Yingjie Xia,Wenzhi Chen,Xuejiao Liu,Luming Zhang,Xuelong Li,Yang Xiang

DOI: https://doi.org/10.1109/tits.2017.2653103

IF: 8.5

2017-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) have drawn much attention of researchers. The vehicles in VANETs frequently join and leave the networks, and therefore restructure the network dynamically and automatically. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video, which require access control with efficient privacy preservation. Ciphertext-policy attribute-based encryption (CP-ABE) is adopted to meet the requirements. However, solutions based on traditional CP-ABE suffer from challenges of the limited computational resources on-board units equipped in the vehicles, especially for the complex policies of encryption and decryption. In this paper, we propose a CP-ABE delegation scheme, which allows road side units (RSUs) to perform most of the computation, for the purpose of improving the decryption efficiency of the vehicles. By using decision tree to jointly optimize multiple factors, such as the distance from RSU, the communication and computational cost, the CP-ABE delegation scheme is adaptively activated based on the estimation of various vehicles decryption overhead. Experimental results thoroughly demonstrate that our scheme is effective and efficient for multimedia data forwarding in vehicular ad-hoc networks with privacy preservation.

Ruidong Li,Hitoshi Asaeda,Jie Li

DOI: https://doi.org/10.1109/jiot.2017.2666799

2017-01-01

Abstract:In Information-Centric Internet of Things (ICIoT), Internet of Things (IoT) data can be cached throughout a network for close data copy retrievals. Such a distributed data caching environment, however, poses a challenge to flexible authorization in the network. To address this challenge, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However, in the existing CP-ABE scheme, publishers need to retrieve attributes from a centralized server for encrypting data, which leads to high communication overhead. To solve this problem, we incorporate CP-ABE and propose a novel Distributed Publisher-Driven secure data sharing for ICIoT (DPD-ICIoT) to enable only authorized users to retrieve IoT data from distributed cache. In DPD-ICIoT, newly introduced attribute manifest is cached in the network, through which publishers can retrieve the attributes from nearby copy holders instead of a centralized attribute server. In addition, a key chain mechanism is utilized for efficient cryptographic operations, and an automatic attribute self-update mechanism is proposed to enable fast updates of attributes without querying centralized servers. According to the performance evaluation, DPD-ICIoT achieves lower bandwidth cost compared to the existing CP-ABE scheme.

Yunqing Sun,Jin Cao,Maode Ma,Yinghui Zhang,Hui Li,Ben Niu

DOI: https://doi.org/10.1109/tdsc.2020.2989784

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Device-to-device (D2D) communication as direct communication technology has many application scenarios and plays a very important role in the fifth-generation (5G) era. Using D2D communication in third generation partnership project (3GPP) 5G Heterogeneous Network (HetNet) can effectively relieve the network traffic pressure and reduce the energy consumption of the base station. However, there are numerous security threats in D2D applications since the D2D communication remains in the early stage. The existing standards and solutions rarely consider device discovery, efficient authentication, mutual authentication, and key negotiation with privacy protection for D2D user equipment (UE) in heterogeneous access scenarios. In this article, we present a unified efficient anonymity proximity device discovery and batch authentication mechanism for heterogeneous D2D UEs based on a new proposed efficient pairing-free certificateless batch signature (CLBS), the identity-based prefix encryption and Chinese remainder theorem (CRT). Our proposed scheme can be applied to all the 5G heterogeneous access scenarios of D2D communication. The security analysis and performance results show that our scheme can achieve mutual authentication, key agreement, identity privacy protection, batch verification, and resist several protocol attacks with ideal efficiency.

computer science, information systems, software engineering, hardware & architecture

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Jian Wang,Chunxiao Ye,Yangfei Ou

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00092

2019-01-01

Abstract:Cloud computing have brought a lot of advantages, such as reducing the hardware cost and providing a convenient cloud storage service. More and more people choose to put their private data in the cloud. However, due to data outsourcing and seminal-trusted cloud servers, data access control has becoming a challenging issue. To protect data security and privacy, some ciphertext policy attribute-based encryption (CP-ABE) schemes have been applied to cloud data access control. However, there are two dynamic issues, namely attribute revocation and policy updating, that need to be solved in the existing CP-ABE schemes. In this paper, we propose a fine-grained dynamic multi-authority cloud data access control scheme, which can solve the above two problems. Besides, our scheme can also support user revocation, which make it more practical. The analysis and simulation results show that our scheme is secure in the random oracle model and is efficient.

