Fine Grained Access Control Based on Smart Contract for Edge Computing

Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

Enabling efficient traceable and revocable time-based data sharing in smart city

With the assistance of emerging techniques, such as cloud computing, fog computing and Internet of Things (IoT), smart city is developing rapidly into a novel and well-accepted service pattern these days. The trend also facilitates numerous relevant applications, e.g., smart health care, smart office, smart campus, etc., and drives the urgent demand for data sharing. However, this brings many concerns on data security as there is more private and sensitive information contained in the data of smart city applications. It may incur disastrous consequences if the shared data are illegally accessed, which necessitates an efficient data access control scheme for data sharing in smart city applications with resource-poor user terminals. To this end, we proposes an efficient traceable and revocable time-based CP-ABE (TR-TABE) scheme which can achieve time-based and fine-grained data access control over large attribute universe for data sharing in large-scale smart city applications. To trace and punish the malicious users that intentionally leak their keys to pursue illicit profits, we design an efficient user tracing and revocation mechanism with forward and backward security. For efficiency improvement, we integrate outsourced decryption and verify the correctness of its result. The proposed scheme is proved secure with formal security proof and is demonstrated to be practical for data sharing in smart city applications with extensive performance evaluation.

Big Data Handling Approach for Unauthorized Cloud Computing Access

Nowadays, cloud computing is one of the important and rapidly growing services; its capabilities and applications have been extended to various areas of life. Cloud computing systems face many security issues, such as scalability, integrity, confidentiality, unauthorized access, etc. An illegitimate intruder may gain access to a sensitive cloud computing system and use the data for inappropriate purposes, which may lead to losses in business or system damage. This paper proposes a hybrid unauthorized data handling (HUDH) scheme for big data in cloud computing. The HUDH scheme aims to restrict illegitimate users from accessing the cloud and to provide data security provisions. The proposed HUDH consists of three steps: data encryption, data access, and intrusion detection. The HUDH scheme involves three algorithms: advanced encryption standards (AES) for encryption, attribute-based access control (ABAC) for data access control, and hybrid intrusion detection (HID) for unauthorized access detection. The proposed scheme is implemented using the Python and Java languages. The testing results demonstrated that the HUDH scheme can delegate computation overhead to powerful cloud servers. User confidentiality, access privilege, and user secret key accountability can be attained with more than 97% accuracy.

A Novel Blockchain-Based Encryption Model to Protect Fog Nodes from Behaviors of Malicious Nodes

The world has experienced a huge advancement in computing technology. People prefer outsourcing their confidential data for storage and processing in cloud computing because of the auspicious services provided by cloud service providers. As promising as this paradigm is, it creates issues, including everything from data security to time latency with data computation and delivery to end-users. In response to these challenges, the fog computing paradigm was proposed as an extension of cloud computing to overcome the time latency and communication overhead and to bring computing and storage resources close to both the ground and the end-users. However, fog computing inherits the same security and privacy challenges encountered by traditional cloud computing. This paper proposed a fine-grained data access control approach by integrating the ciphertext policy attribute-based encryption (CP-ABE) algorithm and blockchain technology to secure end-users’ data security against rogue fog nodes in case a compromised fog node is ousted. In this approach, we proposed federations of fog nodes that share the same attributes, such as services and locations. The fog federation concept minimizes the time latency and communication overhead between fog nodes and cloud servers. Furthermore, the blockchain idea and the CP-ABE algorithm integration allow for fog nodes within the same fog federation to conduct a distributed authorization process. Besides that, to address time latency and communication overhead issues, we equip each fog node with an off-chain database to store the most frequently accessed data files for a particular time, as well as an on-chain access control policies table (on-chain files tracking table) that must be protected from tampering by rogue fog nodes. As a result, the blockchain plays a critical role here because it is tamper-proof by nature. We assess our approach’s efficiency and feasibility by conducting a simulation and analyzing its security and performance.

Cloud Computing Storage Data Access Control Method Based on Dynamic Re-Encryption

In order to improve data security, ensure user privacy, and solve the problems of low data access control accuracy, long time consumption, and high energy consumption in traditional methods, a cloud computing storage data access control method based on dynamic re-encryption is proposed. The principal component analysis method is used to reduce the dimension of the cloud computing storage data, and the random forest algorithm is further used to classify and process the cloud computing storage data according to the processing results. On the basis of data preprocessing, an access control tree is established to obtain the correlation of data nodes. Finally, the dynamic re-encryption method is used for data security state transformation, and the data access control of cloud computing storage is realized through key generation, encryption, re-encryption key generation, and decryption. The experimental results show that the data access control accuracy of the method in this paper is high, time consumption is small, and energy consumption is small, and it is more suitable for cloud computing systems with huge data and information.

Big Data Handling Approach for Unauthorized Access of Cloud Computing

Nowadays, cloud computing is one of the important and rapidly growing paradigms that extend its capabilities and applications in various areas of life. The cloud computing system challenges many security issues, such as scalability, integrity, confidentiality, and unauthorized access, etc. An illegitimate intruder may gain access to the sensitive cloud computing system and use the data for inappropriate purposes that may lead to losses in business or system damage. This paper proposes a hybrid unauthorized data handling (HUDH) scheme for Big data in cloud computing. The HUDU aims to restrict illegitimate users from accessing the cloud and data security provision. The proposed HUDH consists of three steps: data encryption, data access, and intrusion detection. HUDH involves three algorithms; Advanced Encryption Standards (AES) for encryption, Attribute-Based Access Control (ABAC) for data access control, and Hybrid Intrusion Detection (HID) for unauthorized access detection. The proposed scheme is implemented using Python and Java language. Testing results demonstrate that the HUDH can delegate computation overhead to powerful cloud servers. User confidentiality, access privilege, and user secret key accountability can be attained with more than 97% high accuracy.

A Novel Hierarchical Key Assignment Scheme for Data Access Control in IoT

Hierarchical key assignment scheme is an efficient cryptographic method for hierarchical access control, in which the encryption keys of lower classes can be derived by the higher classes. Such a property is an effective way to ensure the access control security of Internet of Things data markets. However, many researchers on this field cannot avoid potential single point of failure in key distribution, and some key assignment schemes are insecure against collusive attack or sibling attack or collaborative attack. In this paper, we propose a hierarchical key assignment scheme based on multilinear map to solve the multigroup access control in Internet of Things data markets. Compared with previous hierarchical key assignment schemes, our scheme can avoid potential single point of failure in key distribution. Also the central authority of our scheme (corresponding to the data owner in IoT data markets) does not need to assign the corresponding encryption keys to each user directly, and users in each class can obtain the encryption key via only a one-round key agreement protocol. We then show that our scheme satisfies the security of key indistinguishability under decisional multilinear Diffie-Hellman assumption. Finally, comparisons show the efficiency of our scheme and indicates that our proposed scheme can not only resist the potential attacks, but also guarantee the forward and backward security.

Improving the data access control using blockchain for healthcare domain

Introduction: Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods: In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results: We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion: This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

SmartMedChain: A Blockchain-Based Privacy-Preserving Smart Healthcare Framework

Nowadays, the adoption of Internet of Things (IoT) technology worldwide is accelerating the digital transformation of healthcare industry. In this context, smart healthcare (s-healthcare) solutions are ensuring better and innovative opportunities for healthcare providers to improve patients’ care. However, these solutions raise also new challenges in terms of security and privacy due to the diversity of stakeholders, the centralized data management, and the resulting lack of trustworthiness, accountability, and control. In this paper, we propose an end-to-end Blockchain-based and privacy-preserving framework called SmartMedChain for data sharing in s-healthcare environment. The Blockchain is built on Hyperledger Fabric and stores encrypted health data by using the InterPlanetary File System (IPFS), a distributed data storage solution with high resiliency and scalability. Indeed, compared to other propositions and based on the concept of smart contracts, our solution combines both data access control and data usage auditing measures for both Medical IoT data and Electronic Health Records (EHRs) generated by s-healthcare services. In addition, s-healthcare stakeholders can be held accountable by introducing an innovative Privacy Agreement Management scheme that monitors the execution of the service in respect of patient preferences and in accordance with relevant privacy laws. Security analysis and experimental results show that the proposed SmartMedChain is feasible and efficient for s-healthcare environments.