Blockchain-Based Fine-Grained Data Sharing for Multiple Groups in Internet of Things

Li, Teng; Zhang, Jiawei; Lin, Yangxu; Zhang, Shengkai; Ma, Jianfeng

doi:https://doi.org/10.1155/2021/6689448

Security and Communication Networks

On this page

Abstract Introduction Related Work Preliminaries System Model Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Blockchain Techniques for Internet of Things Security

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 6689448 | https://doi.org/10.1155/2021/6689448

Blockchain-Based Fine-Grained Data Sharing for Multiple Groups in Internet of Things

Teng Li,¹Jiawei Zhang,¹Yangxu Lin,¹Shengkai Zhang,¹and Jianfeng Ma¹

Academic Editor: Kim-Kwang Raymond Choo

Received20 Nov 2020

Revised29 Jan 2021

Accepted11 Feb 2021

Published28 Feb 2021

Abstract

Cloud-based Internet of Things, which is considered as a promising paradigm these days, can provide various applications for our society. However, as massive sensitive and private data in IoT devices are collected and outsourced to cloud for data storage, processing, or sharing for cost saving, the data security has become a bottleneck for its further development. Moreover, in many large-scale IoT systems, multiple group data sharing is practical for users. Thus, how to ensure data security in multiple group data sharing remains an open problem, especially the fine-grained access control and data integrity verification with public auditing. Therefore, in this paper, we propose a blockchain-based fine-grained data sharing scheme for multiple groups in cloud-based IoT systems. In particular, we design a novel multiauthority large universe CP-ABE scheme to guarantee the fine-grained access control and data integrity across multiple groups by integrating group signature into our scheme. Moreover, to ease the need for a trusted third auditor in traditional data public auditing schemes, we introduce blockchain technique to enable a distributed data public auditing. In addition, with the group signature, our scheme also realizes anonymity and traitor tracing. The security analysis and performance evaluation show that our scheme is practical for large-scale IoT systems.

1. Introduction

The Internet of Things (IoT) brings the power of the Internet, data processing, and analytics to the real world of physical objects. The fast development of IoT has greatly facilitated a variety of applications all over the world, such as the Internet of Vehicles (IoV), Industrial Internet of Things (IIoT), and Health Internet of Things (HIoT) [1]. All explosive numbers of embedded internet-enabled sensors provide an incredibly rich set of data that device owners can use to gather data about the safety of their operations, track assets, and reduce manual processes. The device providers can also use the IoT to gather data about people’s preferences and behavior, though that can have serious privacy and security implications. Therefore, how to store and share these data can be a challenging problem. With cloud computing assistance, the enormous storage and computation resources can accommodate those massive data in IoT applications. As shown in Figure 1, the ubiquitous IoT devices gather all kinds of data, for example, health records, location data, and personal privacy information, and upload these data to the cloud, which can significantly lower their local burden for data storage, processing, and sharing.

Although cloud-based IoT provides many conveniences for users, data security and privacy have become serious problems when vast amounts of sensitive and private IoT data are stored and shared in untrusted cloud servers. There have been many catastrophic accidents in data sharing services of cloud, such as iCloud and AWS Cloud. The cloud service providers may unconsciously leak sensitive information or even delete these outsourced user data [2]. Therefore, many researchers have dedicated their research to data security in sharing scenarios. The works in [3–6] solve the data access control for data sharing in various scenarios and the proposals in [7–10] focus on the data integrity verification and public auditing. However, as the scale of data and services in the cloud grows, the multiple group data sharing emerges as a promising application for data sharing between users in different groups [11–13], such as multiple health study organizations and multiple businesses. However, all of the above schemes fail to support data security protection in multiple group data sharing scenarios, which is a big challenge. The approach in [14] proposes a multiple group data sharing scheme that provides the data auditing and integrity verification and trace mechanism with the help of blockchain. Nevertheless, the approach suffers from the lack of data confidentiality and fine-grained access control, especially the single point failure problem in large-scale IoT systems, which can be another challenge for data sharing in multiple groups.

