Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Lo-Yao Yeh,Chih-Ya Shen,Wei-Chiao Huang,Wan-Hsin Hsu,Hsien-Chu Wu

DOI: https://doi.org/10.1109/jsyst.2021.3139319

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:With the rise of blockchain technology, the peer-to-peer (P2P) network system has once again caught people's attention to equipping a blockchain with a big storage capacity. In the traditional P2P file-sharing network systems, such as InterPlanetary File System (IPFS), data stored in the other nodes cannot be revoked by the owner and can only be removed by other nodes themselves. To comply with the criteria of the European Union's General Data Protection Regulation, it is important to ensure that personal data can be completely removed by their owners. To improve the privacy and security of the P2P file-sharing system, we propose a revocable and monitorable P2P file-sharing system over a consortium blockchain to achieve revocation of files in the decentralized environment. By using a trusted execution environment, such as Intel Software Guard Extensions (SGX), the proposed scheme can verify the integrity of the executables of the P2P file-sharing system and generate a file authentication code for each IPFS node to make sure that the system is synchronized correctly. This scheme elaborately integrates the autonomous smart contracts and Intel SGX hardware to obtain the monitorable merit. The experimental results suggest that enhancing the security and privacy take modest computing costs into consideration. To the best of our knowledge, this scheme is the first attempt to achieve the P2P file-sharing system with securely revocable functions.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Bin Guo,Yuchuan Hu,Qin Zheng,Zhongwei Li

DOI: https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00150

2022-12-01

Abstract:There are many problems existing in government data sharing, such as poor security, privacy disclosure and low tamper-resistant modification. To address this issue, we propose a secure and trusted data-sharing model for government data sharing. Given the features of transparency and decentralization, blockchain makes data visible to everyone on the network and is inappropriate for certain situations. This paper transfers the original data to the InterPlanetary File System (IPFS) stor-age. To ensure the security of data sharing, achieve a multi- keyword searchable mechanism and speed up computations of encryption, we propose a cryptographic primitive developed by extending ciphertext policy attribute-based encryption (CP-ABE) and searchable encryption (SE). The experiment result shows that the data-sharing model can prevent malicious attacks and improve the speed of encryption and decryption.

Computer Science

Lianhai Wang,Fengkai Liu,Lingyun Meng,Wei Shao,Shujiang Xu,Shuhui Zhang,Donghui Huang

DOI: https://doi.org/10.1155/2022/9062615

IF: 1.968

2022-09-25

Security and Communication Networks

Abstract:To ensure the security of data, more and more users encrypt data for storage, which makes the high-efficiency ciphertext search problem in the context of cloud storage a research hotspot. Existing solutions still suffer from many vexatious problems, such as the need to maintain complex index structures and the unsatisfactory application of homomorphic schemes. To solve the above problems, this paper proposes a multiuser ciphertext search scheme based on blockchain and SGX. Our scheme uses blockchain and SGX to protect keywords and data privacy and complete decryption and keywords search of ciphertext data which does not need pregenerated indexes or preselected keywords. Second, for a multiuser scenario, a smart contract is designed to verify authorization requests and manage multiple authorized users. Finally, we give security analysis, function comparison, and performance analysis to prove the security and feasibility of our scheme. Experiments show that our scheme has effectively met practical requirements.

computer science, information systems,telecommunications

Yang Li,Guangzong Zhang,Jianming Zhu,Xiuli Wang

DOI: https://doi.org/10.1007/978-981-16-5943-0_19

2021-01-01

Abstract:In the era of big data, data sharing and communication play a crucial role. The blockchain data sharing model based on ciphertext policy attributed-based encryption (CP-ABE) is an existing solution to data sharing. However, it puts the access policy and attributes directly on the blockchain, so every one in the blockchain can access these access policies and attributes, which will cause privacy leakage. To solve this problem, a privacy protection model based on zk-SNARK is proposed in this paper. The blockchain double-chain structure was applied in this model, and the fine-grained access control of data sharing was realized based on CP-ABE scheme. At the same time, zk-SNARK technologies were adopted to protect sensitive access policies and sensitive attributes from disclosure, effectively defending the privacy of users when data sharing in blockchain.

Junyu Lin,Libo Feng,Jinli Wang,Fei Qiu,Bei Yu,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1049/cmu2.12737

IF: 1.345

2024-03-03

IET Communications

Abstract:(1) A blockchain‐based efficient data‐sharing scheme is proposed, which employs the ciphertext policy attribute‐based encryption algorithm to enable fine‐grained sharing of data resources. (2) An anonymous identity authentication method based on ring signatures is proposed, which can effectively protect the user's identity privacy and transaction privacy. (3) Security analysis shows that the authors' scheme satisfies data confidentiality and anti‐collusion attack, which can effectively protect identity privacy and transaction privacy. In the era of 5G, billions of terminal devices achieve global interconnection and intercommunication, which leads to the generation of massive data. However, the existing cloud‐based data‐sharing mechanism faces challenges such as sensitive information leakage and data islands, which makes it difficult to achieve secure sharing across domains. In this paper, the authors propose a fine‐grained data‐sharing scheme based on blockchain and ciphertext policy attribute‐based encryption, and design a verifiable outsourced computation method to reduce the computational pressure of end users. Second, the authors comprehensively consider the user's identity privacy and transaction privacy, and propose a multi‐level privacy protection method based on ring signature and garbled bloom filter, which enhance the user's data privacy and availability, and prevent the traceability of requests. Finally, the authors design a set of interconnected smart contracts, and verify that their scheme can achieve secure and efficient data sharing through security analysis and performance testing.

engineering, electrical & electronic

Xu Ma,Chen Wang,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.csi.2021.103543

2021-10-01

Abstract:<p>Along with the progress of cloud service, a growing quantity of data owners store their data on cloud databases, which can not only reduce data owners' storage cost but also provide a quick search function. However, while cloud storage brings some conveniences to users, new privacy problems may emerge, such as the leakage of data privacy and user's query privacy. The best way of protecting data privacy is to encrypt the data. So how to efficiently retrieve the ciphertext to make it available becomes a hot issue in recent years. In this paper, new searchable encryption with multiple keywords is described, it can improve the accuracy of retrieval results, and we present a secure and trusted data sharing framework based on attribute-based encryption (ABE), searchable encryption, and blockchain. Unlike the previous studies, we realize flexible data sharing by using ABE. Furthermore, we transfer the related calculation of ciphertext retrieval to blockchain for credible execution without relying on any trusted third party. The security analysis proves that our method meets the proposed security requirements of data, keyword index, trapdoor, and query. Finally, the experimental results indicate that our scheme suggested has certain practicability and efficiency.</p>

computer science, software engineering, hardware & architecture

Chao Yuan,Mi-xue Xu,Xueming Si,Bin Li

DOI: https://doi.org/10.1109/ICPADS.2017.00111

2017-01-01

Abstract:As a recently proposed public key primitive, attribute-base encryption(ABE) divided into Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE) is a highly promising tool for the management and protection of data. And Blockchain, as one of the core technologies of Bitcoin that is the most representative cryptocurrency, has received extensive attentions recently. Supervision and privacy protection are two difficulties in blockchain. In this paper, a new scheme combining blockchain and accountable CP-ABE is proposed. In this scheme, each change of the data is recorded on the blockchain. And the different permissions of access are realized through ABE. If a malicious user shares a decryption key illegally, it will be considered illegal. Similarly, if the authority generates a decryption key for any unauthorized user, it also will be considered illegal. This scheme allows any third party to publicly verify the identity of a decryption key. And it is achievable for an auditor to publicly audit whether a malicious user or the authority should be responsible for an exposed decryption key, and the key abuser cannot deny it. At last this scheme is applied to the management of electronic documents.

Bao-Kun Zheng,Lie-Huang Zhu,Meng Shen,Feng Gao,Chuan Zhang,Yan-Dong Li,Jing Yang

DOI: https://doi.org/10.1007/s11390-018-1840-5

2018-01-01

Abstract:With the development of network technology and cloud computing, data sharing is becoming increasingly popular, and many scholars have conducted in-depth research to promote its flourish. As the scale of data sharing expands, its privacy protection has become a hot issue in research. Moreover, in data sharing, the data is usually maintained in multiple parties, which brings new challenges to protect the privacy of these multi-party data. In this paper, we propose a trusted data sharing scheme using blockchain. We use blockchain to prevent the shared data from being tampered, and use the Paillier cryptosystem to realize the confidentiality of the shared data. In the proposed scheme, the shared data can be traded, and the transaction information is protected by using the ( p , t )-threshold Paillier cryptosystem. We conduct experiments in cloud storage scenarios and the experimental results demonstrate the efficiency and effectiveness of the proposed scheme.

Ying He,Haiyan Wang,Yuan Li,Ke Huang,Victor C. M. Leung,F. Richard Yu,Zhong Ming

DOI: https://doi.org/10.1109/jiot.2021.3099171

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user's attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.

computer science, information systems,telecommunications,engineering, electrical & electronic

M. Mohideen AbdulKader,S. Ganesh Kumar

DOI: https://doi.org/10.1007/978-3-030-92600-7_19

2021-01-01

Abstract:Blockchain is a peer to peer network that is decentralized in nature. It has immutable and persistent property which make this technology more secured. Blockchain is not only suited for crypto currencies but also used for many applications like identity protection, smart contracts, health care, online polling system and much more. In addition, blockchain network holds a distributed ledger which makes all data available to every node in the network. Due to this, security and privacy protection becomes a major concern in blockchain technology. Some of existing solutions to blockchain privacy issues are homomorphice encryption, zero knowledge proofs, ring signature and multiparty computations. Though existing privacy preservation mechanisms secures the blockchain network from privacy leakage. It has limitations when implemented in large scale applications. In this paper, a three layered protection scheme is proposed to enhance the privacy of blockchain technology. This idea of three layered protection integrates randomized address generation, content erasure mechanism and IntelSGX together and forms a secure architecture. It will enhance the security and privacy of blockchain network to a greater extent.

