Yang Xu,Ziyu Peng,Cheng Zhang,Gaocai Wang,Huiling Wang,Hongbo Jiang,Yaoxue Zhang

DOI: https://doi.org/10.1016/j.sysarc.2024.103132

IF: 5.836

2024-03-30

Journal of Systems Architecture

Abstract:The data in Cyber-Physical Systems (CPS) is currently undergoing an explosive surge. Blockchain-based CPS exhibit enhancements in security, fault tolerance, trust, and other aspects for its data sharing. However, it is very challenging to achieve the privacy preserving and efficient data sharing in CPS considering the privacy concerns introduced by blockchain while the cost associated with privacy protection cannot be neglected. To release these potential challenges, we propose a blockchain-assisted data-sharing scheme that ensures security, privacy-preserving and efficiency. We introduce deniability into data-sharing based on an identity-based deniable authentication protocol. This protocol enables data owners to deny their data-sharing actions, protecting their privacy, and ensuring verifiability for recipients. Furthermore, by incorporating multi-recipient encryption techniques, the proposed protocol significantly simplifies interactions with multiple recipients, reducing associated costs. Additionally, the assistance of blockchain and source traceability mechanism establishes a distributed, transparent and trustworthy framework for data sharing, while ensuring honest cooperation between the individual participants. Security analysis and performance comparisons demonstrate the effectiveness and security of this scheme.

computer science, software engineering, hardware & architecture

Tian Li,Huaqun Wang,Debiao He,Jia Yu

DOI: https://doi.org/10.1109/jiot.2022.3147925

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) devices possessed by individuals produce massive amounts of data. The private data onto specific IoT devices can be combined with intelligent platform to provide help for future research and prediction. As an important digital asset, individuals can sell private data to get rewards. Problems, such as privacy, security, and access control prevent individuals from sharing their private data. The blockchain technology is widely used to build an anonymous trading system. In this article, we construct a blockchain-based privacy-preserving and rewarding private data-sharing scheme (BPRPDS) for IoT. A privacy issue worth considering is that the malicious cloud server may establish a behavior profile database of data users (DUs). In the case of anonymity, the transactions of private data sharing are easy to cause disputes. When anonymous DUs are framed, it is hard to protect their rights. With the help of the deniable ring signature and Monero, we realize the behavior profile building prevention and nonframeability of BPRPDS. At the same time, we utilize the licensing technology executed by smart contracts to ensure flexible access control of multisharing. The proposed BPRPDS is provably secure. Performance analysis and experimental results show that BPRPDS is efficient and practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bao-Kun Zheng,Lie-Huang Zhu,Meng Shen,Feng Gao,Chuan Zhang,Yan-Dong Li,Jing Yang

DOI: https://doi.org/10.1007/s11390-018-1840-5

2018-01-01

Abstract:With the development of network technology and cloud computing, data sharing is becoming increasingly popular, and many scholars have conducted in-depth research to promote its flourish. As the scale of data sharing expands, its privacy protection has become a hot issue in research. Moreover, in data sharing, the data is usually maintained in multiple parties, which brings new challenges to protect the privacy of these multi-party data. In this paper, we propose a trusted data sharing scheme using blockchain. We use blockchain to prevent the shared data from being tampered, and use the Paillier cryptosystem to realize the confidentiality of the shared data. In the proposed scheme, the shared data can be traded, and the transaction information is protected by using the ( p , t )-threshold Paillier cryptosystem. We conduct experiments in cloud storage scenarios and the experimental results demonstrate the efficiency and effectiveness of the proposed scheme.

