Yogesh M Gajmal,R. Udayakumar

DOI: https://doi.org/10.13052/jwe1540-9589.2054

2021-08-30

Journal of Web Engineering

Abstract:Access control is a major factor in enhancing data security in the cloud storage system. However, the existing data sharing and the access control method have privacy data leakage and key abuse, which is a major challenge in the research community. Therefore, an effective method named Blockchain-based access control and data sharing approach is developed in the cloud storage system to increase data security. The proposed Blockchain-based access control and data sharing approach effectively solve single-point failure in the cloud system. It provides more benefits by increasing the throughput and reducing the cost. The Data user (DU) makes the registration request using the ID and password and forwards it to the Data Owner (DO), which processes the request and authenticates the Data user. The information of the data owner is embedded in the transactional blockchain using the encrypted master key. The Data owner achieves the data encryption process, and encrypted files are uploaded to the Interplanetary File System (IPFS). Based on the encrypted file location and encrypted key, the Data owner generates the ciphertext metadata and is embedded in the transactional blockchain. The proposed Blockchain-based access control and data sharing approach achieved better performance using the metrics, like a better genuine user detection rate of 95% and lower responsiveness of 25sec with the blockchain of 100 sizes.

computer science, theory & methods, software engineering

Liang Yan,Lina Ge,Zhe Wang,Guifen Zhang,Jingya Xu,Zheng Hu

DOI: https://doi.org/10.1186/s13677-023-00444-4

2023-04-19

Journal of Cloud Computing

Abstract:With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Yingjie Xue,Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2019.2911166

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners' trusted domain. To prevent untrustworthy service providers from accessing data owners' sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.

Shuixiang Li,Ruixuan Li,Yu Zhang,Yongfeng Huang

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00093

2020-01-01

Abstract:The proliferation of mobile smartphones and the Internet has enabled people to stay online, gradually changing how people live and work. Particularly during epidemic isolation, people are more likely to communicate online via the Internet. Limited by the storage capacity and network bandwidth of mobile terminals, users are more likely to use the cloud to store and share data. However, data stored by centralized cloud services in a semi-trusted environment is at risk of being compromised, and most systems use cryptographic access control for the data, which failed to achieve fine-grained access control. In this paper, we propose a data access control system based on cloud and blockchain integration (CBI), which takes the decentralized, tamper-proof characteristics of blockchain and combines the advantages of cloud storage to design a novel integrated architecture, and designed a CBI-CP-ABE algorithm to implement attribute-based encryption for fine-grained access control. Experiments show that our proposed solution has similar performance to traditional data access control systems, and users have higher control and management rights over their data in the cloud so that they can store and share data more securely and keep track of their data usage.

Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Yapeng Miao,Ying Miao,Xuexue Miao

DOI: https://doi.org/10.1002/cpe.8285

2024-09-29

Concurrency and Computation Practice and Experience

Abstract:Summary Cloud storage provides a convenient way of collaboration and sharing. An increasing number of users are becoming more open to sharing their data with others. Consequently, the integrity of shared data has started to draw significant attention due to the loss control of it. Remote data integrity techniques can solve this problem. To resist the collusion between the third party auditor and the cloud server, existing integrity auditing schemes utilize blockchain to replace the third party auditor to do some work. However, these schemes still involve collusion between the third party auditor and the miners and cannot guarantee the third party auditor to execute the auditing process honestly. Considering this, we propose a blockchain‐based transparent and certificateless data integrity auditing scheme. Specifically, we design the smart contract combining the commitment technology to generate the challenge information and record the auditing information. Besides, we combine certificateless cryptography and the blind technology to achieve the privacy‐preserving. The proposed scheme can resist collusion, improve the transparency of the auditing process, protect the data privacy and reduce the overhead of certificate management and key management. The security analysis and performance evaluation demonstrate the security and efficiency of the scheme.

computer science, theory & methods, software engineering

Xin Liu,Hao Wang,Bo Zhang,Bin Zhang

DOI: https://doi.org/10.1016/j.ins.2021.10.038

IF: 8.1

2022-01-01

Information Sciences

Abstract:In a data access control system oriented toward the cloud storage environment, a data owner defines attribute-based access control policies for data files to realize fine-grained data sharing. However, the existing schemes have defects in user execution efficiency and user privacy protection, and they do not consider the problems of user revocation and attribute updates. To this end, we propose a ciphertext policy attribute-based encryption method with verifiable outsourced decryption; this requires a user to complete decryption with the help of a server, but the results of the outsourced decryption can be verified independently. With this new encryption scheme and the technique of k-times anonymous authentication, a new fine-grained data access control system was constructed; this system allows a server to provide users with outsourced decryption services, and users’ computation cost is independent of the size of the underlying access control policy. Moreover, the number of outsourced decryption requests is limited. In addition, the new system supports user revocation and attribute updates and it is provably secure under formal proofs. An efficiency analysis shows that it can be compared with other similar systems in terms of performance, despite the addition of several practical properties.

computer science, information systems

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.

Xu Ma,Chen Wang,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.csi.2021.103543

2021-10-01

Abstract:<p>Along with the progress of cloud service, a growing quantity of data owners store their data on cloud databases, which can not only reduce data owners' storage cost but also provide a quick search function. However, while cloud storage brings some conveniences to users, new privacy problems may emerge, such as the leakage of data privacy and user's query privacy. The best way of protecting data privacy is to encrypt the data. So how to efficiently retrieve the ciphertext to make it available becomes a hot issue in recent years. In this paper, new searchable encryption with multiple keywords is described, it can improve the accuracy of retrieval results, and we present a secure and trusted data sharing framework based on attribute-based encryption (ABE), searchable encryption, and blockchain. Unlike the previous studies, we realize flexible data sharing by using ABE. Furthermore, we transfer the related calculation of ciphertext retrieval to blockchain for credible execution without relying on any trusted third party. The security analysis proves that our method meets the proposed security requirements of data, keyword index, trapdoor, and query. Finally, the experimental results indicate that our scheme suggested has certain practicability and efficiency.</p>

computer science, software engineering, hardware & architecture

Vamshi Adouth,Eswari Rajagopal

DOI: https://doi.org/10.1002/cpe.7690

2023-03-11

Concurrency and Computation: Practice and Experience

Abstract:Summary Cloud‐server is an effective and flexible way to manage the massive amounts of data produced by cyber‐physical systems. It is a better option to outsource these data to the cloud. When data is outsourced to the cloud, users lose control over it, compromising the data's integrity. Many public auditing schemes were proposed to address this issue, where trusted third‐party auditors (TPAs) verify the integrity of data on behalf of the users. However, trusted TPAs are vulnerable and may not provide correct auditing results on time. Moreover, there is no trust nowadays. Blockchain‐based auditing schemes were introduced to prevent trusted third parties from overcoming this issue. However, most blockchain‐based public auditing schemes suffer from the key‐escrow issue. To overcome the key‐escrow problem and malicious auditors, in this article, a blockchain‐based certificateless public auditing with privacy‐preserving for cloud‐based cyber‐physical systems is constructed. The proposed scheme is secure against type I, II, III, and IV adversaries in the random oracle model. Further, the original proof of the data is masked using a random function to achieve data privacy when data is transferred between the cloud‐server and verifier. The performance analysis shows that the proposed scheme has higher efficiency and is suitable for cyber‐physical systems.

computer science, theory & methods, software engineering

Shruthi Gangadharaiah,Purohit Shrinivasacharya,Gangadharaiah, Shruthi,Shrinivasacharya, Purohit

DOI: https://doi.org/10.1007/s11042-024-18363-0

IF: 2.577

2024-02-10

Multimedia Tools and Applications

Abstract:Data auditing permits data owners to confirm the reliability of their personal information without obtaining it from an unsafe cloud. Advertising cloud storage has widely adopted this characteristic. Data integrity is more difficult to maintain, and data through the cloud is not always secure. The ability to access data remotely through cloud storage makes it necessary to protect it against unauthorized access, hackers, and other malicious activity. In order to overcome these concerns, a hybrid Advanced Encryption Standard- Elliptic Curve Cryptography (AES-ECC) algorithm and Merkle Hash (MHT) Tree is developed. The user data is sent to the cloud service provider via blockchain for storage purposes. The key generation and encryption are carried out using a hybrid AES-ECC encryption technique, which is used to generate both private and public keys. The encrypted user file is then divided into several blocks. The tags for the split encrypted blocks are then generated using SHA256, which provides the hash value of each smaller file. Cloud Service Provider (CSP) constructs an MHT by employing generated hashtags to return the proof to user information after establishing hashtags for encrypted file blocks in the blockchain storage. Merkle hash tree is frequently employed to validate data integrity. Furthermore, the third-party auditor determines if the proofs generated by CSP match one from the user to check the tamper. The simulation analysis shows that the accuracy, encryption, decryption, key generation, and execution time reached for the proposed approach is 96%, 190 s, 124 s, 5.9 s, and 440 s. The proposed algorithm effectively validates data integrity and provides improved data security in blockchain environment.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Kan Yang,Xiaohua Jia,Kui Ren

DOI: https://doi.org/10.1145/2484313.2484383

2013-01-01

Abstract:A cloud storage service allows data owner to outsource their data to the cloud and through which provide the data access to the users. Because the cloud server and the data owner are not in the same trust domain, the semi-trusted cloud server cannot be relied to enforce the access policy. To address this challenge, traditional methods usually require the data owner to encrypt the data and deliver decryption keys to authorized users. These methods, however, normally involve complicated key management and high overhead on data owner. In this paper, we design an access control framework for cloud storage systems that achieves fine-grained access control based on an adapted Ciphertext-Policy Attribute-based Encryption (CP-ABE) approach. In the proposed scheme, an efficient attribute revocation method is proposed to cope with the dynamic changes of users' access privileges in large-scale systems. The analysis shows that the proposed access control scheme is provably secure in the random oracle model and efficient to be applied into practice.

