M. Humayun,Mohammed Assiri

DOI: https://doi.org/10.3390/app13063437

2023-03-08

Applied Sciences

Abstract:Audits are an essential component of every organization, particularly those involving software development. In addition to several testing cycles, software auditing has become an essential software development milestone. Software auditing is a continual activity that enables a business to remain ahead of the curve and predict potential software problems. Audits, whether undertaken in-house or by external auditors, entail a significant amount of time and work. Consistent audits provide financial and economic benefits, as well as legal benefits. The most essential advantage of audits is safeguarding your system from internal and external assaults. Audit logs serve a crucial role in the auditing process; they typically capture all system operations and occurrences. They are used as evidence providers during an inquiry and by auditors to monitor the privacy and security of information and systems. Auditors confirm the accuracy of data pertaining to businesses and their activities. To determine if these acts exceed the limitations established by organizations, governments, and other parties, dependable information is essential. Infractions of such rules or corporate standards may be indicative of fraud, malpractice, risk, or inefficiency. Despite the existence of automated audit tools, audit policy, and audit logs, many audit frauds are reported on a daily basis. To make the audit process transparent and secure, this research proposes a blockchain-enabled framework SSFTA to aid software auditors in conducting a transparent and effective audit process. The proposed framework is evaluated using a case study. The findings demonstrated that the suggested framework makes the auditing process simple and transparent.

Computer Science

Erik Heiland,Peter Hillmann

DOI: https://doi.org/10.48550/arXiv.2211.11444

2022-11-21

Abstract:According to experts, one third of all IT vulnerabilities today are due to inadequate software verification. Internal program processes are not sufficiently secured against manipulation by attackers, especially if access has been gained. There is a lack of internal control instances that can monitor and control program flows. Especially when a software vulnerability becomes known, quick action is required, whereby the consequences for an individual application are often not foreseeable. With our approach (B)LOCKBOX, software building blocks act as verified entities within a transaction-based blockchain network. Source Code, binaries and application execution become supervised. Unwanted interference and manipulation are prevented by the integrity of the distributed system.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Systems and Control

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Vamshi Adouth,Eswari Rajagopal

DOI: https://doi.org/10.1002/cpe.7690

2023-03-11

Concurrency and Computation: Practice and Experience

Abstract:Summary Cloud‐server is an effective and flexible way to manage the massive amounts of data produced by cyber‐physical systems. It is a better option to outsource these data to the cloud. When data is outsourced to the cloud, users lose control over it, compromising the data's integrity. Many public auditing schemes were proposed to address this issue, where trusted third‐party auditors (TPAs) verify the integrity of data on behalf of the users. However, trusted TPAs are vulnerable and may not provide correct auditing results on time. Moreover, there is no trust nowadays. Blockchain‐based auditing schemes were introduced to prevent trusted third parties from overcoming this issue. However, most blockchain‐based public auditing schemes suffer from the key‐escrow issue. To overcome the key‐escrow problem and malicious auditors, in this article, a blockchain‐based certificateless public auditing with privacy‐preserving for cloud‐based cyber‐physical systems is constructed. The proposed scheme is secure against type I, II, III, and IV adversaries in the random oracle model. Further, the original proof of the data is masked using a random function to achieve data privacy when data is transferred between the cloud‐server and verifier. The performance analysis shows that the proposed scheme has higher efficiency and is suitable for cyber‐physical systems.

computer science, theory & methods, software engineering

Fatemeh Stodt,Mohammed B. M. Kamel,Christoph Reich,Fabrice Theoleyre,Peter Ligeti