Shaoqi Yuan,Wenzhong Yang,Xiaodan Tian,Wenjie Tang

DOI: https://doi.org/10.3390/sym16050622

2024-05-18

Symmetry

Abstract:With the continuous advancement of information technology, a growing number of works, including articles, paintings, and music, are being digitized. Digital content can be swiftly shared and disseminated via the Internet. However, it is also vulnerable to malicious plagiarism, which can seriously infringe upon the rights of creators and dampen their enthusiasm. To protect creators' rights and interests, a sophisticated method is necessary to authenticate digital intellectual property rights. Traditional authentication methods rely on centralized, trustworthy organizations that are susceptible to single points of failure. Additionally, these methods are prone to network attacks that can lead to data loss, tampering, or leakage. Moreover, the circulation of copyright information often lacks transparency and traceability in traditional systems, which leads to information asymmetry and prevents creators from controlling the use and protection of their personal information during the authentication process. Blockchain technology, with its decentralized, tamper-proof, and traceable attributes, addresses these issues perfectly. In blockchain technology, each node is a peer, ensuring the symmetry of information. However, the transparent feature of blockchains can lead to the leakage of user privacy data. Therefore, this study designs and implements an Ethereum blockchain-based intellectual property authentication scheme with privacy protection. Firstly, we propose a method that combines elliptic curve cryptography (ECC) encryption with digital signatures to achieve selective encryption of user personal information. Subsequently, an authentication algorithm based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is adopted to complete the authentication of intellectual property ownership while encrypting personal privacy data. Finally, we adopt the InterPlanetary File System (IPFS) to store large files, solving the problem of blockchain storage space limitations.

multidisciplinary sciences

Jiapeng Zhou,Yuxiang Feng,Zhenyu Wang,Danyi Guo

DOI: https://doi.org/10.3390/s21041540

2021-02-23

Abstract:The development of information technology has brought great convenience to our lives, but at the same time, the unfairness and privacy issues brought about by traditional centralized systems cannot be ignored. Blockchain is a peer-to-peer and decentralized ledger technology that has the characteristics of transparency, consistency, traceability and fairness, but it reveals private information in some scenarios. Secure multi-party computation (MPC) guarantees enhanced privacy and correctness, so many researchers have been trying to combine secure MPC with blockchain to deal with privacy and trust issues. In this paper, we used homomorphic encryption, secret sharing and zero-knowledge proofs to construct a publicly verifiable secure MPC protocol consisting of two parts-an on-chain computation phase and an off-chain preprocessing phase-and we integrated the protocol as part of the chaincode in Hyperledger Fabric to protect the privacy of transaction data. Experiments showed that our solution performed well on a permissioned blockchain. Most of the time taken to complete the protocol was spent on communication, so the performance has a great deal of room to grow.

Yingwen Chen,Linghang Meng,Huan Zhou,Guangtao Xue

DOI: https://doi.org/10.1155/2021/6685762

2021-06-29

Wireless Communications and Mobile Computing

Abstract:The rapid development of wearable sensors and the 5G network empowers traditional medical treatment with the ability to collect patients’ information remotely for monitoring and diagnosing purposes. Meanwhile, the health-related mobile apps and devices also generate a large amount of medical data, which is critical for promoting disease research and diagnosis. However, medical data is too sensitive to share, which is also a common issue for IoT (Internet of Things) data. The traditional centralized cloud-based medical data sharing schemes have to rely on a single trusted third party. Therefore, the schemes suffer from single-point failure and lack of privacy protection and access control for the data. Blockchain is an emerging technique to provide an approach for managing data in a decentralized manner. Especially, the blockchain-based smart contract technique enables the programmability for participants to access the data. All the interactions are authenticated and recorded by the other participants of the blockchain network, which is tamper resistant. In this paper, we leverage the K-anonymity and searchable encryption techniques and propose a blockchain-based privacy-preserving scheme for medical data sharing among medical institutions and data users. To be specific, the consortium blockchain, Hyperledger Fabric, is adopted to allow data users to search for encrypted medical data records. The smart contract, i.e., the chaincode, implements the attribute-based access control mechanisms to guarantee that the data can only be accessed by the user with proper attributes. The K-anonymity and searchable encryption ensure that the medical data is shared without privacy leaking, i.e., figuring out an individual patient from queries. We implement a prototype system using the chaincode of Hyperledger Fabric. From the functional perspective, security analysis shows that the proposed scheme satisfies security goals and precedes others. From the performance perspective, we conduct experiments by simulating different numbers of medical institutions. The experimental results demonstrate that the scalability and performance of our scheme are practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guangquan Xu,Chen Qi,Wenyu Dong,Lixiao Gong,Shaoying Liu,Si Chen,Jian Liu,Xi Zheng

DOI: https://doi.org/10.1109/jbhi.2022.3203577

IF: 7.7

2023-02-01

IEEE Journal of Biomedical and Health Informatics

Abstract:With the increasing penetration of the Internet of things (IoT) into people's lives, the limitations of traditional medical systems are emerging. First, the typical way of handling sensitive information can easily lead to privacy disclosure. Second, the medical system is relatively isolated. It is difficult for one medical system to share data with another, and the scope of users' activities is limited within the system boundary. To solve these two problems, we propose a new privacy-preserving medical data-sharing scheme by introducing the authorization mechanism and attribute-based encryption (ABE) based on blockchain, which breaks system boundaries and realizes data sharing among several medical institutions. ABE is used to realize scalable access control. In addition, doctors can share their knowledge to diagnose users by introducing many-to-many matching, which means that patients' health data can be represented by multiple keywords and doctors' expertise can be represented by multiple interests. We provide the correctness and security analysis of our scheme and implement a prototype tool on Ethereum. The experimental results show that our scheme solves the contradiction between the privacy preservation of medical data and the necessity of data sharing.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Haiping Huang,Peng Zhu,Fu Xiao,Xiang Sun,Qinglong Huang

DOI: https://doi.org/10.1016/j.cose.2020.102010

Abstract:How to alleviate the contradiction between the patient's privacy and the research or commercial demands of health data has become the challenging problem of intelligent medical system with the exponential increase of medical data. In this paper, a blockchain-based privacy-preserving scheme is proposed, which realizes secure sharing of medical data between several entities involved patients, research institutions and semi-trusted cloud servers. And meanwhile, it achieves the data availability and consistency between patients and research institutions, where zero-knowledge proof is employed to verify whether the patient's medical data meets the specific requirements proposed by research institutions without revealing patients' privacy, and then the proxy re-encryption technology is adopted to ensure that research institutions can decrypt the intermediary ciphertext. In addition, this proposal can execute distributed consensus based on PBFT algorithm for transactions between patients and research institutions according to the prearranged terms. Theoretical analysis shows the proposed scheme can satisfy security and privacy requirements such as confidentiality, integrity and availability, as well as performance evaluation demonstrates it is feasible and efficient in contrast with other typical schemes.

Riaz Ahmad Ziar,Syed Irfanullah,Wajid Ullah Khan,Abdus Salam

DOI: https://doi.org/10.22581/muet1982.2102.05

2021-04-01

April 2021

Abstract:Blockchain technology provides several suitable characteristics such as immutability, decentralization and verifiable ledger. It records the transactions in a decentralized way and can be integrated into several fields like eHealth, e-Government and smart cities etc. However, blockchain has several privacy and security issues, one of them is the on-chain data privacy. To deal with this issue we provide a privacy-preserving solution for permission less blockchain to empower the user to take control of transaction data in the open ledger. This work focuses on designing and developing the peer-to-peer system using symmetric cryptography and ethereum smart contract. In this scheme, we create smart contracts for the interaction of the data provider, data consumer, and access control list. Data providers register authorized users in the access control list. Data consumers can check their validity in the access control list. After successful validation, data consumers can request the security key from data providers to access secret information. Based on successful validation, a smart contract that is created between the data provider and data consumer is executed to send a key to the data consumer for accessing the secret information. The smart contracts of this proposed model are modeled in solidity, and the performance of the contracts is assessed in the Ropsten test network.

Weiming Tong,Luyao Yang,Zhongwei Li,Xianji Jin,Liguo Tan

DOI: https://doi.org/10.3390/s24031035

IF: 3.9

2024-02-06

Sensors

Abstract:To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Wei Liang,Yang Yang,Ce Yang,Yonghua Hu,Songyou Xie,Kuan-Ching Li,Jiannong Cao

DOI: https://doi.org/10.1109/tr.2022.3190932

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:With the advances and innovations in digital technologies, blockchain has empowered advancements in communications and networking, promising to build trust and establish secure decentralized communications networks. Unfortunately, current personal data privacy protection schemes still suffer from explicit storage, lack of data ownership and implementation of fine-grained access control by users, and lack of transparency and auditability of data. In this article, we propose a personal data privacy protection scheme based on consortium blockchain that stores original data encrypted with an improved Paillier homomorphic encryption mechanism, namely PDPChain, where users realize fine-grained access control based on ciphertext policy attribute-based encryption (CP-ABE) on blockchain. In this scheme, consortium blockchain combines distributed private clusters to store the encrypted data, improving data transmission efficiency, and guaranteeing user privacy and security through off-chain storage and on-chain transmission synergy. In addition, it is more lightweight encryption and demarcation, ultimately protecting personal data privacy and providing a secure and trusted way to obtain information for data mining. For the performance testing, data in the form of files are used as an example, and the scheme is designed and simulated on Hyperledger Fabric and InterPlanetary File System. Experimental results show that the improved Paillier encryption mechanism reduces the overall encryption and decryption elapsed time by 25 and encryption elapsed time by 48. Furthermore, the proposed CP-ABE access control method is adaptive to storing and sharing a massive amount of data. With the increase in the number of access control policies, the overall time-consuming of the scheme does not increase, and the time-consuming of decryption can also be stabilized at about 2 s.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Xiaoshuai Zhang,Chao Liu,Kok Keong Chai,Stefan Poslad

DOI: https://doi.org/10.3390/s20174681

2020-08-19

Abstract:Permissioned blockchains can be applied for sharing data among permitted users to authorise the data access requests in a permissioned blockchain. A consensus network constructed using pre-selected nodes should verify a data requester's credentials to determine if he or she have the correct permissions to access the queried data. However, current studies do not consider how to protect users' privacy for data authorisation if the pre-selected nodes become untrusted, e.g., the pre-selected nodes are manipulated by attackers. When a user's credentials are exposed to pre-selected nodes in the consensus network during authorisation, the untrusted (or even malicious) pre-selected nodes may collect a user's credentials and other private information without the user's right to know. Therefore, the private data exposed to the consensus network should be tightly restricted. In this paper, we propose a challenge-response based authorisation scheme for permissioned blockchain networks named Challenge-Response Assisted Access Authorisation (CRA3) to protect users' credentials during authorisation. In CRA3, the pre-selected nodes in the consensus network do not require users' credentials to authorise data access requests to prevent privacy leakage when these nodes are compromised or manipulated by attackers. Furthermore, the computational burden on the consensus network for authorisation is reduced because the major computing work of the authorisation is executed by the data requester and provider in CRA3.

Zhiwei Wang,Nianhua Yang,Qingqing Chen,Wei Shen,Zhiying Zhang

DOI: https://doi.org/10.23919/jcc.fa.2020-0640.202401

2024-02-13

China Communications

Abstract:For the goals of security and privacy preservation, we propose a blind batch encryption- and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved. Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester. We prove that our protocol is semanticallly secure, blind, and secure against oblivious requesters and malicious file keepers. We also provide security analysis in the context of four typical attacks.