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Guangquan Xu,Chen Qi,Wenyu Dong,Lixiao Gong,Shaoying Liu,Si Chen,Jian Liu,Xi Zheng

DOI: https://doi.org/10.1109/jbhi.2022.3203577

IF: 7.7

2023-02-01

IEEE Journal of Biomedical and Health Informatics

Abstract:With the increasing penetration of the Internet of things (IoT) into people&#x27;s lives, the limitations of traditional medical systems are emerging. First, the typical way of handling sensitive information can easily lead to privacy disclosure. Second, the medical system is relatively isolated. It is difficult for one medical system to share data with another, and the scope of users&#x27; activities is limited within the system boundary. To solve these two problems, we propose a new privacy-preserving medical data-sharing scheme by introducing the authorization mechanism and attribute-based encryption (ABE) based on blockchain, which breaks system boundaries and realizes data sharing among several medical institutions. ABE is used to realize scalable access control. In addition, doctors can share their knowledge to diagnose users by introducing many-to-many matching, which means that patients&#x27; health data can be represented by multiple keywords and doctors&#x27; expertise can be represented by multiple interests. We provide the correctness and security analysis of our scheme and implement a prototype tool on Ethereum. The experimental results show that our scheme solves the contradiction between the privacy preservation of medical data and the necessity of data sharing.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Yang Xu,Ziyu Peng,Cheng Zhang,Gaocai Wang,Huiling Wang,Hongbo Jiang,Yaoxue Zhang

DOI: https://doi.org/10.1016/j.sysarc.2024.103132

IF: 5.836

2024-03-30

Journal of Systems Architecture

Abstract:The data in Cyber-Physical Systems (CPS) is currently undergoing an explosive surge. Blockchain-based CPS exhibit enhancements in security, fault tolerance, trust, and other aspects for its data sharing. However, it is very challenging to achieve the privacy preserving and efficient data sharing in CPS considering the privacy concerns introduced by blockchain while the cost associated with privacy protection cannot be neglected. To release these potential challenges, we propose a blockchain-assisted data-sharing scheme that ensures security, privacy-preserving and efficiency. We introduce deniability into data-sharing based on an identity-based deniable authentication protocol. This protocol enables data owners to deny their data-sharing actions, protecting their privacy, and ensuring verifiability for recipients. Furthermore, by incorporating multi-recipient encryption techniques, the proposed protocol significantly simplifies interactions with multiple recipients, reducing associated costs. Additionally, the assistance of blockchain and source traceability mechanism establishes a distributed, transparent and trustworthy framework for data sharing, while ensuring honest cooperation between the individual participants. Security analysis and performance comparisons demonstrate the effectiveness and security of this scheme.

computer science, software engineering, hardware & architecture

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Yang Xiao,Ning Zhang,Jin Li,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.48550/arXiv.1904.07275

2020-07-16

Abstract:The abundance and rich varieties of data are enabling many transformative applications of big data analytics that have profound societal impacts. However, there are also increasing concerns regarding the improper use of individual data owner's private data. In this paper, we propose PrivacyGuard, a system that leverages blockchain smart contract and trusted execution environment (TEE) to enable individual's control over the access and usage of their private data. Smart contracts are used to specify data usage policy, i.e., who can use what data under which conditions and what analytics to perform, while the distributed blockchain ledger is used to keep an irreversible and non-repudiable data usage record. To address the efficiency problem of on-chain contract execution and to prevent exposing private data on the publicly viewable blockchain, PrivacyGuard incorporates a novel TEE-based off-chain contract execution engine along with a protocol to securely commit the execution result onto blockchain. We have built and deployed a prototype of PrivacyGuard with Ethereum and Intel SGX. Our experiment result demonstrates that PrivacyGuard fulfills the promised privacy goal and supports analytics on data from a considerable number of data owners.

Cryptography and Security

Peng Li,Dehua Zhou,Haobin Ma,Junzuo Lai

DOI: https://doi.org/10.1016/j.sysarc.2023.103033

IF: 5.836

2023-11-27

Journal of Systems Architecture

Abstract:With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Xiaohui Yang,Wenjie Li,Kai Fan

DOI: https://doi.org/10.1007/s12083-022-01387-4

2022-09-25

Abstract:With the development of digital healthcare, sharing electronic medical record data has become an indispensable part of improving medical conditions. Aiming at the centralized power caused by the single attribute authority in current CP-ABE schemes and the problem that cloud servers are curious and even malicious, we design a revocable CP-ABE EHR sharing scheme with multiple authorities (MA-RABE) in blockchain. In this solution, a group of authorities complete user attribute distribution, key generation and user management through secret sharing and transactions. Besides, we innovatively implemented a distributed one-way anonymous key agreement so that other participants cannot obtain useful information from the fully hidden policy embedded in the ciphertext. Taking into account the computational overhead of a large number of bilinear operations in the decryption process, the solution also supports the cloud server to pre-decrypt the ciphertext, and the data user only needs to perform exponentiation operation once to obtain the plaintext from the pre-decryption result. Theoretical analysis and performance evaluation show that the scheme has reliable security and lower user revocation and ciphertext update overhead.

computer science, information systems,telecommunications

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.