Hao Xu,Cunhua Pan,Wei Xu,Jianfeng Shi,Ming Chen,Wei Heng

DOI: https://doi.org/10.1109/glocom.2018.8647915

2018-01-01

Abstract:This paper investigates the physical layer security issue of a device-to-device (D2D) underlaid cellular system with a multi-antenna base station (BS) and a multi-antenna eavesdropper. To investigate the potential of D2D communication in improving network security, the conventional network without D2D users (DUs) is first considered. It is shown that the problem of maximizing the sum secrecy rate (SR) of cellular users (CUs) for this special case can be transformed to an assignment problem and optimally solved. Then, a D2D underlaid network is considered. Since the joint optimization of resource block (RB) allocation, CU-DU matching and power control is a mixed integer programming, the problem is difficult to handle. Hence, the RB assignment process is first conducted by ignoring D2D communication, and an iterative algorithm is then proposed to solve the remaining problem. Simulation results show that the sum SR of CUs can be greatly increased by D2D communication, and compared with the existing schemes, a better secrecy performance can be obtained by the proposed algorithms.

Su Huang,Yuan Luo

DOI: https://doi.org/10.1049/cp.2014.1263

2014-01-01

Abstract:Cloud storage services enable users to remotely store their data and conveniently share their information. One critical issue is how to achieve data security and realize data access policy in cloud storage services. Existing schemes based on Ciphertext-Policy Attribute-Based Encryption (CP-ABE) have been proposed to achieve secure access control for outsourced data in cloud computing. However, due to the inefficiency of decryption and the inflexibility, most of these schemes are not suitable to realize distributed access control for cloud storage systems. In this paper, we propose a fully distributed, scalable and effective data access control scheme to encrypt and decrypt data, which bases on the lowest density maximum distance separable (LD-MDS) code.The introduction of the LD-MDS code in this field improves performance greatly in decryption stage. Security analysis indicates that the proposed scheme is secure and achieves fine-grained access control, collusion resistant, backward security and forward security simultaneously. Extensive performance analysis and experiment show that our scheme is much more efficient than existing CP-ABE system in cloud storage services.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.3390/s18051609

IF: 3.9

2018-01-01

Sensors

Abstract:Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Kan Yang,Xiaohua Jia,Kui Ren,Bo Zhang

DOI: https://doi.org/10.1109/tifs.2013.2279531

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Data access control is an effective way to ensure data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.

Manzoor Ahmed,Yong Li,Zhuo Yinxiao,Muhammad Sheraz,Dianlei Xu,Depeng Jin

DOI: https://doi.org/10.1109/tvt.2019.2890879

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Device-to-device (D2D) communication standardization is underway and considered as one of the key technologies in the 5G ecosystem. Eavesdropping is a well-known security risk for D2D communications. Thus, ensuring information security for both cellular users (CUs) and D2D pairs in an underlay network is quite challenging. In this paper, we look into the problem of physical-layer secure transmission jointly with resource allocation in D2D communications. Existing research works for D2D underlay networks considered perfect channel state information (CSI), which is usually unrealistic in practical networks due to the wireless channels' dynamic nature. Hence, unlike the previous works, we are considering imperfect CSI that include estimation errors. We leverage social-domain and frame a coalitional game approach, enabling multiple D2D pairs to share CU spectral resource. We assume heterogeneous cellular network based practical scenario considering multiple eavesdroppers, intra-cell interference, and inter-cell interference to evaluate achievable performances in terms of sum-rate and secrecy capacity for both CUs and D2D pairs. Moreover, we prove our proposed algorithm stability, convergence, and computational complexity. The simulation results establish the effectiveness of our proposed approach that not only maximizes the sum rate (i.e., 10%-60%) but also improves the secrecy capacity (i.e., 20%-67%) in comparison to the baseline schemes.

Yunqing Sun,Jin Cao,Xiongpeng Ren,Canhui Tang,Ben Niu,Yinghui Zhang,Hui Li

DOI: https://doi.org/10.1109/tits.2024.3368335

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Device-to-device (D2D) communication, as a traffic offloading technology in the fifth-generation (5G) network, can be widely used in several scenarios to provide 5G characteristics of higher speed, lower latency, and larger capacity. D2D data transmission over wireless channels among mobile devices is vulnerable to security threats and privacy violations from third parties and relay nodes. However, academia and industry have yet to propose relevant schemes or standards for D2D relay data transmission scenarios. We first propose a generic construction for D2D relay communication in this paper. Then, a concrete anonymous and secure D2D data transmission scheme with trajectory tracking is presented based on Chebyshev polynomials, hash-based message authentication code, and symmetric encryption. We employ a formal verification tool -Tamarin, modal logic analysis -BAN logic, and informal security analysis to demonstrate the security features of the proposed scheme. The performance evaluation shows that the proposed scheme can achieve desirable efficiency compared with other related schemes. Finally, we developed an APP‘, D2DWatchmen’, to simulate the whole protocol and test its robustness and real execution time, where the result shows good availability and effectiveness.

engineering, electrical & electronic,transportation science & technology, civil

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.1109/access.2018.2844829

IF: 3.9

2018-01-01

IEEE Access

Abstract:Nowadays, secure data access control has become one of the major concerns in a cloud storage system. As a logical combination of attribute-based encryption and attribute-based signature, attribute-based signcryption (ABSC) can provide confidentiality and an anonymous authentication for sensitive data and is more efficient than traditional ``encrypt-then-sign”or ``sign-then-encrypt”strategies. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention in recent years. However, in many previous ABSC schemes, user's sensitive attributes can be disclosed to the authority, and only a single authority that is responsible for attribute management and key generation exists in the system. In this paper, we propose PMDAC-ABSC, a novel privacy-preserving data access control scheme based on Ciphertext-Policy ABSC, to provide a fine-grained control measure and attribute privacy protection simultaneously in a multi-authority cloud storage system. The attributes of both the signcryptor and the designcryptor can be protected to be known by the authorities and cloud server. Furthermore, the decryption overhead for user is significantly reduced by outsourcing the undesirable bilinear pairing operations to the cloud server without degrading the attribute privacy. The proposed scheme is proven to be secure in the standard model and has the ability to provide confidentiality, unforgeability, anonymous authentication, and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Zhishuo Zhang,Guanjie Huang,Sunqiang Hu,Wei Zhang,Yi Wu,Zhiguang Qin

DOI: https://doi.org/10.1109/icccs52626.2021.9449093

2021-01-01

Abstract:Attribute-based encryption (ABE) is an emergent cryptographic primitive introduced in recent years. Due to its fine-grained access policy, ABE has been widely used in cloud security to build an attribute-based access control architecture. As a promising edge technology, Mobile Edge Computing (MEC), introduced for the Internet of Mobile Things (IoMT), provides the high quality services for the end-users with mobile IoT devices. In MEC, the data is stored and processed isolately and independently in fog nodes or cloudlets located at the edge of the Internet in the vicinity of the mobile users. But in most existing ABE schemes, researchers only consider there is a single data storage in the system. So this makes the existing ABE scheme not applicable for the MEC with distributed micro data storages. To solve this prominent challenge in traditional ABE, in this paper, we propose a fully decentralized outsourced ABE scheme (FDO-ABE) acted as the access control architecture for the MEC. Our FDO-ABE scheme, based on the non-interactive multi-authority ABE (NI-MA-ABE) scheme, not only supports the multi attribute authorities (AAs) in generating the multi attribute-based private keys for user, but also provides the independent and isolated ciphertext storage for the distributed cloudlets or fog nodes. What's more, to offload the computational intensive tasks from mobile devices, we design an efficient outsourced decryption (oDec) algorithm for our FDO-ABE scheme. By using our oDec algorithm, the complex operations in decryption phase can be transmitted from mobile IoT devices to the cloudlets. Summing up, our FDO-ABE scheme is more suitable as an access control model for MEC.

Xiguang Zhang,Yong Shang,Shiwei Yan,Dehuai Li,Junqi Guo

DOI: https://doi.org/10.1109/MILCOM.2016.7795494

2016-01-01

Abstract:With development of mobile communication, transmission load of cellular network has greatly increased. In order to relieve spectrum resource scarcity, heterogeneous cellular network has been proposed. In heterogeneous cellular networks, D2D users share frequency resource with cellular users, which improves frequency efficiency effectively. However, serious security problem may be incurred since cellular users are able to overhear information from D2D users underlying in cellular communication links. This paper focuses on improving the secrecy capacity of D2D users in a heterogeneous cellular network by designing adaptive power control and access control schemes. Specifically, we firstly determined a basic security area in which cellular users can be regarded as eligible access objects for D2D users. Then the optimal expression of D2D transmitting power is determined when D2D users share resource with a cellular user located in the basic security area. Finally, we selected a cellular user for D2D pair to access according to the level of information confidentiality. When there's high level of information confidentiality, the Simulated Annealing Algorithm was performed to find a cellular user in order to improve security capacity as much as possible. When D2D pairs communicated normal information, the access object was randomly selected from all cellular users located in basic safety area.

Haifeng Li,Caihui Lan,Xingbing Fu,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.3390/s20174720

IF: 3.9

2020-01-01

Sensors

Abstract:With the explosion of various mobile devices and the tremendous advancement in cloud computing technology, mobile devices have been seamlessly integrated with the premium powerful cloud computing known as an innovation paradigm named Mobile Cloud Computing (MCC) to facilitate the mobile users in storing, computing and sharing their data with others. Meanwhile, Attribute Based Encryption (ABE) has been envisioned as one of the most promising cryptographic primitives for providing secure and flexible fine-grained “one to many” access control, particularly in large scale distributed system with unknown participators. However, most existing ABE schemes are not suitable for MCC because they involve expensive pairing operations which pose a formidable challenge for resource-constrained mobile devices, thus greatly delaying the widespread popularity of MCC. To this end, in this paper, we propose a secure and lightweight fine-grained data sharing scheme (SLFG-DSS) for a mobile cloud computing scenario to outsource the majority of time-consuming operations from the resource-constrained mobile devices to the resource-rich cloud servers. Different from the current schemes, our novel scheme can enjoy the following promising merits simultaneously: (1) Supporting verifiable outsourced decryption, i.e., the mobile user can ensure the validity of the transformed ciphertext returned from the cloud server; (2) resisting decryption key exposure, i.e., our proposed scheme can outsource decryption for intensive computing tasks during the decryption phase without revealing the user’s data or decryption key; (3) achieving a CCA security level; thus, our novel scheme can be applied to the scenarios with higher security level requirement. The concrete security proof and performance analysis illustrate that our novel scheme is proven secure and suitable for the mobile cloud computing environment.

Qijun Han,Gang Feng,Shuang Qin,Qianyi Zhang

DOI: https://doi.org/10.1109/wcncw48565.2020.9124798

2020-01-01

Abstract:The forthcoming mobile cellular networks (5G) and beyond need to address the challenges of performance requirements in diverse technical scenarios, such as seamless wide-area coverage, hot-spot high-capacity, and low power massive connections, etc. It is widely recognized that Heterogeneous Network (HetNet) is an effective network architecture for addressing these challenges, especially dealing with the access control issue of massive machine-type communication (mMTC). In this paper, we propose a device-to-device (D2D) communication-assisted MTC access mechanism with aim of maximizing the number of admitted MTCDs (MTCDs) in the system while ensuring the quality of service (QoS) requirements of MTCDs. In our proposed scheme, we first determine the access mode for the devices that fail in directly accessing the base station. Specifically, another MTCD which has been successfully connected to the base station (BS) is selected as the relay for a specific MTCD via device-to-device (D2D) communications. We first formulate the access control problem of maximizing the number of admitted MTCDs and prove its NP-hardness. We then resort to genetic algorithm (GA) to solve the optimal relay MTCD selection problem. We conduct simulation experiments to evaluate the performance of our proposed algorithm and numerical results show that the proposed algorithm outperforms the traditional algorithms in terms of the number of successful access MTCDs, transmission rate, and system throughput.

Hua Deng,Zheng Qin,Qianhong Wu,Zhenyu Guan,Hui Yin

DOI: https://doi.org/10.1109/tsc.2020.2984757

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:It is becoming fashionable for people to access data outsourced to clouds with mobile devices. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud storage systems. However, one of the main efficiency drawbacks of ABE is the high computation overheads at mobile devices during user revocation and file access. To address this issue, we propose a revocable attribute-based data storage (RADS) scheme equipped with several attracting features. First, our RADS scheme achieves a fine-grained access control mechanism, by which file owners do not need to explicitly specify authorized visitors to their outsourced files. Second, our RADS scheme allows mobile users to authorize the cloud service provider (CSP) to share costly computations in file access, without exposing the file content. Third, our RADS scheme offloads the operations of access-credential update and file re-encryption during revocation process to CSP, leaving all non-revoked users undisturbed. The revocation of RADS achieves a strong data protection, i.e., revoked users can access neither newly uploaded files nor old ones. The security and efficiency of the RADS scheme are validated via both analysis and experimental results.

Rongqing Zhang,Xiang Cheng,Liuqing Yang

DOI: https://doi.org/10.1109/icc.2016.7511531

2016-01-01

Abstract:In this paper, we investigate the physical layer security issue in Device-to-Device (D2D) communications underlaying cellular networks. In order to optimize the system secrecy rate of the cellular secure communication, we derive the optimal joint power control solutions of both the cellular communication links and D2D pairs in terms of the secrecy capacity. Furthermore, we propose a secrecy-based joint power and access control (JPAC) scheme with optimum D2D pair selection mechanism that can achieve an improved network secrecy performance with very low computational complexity. Simulation results validate the efficiency of the proposed secrecy-based JPAC scheme.

Xuesen Peng,Haibo Zhou,Bo Qian,Kai Yu,Feng Lyu,Wenchao Xu

DOI: https://doi.org/10.1109/jiot.2020.2975754

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the emergence of automated driving technology, wireless demand for secure information exchange among automated vehicles has increased dramatically. To this end, we design a security-aware dynamic device-to-device (D2D) spectrum resource sharing mechanism to enhance the security of vehicular D2D communications with the improved spectrum efficiency. Considering both resource block (RB) sharing and power control, we model this joint D2D spectrum resource sharing process as a weighted bipartite graph matching problem whose weights are obtained through deriving the closed-form solutions of power control in an algebraic method. Then, the global optimal solutions of the matching problem are obtained by using the Hungarian algorithm. Furthermore, a security-aware RB and power allocation (SA-RBPA) mechanism compatible with existing cellular networks is proposed for the small cell base station applications. Extensive simulation results have shown that, compared with existing approaches that consider RB reusing strategy or power control scheme optimization alone, the SA-RBPA scheme is able to realize a better spectrum efficiency and security performance.

Bei Gong,Chong Guo,Yi-Jing Liu,Qian Wang

DOI: https://doi.org/10.1109/mnet.2023.3317109

IF: 10.294

2023-01-01

IEEE Network

Abstract:As the next-generation internet paradigm, Web 3.0 aims to build a free, equal and decentralized Internet. Different from the data monopoly of the Internet oligarchy in Web 2.0, users in Web 3.0 are fairly endowed with the right to store, share, access and manage data. However, as data leakage, tampering and loss may result in a forfeiture of users’ data control, the security of data storage has become a key and essential prerequisite to safeguard users’ data rights. Blockchain has gained widespread acknowledgment as a prospective technology for solving data security. Nonetheless, its primary suitability for large-scale datasets is limited, owing to the substantial communication and storage overheads. Fortunately, a distributed data storage network (DDSN) can compensate for accommodating large-scale datasets by providing sizeable and inexpensive storage space. In this article, we first summarize the data storage advantages of blockchain and DDSN, and analyze their security challenges in terms of access control, authenticity and confidentiality. To address these challenges, we propose a general and versatile data security storage framework, where we adopt ciphertext-policy attribute-based encryption (CP-ABE) to enable user-centric fine-grained access control and decentralized authorization. Furthermore, to reduce storage costs while protecting data authenticity, we propose a ciphertext split storage model for CP-ABE. In this model, the CP-ABE ciphertext is divided into the attribute component and the data component based on functional structure to realize on-chain/off-chain split storage. In addition, by embedding the ambiguity factor required for decryption and the attributes in the access policy into the index, we design an efficient attribute-based keyword search mechanism to resolve the conflict between confidentiality and availability caused by encryption. Finally, we demonstrate the effective performance of the proposed framework through numerical results.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture