Suhui Liu,Jiguo Yu,Yinhao Xiao,Zhiguo Wan,Shengling Wang,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2993231

IF: 10.6

2020-09-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) changed our lives with huge amounts of data production. Due to source-limited IoT devices, one of the best ways to process the data is cloud storage. However, a series of security and privacy issues arise, such as illegal data access, data tampering, and privacy leak. Though symmetric encryption can guarantee data confidentiality, it cannot realize fine-grained data sharing and searching. The keyword-based searchable attribute-based encryption (KSABE) can achieve data confidentiality and fine-grained access control. More importantly, it realizes a keyword-based search for data users. However, the heavy decryption computation burden and the management of massive user keys appear when implementing attribute-based encryption schemes to IoT. Therefore, this article proposes a blockchain-aided searchable attribute-based encryption (BC-SABE) with efficient revocation and decryption, where the traditional centralized server is replaced with a decentralized blockchain system being in charge of the threshold parameter generation, key management, and user revocation. All revocation tasks are done by the blockchain and it is on longer necessary for ciphertext reencryption and key update. Moreover, users utilize the coalition blockchain to generate partial tokens. Besides, the cloud server contained in our scheme not only stores the massive encrypted data but also performs search and predecryption for users who only require one exponentiation in the group ${mathbb {G}}$ to decrypt fully. Security analyses prove that our scheme realizes the security under the chosen plaintext attack and the chosen keyword attack. Simulations show that the decryption and token generation cost of our scheme are preferable.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rashmi Raj,Mohona Ghosh

DOI: https://doi.org/10.1007/s12083-024-01648-4

IF: 3.488

2024-03-09

Peer-to-Peer Networking and Applications

Abstract:To ensure safe exchange of data in IoT-enabled-supply-chain network and safeguard other security issues, IoT devices should have an access control system that can regulate resource access in a permissioned manner. Traditional access control mechanisms (ACM) can guarantee that but lack wide adoption owing to centralized architecture, single point of failure, and limited security. A blockchain-based ACM can address all the above challenges, however, still some limitations exist. Firstly, blockchain provides data verifiability and user transparency, meaning that all stored information is accessible to network nodes for verification leading to privacy issues of sensitive data. Secondly, encryption-based solutions can address the privacy concern but require sharing of secret keys with unknown peers entailing another security risk. Thirdly, due to limited block size in blockchain, IoT-enabled-supply-chain networks prefer storing all the data in the cloud or a central server, which has their own threat concerns. In this work, we propose a blockchain-based ACM that integrates Bell La Padula (BLP) Model, Proxy Re-Encryption, and IPFS to address all the above challenges. BLP enforces fine-grained access control without performing high computation and ensures data confidentiality. With the Proxy Re-encryption, only authorized parties can decrypt data but without revealing the private key of the data owner. Meanwhile, IPFS eliminates the need for cloud servers and provides a more secure offsite storage. The security analysis of the proposed framework is presented using BAN logic. We also provide a thorough security comparison with other peer models to establish the superiority of our proposed work. Furthermore, smart contract-based implementation through Truffle is done to analyse the framework's effectiveness.

computer science, information systems,telecommunications

Tong Wu,Weijie Wang,Chuan Zhang,Weiting Zhang,Liehuang Zhu,Keke Gai,Haotian Wang

DOI: https://doi.org/10.1109/jiot.2022.3222453

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Blockchain has been a promising infrastructure for enabling secure data sharing for the Internet of Things (IoT). With the widespread of IoT applications, security issues, such as data privacy, anonymity, and accountability become critical concerns for the users, which are essential principles for secure communication in those applications. However, the existing blockchain-based data-sharing schemes mainly consider data privacy. Only a few works can support anonymity with strong, trusted assumptions. Thus, there is a research gap on the anonymity of blockchain-based data sharing for IoT, which does not rely on any trusted party. In this article, we propose a blockchain-based anonymous data-sharing scheme (BA-DS) by adopting a novel public key encryption derived from a ring signature. In BA-DS, we remove the trusted party and ensure anonymity by using an unconditional linkable ring signature and Signature of Knowledge (SoK). During the revocation, we apply blockchain infrastructure to record the valid revocation list and generate a tag for data stored on the cloud, providing solid accountability. The formal security analysis shows that BA-DS is selective indistinguishable secure in the random oracle model. Additionally, we also prove that BA-DS holds anonymity, data privacy, accountability, and authenticity. The extensive experiments indicate that our proposed BA-DS achieves reasonable efficiency in terms of computational complexity, communication overhead, and consumption on the blockchain.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.ins.2020.12.035

