A Secured Proxy-Based Data Sharing Module in IoT Environments Using Blockchain

Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

BSSPD: A Blockchain-Based Security Sharing Scheme for Personal Data with Fine-Grained Access Control

Wireless Communications and Mobile Computing ◽

10.1155/2021/6658920 ◽

2021 ◽

Vol 2021 ◽

pp. 1-20

Author(s):

Hongmin Gao ◽

Zhaofeng Ma ◽

Shoushan Luo ◽

Yanping Xu ◽

Zheng Wu

Keyword(s):

Access Control ◽

Data Sharing ◽

Personal Data ◽

Security And Privacy ◽

Access Policy ◽

Fine Grained ◽

Sharing Scheme ◽

Data Owner ◽

Data User ◽

Cloud Server

Privacy protection and open sharing are the core of data governance in the AI-driven era. A common data-sharing management platform is indispensable in the existing data-sharing solutions, and users upload their data to the cloud server for storage and dissemination. However, from the moment users upload the data to the server, they will lose absolute ownership of their data, and security and privacy will become a critical issue. Although data encryption and access control are considered up-and-coming technologies in protecting personal data security on the cloud server, they alleviate this problem to a certain extent. However, it still depends too much on a third-party organization’s credibility, the Cloud Service Provider (CSP). In this paper, we combined blockchain, ciphertext-policy attribute-based encryption (CP-ABE), and InterPlanetary File System (IPFS) to address this problem to propose a blockchain-based security sharing scheme for personal data named BSSPD. In this user-centric scheme, the data owner encrypts the sharing data and stores it on IPFS, which maximizes the scheme’s decentralization. The address and the decryption key of the shared data will be encrypted with CP-ABE according to the specific access policy, and the data owner uses blockchain to publish his data-related information and distribute keys for data users. Only the data user whose attributes meet the access policy can download and decrypt the data. The data owner has fine-grained access control over his data, and BSSPD supports an attribute-level revocation of a specific data user without affecting others. To further protect the data user’s privacy, the ciphertext keyword search is used when retrieving data. We analyzed the security of the BBSPD and simulated our scheme on the EOS blockchain, which proved that our scheme is feasible. Meanwhile, we provided a thorough analysis of the storage and computing overhead, which proved that BSSPD has a good performance.

Download Full-text

Multiple Access Control Struction for Cloud with Ciphertext

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5888 ◽

2014 ◽

Vol 556-562 ◽

pp. 5888-5892

Author(s):

An Ping Xiong ◽

Xin Xin He

Keyword(s):

Access Control ◽

General Scheme ◽

Computational Cost ◽

Cloud Service ◽

Fine Grained ◽

Access Control Policies ◽

Attribute Based Encryption ◽

Data Owner ◽

Multiple Threshold ◽

Heavy Work

The attribute-based encryption scheme of cloud storage application environment helps achieve a flexible access control and confidentiality of the data. However, at present efficient and fine-grained access control can not be achieved. This is caused by the heavy re-encryption workload of data owner while attribute revocation. Besides, there is no solution to revoke user directly. By introducing key segmentation and proxy re-encryption technology to encrypt the part of the heavy work to the cloud service provider to perform, the new scheme greatly reduces the computational cost of data owner. In addition, a special attribute which the data owner controls independently is added to construct different attribute domains of CP-ABE so that the data owner can completely control of the user permissions. The new scheme not only can support multiple threshold fine access control policies, but also can achieve cancellation directly to the user as well as to the user attribute. Experimental results show that the new scheme is superior to the general scheme, achieve highly efficient, fine, and flexible access control.

Download Full-text

An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽

10.3390/pr9071176 ◽

2021 ◽

Vol 9 (7) ◽

pp. 1176

Author(s):

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Wei Li ◽

Wenchao Cui ◽

...

Keyword(s):

Access Control ◽

Elliptic Curve Cryptography ◽

Energy Production ◽

Control Function ◽

Rapid Development ◽

Bilinear Pairing ◽

Security And Privacy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Download Full-text

Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6309.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 7244-7250

Keyword(s):

Access Control ◽

Service Providers ◽

Health Data ◽

Security And Privacy ◽

Unique Identifier ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Revocation ◽

Role Based ◽

Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

Download Full-text

Fine-Grained Access Control for Cloud Data Sharing by Secure and Efficient Attribute-Revocable Ciphertext-Policy Attribute-Based Encryption

International Journal of Security and Its Applications ◽

10.14257/ijsia.2016.10.10.27 ◽

2016 ◽

Vol 10 (10) ◽

pp. 303-320

Author(s):

Nyamsuren Vaanchig ◽

Wei Chen ◽

Zhiguang Qin

Keyword(s):

Access Control ◽

Data Sharing ◽

Cloud Data ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

A Fine-Grained IoT Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

Security and Communication Networks ◽

10.1155/2021/5308206 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Xiaofeng Lu ◽

Songbing Fu ◽

Cheng Jiang ◽

Pietro Lio

Keyword(s):

Access Control ◽

Distributed Storage ◽

Data Access ◽

Security And Privacy ◽

Privacy And Security ◽

Fine Grained ◽

Blockchain Technology ◽

Data Access Control ◽

Attribute Based Encryption ◽

Control Scheme

IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Download Full-text

Secure Crime Case Summary in Police Station Using Block Chain Technology

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit217410 ◽

2021 ◽

pp. 50-53

Author(s):

Surya Tej KR ◽

Poornima N

Keyword(s):

Access Control ◽

Data Confidentiality ◽

Police Station ◽

Sharing Scheme ◽

Case Summary ◽

Attribute Based Encryption ◽

Data Owner ◽

Block Chain ◽

Stored Information ◽

Rijndael Algorithm

The data owner may adapt attribute-based encryption to encrypt the stored information for attaining access control and keeping data secure, in the cloud. As a solution to this, an encryption-based algorithm with delegation can be used. Therefore, AES Rijndael algorithm is adapted to encrypt and decrypt the data using the same key with the digitization of traditional records, police stations encounter difficult problems, such as crime case summary storage and access. Managing department, spends considerable time querying the required data when accessing crime case summary. On this basis, this study proposes a case summary sharing scheme which uses ciphertext-based encryption to ensure data confidentiality and access control of crime case summary The officer may encrypt the stored information for attaining access control and keeping data secure. Therefore, AES Rijndael algorithm is used for encryption. This algorithm ensures security of information and enables Privacy.

Download Full-text