To address these challenging issues in multiple group data sharing, we propose a comprehensive data sharing approach to guarantee data security from the aspects of data fine-grained access control, data integrity verification, and public auditing. Besides, with multiauthority attribute-based encryption and blockchain techniques, our proposal enables data integrity without a trusted third party. It makes the data access control more flexible in a large attribute universe, user traceability, and multiple authorities. The security analysis and experimental evaluation demonstrate the security and efficiency of our work. In conclusion, our contribution can be summarized as follows: We firstly present blockchain-based fine-grained data sharing for multiple groups in cloud-based IoT system, which can achieve the data integrity verification, public auditing, and fine-grained access control simultaneously providing a comprehensive security for data security. A multiauthority ciphertext-policy access control scheme is designed for fine-grained data sharing, which can support large attribute universe and avoid single point failure for authority in large-scale systems. Our scheme extends to multiple group data sharing with the group signature and blockchain techniques and enables user anonymity and traceability with data integrity. We present a detailed security analysis to demonstrate that our scheme satisfies the security goals of our system. Extensive experiment with the implementation is also provided, and the evaluation results depict the efficiency of our scheme, which proves that our scheme is secure and practical.

The remainder of this paper is structured as follows. Section 2 introduces and reviews the related work on identity authentication. Then, in Section 3, a motivating example of our scheme is given together with attacker mode. Our approach’s overview is presented in Section 4. Following this, in Section 5, we describe in detail the system design and, in Section 6, we show the performance evaluation for our proposal. Finally, a conclusion is presented for our work in Section 7.

This section reviews some related works on attribute-based encryption (ABE) and blockchain techniques.

2.1. Attribute-Based Encryption

To guarantee data fine-grained access control, ABE was first introduced by literature [15] as a promising paradigm. Then, [16] divided this scheme into two classes: CP-ABE and KP-ABE (Key-Policy ABE), where the former requires the data owner to designate an access policy for ciphertext and the latter for user key. As the access policy is embedded into ciphertext enabling data owner to control data access on his own, CP-ABE attracts great attention and, for the design of flexible access control scheme according to data owner’s requirements, we emphasize on the CP-ABE scheme in our work. Later, many studies dedicated to CP-ABE are proposed, such as large universe CP-ABE [17], traceable CP-ABE, and revocable CP-ABE [18].

Traditionally, in design of CP-ABE schemes, the system model involves just one trusted authority for attribute management and key distribution. However, this brings the failure of single point and has become the bottleneck in large-scale system. Thus, literature [19] introduced a decentralized architecture for multiple attribute authority that collaboratively manages users and attribute universe. Recently, the proposal in [20] has realized multiauthority CP-ABE with large attribute universe and white-box traceability, while the ability of user tracing is limited and just suitable for certain scenarios. The multiauthority CP-ABE scheme [21] highlights the efficiency in traceable decentralized CP-ABE scheme, while it also suffers from the same drawback with [20].

2.2. Blockchain

Blockchain can be regarded as a distributed database based on blockchain technology [22–25]. It has the characteristics of openness, tamper-resistance, decentralization, and autonomy. The data recorded on the blockchain cannot be tampered with or modified. A blockchain can be regarded as a decentralized, trusted third party. The decentralization of blockchain provides a feasible solution for the construction of a security scheme without a trusted third party. Blockchain enables users to build a shared, distributed, and fault-tolerant database [26]. Ghoshal et al. [27] proposed the first auditing mechanism without a third-party requirement. Blockchain-based data auditing can provide tamper-proof records and enable data accountability in the cloud.

At present, blockchain network can be divided into three categories: public blockchain, private blockchain, and alliance blockchain. We present a specific data-sharing scheme for multiple groups based on the concept of consortium blockchain. The nodes in the alliance chain are well connected and the verification efficiency is high. While providing high-speed transaction processing, it can maintain the operation with the minimum cost, reduce the transaction cost, and have good scalability. The data can maintain privacy to a certain extent.

3. Preliminaries

The section presents several relevant notions and definitions employed in our paper.

3.1. Notations

We summarize several notations used in our scheme as well as their descriptions in Table 1.

3.2. Access Structure

Definition 1 (access structures [3]). Suppose that is a parties set. One of the collections is considered to be monotone . An access structure that is monotone is defined as one of the nonempty subsets of . The elements in are defined as authorized sets and the other sets are defined as unauthorized sets. Without loss of generality, we can describe users with their attribute set.

3.3. Linear Secret Sharing Scheme (LSSS)

Definition 2 (LSSS [28]). A secret sharing scheme over the attribute set is called linear over if it satisfies the following : 1. the secret share for each attribute can form a vector over , 2. there is a matrix with rows and columns and a function for that maps each row M_j to an attribute. For any , let the function define the attribute that labels the row as . Given the column vector , in which is the transpose of the vector , is the secret that will be shared, and are uniformly chosen at random; then is the vector of shares of the secret based on . The share belongs to the attribute .
Let attribute set be any anthorized attribute set, and let . Then, there exist constants such that if are vaild shares of a secret according to , then .

