A blockchain-assisted framework for secure and reliable data sharing in distributed systems

AbstractThe explosive growth of big data is pushing forward the paradigm of cloud-based data store today. Among other, distributed storage systems are widely adopted due to their superior performance and continuous availability. However, due to the potentially wide attacking surfaces of the public cloud, outsourcing data store inevitably raises new concerns on user privacy exposure and unauthorized data access. Besides, directly introducing a centralized third-party authority for query authorization management does not work because it still can be compromised. In this paper, we propose a blockchain-assisted framework that can support trustworthy data sharing services. In particular, data owners allow to outsource their sensitive data to distributed systems in encrypted form. By leveraging smart contracts of blockchain, a data owner can distribute secret keys for authorized users without extra round interaction to generate the permitted search tokens. Meanwhile, such blockchain-assisted framework naturally solves the trust issues of query authorization. Besides, we devise a secure local index framework to support encrypted keyword search with forward privacy and mitigate blockchain overhead. To validate our design, we implement the prototype and deploy it at Amazon Cloud. Extensive experiments demonstrate the security, efficiency, and effectiveness of the blockchain-assisted design.

Download Full-text

A Blockchain-Assisted Framework for Secure and Reliable Data Sharing in Distributed Systems

10.21203/rs.3.rs-135690/v1 ◽

2020 ◽

Author(s):

Yu Guo ◽

Shenling Wang ◽

Jianhui Huang

Keyword(s):

Distributed Systems ◽

Data Sharing ◽

Keyword Search ◽

Distributed Storage ◽

Data Access ◽

Third Party ◽

Superior Performance ◽

User Privacy ◽

Local Index ◽

Data Store

Abstract The explosive growth of big data is pushing forward the paradigm of cloud-based data store today. Among other, distributed storage systems are widely adopted due to their superior performance and continuous availability. However, due to the potentially wide attacking surfaces of the public cloud, outsourcing data store inevitably raises new concerns on user privacy exposure and unauthorized data access. Besides, directly introducing a centralized third-party authority for query authorization management is not work because it still can be compromised. In this paper, we propose a blockchain-assisted framework that can support trustworthy data sharing services. In particular, data owners allow to outsource their sensitive data to distributed systems in encrypted form. By leveraging smart contracts of blockchain, a data owner can distribute secret keys for authorized users without extra round interaction to generate the permitted search tokens. Meanwhile, such blockchain-assisted framework naturally solves the trust issues of query authorization. Besides, we devise a secure local index framework to support encrypted keyword search with forward-privacy and mitigate blockchain overhead. To validate our design, we implement the prototype and deploy it at Amazon Cloud. Extensive experiments demonstrate the security, efficiency, and effectiveness of the design.

Download Full-text

Flexible, Secure, and Reliable Data Sharing Service Based on Collaboration in Multicloud Environment

Wireless Communications and Mobile Computing ◽

10.1155/2018/5634561 ◽

2018 ◽

Vol 2018 ◽

pp. 1-16 ◽

Cited By ~ 1

Author(s):

Qiang Wei ◽

Huaibin Shao ◽

Gongxuan Zhang

Keyword(s):

Data Sharing ◽

Data Exchange ◽

Keyword Search ◽

Service Providers ◽

High Reliability ◽

Economic Benefits ◽

Reliable Data ◽

Third Party ◽

Data Service ◽

Real World Data

Due to the abundant storage resources and high reliability data service of cloud computing, more individuals and enterprises are motivated to outsource their data to public cloud platform and enable legal data users to search and download what they need in the outsourced dataset. However, in “Paid Data Sharing” model, some valuable data should be encrypted before outsourcing for protecting owner’s economic benefits, which is an obstacle for flexible application. Specifically, if the owner does not know who (user) will download which data files in advance and even does not know the attributes of user, he/she has to either remain online all the time or import a trusted third party (TTP) to distribute the file decryption key to data user. Obviously, making the owner always remain online is too inflexible, and wholly depending on the security of TTP is a potential risk. In this paper, we propose a flexible, secure, and reliable data sharing scheme based on collaboration in multicloud environment. For securely and instantly providing data sharing service even if the owner is offline and without TTP, we distribute all encrypted split data/key blocks together to multiple cloud service providers (CSPs), respectively. An elaborate cryptographic protocol we designed helps the owner verify the correctness of data exchange bills, which is directly related to the owner’s economic benefits. Besides, in order to support reliable data service, the erasure-correcting code technic is exploited for tolerating multiple failures among CSPs, and we offer a secure keyword search mechanism that makes the system more close to reality. Extensive security analyses and experiments on real-world data show that our scheme is secure and efficient.