IF: 8.1

2021-01-01

Information Sciences

Abstract:Attribute-based encryption (ABE) is considered to be one of the most suitable schemes for cryptographic access control in the big data environment. But it still faces many challenges to be applied in the Internet of Things (IoT). ABE is implemented based on bilinear pairing, which is considered to be an expensive operation. However, there are lots of IoT devices with constrained resources. Proxy re-encryption methods based on the cloud are proposed to reduce computing overhead on the user side, but an untrusted cloud may give incorrect computing results to mislead users. To solve this problem, an access control scheme with lightweight decryption based on ABE and blockchain technologies is proposed. We assume that the cloud is untrusted, and guarantee the accuracy of proxy re-encryption calculation based on blockchain. In addition, how to encourage users to obtain authorization through blockchain and record access behavior on the blockchain is a problem worthy of attention. This paper proposes a user credibility incentive mechanism, which calculates the user's credibility according to the user's access behavior and gives a reputation score, so as to dynamically adjust the endorsement protocol. Security analysis and experimental results show that the proposed method is reliable and efficient. (C) 2020 Elsevier Inc. All rights reserved.

Muhammad Saad,Muhammad Raheel Bhutta,Jongik Kim,Tae-Sun Chung

DOI: https://doi.org/10.32604/cmc.2024.047132

2024-01-01

Abstract:With the increase in IoT (Internet of Things) devices comes an inherent challenge of security. In the world today, privacy is the prime concern of every individual. Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage. The challenge is keeping confidentiality and continuing to make the person innominate throughout the system. To address this, we present our proposed architecture where we manage IoT devices using blockchain technology. Our proposed architecture works on and off blockchain integrated with the closed-circuit television (CCTV) security camera fixed at the rental property. In this framework, the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions. One entity (owner or renter) can see the CCTV security camera feed at one time. There is no third-party dependence except for the CCTV security camera deployment phase. Our contributions include the proposition of framework architecture, a novel smart contract algorithm, and the modification to the ring signatures leveraging an existing cryptographic technique. Analyses are made based on different systems’ security and key management areas. In an empirical study, our proposed algorithm performed better in key generation, proof generation, and verification times. By comparing similar existing schemes, we have shown the proposed architectures’ advantages. Until now, we have developed this system for a specific area in the real world. However, this system is scalable and applicable to other areas like healthcare monitoring systems, which is part of our future work.

computer science, information systems,materials science, multidisciplinary

Dezhi Han,Yujie Zhu,Dun Li,Wei Liang,Alireza Souri,Kuan-Ching Li

DOI: https://doi.org/10.1109/tii.2021.3114621

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) devices are widely considered in smart cities, intelligent medicine, and intelligent transportation, among other fields that facilitate people's lives, producing a large amount of private data. However, due to the mobility, limited performance, and distributed deployment of IoT, traditional access control methods cannot support the security of private data's access control process in current IoT environments. To address such problems, this article proposes an auditable access control model, based on an attribute-based access control model, and manages the access control policy for private data through the request record, the response record, and the access record stored in the blockchain network. Additionally, a Blockchain-based auditable access control system is also proposed based on the auditable access control model, ensuring private data security in IoT environments and realizing effective management and auditable access to these data. Experimental results show that the proposed system can maintain high throughput while ensuring private data security for real application scenarios in IoT environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yogesh M Gajmal,R. Udayakumar