DOI: https://doi.org/10.1109/access.2024.3366492

IF: 3.9

2024-02-28

IEEE Access

Abstract:In the rapidly evolving realm of the Industrial Internet of Things (IIoT), securing shop floor operations, especially in audit processes, is of critical importance. This paper confronts the challenge of ensuring data integrity and trust in IIoT systems by leveraging the capabilities of blockchain technology. The unique characteristics of blockchain, such as its immutable and decentralized ledger, establish a solid and transparent foundation for verifying shop floor transactions and activities. We introduce a privacy-centric approach, meticulously designed to comply with stringent data privacy regulations. This method allows auditors to authenticate both IIoT data and devices, ensuring confidentiality and adhering to regulatory standards. Our practical implementation strategy, tailored for shop floor environments, not only enhances the security of device and data integrity but also showcases robustness against specific adversarial threats, including network intrusion, data tampering, and unauthorized access. The findings indicate that our approach not only strengthens security protocols but also integrates effortlessly with existing IIoT infrastructures. It presents an efficient, scalable solution that elevates the safety and reliability of IIoT ecosystems, making it a significant step forward in the quest for secure and compliant industrial operations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hussam Saeed Musa,Moez Krichen,Adem Alpaslan Altun,Meryem Ammi

DOI: https://doi.org/10.3390/s23218749

2023-10-26

Abstract:This research paper investigates the integration of blockchain technology to enhance the security of Android mobile app data storage. Blockchain holds the potential to significantly improve data security and reliability, yet faces notable challenges such as scalability, performance, cost, and complexity. In this study, we begin by providing a thorough review of prior research and identifying critical research gaps in the field. Android's dominant position in the mobile market justifies our focus on this platform. Additionally, we delve into the historical evolution of blockchain and its relevance to modern mobile app security in a dedicated section. Our examination of encryption techniques and the effectiveness of blockchain in securing mobile app data storage yields important insights. We discuss the advantages of blockchain over traditional encryption methods and their practical implications. The central contribution of this paper is the Blockchain-based Secure Android Data Storage (BSADS) framework, now consisting of six comprehensive layers. We address challenges related to data storage costs, scalability, performance, and mobile-specific constraints, proposing technical optimization strategies to overcome these obstacles effectively. To maintain transparency and provide a holistic perspective, we acknowledge the limitations of our study. Furthermore, we outline future directions, stressing the importance of leveraging lightweight nodes, tackling scalability issues, integrating emerging technologies, and enhancing user experiences while adhering to regulatory requirements.

Chen Wanfa,Zheng Qing'an,Chen Shuzhen,Fu Hongyi,Chen Liang

DOI: https://doi.org/10.23919/jcc.fa.2023-0715.202406

2024-06-21

China Communications

Abstract:In recent years, blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation. While blockchain technology and applications are developing rapidly, the emerging security risks and obstacles have gradually become prominent. Attackers can still find security issues in blockchain systems and conduct attacks, causing increasing losses from network attacks every year. In response to the current demand for blockchain application security detection and assessment in all industries, and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology, this paper proposes a blockchain core technology security assessment system model, and studies the relevant detection and assessment key technologies and systems. A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed. And the underlying blockchain architecture supports the traceability of detection results using super blockchains. Finally, the functionality and performance of the system were tested, and the test results show that the model and solutions proposed in this paper have good feasibility.

telecommunications

Peyman Khordadpour,Saeed Ahmadi

2024-03-03

Abstract:The integration of blockchain technology in Internet of Things (IoT) environments is a revolutionary step towards ensuring robust security and enhanced privacy. This paper delves into the unique challenges and solutions associated with securing blockchain-based IoT systems, with a specific focus on anonymous auditing to reinforce privacy and security. We propose a novel framework that combines the decentralized nature of blockchain with advanced security protocols tailored for IoT contexts. Central to our approach is the implementation of anonymization techniques in auditing processes, ensuring user privacy while maintaining the integrity and transparency of blockchain transactions. We outline the architecture of blockchain in IoT environments, emphasizing the workflow and specific security mechanisms employed. Additionally, we introduce a security protocol that integrates privacy-enhancing tools and anonymous auditing methods, including the use of advanced cryptographic techniques for anonymity. This study also includes a comparative analysis of our proposed framework against existing models in the domain. Our work aims to provide a comprehensive blueprint for enhancing security and privacy in blockchain-based IoT environments, paving the way for more secure and private digital ecosystems.