Download Full-text

A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Journal of Communications Software and Systems ◽

10.24138/jcomss.v15i2.696 ◽

2019 ◽

Vol 15 (2) ◽

Cited By ~ 3

Author(s):

Marco Alessi ◽

Alessio Camillò ◽

Enza Giangreco ◽

Marco Matera ◽

Stefano Pino ◽

...

Keyword(s):

Data Sharing ◽

Data Protection ◽

Service Providers ◽

Personal Data ◽

End Users ◽

Third Party ◽

Smart Devices ◽

Sensitive Data ◽

Data Store ◽

Mandatory Requirement

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.

Download Full-text

A Secure Key Aggregate Searchable Encryption with Multi Delegation in Cloud Data Sharing Service

Applied Sciences ◽

10.3390/app11198841 ◽

2021 ◽

Vol 11 (19) ◽

pp. 8841

Author(s):

JoonYoung Lee ◽

MyeongHyun Kim ◽

JiHyeon Oh ◽

YoungHo Park ◽

KiSung Park ◽

...

Keyword(s):

Data Sharing ◽

Keyword Search ◽

Personal Information ◽

Formal Analysis ◽

Searchable Encryption ◽

Third Party ◽

Security Evaluation ◽

Cloud Data ◽

Delegation Of Authority ◽

Data Owner

As the amount of data generated in various distributed environments is rapidly increasing, cloud servers and computing technologies are attracting considerable attention. However, the cloud server has privacy issues, including personal information and requires the help of a Trusted Third Party (TTP) for data sharing. However, because the amount of data generated and value increases, the data owner who produces data must become the subject of data sharing. In this study, we use key aggregate searchable encryption (KASE) technology, which enables keyword search, to efficiently share data without using TTP. The traditional KASE scheme approach only discusses the authority delegation from the data owner to another user. The traditional KASE scheme approach only discusses delegation of authority from the data owner to another user. However, if the delegated entity cannot perform time-critical tasks because the shared data are unavailable, the delegate must further delegate the rights given to other users. Consequently, this paper proposes a new KASE scheme that enables multi-delegation without TTP and includes an authentication technique between the user and the server. After that, we perform informal and formal analysis using BAN logic and AVISPA for security evaluation, and compare the security and performance aspects with existing schemes.

Download Full-text

A Cross-Border E-Commerce Approach Based on Blockchain Technology

Mobile Information Systems ◽

10.1155/2021/2006082 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Zhao Hongmei

Keyword(s):

Data Sharing ◽

Distributed Storage ◽

Transmission Efficiency ◽

Computing Methods ◽

Third Party ◽

Identity Verification ◽

Cross Border ◽

Blockchain Technology ◽

Cross Domain ◽

Asymmetric Encryption

In the current cross-border electronic commerce (e-commerce) system, various document recording and authorization processes are cumbersome, record sharing efficiency is low, and identity verification is difficult. A method of asymmetric encryption technology combining Blockchain technology and cryptography is proposed. The advantages of asymmetric encrypted communications include high security and ease of multiparties communication collaboration, being applied to a peer-to-peer network formed by Blockchain technology, and making cross-border e-commerce record cross-domain sharing traceable, data immutable, and identity verification simplified. First of all, based on the immutable modification of Blockchain technology and asymmetric encryption technology, file synchronization contracts and authorization contracts are designed. Its distributed storage advantages ensure the privacy of users’ cross-border e-commerce information. Second, the design of the cross-domain acquisition contract can effectively verify the identity and transmission efficiency of both parties to the data sharing, so that illegal users can be safely filtered without a third-party notary institution. The simulation experiment results show that the solution proposed in this paper has obvious advantages in data antitheft, multiparty authentication, and saving system overhead compared with traditional cloud computing methods to solve the problem of sharing medical records. It provides a reference for solving the security problems in the process of data sharing by using the advantages of Blockchain’s decentralization and auditability and provides reference ideas for solving the problems of data sharing and cross-domain authentication.