3.4. Group Signature

First proposed by Chaum and van Heyst in 1991 [29], group signature aims to sign a message in the name of the group for any group member. In a group signature scheme, any group member can sign a message anonymously on behalf of the entire group. Similar to a general digital signature, a group signature is publicly verifiable and can be verified by a single group public key. Moreover, the actual identity of the signer in the system cannot be traced by the verifier. Only the group manager can identify the real signer. A group signature scheme should satisfy the following requirements: Unforgeability. No one can generate a valid group signature except the members of the group. Anonymity. Given a group signature, determining the identity of the signer is computationally infeasible for anyone except the manager of the group. Traceability. The group manager can trace the real identity of a malicious user when a dispute occurs. Unlinkability. Without opening the group signature, it is difficult to distinguish whether two different signatures are made by the same group member. Nonframeability. No one, including the group manager, can generate a valid group signature in the name of other group members.

The advantageous property of a group signature is that it enables suitable anonymity in various scenarios.

3.5. Merkle Hash Tree

The Merkle hash tree [30] is a specific binary tree that can be used to authenticate data. As shown in Figure 2, assume that we want to use a MHT to authenticate a file . We divide file into file blocks and construct a MHT with leaves, which store the hash values of . Figure 2 depicts an example of a MHT. File has been divided into 4 blocks. The verifier has the root hash value HR and requests . He requires authentication of the received file. The prover provides the verifier the auxiliary authentication information . The verifier receives and then computes . Finally, the verifier checks whether is the same as HR.

3.6. Blockchain

Definition 3 (blockchain [31]). The blockchain technology was first used for bitcoin, introduced by Nakamoto in 2008 [31]. In recent years, the attitude of bitcoin has been rising and falling in the world, but as one of the underlying technologies of bitcoin, blockchain technology has been paid more and more attention. In the process of bitcoin formation, blocks are storage units one by one, recording all the communication information of each block node in a certain period of time. Each block is linked by random hash (also known as hash algorithm). The latter block contains the hash value of the previous block. With the expansion of information exchange, one block is connected with another block, and the result is called blockchain [32]. In essence, it is a shared database. The data or information stored in it has the characteristics of “unforgeability,” “whole process trace,” “traceability,” “openness and transparency,” and “collective maintenance.” Based on these characteristics, blockchain technology has laid a solid “trust” foundation, created a reliable “cooperation” mechanism, and has broad application prospects.

3.7. Cryptographic Background

Definition 4 (bilinear maps [3]). We consider two -ordered and groups that are multiplicative cyclic, where is a prime. are two generators of group . If the map satisfies the following properties, then we call it a bilinear map:(1)Bilinearity: (2)Nondegeneracy: , is a generator of (3)Computability: is efficiently computable for all

4. System Model and Security Requirements

We present the system and threat model as well as corresponding security requirements for our work in this section.

4.1. System Model

Figure 3 shows the model of our system for HTR-DAC. It consists of five entities: cloud service provider (CSP), attribute authorities (AAs), agencies (ACs), data user (DU), and data owner (DO), which are described as follows: CSP: the CSP provides large amounts of resources, such as storage and computation. It can also publish various services. AA: the AA is in charge of attribute assignment and secret key distribution and generation for users. DO: the DO produces a large amount of data and outsources them to CSP for saving cost and data sharing. Before data uploading, he will encrypt the data and designate a specific access policy. He also generates corresponding group signature for data integrity verification. DU: the DU enjoys the data sharing service. Only authorized DU can access and recover the plaintext by his secret key. Any user can publicly audit shared data through blockchain and interaction with CSP. AC: the AC takes charge of user in a group. It is responsible for data uploading and blockchain operation. When a user uploads the data, AC will forward the ciphertext and record corresponding verification information into blockchain for public auditing.

4.2. Threat Model

In our proposal, the AAs, ACs, and DO are regarded as the fully trusted entities, while the CSP is considered to be untrusted, which may intentionally leak the sensitive information or even tamper and delete the shared data of users. Moreover, some unauthorized DU may illegally access the sensitive data by collusion attack, which will break the data security and privacy. Aiming to resist these attacks, we take the following security requirements into consideration: Data confidentiality: DO should guarantee the confidentiality of his data and any DU can access the shared data if and only if his access rights satisfy the access policy of the data Collusion resistance: any users in the system should not have the ability to combine their secret keys to make them satisfy the access policy and thus access the shared data illegally Anonymity: as the real identity of user, especially in IoT systems, may contain some privacy, to prevent the user privacy from leakage, the ciphertext should be shared without leaking real identity Auditability: each system user can publicly verify the integrity of the shared data instead of deploying a trusted auditor Traceability: when a dispute occurs, the agencies can trace the real identity of a malicious user for traitor tracing

In addition to these security requirements, we also raise the following performance related design goals for our scheme: Large universe: the system should afford large attribute universe; that is, any string can be employed as an attribute for system users and the system and attribute authorities need no global parameters for each attribute. Multiauthority: the system should support multiple attribute authorities that collaboratively manage the attribute universe. That is, attribute authorities should take charge of user attribute assignment and attribute secret keys generation.