Cryptography and Security

Faheem Ullah,Jingsha He,Nafei Zhu,Ahsan Wajahat,Ahsan Nazir,Sirajuddin Qureshi,Muhammad Salman Pathan,Soumyabrata Dev

DOI: https://doi.org/10.1016/j.heliyon.2024.e34407

IF: 3.776

2024-08-10

Heliyon

Abstract:In the realm of modern healthcare, Electronic Health Records EHR serve as invaluable assets, yet they also pose significant security challenges. The absence of EHR access auditing mechanisms, which includes the EHR audit trails, results in accountability gaps and magnifies security vulnerabilities. This situation effectively paves the way for unauthorized data alterations to occur without detection or consequences. Inadequate EHR compliance auditing procedures, particularly in verifying and validating access control policies, expose healthcare organizations to risks such as data breaches, and unauthorized data usage. These vulnerabilities result from unchecked unauthorized access activities. Additionally, the absence of EHR audit logs complicates investigations, weakens proactive security measures, and raises concerns to put healthcare institutions at risk. This study addresses the pressing need for robust EHR auditing systems designed to scrutinize access to EHR data, encompassing who accesses it, when, and for what purpose. Our research delves into the complex field of EHR auditing, which includes establishing an immutable audit trail to enhance data security through blockchain technology. We also integrate Purpose-Based Access Control (PBAC) alongside smart contracts to strengthen compliance auditing by validating access legitimacy and reducing unauthorized entries. Our contributions encompass the creation of audit trail of EHR access, compliance auditing via PBAC policy verification, the generation of audit logs, and the derivation of data-driven insights, fortifying EHR access security.

Sean Cao,Lin William Cong,Meng Han,Qixuan Hou,Baozhong Yang

DOI: https://doi.org/10.48550/arXiv.2005.07627

2020-05-15

Cryptography and Security

Abstract:Business transactions by public firms are required to be reported, verified, and audited periodically, which is traditionally a labor-intensive and time-consuming process. To streamline this procedure, we design FutureAB (Future Auditing Blockchain) which aims to automate the reporting and auditing process, thereby allowing auditors to focus on discretionary accounts to better detect and prevent fraud. We demonstrate how distributed-ledger technologies build investor trust and disrupt the auditing industry. Our multi-functional design indicates that auditing firms can automate transaction verification without the need for a trusted third party by collaborating and sharing their information while preserving data privacy (commitment scheme) and security (immutability). We also explore how smart contracts and wallets facilitate the computerization and implementation of our system on Ethereum. Finally, performance evaluation reveals the efficacy and scalability of FutureAB in terms of both encryption (0.012 seconds per transaction) and verification (0.001 seconds per transaction).

Bingqing Yang

DOI: https://doi.org/10.1155/2022/7671810

2022-03-15

Abstract:The increasing maturity of Internet information technology has led to the rapid rise of blockchain technology. In essence, a blockchain is a shared database. In recent years, blockchain technology has attracted the attention of the public and society. With the continuous development of the market economy, many domestic enterprises have grown in size. At the same time, companies are also faced with various risks, and business risks will have a great impact on the company's production. This article aims to prevent the business risk of Internet information security platform enterprises based on blockchain technology. Through the PoS algorithm, PoW algorithm, secure hash algorithm, and the principle of direct trust, the Internet information security platform is designed. Firstly, the platform is used for a business risk test with a small company, and the platform satisfaction survey is conducted on the employees of the company. The test results show that the subplatform design reduces the business risk of the company by 5%-10%, and employee satisfaction is high. The signature simulation of this algorithm under the same conditions as the SMRA and RSAR methods is also carried out. The results show that the performance of this algorithm is better. This study opens up a new path for small and medium-sized enterprises to prevent business risks.