telecommunications

Jing Gong,Yurong Mei,Feng Xiang,Hanshu Hong,Yibo Sun,Zhixin Sun

DOI: https://doi.org/10.1002/ett.4010

IF: 3.6

2020-07-09

Transactions on Emerging Telecommunications Technologies

Abstract:<p>In recent years, the Internet of things (IoT) equipment has grown rapidly, and the scale of the IoT has also expanded. The IoT is deployed in the system in a centralized manner. At the same time that massive data has put a certain amount of pressure on the storage, the open network environment has not fully protected the privacy of the IoT data, which has become one of the important factors restricting the development of the IoT. Blockchain is a point‐to‐point distributed ledger technology based on cryptographic algorithms. The characteristics of decentralization, tamper resistance, anonymity, and public verifiability can alleviate data security issues in IoT. Ring signature and proxy reencryption are common encryption technologies in the field of privacy protection. Therefore, this article combines blockchain technology with ring signature and proxy reencryption to propose a privacy protection solution for the IoT. Through this solution, the data authorized for sharing in the IoT is transmitted in the system in the form of ciphertext, the identity information of the data sender is protected, and the distributed ledger eases the pressure of mass data storage on a centralized server. The correctness and safety of the proposed scheme are also analyzed.</p>

telecommunications

Tong Wu,Weijie Wang,Chuan Zhang,Weiting Zhang,Liehuang Zhu,Keke Gai,Haotian Wang

DOI: https://doi.org/10.1109/jiot.2022.3222453

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Blockchain has been a promising infrastructure for enabling secure data sharing for the Internet of Things (IoT). With the widespread of IoT applications, security issues, such as data privacy, anonymity, and accountability become critical concerns for the users, which are essential principles for secure communication in those applications. However, the existing blockchain-based data-sharing schemes mainly consider data privacy. Only a few works can support anonymity with strong, trusted assumptions. Thus, there is a research gap on the anonymity of blockchain-based data sharing for IoT, which does not rely on any trusted party. In this article, we propose a blockchain-based anonymous data-sharing scheme (BA-DS) by adopting a novel public key encryption derived from a ring signature. In BA-DS, we remove the trusted party and ensure anonymity by using an unconditional linkable ring signature and Signature of Knowledge (SoK). During the revocation, we apply blockchain infrastructure to record the valid revocation list and generate a tag for data stored on the cloud, providing solid accountability. The formal security analysis shows that BA-DS is selective indistinguishable secure in the random oracle model. Additionally, we also prove that BA-DS holds anonymity, data privacy, accountability, and authenticity. The extensive experiments indicate that our proposed BA-DS achieves reasonable efficiency in terms of computational complexity, communication overhead, and consumption on the blockchain.

Chao Liu,Cankun Hou,Tianyu Jiang,Jianting Ning,Hui Qiao,Yusen Wu

DOI: https://doi.org/10.1109/tifs.2024.3427311

IF: 7.231

2024-07-26

IEEE Transactions on Information Forensics and Security

Abstract:Data-driven landscape across finance, government, and healthcare, the continuous generation of information demands robust solutions for secure storage, efficient dissemination, and fine-grained access control. Blockchain technology emerges as a significant tool, offering decentralized storage while upholding the tenets of data security and accessibility. However, on-chain and off-chain strategies are still confronted with issues such as untrusted off-chain data storage, absence of data ownership, limited access control policy for clients, and a deficiency in data privacy and auditability. To solve these challenges, we propose a permissioned blockchain-based privacy-preserving fine-grained access control on-chain and off-chain system, namely FACOS. We applied three fine-grained access control solutions and comprehensively analyzed them in different aspects, which provides an intuitive perspective for system designers and clients to choose the appropriate access control method for their systems. Compared to similar work that only stores encrypted data in centralized or non-fault-tolerant IPFS systems, we enhanced off-chain data storage security and robustness by utilizing a highly efficient and secure asynchronous Byzantine fault tolerance (BFT) protocol in the off-chain environment. As each of the clients needs to be verified and authorized before accessing the data, we involved the Trusted Execution Environment (TEE)-based solution to verify the credentials of clients. Additionally, our evaluation results demonstrated that our system (https://github.com/cliu717/AsynchronousStorage) offers better scalability and practicality than other state-of-the-art designs. We deployed our system on Alibaba Cloud and Tencent Cloud and conducted multiple evaluations. The results indicate that it takes about 2.79 seconds for a client to execute the protocol for uploading and about 0.96 seconds for downloading. Compared to other decentralized systems, our system exhibits efficient latency for both download and upload operations.

