute Bloom Filter to protect the attribute type of the access policy in the ciphertext. Finally, security and efficiency evaluations show that the proposed scheme can achieve the desired security goals, while keeping comparable computation overhead.

Chenlei Liu,Feng Xiang,Zhixin Sun

DOI: https://doi.org/10.1155/2022/8497628

IF: 1.968

2022-04-12

Security and Communication Networks

Abstract:Information sharing has become an important application in modern supply chain management systems with business technology development. Because traditional supply chain information systems have problems such as easy data tampering, low information transparency, and interaction delays, blockchain has been taken consideration into supply chain information sharing research. Furthermore, blockchain technology is expected to provide decentralized supply chain information sharing solutions to enhance security, availability, and transparency. However, with the in-depth study of the application of blockchain technology in supply chain information sharing, people have found that the data stored publicly in the blockchain are still threatened by privacy leakage. In addition, due to the openness and accessibility of the blockchain, the lack of fine-grained access control is also apparent. In order to improve the security of data, we propose a novel privacy-preserving multiauthority attribute-based access control scheme for secure blockchain-based information sharing in a supply chain. In this scheme, blockchain stores encrypted supply chain information on distributed nodes. Multiple attribute authorities manage different attributes of users to achieve fine-grained access control and flexible authorization. Even if some attribute authorities fail, the user’s private key will not be leaked. In user secret key generation, we adopt an anonymous key generation protocol to realize the secure distribution of user keys by the attribute authorities. Furthermore, in order to meet the protection of communication privacy between blockchain nodes, properties of policy hiding and identity hiding are considered. Finally, we design experiments to analyze the performance of our scheme, including secret key sizes and running time of encryption and decryption.

computer science, information systems,telecommunications

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Zhenhua Lu,Yuyan Guo,Jiguo Li,Weina Jia,Liping Lv,Jie Shen

DOI: https://doi.org/10.1155/2022/8350006

2022-04-11

Wireless Communications and Mobile Computing

Abstract:As the product of the third information technology revolution, the Internet of Things (IoT) has greatly altered our way of lifetime. Cloud storage has gradually become the best choice for data processing due to its scalability and flexibility. However, the cloud is not a completely trusted entity, such as tampering with user data or leaking personal privacy. Therefore, cloud storage usually adopts attribute-based encryption schemes to accomplish data confidentiality and fine-grained access control. However, applying the ABE scheme to the Internet of Things still faces many challenges, such as dynamic user revocation, data sharing, and excessive computational burden. In this paper, we propose a novel searchable attribute encryption system that replaces the traditional key generation center with consortium blockchain to generate and manage partial keys. In addition, our scheme can perform predecryption operations in the cloud, and users only need to spend a small amount of computational cost to achieve decryption operations. Security analysis proves that our scheme achieves security under both the chosen keyword attack and the chosen plaintext attack. Compared with other schemes, this scheme is more economical in terms of computing and storage.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sheng Ding,Jin Cao,Chen Li,Kai Fan,Hui Li

DOI: https://doi.org/10.1109/access.2019.2905846

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the sharp increase in the number of intelligent devices, the Internet of Things (IoT) has gained more and more attention and rapid development in recent years. It effectively integrates the physical world with the Internet over existing network infrastructure to facilitate sharing data among intelligent devices. However, its complex and large-scale network structure brings new security risks and challenges to IoT systems. To ensure the security of data, traditional access control technologies are not suitable to be directly used for implementing access control in IoT systems because of their complicated access management and the lack of credibility due to centralization. In this paper, we proposed a novel attribute-based access control scheme for IoT systems, which simplifies greatly the access management. We use blockchain technology to record the distribution of attributes in order to avoid single point failure and data tampering. The access control process has also been optimized to meet the need for high efficiency and lightweight calculation for IoT devices. The security and performance analysis show that our scheme could effectively resist multiple attacks and be efficiently implemented in IoT systems.

Linjian Hong,Kai Zhang,Junqing Gong,Haifeng Qian

DOI: https://doi.org/10.1155/2022/4978802

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Attribute-based encryption (ABE) is a powerful encryption scheme with flexible access control over encrypted data that has been widely adopted in cloud computing scenarios to facilitate data sharing. However, despite convenience and efficiency provided by data sharing based on cloud, it is commonly vulnerable to issues like key abuse (namely, illegal key sharing by user or key distribution by authority) and key escrow (namely, illegal decryption by ABE authority). Hence, exploring a more secure ABE scheme that can be key abuse and key escrow resistant is crucial. Furthermore, data modification that happens in cloud storage and outsourced computation is also a challenge for the cloud-based data sharing schemes. To handle the above issues, in this paper, we propose a secure and efficient data sharing scheme based on attribute-based encryption (ABE) and blockchain equipped with InterPlanetary File System (IPFS). In particular, we show that the large-universe ABE with outsourced decryption (LU-ABE-OD) scheme proposed by Ning et al. is vulnerable to key escrow attack, which is not secure enough in the data sharing scenario. Therefore, based on their basic proposal, we construct an improved multi-authority LU-ABE-OD scheme to encrypt personal data, which are stored in the IPFS system while blockchain is applied to store the hash value returned by IPFS and be responsible for the outsourced decryption. As a result, our scheme greatly reduces the decryption overheads of the user while risks of key abuse and key escrow can be settled. Meanwhile, the introduction of IPFS significantly reduces the storage burden on chain without data tampering problem. Through theoretical analysis and experimental simulation, we prove the feasibility, security, and efficiency of our scheme.