4.3. System Framework

According the above system model, the procedure of our system includes several phases as follows: Initialization. In this phase, the system finishes initialization and generates global public key and publishes these parameters to the whole system. Then, the attribute authorities generate their own public keys and secret keys and also publish their public keys in system domain. Authorization. In this phase, each user is registered into the system by a joining request. The attribute authorities collaboratively assign attribute secret key components to each user according to his attribute set. Moreover, the agencies generate signing secret key for each user. At the end, each user can get his secret key after successfully taking part in the system. Encryption. In this phase, each DO encrypts his data produced by himself by a symmetric encryption algorithm with designating a specific access policy for fine-grained access control. Also, the user needs to create group signature for data integrity verification, public auditing, and traitor tracing. When an integrated ciphertext is generated, the user sends it to the agency in charge and, subsequently, the agency checks the ciphertext and uploads it to cloud and records the verification information into blockchain by related algorithms. Data Auditing. In this phase, each user in system can publicly audit the data without a trusted auditor and many computations and communication overhead. As the verification information is recorded in blockchain without being tampered, the user can successfully execute data auditing algorithm and gets its results. Decryption. In this phase, DU requests to access the data file according to the auditing result. If the DU is authorized, that is, he has enough access rights, then DU can decrypt the shared ciphertext and check its integrity. User Tracing. In this phase, as we leverage the group signature and ABE technique, the user identity is hidden from the ciphertexts. Any time a dispute happens, the data owner will be traced by revealing its real identity with the group signature mechanism by corresponding agency. Moreover, the group signature also guarantees the avoidance of being framed.

Here, we describe the formal definition of our scheme. A blockchain-based fine-grained data-sharing scheme for multiple groups consists of the following algorithms: : given the security parameters , the algorithm initializes the whole system and generates global public parameter . : on inputting the global public parameter , the algorithm generates public key and secret key for each attribute authority. : after receiving the global public key , the user’s global identity , and attribute set as well as the corresponding authority public key set , the algorithm generates secret key for each system user. : given the global public key , the message to be outsourced together with its access policy , and the authority public key set , the algorithm computes all components of ciphertext which are encrypted by symmetric encryption and CP-ABE. : the algorithm generates group signature for ciphertext output in algorithm and returns the final ciphertext. The algorithm not only uploads the final ciphertext to cloud but also records the verification information into blockchain through relevant transaction. : the algorithm is executed by any system user to verify data stored in cloud publicly. Given the global public key , the algorithm checks the integrity of shared ciphertext with verification information recorded in blockchain and the auxiliary information from cloud. : given the global public key , user’s secret key , and the ciphertext to be accessed, the algorithm is executed by user . It can verify the data with signature verification algorithm and decrypts if he has authorized secret key. : if a dispute happens, the data owner needs to be traced by exposing his real identity executed by corresponding agency . Given the global public key and the signature of the ciphertext , can recover the real identity of data owner denoted by his certificate.

4.4. Security Model

In this section, we present a static security model for multiauthority CP-ABE schemes by a security game between an adversary and a challenger. Setup. The challenger runs the global setup algorithm of multiauthority CP-ABE and gives the global parameter to the adversary. Adversary’s Queries. The adversary proceeds as follows: It chooses a corrupt authority set and sends the public keys of these corrupt authorities to the challenger. It chooses a good authority set and queries the public keys of these good authorities. It makes secret key queries for a sequence , where is an identity and is an attributes set. In this sequence, we require that the identities be different and none of these keys come from a corrupt authority; that is, . It specifies two equal-length messages and an access structure to the challenger for a challenge ciphertext. We require that, for each identity , this access structure cannot be satisfied by , where is the set of all the attributes that are controlled by the corrupt authorities. Challenger’s Replies. The challenger flips a random coin and gives the adversary with the following: The public keys corresponding to the good authorities The secret keys corresponding to The challenge ciphertext Guess. The adversary outputs a guess for . The advantage of the adversary in this game is defined as .

Definition 5. A multiauthority CP-ABE scheme is statically secure (against static corruption of authorities) if all polynomial time adversaries have at most a negligible advantage in this security game.

In this section, we describe our proposal by giving the overview of the system and the concrete construction.