Banaeian Far, Saeed

DOI: https://doi.org/10.1007/s10207-024-00846-8

2024-04-19

International Journal of Information Security

Abstract:In recent times, blockchain-based data auditing protocols have emerged as a cutting-edge area of study. Nevertheless, a conspicuous dearth of a generic framework upon which to ground such protocols is evident. This study introduces a pioneering and all-encompassing framework, designated as "Blockchain-assisted On-chain Auditing for Off-chain Storage" ( BA2OC ). The BA2OC framework operates without the reliance on a predefined auditor for the auditing process or a centralized verifier for the verification of on-chain auditing. It is conceivable that BA2OC forms the cornerstone of public data auditing protocols underpinned by blockchain technology. This framework bestows evidence of data ownership, ensures data integrity, facilitates public verification, supports batch verification, and bolsters the security against cyber threats through the utilization of cryptographic tools. The analysis underscores the comprehensive nature of the BA2OC framework, which positions it as the linchpin of blockchain-based public auditing protocols. Following a parametric evaluation of the BA2OC framework, this study takes into account real-world considerations, such as the utilization of the RSA cryptosystem and Android-based smartphones, to proffer a concrete protocol. The investigation further demonstrates that the BA2OC framework minimizes communication overhead while maintaining operational efficiency.

computer science, information systems, theory & methods, software engineering

Jiaxing Li,Jigang Wu,Lin Jiang,Jin Li

DOI: https://doi.org/10.1016/j.eswa.2023.122764

IF: 8.5

2024-01-01

Expert Systems with Applications

Abstract:Public auditing enables auditors to remotely verify data integrity for the outsourced data, which is an essential security issue and a promising solution for reliable cloud storage. However, in cloud storage systems, most existing public auditing schemes adopt a static auditing policy in the blockchain network, so that they are not able to adapt the dynamic environment efficiently, i.e., dynamic attacks, users joining and leaving, etc. Moreover, it is hard to improve the scalability with a static auditing policy, which may result in low performances and high security risks for the blockchain-based public auditing. In order to overcome the above limitations, we present a deep reinforcement learning-based method to improve the efficiency (i.e., transaction throughput and network latency) for the current blockchain-based public auditing solutions. Specifically, an blockchain-based security protocol is firstly proposed to guarantee that the integrity of outsourced data can be verified based on the dynamically auditing policy. Then, re-auditing time interval, the number of public auditors and the size of blocks are adjusted by the proposed deep reinforcement learning-based method to improve performance and security in a long term. Finally, security analysis indicates that the proposed work is able to resist the malicious entities and attacks derived from the Proof-of-Work consensus mechanism. Results of experiments that conducted in this paper demonstrate that the proposed scheme outperforms the baseline schemes on both transaction throughput and network latency.

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.

Yanqi Zhao,Yiming Liu,Yong Yu,Yannan Li

DOI: https://doi.org/10.48550/arXiv.1902.03712

2019-02-11

Abstract:A large number of IoT devices are connected via the Internet. However, most of these IoT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these IoT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the IoT devices. In this paper, we propose a new blockchain based privacy-preserving software updates protocol, which delivers secure and reliable updates with an incentive mechanism, as well protects the privacy of involved users. The vendor delivers the updates and it makes a commitment by using a smart contract to provide financial incentive to the transmission nodes who deliver the updates to the IoT devices. A transmission node gets financial incentive by providing a proof-of-delivery. The transmission node uses double authentication preventing signature (DAPS) to carry out the fair exchange to obtain the proof-of-delivery. Specifically, the transmission node exchanges an attribute-based signature from a IoT device by using DAPS. Then, it uses the attribute-based signature as a proof-of-delivery to receive financial incentives. Generally, the IoT device has to execute complex computation for an attribute-based signature (ABS). It is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to resist the weakness. Then, we prove the security of the proposed OABS and the protocol as well. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol.