DOI: https://doi.org/10.1080/19393555.2021.1933270

2021-06-28

Information Security Journal: A Global Perspective

Abstract:The outsourcing of Electronic Health Records (EHR) on cloud infrastructures has enabled medical data sharing among several healthcare applications. The blockchain offers security by authenticating users with encryption methods. The collaboration with the cloud provides better management but poses threats to the privacy of the patient. This paper devises a novel blockchain-assisted framework for effective data sharing and retrieval using cloud platforms. Here, the data protection model is devised in EHR application for secure transmission. The entities in the cloud platform include data user, data owner, smart agreement, transactional blockchain, and Inter-Planetary File System (IPFS). Here, the data owner includes a data protection model to secure EHR in which secured EHR is transferred to IPFS before sharing with the data user. The data protection is done by preserving data privacy using Tracy-Singh product and proposed Conditional Autoregressive Value at risk (CAViaR)-based Bird swarm algorithm (CAViaR-based BSA) combination of BSA and CAViaR for generating optimal privacy-preserving coefficients. The objective function is newly devised considering privacy and utility. The proposed CAViaR-based BSA outperformed other methods with minimal responsiveness of 251.339 s, maximal genuine user detection of 32.451%, maximal privacy of 96.5%, and minimal information loss of 3.5%.

Liang Yan,Lina Ge,Zhe Wang,Guifen Zhang,Jingya Xu,Zheng Hu

DOI: https://doi.org/10.1186/s13677-023-00444-4

2023-04-19

Journal of Cloud Computing

Abstract:With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Shuixiang Li,Ruixuan Li,Yu Zhang,Yongfeng Huang

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00093

2020-01-01

Abstract:The proliferation of mobile smartphones and the Internet has enabled people to stay online, gradually changing how people live and work. Particularly during epidemic isolation, people are more likely to communicate online via the Internet. Limited by the storage capacity and network bandwidth of mobile terminals, users are more likely to use the cloud to store and share data. However, data stored by centralized cloud services in a semi-trusted environment is at risk of being compromised, and most systems use cryptographic access control for the data, which failed to achieve fine-grained access control. In this paper, we propose a data access control system based on cloud and blockchain integration (CBI), which takes the decentralized, tamper-proof characteristics of blockchain and combines the advantages of cloud storage to design a novel integrated architecture, and designed a CBI-CP-ABE algorithm to implement attribute-based encryption for fine-grained access control. Experiments show that our proposed solution has similar performance to traditional data access control systems, and users have higher control and management rights over their data in the cloud so that they can store and share data more securely and keep track of their data usage.

Jingchi Zhang,Anwitaman Datta

DOI: https://doi.org/10.48550/arXiv.2309.04125

2023-09-08

Abstract:In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.

Cryptography and Security

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mpyana Mwamba Merlec,Hoh Peter In

DOI: https://doi.org/10.1109/jiot.2024.3371504

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Integrating blockchain technology with the Internet of Things (IoT) facilitates seamless interaction between IoT devices and systems to securely share, access, and exchange data. However, ensuring adequate access control within blockchain-enabled IoT (BIoT) systems remains a significant challenge. It is often difficult to adapt existing access control mechanisms to the dynamic and context-dependent nature of IoT environments, necessitating a robust context-aware approach to ensure adequate security and the privacy of resources within BIoT systems. In this paper, we propose a novel smart contract-enabled context-aware access control (SC-CAAC) scheme for BIoT systems. It utilizes context-aware access control models that consider contextual information, including user profile, purpose, date, time, location, resource, and operating environment specifications, to make access control decisions. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data and resources are accessible only to authorized users. The proposed scheme leverages the immutability, transparency, and decentralization of a blockchain that is shared by multiple participants in a consortium network, removing the need for a central authority to record and audit access control policies and decisions and promoting accountability and trust. The implementation and evaluation of our proposed scheme using the Hyperledger Besu blockchain demonstrates its effectiveness and scalability in real-world scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mingxin Ma,Guozhen Shi,Fenghua Li

DOI: https://doi.org/10.1109/access.2019.2904042

IF: 3.9

2019-01-01

IEEE Access

Abstract:The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability, and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Shoayee Dlaim Alotaibi