Yilin Yuan,Jianbiao Zhang,Wanshan Xu,Zheng Li

DOI: https://doi.org/10.1007/s11227-021-04193-6

IF: 3.3

2022-01-10

The Journal of Supercomputing

Abstract:Almost all existing data integrity verification schemes upload outsourced files and tags set to the CSP simultaneously. Thus, in this paper, we provide a novel idea to construct the integrity verification scheme via blockchain. The construction of the proposed scheme is based on identity-based encryption (IBE) which avoids the complex certificate management caused by the public key infrastructure (PKI). Our scheme decides to upload tags set to the blockchain to achieve the separate storage of the tags set and files. The characteristics of the blockchain determine that the tags set will not be forged. But separate storage may cause the information returned by the three parties participating in the public auditing to be out of sync; thus, a small data structure—audit log is introduced to solve this problem. The advantages of audit log can not only guarantee the correct and smooth implementation of the proposed scheme, but also prove the TPA’s innocence when necessary. Moreover, the security of our scheme is strictly proved. Finally, a series of performance evaluations demonstrate that our scheme is efficient and feasible.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

J. Monisha Privthy Jeba,K. Vivekrabinson,B. Shanmuga Raja,N. Sundareswaran,M. Vijay

DOI: https://doi.org/10.1504/ijahuc.2024.137598

2024-03-29

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Searchable encryption is a method which permits cloud servers to recover consumers' requested data even when the contents are encrypted. However, many current searchable encryption algorithms only offer single keyword recovery and are subject to keyword guessing attacks. This work presents a blockchain-based multi-keyword searchable encryption technique based on a certificateless approach. Further, we employ attribute-based encryption to protect sensitive information and a certificateless cryptosystem to encode keywords. The encrypted files are uploaded to the cloud, whereas the encoded keyword indexes are kept on the blockchain, assuring the encrypted indexes' tamper resistance. Our approach also supports multi-keyword search over encrypted data. We created a fair payment smart contract to support the exchange of service costs with the owner of the information and the cloud service provider in the event of successful search results. The study reveals that our technique outperforms other related techniques in terms of computing efficiency.

computer science, information systems,telecommunications

Dezhi Han,Yujie Zhu,Dun Li,Wei Liang,Alireza Souri,Kuan-Ching Li

DOI: https://doi.org/10.1109/tii.2021.3114621

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) devices are widely considered in smart cities, intelligent medicine, and intelligent transportation, among other fields that facilitate people's lives, producing a large amount of private data. However, due to the mobility, limited performance, and distributed deployment of IoT, traditional access control methods cannot support the security of private data's access control process in current IoT environments. To address such problems, this article proposes an auditable access control model, based on an attribute-based access control model, and manages the access control policy for private data through the request record, the response record, and the access record stored in the blockchain network. Additionally, a Blockchain-based auditable access control system is also proposed based on the auditable access control model, ensuring private data security in IoT environments and realizing effective management and auditable access to these data. Experimental results show that the proposed system can maintain high throughput while ensuring private data security for real application scenarios in IoT environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Kaiping Xue,Yingjie Xue,Jianan Hong,Wei Li,Hao Yue,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2016.2647222

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Data access control is a challenging issue in public cloud storage systems. Ciphertext-policy attribute-based encryption (CP-ABE) has been adopted as a promising technique to provide flexible, fine-grained, and secure data access control for cloud storage with honest-but-curious cloud servers. However, in the existing CP-ABE schemes, the single attribute authority must execute the time-consuming user legitimacy verification and secret key distribution, and hence, it results in a single-point performance bottleneck when a CP-ABE scheme is adopted in a large-scale cloud storage system. Users may be stuck in the waiting queue for a long period to obtain their secret keys, thereby resulting in low efficiency of the system. Although multiauthority access control schemes have been proposed, these schemes still cannot overcome the drawbacks of single-point bottleneck and low efficiency, due to the fact that each of the authorities still independently manages a disjoint attribute set. In this paper, we propose a novel heterogeneous framework to remove the problem of single-point performance bottleneck and provide a more efficient access control scheme with an auditing mechanism. Our framework employs multiple attribute authorities to share the load of user legitimacy verification. Meanwhile, in our scheme, a central authority is introduced to generate secret keys for legitimacy verified users. Unlike other multi-authority access control schemes, each of the authorities in our scheme manages the whole attribute set individually. To enhance security, we also propose an auditing mechanism to detect which attribute authority has incorrectly or maliciously performed the legitimacy verification procedure. Analysis shows that our system not only guarantees the security requirements but also makes great performance improvement on key generation.