Download Full-text

A Threshold Proxy Re-Encryption Scheme for Secure IoT Data Sharing Based on Blockchain

Electronics ◽

10.3390/electronics10192359 ◽

2021 ◽

Vol 10 (19) ◽

pp. 2359

Author(s):

Yingwen Chen ◽

Bowen Hu ◽

Hujie Yu ◽

Zhimin Duan ◽

Junxin Huang

Keyword(s):

Data Sharing ◽

Service Providers ◽

Personal Information ◽

Data Access ◽

Third Party ◽

Consensus Algorithm ◽

Personal Privacy ◽

Encrypted Data ◽

Blockchain Technology ◽

Encrypt Data

The IoT devices deployed in various application scenarios will generate massive data with immeasurable value every day. These data often contain the user’s personal privacy information, so there is an imperative need to guarantee the reliability and security of IoT data sharing. We proposed a new encrypted data storing and sharing architecture by combining proxy re-encryption with blockchain technology. The consensus mechanism based on threshold proxy re-encryption eliminates dependence on the third-party central service providers. Multiple consensus nodes in the blockchain network act as proxy service nodes to re-encrypt data and combine converted ciphertext, and personal information will not be disclosed in the whole procedure. That eliminates the restrictions of using decentralized network to store and distribute private encrypted data safely. We implemented a lot of simulated experiments to evaluate the performance of the proposed framework. The results show that the proposed architecture can meet the extensive data access demands and increase a tolerable time latency. Our scheme is one of the essays to utilize the threshold proxy re-encryption and blockchain consensus algorithm to support IoT data sharing.

Download Full-text

Privacy Preserving Data Access to Cloud

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8663.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 2612-2617

Keyword(s):

Service Provider ◽

File Systems ◽

Cloud Service ◽

Data Access ◽

Data Encryption ◽

Third Party ◽

Distributed File Systems ◽

User Privacy ◽

Cloud Service Provider ◽

User Data

The current systems stress on protection of data stored in the cloud servers without giving much thought and consideration to the protection of data during user access. Encryption of data is a technique that is popularly used to protect stored data. Encryption essentially scrambles the data and stores it in a form which makes no sense unless decrypted with the suitable key. Every cloud service provider ensures data is stored in an encrypted form in its servers. Encryption of data is not sufficient to protect user data as acquiring the appropriate key can result in decrypting of the data. Encrypting the data before uploading the data to the cloud can help to an extent to preserve data. To access the data it would need to be encrypted twice- once by the cloud service provider and then by the user. Cloud service provider is prevented from accessing user data and also other third-party individuals. However, this approach too is not efficient and sufficient to protect user data. ORAM algorithm is used to enable access to user data stored on distributed file systems that comprises of multiple servers stored either at a single location or multiple locations across the globe in a manner which ensures the user privacy is protected when accessing the data. Reshuffle of data blocks stored in third party servers ensures the access pattern of the user remains hidden. ORAM algorithm does not cause any hindrance to the data access and does not lead to any major drop in data access rate. To ensure security, we propose a load balancing technique to guarantee smooth and safe approach for data access.

Download Full-text

A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures

Security and Communication Networks ◽

10.1155/2021/4132597 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Yang Ba ◽

Xuexian Hu ◽

Yue Chen ◽

Zenghang Hao ◽

Xuewei Li ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Data Storage ◽

Private Information ◽

Single Point ◽

Third Party ◽

Access Structure ◽

User Privacy ◽

Fine Grained ◽

Access Structures

Data sharing has become a key technology to break down data silos in the big data era. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in secure data-sharing schemes to realize flexible and fine-grained access control. However, in traditional CP-ABE schemes, the access structure is directly shared along with the ciphertext, potentially leading to users’ private information leakage. Outsourcing data to a centralized third party can easily result in privacy leakage and single-point bottlenecks, and the lack of transparency in data storage and sharing casts doubts whether users’ data are safe. To address these issues, we propose a blockchain-based CP-ABE scheme with partially hidden access structures (BCP-ABE-PHAS) to achieve fine-grained access control while ensuring user privacy. First, we propose an efficient CP-ABE scheme with partially hidden access structures, where the ciphertext size is constant. To assist data decryption, we design a garbled Bloom filter to help users quickly locate the position of wildcards in the access structure. Then, to improve storage efficiency and system scalability, we propose a data storage scheme that combines blockchain technology and the interplanetary file system, ensuring data integrity. Finally, we employ smart contracts for a transparent data storage and sharing process without third-party participation. Security analysis and performance evaluation show that the proposed BCP-ABE-PHAS scheme can preserve policy privacy with efficient storage and low computational overhead.

Download Full-text

Design and Evaluation of a Simple Data Interface for Efficient Data Transfer across Diverse Storage

ACM Transactions on Modeling and Performance Evaluation of Computing Systems ◽

10.1145/3452007 ◽

2021 ◽

Vol 6 (1) ◽

pp. 1-25

Author(s):

Zhengchun Liu ◽

Rajkumar Kettimuthu ◽

Joaquin Chung ◽

Rachana Ananthakrishnan ◽

Michael Link ◽

...

Keyword(s):

Performance Optimization ◽

Data Exchange ◽

Data Transfer ◽

Storage Systems ◽

Distributed Storage ◽

Storage System ◽

File Systems ◽

Modern Science ◽

Data Access ◽

Third Party

Modern science and engineering computing environments often feature storage systems of different types, from parallel file systems in high-performance computing centers to object stores operated by cloud providers. To enable easy, reliable, secure, and performant data exchange among these different systems, we propose Connector, a plug-able data access architecture for diverse, distributed storage. By abstracting low-level storage system details, this abstraction permits a managed data transfer service (Globus, in our case) to interact with a large and easily extended set of storage systems. Equally important, it supports third-party transfers: that is, direct data transfers from source to destination that are initiated by a third-party client but do not engage that third party in the data path. The abstraction also enables management of transfers for performance optimization, error handling, and end-to-end integrity. We present the Connector design, describe implementations for different storage services, evaluate tradeoffs inherent in managed vs. direct transfers, motivate recommended deployment options, and propose a model-based method that allows for easy characterization of performance in different contexts without exhaustive benchmarking.

Download Full-text

A New User-controlled and Efficient Encrypted Data Sharing Model in Cloud Storage

Recent Patents on Engineering ◽

10.2174/1872212113666190215143537 ◽

2019 ◽

Vol 13 (4) ◽

pp. 356-363

Author(s):

Yuezhong Wu ◽

Wei Chen ◽

Shuhong Chen ◽

Guojun Wang ◽

Changyun Li

Keyword(s):

Data Sharing ◽

Data Security ◽

Cloud Storage ◽

Screening Program ◽

Original Data ◽

Third Party ◽

Active System ◽

Encrypted Data ◽

Active User ◽

User Data

Background: Cloud storage is generally used to provide on-demand services with sufficient scalability in an efficient network environment, and various encryption algorithms are typically applied to protect the data in the cloud. However, it is non-trivial to obtain the original data after encryption and efficient methods are needed to access the original data. Methods: In this paper, we propose a new user-controlled and efficient encrypted data sharing model in cloud storage. It preprocesses user data to ensure the confidentiality and integrity based on triple encryption scheme of CP-ABE ciphertext access control mechanism and integrity verification. Moreover, it adopts secondary screening program to achieve efficient ciphertext retrieval by using distributed Lucene technology and fine-grained decision tree. In this way, when a trustworthy third party is introduced, the security and reliability of data sharing can be guaranteed. To provide data security and efficient retrieval, we also combine active user with active system. Results: Experimental results show that the proposed model can ensure data security in cloud storage services platform as well as enhance the operational performance of data sharing. Conclusion: The proposed security sharing mechanism works well in an actual cloud storage environment.

Download Full-text