Cryptography and Security

Yao Xiao,Lei Xu,Zikang Chen,Can Zhang,Liehuang Zhu

DOI: https://doi.org/10.3390/math10234494

IF: 2.4

2022-01-01

Mathematics

Abstract:Cloud platforms provide a low-cost and convenient way for users to share data. One important issue of cloud-based data sharing systems is how to prevent the sensitive information contained in users’ data from being disclosed. Existing studies often utilize cryptographic primitives, such as attribute-based encryption and proxy re-encryption, to protect data privacy. These approaches generally rely on a centralized server which may cause a single point of failure problem. Blockchain is known for its ability to solve such a problem. Some blockchain-based approaches have been proposed to realize privacy-preserving data sharing. However, these approaches did not fully explore the auditability provided by the blockchain. The dishonest cloud server can share data with a requester without notifying the data owner or being logged by the blockchain. In this paper, we propose a blockchain-based privacy-preserving data sharing system with enhanced auditability. The proposed system follows the idea of hybrid encryption to protect data privacy. The data to be shared are encrypted with a symmetric key, and the symmetric key is encrypted with a joint public key which is the sum of multiple blockchain nodes’ public keys. Only if a data requester is authorized, the blockchain nodes will be triggered to execute a verifiable key switch protocol. By using the output of the protocol, the data requester can get the plaintext of the symmetric key. The blockchain nodes participate in both the authorization process and the key switch process, which means the behavior of the data requester is witnessed by multi-parties and is auditable. We implement the proposed system on Hyperledger Fabric. The simulation results show that the performance overhead is acceptable.

Xiaoze Ni,Jian Feng,Renkai Jiang,Yajie He,Tao Liu,Ting Chen,Sen Qiu

DOI: https://doi.org/10.1109/tcss.2023.3294797

2023-01-01

IEEE Transactions on Computational Social Systems

Abstract:To address the law enforcement challenges arising from the rapid expansion of the online catering industry, China's market regulatory authorities are pursuing countermeasures through legislative efforts and innovative regulatory models. At present, administrative law enforcement for online catering faces difficulties in license management and ensuring the authenticity and security of data. Specifically, there is a prevalence of fraudulent licenses in the industry, and the market supervision department struggles to verify the authenticity of the data gathered during investigations and evidence collection. The tamper-proof and transparent features of blockchain technology cannot be directly applied to the online catering domain. Consequently, to attain trusted license management and secure data-sharing measures, further system design is necessary. To achieve trusted license management, we employ blockchain technology for managing qualification certificates and delineate the format for valid certificates and the application process. The secure data-sharing protocol is divided into two stages. In the first stage, we ensure data authenticity before uploading it to the blockchain through a consensus process involving platforms, users, and merchants. In the second stage, we implement fine-grained access control based on the on-chain data from the previous stage, utilizing conditional proxy reencryption and ultimately employing the data digest on the blockchain for verification. The experiment thoroughly validates the system's functionality, which is traceable, transparent, and scalable. Moreover, the minimal delay introduced by ensuring data authenticity is virtually negligible. The system's additional storage overhead does not surpass 10%, remaining within acceptable limits.

Yapeng Miao,Ying Miao,Xuexue Miao

DOI: https://doi.org/10.1002/cpe.8285

2024-09-29

Concurrency and Computation Practice and Experience

Abstract:Summary Cloud storage provides a convenient way of collaboration and sharing. An increasing number of users are becoming more open to sharing their data with others. Consequently, the integrity of shared data has started to draw significant attention due to the loss control of it. Remote data integrity techniques can solve this problem. To resist the collusion between the third party auditor and the cloud server, existing integrity auditing schemes utilize blockchain to replace the third party auditor to do some work. However, these schemes still involve collusion between the third party auditor and the miners and cannot guarantee the third party auditor to execute the auditing process honestly. Considering this, we propose a blockchain‐based transparent and certificateless data integrity auditing scheme. Specifically, we design the smart contract combining the commitment technology to generate the challenge information and record the auditing information. Besides, we combine certificateless cryptography and the blind technology to achieve the privacy‐preserving. The proposed scheme can resist collusion, improve the transparency of the auditing process, protect the data privacy and reduce the overhead of certificate management and key management. The security analysis and performance evaluation demonstrate the security and efficiency of the scheme.