DOI: https://doi.org/10.1108/ijpcc-03-2022-0123

2022-08-11

International Journal of Pervasive Computing and Communications

Abstract:Purpose Be that as it may, BC is computationally costly, has restricted versatility and brings about critical transmission capacity upward and postpones, those seems not to be fit with Internet of Things (IoT) setting. A lightweight scalable blockchain (LSB) which is improved toward IoT necessities is suggested by the authors and investigates LSB within brilliant house setup like an agent model to enable more extensive IoT apps. Less asset gadgets inside brilliant house advantage via any unified chief which lays out common units for correspondence also cycles generally approaching and active solicitations. Design/methodology/approach Federated learning and blockchain (BC) have drawn in huge consideration due to the unchanging property and the relevant safety measure and protection benefits. FL and IoT safety measures' difficulties can be conquered possibly by BC. Findings LSB accomplishes fragmentation through shaping any overlaid web with more asset gadgets mutually deal with a public BC and federated learning which assures complete protection also security. Originality/value This overlaid is coordinated as without error bunches and reduces extra efforts, also batch leader will be with answer to handle commonly known BCs. LSB joins some of advancements which also includes computations related to lesser weighing agreement, optimal belief also throughput regulatory body.

Isma Masood,Ali Daud,Yongli Wang,Ameen Banjar,Riad Alharbey

DOI: https://doi.org/10.1007/s11042-023-17941-y

IF: 2.577

2024-01-06

Multimedia Tools and Applications

Abstract:The integration of wireless body sensor networks with cloud computing introduces numerous challenges in ensuring the privacy and security of patient data, including access control, scalability, privacy, data confidentiality, authorization rights management, multiple access control policies, audit control, and the availability of personal health information (PHI). Traditional sensor-cloud infrastructure (S-CI) architectures, typically reliant on a single trusted authority, struggle to address these multifaceted challenges. Recognizing the evolving landscape and the need for robust security measures, Blockchain technology has emerged as a promising solution, showcasing significant advancements in various domains, especially healthcare. This study presents a detailed examination of the complex challenges within the S-CI paradigm and propose a comprehensive blockchain-based system designed to enhance the privacy and security of patient data. Our approach surpasses conventional architectures by introducing an innovative Blockchain-Based Access Control Model (BBACM). This model is specifically tailored to effectively manage authorization rights for accessing both patient physiological parameters (PPPs) and PHI. To validate the practicality and effectiveness of proposed BBACM, a real use case scenario involving a paralysis patient is implemented. Experimental results showcase that our model significantly improves fine-grained access control, security, privacy, scalability, and availability of PHI. By leveraging the decentralized and tamper-resistant nature of blockchain, our system provides a robust framework for addressing the identified challenges in S-CI. The introduced BBACM establishes a foundation for secure and privacy-preserving healthcare data management, offering a promising solution to the intricate security and privacy issues associated with the integration of wireless body sensor networks and cloud computing.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Guangquan Xu,Chen Qi,Wenyu Dong,Lixiao Gong,Shaoying Liu,Si Chen,Jian Liu,Xi Zheng

DOI: https://doi.org/10.1109/jbhi.2022.3203577

IF: 7.7

2023-02-01

IEEE Journal of Biomedical and Health Informatics

Abstract:With the increasing penetration of the Internet of things (IoT) into people's lives, the limitations of traditional medical systems are emerging. First, the typical way of handling sensitive information can easily lead to privacy disclosure. Second, the medical system is relatively isolated. It is difficult for one medical system to share data with another, and the scope of users' activities is limited within the system boundary. To solve these two problems, we propose a new privacy-preserving medical data-sharing scheme by introducing the authorization mechanism and attribute-based encryption (ABE) based on blockchain, which breaks system boundaries and realizes data sharing among several medical institutions. ABE is used to realize scalable access control. In addition, doctors can share their knowledge to diagnose users by introducing many-to-many matching, which means that patients' health data can be represented by multiple keywords and doctors' expertise can be represented by multiple interests. We provide the correctness and security analysis of our scheme and implement a prototype tool on Ethereum. The experimental results show that our scheme solves the contradiction between the privacy preservation of medical data and the necessity of data sharing.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems