Yin Zhang,Ling Xiong,Fagen Li,Xianhua Niu,Hanzhou Wu

DOI: https://doi.org/10.1016/j.sysarc.2023.102949

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:Blockchain-based authentication mode, a fundamental solution to prevent unauthorized access behavior, gradually becomes a focus in future distributed mobile cloud computing (MCC) services. However, due to the transparent and immutable characteristics of blockchain, users' access behaviors are facing huge security and privacy threats. Storing the encrypted data on chain is an effective way to address these issues, but access permission confirmation and update in the form of ciphertext is the main bottleneck. To this end, this paper proposes a blockchain-based unified authentication and hierarchical access control scheme for the MCC environment, which provides both privacy protection and auditability. In the proposed scheme, users can access multiple MCC services with different access permissions using a single credential. To protect the privacy of both users and service providers, while still supporting auditability, the data on the public ledger is blinded using Pedersen commitments. Besides, the proposed scheme provides flexible dynamic updating in encrypted form. Theoretical analysis indicates that the proposed scheme can meet various security and privacy requirements in the MCC environment. Compared with related schemes, it has better communication efficiency. Therefore, the proposed scheme is more suitable for the actual MCC environment.

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Ling Xiong,Fagen Li,Mingxing He,Zhicai Liu,Tu Peng

DOI: https://doi.org/10.1109/tcc.2020.3029878

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this article constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Qian Mei,Hu Xiong,Yeh-Cheng Chen,Chien-Ming Chen

DOI: https://doi.org/10.1109/tem.2022.3159311

IF: 8.702

2024-01-01

IEEE Transactions on Engineering Management

Abstract:In this article, we propose a secure and effective blockchain-enabled privacy-preserving authentication scheme for the transportation cyber-physical system (CPS) with the cloud-edge computing environment, which supports unconditional anonymity and data batch integrity verification while greatly simplifying key management issues. The proposed privacy-preserving authentication scheme employs an elliptic curve to construct a pairing-free ring signature scheme, which greatly reduces the resources overhead in the transportation CPS with cloud-edge computing. Moreover, the authentication process is performed on the blockchain to provide more reliable service information for vehicular communication. Furthermore, the security proof of the scheme is demonstrated based on the elliptic curve discrete logarithm problem under the random oracle model, and gives the corresponding security analysis. Finally, a simulation experiment demonstrates that the proposed scheme is feasible compared with the existing schemes.

Jing Wu,Yuhan Yang,Lijun Wei,C. Long

DOI: https://doi.org/10.1145/3390566.3391664

2020-03-12

Abstract:With the rapid development of Internet of Things, the demand of data sharing is not only to ensure the data integrity, but also to protect user's individual privacy. Secure multi-party computation, as a technology paradigm based on cryptography technology, enables privacy protection in data sharing among multiple parties, while the implement of secure multi-party computation is limited due to the inefficient, complex computation protocol and frequent interaction. Fortunately, the emergence of blockchain technology provides excellent properties of decentralization, verifiability and high reliability for secure multi-party computation. In this paper, we propose a blockchain-based secure multi-party computation architecture for data sharing, where we design an aggregator consortium for data storage, verification and joint computation. Moreover, we introduce a straightforward secure multi-party computation scheme based on homomorphic encryption. In addition, we analyze and discuss this scheme in terms of data security, access flexibility, attack resistance and potential applications.

Computer Science,Engineering

Jiapeng Zhou,Yuxiang Feng,Zhenyu Wang,Danyi Guo

DOI: https://doi.org/10.3390/s21041540

2021-02-23

Abstract:The development of information technology has brought great convenience to our lives, but at the same time, the unfairness and privacy issues brought about by traditional centralized systems cannot be ignored. Blockchain is a peer-to-peer and decentralized ledger technology that has the characteristics of transparency, consistency, traceability and fairness, but it reveals private information in some scenarios. Secure multi-party computation (MPC) guarantees enhanced privacy and correctness, so many researchers have been trying to combine secure MPC with blockchain to deal with privacy and trust issues. In this paper, we used homomorphic encryption, secret sharing and zero-knowledge proofs to construct a publicly verifiable secure MPC protocol consisting of two parts-an on-chain computation phase and an off-chain preprocessing phase-and we integrated the protocol as part of the chaincode in Hyperledger Fabric to protect the privacy of transaction data. Experiments showed that our solution performed well on a permissioned blockchain. Most of the time taken to complete the protocol was spent on communication, so the performance has a great deal of room to grow.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Junhua Wu,Xiangmei Bu,Guangshun Li,Guangwei Tian

DOI: https://doi.org/10.1002/spe.3315

2024-02-23

Software Practice and Experience

Abstract:Mobile edge computing (MEC) technology is widely used for real‐time and bandwidth‐intensive services, but its underlying heterogeneous architecture may lead to a variety of security and privacy issues. Blockchain provides novel solutions for data security and privacy protection in MEC. However, the scalability of traditional blockchain is difficult to meet the requirements of real‐time data processing, and the consensus mechanism is not suitable for resource‐constrained devices. Moreover, the access control of MEC data needs to be further improved. Given the above problems, a data privacy protection model based on sharding blockchain and access control is designed in this paper. First, a privacy‐preserving platform based on a sharding blockchain is designed. Reputation calculation and improved Proof‐of‐Work (PoW) consensus mechanism are proposed to accommodate resource‐constrained edge devices. The incentive mechanism with rewards and punishments is designed to constrain node behavior. A reward allocation algorithm is proposed to encourage nodes to actively contribute to obtaining more rewards. Second, an access control strategy using ciphertext policy attribute‐based encryption (CP‐ABE) and RSA is designed. A smart contract is deployed to implement the automatic access control function. The InterPlanetary File System is introduced to alleviate the blockchain storage burden. Finally, we analyze the security of the proposed privacy protection model and statistics of the GAS consumed by the access control policy. The experimental results show that the proposed data privacy protection model achieves fine‐grained control of access rights, and has higher throughput and security than traditional blockchain.

computer science, software engineering

Jia-Shun Zhang,Gang Xu,Xiu-Bo Chen,Haseeb Ahmad,Xin Liu,Wen Liu

DOI: https://doi.org/10.32604/cmc.2021.017227

2021-01-01

Abstract:With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a selfservice manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.

Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.

Mingxin Ma,Guozhen Shi,Fenghua Li

DOI: https://doi.org/10.1109/access.2019.2904042

IF: 3.9

2019-01-01

IEEE Access

Abstract:The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability, and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Marwan Adnan Darwish,Eiad Yafi,Mohammed A. Al Ghamdi,Abdullah Almasri

DOI: https://doi.org/10.1007/s13369-020-04394-w

IF: 2.807

2020-02-14

Arabian Journal for Science and Engineering

Abstract:Cloud computing (CC) is a distributed and centralized network of interconnected and interrelated systems that has emerged as an area of incredible impact, potential, and growth in the IT domain. In the last few years, this paradigm has thrived to become the fastest evolutionary segment for business and various industries. Despite the many advantages provided by the cloud, serious challenges related to privacy and security have arisen such as privacy exposure, data loss, manipulation, service-level agreement (SLA) violation, and concerns over the service and deployment models. In this article, a blockchain-based hybrid algorithm is proposed to tackle the privacy inefficiency of existing tools. A novel hybrid technique is used to encrypt data ahead of outsourcing it to data centers, and a unique digital signature is generated at clients and stored on a decentralized set of blocks. A virtual cloud similar to actual cloud service infrastructure was built to test the proposed framework. Despite the additional computational powers needed to run the proposed framework due to blockchain integration, the results show that data integrity and reliability are preserved and user's privacy is increased. Our results are discussed and benchmarked against the standard privacy tests standards such as changes in the stored data, the negligible overheads on cloud performance, and the data records of the blockchain structure.

multidisciplinary sciences

Yinghui Zhang,Xuanni Wei,Jin Cao,Jianting Ning,Zuobin Ying,Dong Zheng

DOI: https://doi.org/10.1016/j.jksuci.2022.08.015

2022-01-01

Abstract:With the rapid development of edge computing technologies, smart healthcare significantly improves people’s lives by collecting and analyzing health data in real time. However, security and privacy issues impede the wide deployment of smart healthcare systems (SHS). Most of existing solutions still have drawbacks with respect to computation efficiency and users’ privacy. In this paper, a blockchain-enabled attribute-based access control scheme with hidden policies is proposed for SHS. The scheme introduces multiple authorities to avoid single point failure. Especially, the mode of online-offline encryption relieves users’ online computation burden by transferring computation tasks to the idle time of users, and policy hiding protects users’ sensitive information. Furthermore, fair payments are realized based on blockchain and smart contracts to support the outsourcing of decryption between users and mobile edge computing servers. Finally, the proposed scheme is proven secure in the random oracle model, and experimental results show that it is computationally efficient and hence can be used in the edge computing environment.

Gao Yu-Long,Chen Xiu-Bo,Xu Gang,Liu Wen,Dong Mian-Xiong,Liu Xin

DOI: https://doi.org/10.1007/s11042-020-09867-6

IF: 2.577

2020-01-01

Multimedia Tools and Applications

Abstract:Nowadays, personal privacy disclosure issues become increasingly prominent in the process of data publishing. Targeting at this issue, a secure blockchain-based personal privacy protection scheme is proposed. In this paper, firstly, the information is stored in cloud service, and its hash value is used for the index, which is encrypted and stored on the blockchain. Secondly, based on the principles of cryptography and the characters of blockchain technology, we propose our scheme and use it to provide an access control mechanism for personal privacy. It can make the personal privacy protection easier and more efficient. At last, through our analysis, this scheme can sufficiently protect personal privacy in using mobile devices and provide a safe and trustworthy information acquisition method for data mining. More importantly, this proposed scheme also can provide a reliable and unique source tracing for multimedia copyright protection in terms of multimedia security.