computer science, theory & methods, software engineering

Omolola Akinola,Akintunde Akinola,Bairat Oyekan,Omowunmi Oyerinde,Halimat Folashade Adebiyi,Busola Sulaimon

DOI: https://doi.org/10.38124/ijisrt/ijisrt24apr225

2024-04-16

Abstract:The current period of medicine using digital technology for patient care presents a new level of integration of monitoring devices with the cloud computing environment that enables the collection, storage and access to data in ways that were never possible earlier. As the obvious part of this development, it is worth noting that the objective of such innovation is mostly on the integrity of data, provenance and security. Data integrity from as well as security of the Internet connected healthcare devices should be assured in the first place to keep patient safety and protect data privacy along with improve data-based decision-making. The centralized system and crowded nature of the current equipment are susceptible to single point of failure, data breach and potential manipulations of data, which raise questions and create doubts with regards data management processes pertaining to medical device systems. This work is addressed to the analysis of a novel security system based on blockchain that guarantees the implementation of a high performance with the solution of two medical device integrity and provenance safety issues in the cloud ecosystem. Fundamentally differentiating from the centralized systems that exist today, blockchain technology that is based on distributed database architectures, immutable logs, and consensus mechanisms provides for a new way to bring reliability and traceability to the entire medical device data chain. The suggested procedure is based on properties of blockchain technology. Such a solution can help to provide a clear and secure audit trail for medical devices. Storing, securing and accessing the device data can be carried out credibly, maintaining these data’s integrity and provenance. Ultimately, the solution, rely on the implementation of smart contracts, cryptocurrency processes, and the confidentiality and privacy of data, can be the answer which make up the practice of secure data sharing, data accessing and complying with regulations. The journal creates a modular system combining Medical devices, a cloud platform, and Blockchain solution. The architecture is intended to display the blockchain network's essential components, data validation and access control, and secure data storage mechanisms. Furthermore, the recommended solution implies state-of- the-art security tools, such as data encryption, access control, and abidance by regulatory systems, including HIPAA and GDPR. Implementation of an actual scenario of the proof-of-concept and performance evaluation are done to show the efficiency and performance of the blockchain-based solution provided. The results suggest that the proposed solution can establish the data reliability level, record all the various versions of modifications, and strengthen the security and transparency of medical device data processing in cloud computing. Through the exploration of the applications of blockchain for medical data management that this study proposes, we are laying the foundations of a future healthcare environment, which is expected to be more secure and trustworthy, where the sensor data of medical devices can be reliably controlled and accessed without jeopardizing the patient's safety or data privacy. To a great extent, the suggested solution can contribute to building trust in the digital tools utilized in health care, leading to more well-informed clinical decisions and ultimately improving the patients' results.

Jiangang Shu,Xing Zou,Xiaohua Jia,Weizhe Zhang,Ruitao Xie

DOI: https://doi.org/10.1109/tcc.2021.3051622

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Public auditing schemes for cloud storage systems have been extensively explored with the increasing importance of data integrity. A third-party auditor (TPA) is introduced in public auditing schemes to verify the integrity of outsourced data on behalf of users. To resist malicious TPAs, many blockchain-based public verification schemes have been proposed. However, existing auditing schemes rely on a centralized TPA, and they are vulnerable to tempting auditors who may collude with malicious blockchain miners to produce biased auditing results. In this article, we propose a blockchain-based decentralized public auditing (BDPA) scheme by utilizing a decentralized blockchain network to undertake the responsibility of a centralized TPA, and also mitigate the influence of tempting auditors and malicious blockchain miners by taking the concept of decentralized autonomous organization (DAO). A detailed security analysis shows that BDPA can preserve data integrity against tempting auditors and malicious blockchain miners. A comprehensive performance evaluation demonstrates that BDPA is feasible and scalable.