computer science, theory & methods,engineering, electrical & electronic

S Garg,R Vashisht

DOI: https://doi.org/10.1088/1742-6596/1998/1/012003

2021-08-01

Journal of Physics: Conference Series

Abstract:Abstract Permissioned blockchain is the blockchain network that requires access to be part of the network. Participant’s actions are governed by the control layer that runs on top of the blockchain. This type of blockchains is preferred by individuals who need role description, identity, and security within the blockchain. Secure multi-party computation (MPC) is a part of cryptography that involves the modeling of procedures for two or more participants who want to work together. These participants involve sharing of input and required computational data for a particular function without sharing their confidential data actively to each other and achieving a common goal which is beneficial to both as the outcome achieved is only revealed to the participants and is highly required for their functional purpose. In this work, SPDZ (Speedz) implementation is explored leveraging additive secret sharing on the private blockchain (Hyperledger fabric). SPDZ protocol is chosen over any other computational protocol as it is highly secured from any active deceptive n-1 participant among the n participants. In this work, a backend is developed that uses a fabric SDK node.js library that interacts with the Hyperledger Fabric network. The proposed solution is shown through a demonstration. This paper concludes that for business-to-business scenarios, using SPDZ protocol on permissioned blockchain provides more security against adversaries as permissioned blockchain provides transparency over the participants of the network. As a result, permissioned blockchain is a more secure choice for enterprises to compute confidential data rather than permissionless blockchain.

Yining Qi,Yubo Luo,Yongfeng Huang,Xing Li

DOI: https://doi.org/10.32604/iasc.2023.030191

2023-01-01

Abstract:Cloud storage has been widely used to team work or cooperation development.Data owners set up groups, generating and uploading their data to cloud storage, while other users in the groups download and make use of it, which is called group data sharing.As all kinds of cloud service, data group sharing also suffers from hardware/software failures and human errors.Provable Data Possession (PDP) schemes are proposed to check the integrity of data stored in cloud without downloading.However, there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing: public verification, identity privacy, collusion attack resistance and traceability.However, none of the published work has succeeded in achieving all of these properties so far.In this paper, we propose a novel blockchain-based ring signature PDP scheme for group shared data, with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature (LHARS) to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evaluation prove that our scheme is both secure and efficient.

Hongyin Chen,Zhaohua Chen,Yukun Cheng,Xiaotie Deng,Wenhan Huang,Jichen Li,Hongyi Ling,Mengqian Zhang

DOI: https://doi.org/10.48550/arxiv.2002.06852

2020-01-01

Abstract:The design of permissioned blockchains places an access control requirementfor members to read, access, and write information over the blockchains. Inthis paper, we study a hierarchical scenario to include three types ofparticipants: providers, collectors, and governors. To be specific, providersforward transactions, collected from terminals, to collectors; collectorsupload received transactions to governors after verifying and labeling them;and governors validate a part of received labeled transactions, pack valid onesinto a block, and append a new block on the ledger. Collectors in thehierarchical model play a crucial role in the design: they have connectionswith both providers and governors, and are responsible for collecting,verifying, and uploading transactions. However, collectors are rational andsome of them may behave maliciously (not necessarily for their own benefits).In this paper, we introduce a reputation protocol as a measure of thereliability of collectors in the permissioned blockchain environment. Itsobjective is to encourage collectors to behave truthfully and, in addition, toreduce the verification cost. The verification cost on provider p is definedas the total number of invalid transactions provided by p and checked bygovernors. Through theoretical analysis, our protocol with the reputationmechanism has a significant improvement in efficiency. Specifically, theverification loss that governors suffer is proved to be asymptoticallyO(√(T_total)) (T_total, representing the number of transactionsverified by governors and provided by p), as long as there exists at leastone collector who behaves well. At last, two typical cases where our model canbe well applied are also demonstrated.

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security