Haipeng Sun,Yu-an Tan,Liang Zhu,Qikun Zhang,Shan Ai,Jun Zheng

DOI: https://doi.org/10.1007/s12652-022-04020-7

IF: 3.662

2022-07-10

Journal of Ambient Intelligence and Humanized Computing

Abstract:The application scenarios of edge-cloud collaboration are very wide. In order to ensure the operational security of resource sharing among intelligent terminals in edge-cloud collaboration scenarios, and prevent unauthorized entities from accessing sensitive data, a blockchain-based access control protocol for secure resource sharing is proposed. For the characteristics of edge-cloud collaborative application scenarios, the attribute authentication, secure storage, intra-domain access control, inter-domain access control and dynamic update of access permissions are studied in this paper. The proposed protocol has the following advantages. (1) Privacy protection: in the edge-cloud collaborative application scenario, the privacy of mobile terminals is easily leaked. The access control technology with hidden attributes is adopted, which can not only achieve the purpose of access control, but also ensure that the identity and attribute information of terminals are not leaked; (2) cross-domain access control: edge-cloud collaborative application scenarios, resource sharing among terminals may span multiple different security domains, and the proposed protocol supports cross-domain access control; (3) dynamic access control: some mobile terminals may frequently join or exit some application scenarios, the access permissions of these terminals can be dynamically updated using blockchain in this protocol; (4) fine-grained access control: the permissions for access resources are set by the combination of attribute permissions of the terminals. The terminal can access a variety of resources by setting different combinations of its attribute permissions. The performance analysis shows that compared with the cited literatures, the proposed protocol has advantages in terms of computational time, computational complexity and communication overhead.

computer science, information systems,telecommunications, artificial intelligence

Haiping Si,Weixia Li,Nan Su,Tingting Li,Yanling Li,Chuanhu Zhang,Bacao Fernando,Changxia Sun

DOI: https://doi.org/10.1016/j.comcom.2024.05.012

IF: 5.047

2024-05-20

Computer Communications

Abstract:With the continuous maturation of blockchain technology and the increasing demands for various industry applications, data sharing and interoperability among different blockchain networks face significant challenges. Research on cross-chain interoperability mechanisms has facilitated data collaboration across organizations and industries, enhancing the value and utility of data. When engaging in cross-chain data interactions, access control ensures the security and privacy of data while promoting collaboration and information exchange among multiple chains. Attribute-based access control can provide fine-grained authorization support, matching complex business scenarios. However, publicly disclosed policies and attributes in a transparent blockchain network may pose privacy and security issues. To address these issues, this paper proposes a cross-heterogeneous multichain data access control scheme based on attributes and threshold homomorphic encryption, achieving fine-grained and secure cross-domain access control in cross-chain networks. This scheme uses the threshold Paillier cryptosystem to encrypt and conceal user attributes and access policies. Through smart contracts, homomorphic differential computation is performed on the ciphertext of policies and attributes, to protect data privacy. This solution leverages private key decryption shares from multiple relay nodes in the cross-chain network to jointly decrypt the computation results, providing secure access control in complex cross-chain scenarios. Security analysis and experimental results demonstrate that the proposed scheme ensures security with reasonable computational overhead, to meet the access control requirements in cross-chain networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Liang Huang,Hyung-Hyo Lee

DOI: https://doi.org/10.1155/2020/8859961

2020-09-26

Wireless Communications and Mobile Computing

Abstract:With the features of decentralization and trustlessness and through distributed data storage, point-to-point transmission, and encryption algorithms, blockchain has shed new light on the security and protection of medical data, and it can resolve the contradiction between data sharing and privacy protection with proper security strategies. In this paper, we integrate the strengths of both blockchain and cloud computing and build the privacy protection scheme for medical data based on blockchain and cloud computing. This scheme introduces cloud computing and provides services to blockchain nodes with cloud server computing; meanwhile, it collects, analyzes, processes, and maintains medical data in the identity authentication interface and solves the insufficient computing abilities of some nodes in blockchain so as to verify the authenticity and reliability of data. The simulation experiment proves that the proposed scheme is effective. It can achieve the secure protection and integrity verification of medical data and address the problems of high computing complexity, data sharing, and privacy protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuixiang Li,Ruixuan Li,Yu Zhang,Yongfeng Huang

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00093

2020-01-01

Abstract:The proliferation of mobile smartphones and the Internet has enabled people to stay online, gradually changing how people live and work. Particularly during epidemic isolation, people are more likely to communicate online via the Internet. Limited by the storage capacity and network bandwidth of mobile terminals, users are more likely to use the cloud to store and share data. However, data stored by centralized cloud services in a semi-trusted environment is at risk of being compromised, and most systems use cryptographic access control for the data, which failed to achieve fine-grained access control. In this paper, we propose a data access control system based on cloud and blockchain integration (CBI), which takes the decentralized, tamper-proof characteristics of blockchain and combines the advantages of cloud storage to design a novel integrated architecture, and designed a CBI-CP-ABE algorithm to implement attribute-based encryption for fine-grained access control. Experiments show that our proposed solution has similar performance to traditional data access control systems, and users have higher control and management rights over their data in the cloud so that they can store and share data more securely and keep track of their data usage.