5.1. Overview

Our scheme aims to protect the shared data across multiple groups. It highlights the aspects of data integrity and fine-grained access simultaneously. To ease the overhead of a trusted third party as auditor, we introduce blockchain to fulfill public data auditing; and the feature of tamper-resistance in blockchain also makes it trusted and public. Moreover, we leverage group signature and ABE to achieve anonymity, fine-grained access control, traceability, and nonframeability.

We let denote the attribute universe and is the authority universe. In our scheme, the attribute universe in is expressed as any string which satisfies the large universe attribute. As in [20], we also define a map from an attribute to the index of the authority in charge. That is, for , it belongs to authority .

5.2. Concrete Construction

Here, we describe the concrete construction of our proposal. In particular, our scheme involves such algorithms: , , , , , , , , , and , which are described in detail subsequently.

5.2.1. Initialization Phase

This phase consists of two algorithms for system setup and authority setup. : given the security parameter , the algorithm creates two big primes of bits and generates a bilinear group , where are two multiplicative cyclic groups with order , is a generator of , and is a bilinear map. It also chooses hash functions and a pair of symmetric encryption algorithms . Moreover, the algorithm computes and selects elements , where and denotes the quadratic residue of . Finally, the algorithm publishes the global public key as . : each attribute authority randomly selects . Then, it picks and computes . Finally, it publishes its public key and keeps their master key privately.

5.2.2. Registration Phase

This phase consists of the key generation algorithm to generate secret key for each user according to his attribute set. : given the global public key , the user global identity , and his attribute set as well as the master key of attribute authorities that each attribute belongs to (different attribute in may belong to the same authority), for each , the corresponding attribute authority () chooses and generates the secret attribute key components for user according to attribute set , where

Then, the user randomly picks and computes . The user sends to the agency and receives from after successfully verifying the user by checking if . The user then computes and sends to . After checking , randomly selects and computes and returns to the user . If successfully checked with , the algorithm generates the secret key for the user as , where is the user certificate used for signature generation and user identifying.

5.2.3. Encryption Phase

The phase includes two steps: encrypting and signing. The former algorithm finishes the work of symmetric encryption and attribute-based encryption for fine-grained access, while the latter is responsible for group signature generation to ensure the data integrity and auditing. : when data owner decides to outsource and share the data with a designated LSSS access policy , where is a share-generating matrix and is a corresponding map from a row of to an attribute , that is, , where , we can also infer that, with the map of , we can get the index of the corresponding attribute authority in charge of the attribute ; that is, maps each row to a specific authority . First of all, the algorithm chooses a random element and computes to get the encrypted data, where is the symmetric encryption algorithm in . Then, the algorithm selects two random vectors and , where . Thus, it can get which is the share component of for each attribute corresponding to -th row , and which is the share component of 0 for each attribute of access policy. Moreover, the algorithm computes the ciphertext according to the policy after choosing , where , and gets , where : after receiving the encrypted data with symmetric encryption, the algorithm divides it into parts, that is, , and computes hash value of each part with hash function of to get and its root hash value according to MHT algorithm. Then, the algorithm selects random values and computes . Moreover, the algorithm selects other random numbers and computes as well as the hash value . In addition, it outputs the signature , where

Finally, the algorithm outputs the ciphertext , where is the identity of the file and is the number of , and outsources it to which is the managing agency in charge of the user .

Subsequently, the agency needs to verify the shared ciphertext by Algorithm 1 and with MHT verification algorithm. If successful, uploads to the cloud and stores the verification information to blockchain as described in Algorithm 2.

	Input:: system public key
	: message
	: the group signature of message
	Output:/: the verification result.
	(1) Compute the following values:




	(2) GM randomly selects computes , then sends to as its member certificate.
	(3) User checks if . If successful, then is its signing key.
	(4) ifthen
	(5) return
	(6) else
	(7) return
	(8) end if

	Input:: system public key
	: verification information
	Output:/: the verification result.
	(1) The nodes of the blockchain compute Merkle root value with , where is the information for the nodes to verify Merkle root and get verification result by execute Algorithm 1 with .
	(2) if and then
	(3) create a new block to store where is the timestamp.
	(4) else
	(5) abort
	(6) end if

5.2.4. Data Auditing

: the algorithm is executed by any system user to audit the shared data. Due to the transparency of data in blockchain, any user can finish data auditing instead of a trusted public auditor. As described in algorithm , the verification information of each file is stored in blockchain, and the users in system can get the information including . Thus, with the auxiliary information from cloud, each system user audits the data as follows:(1)The algorithm chooses a number and and divides the leaves of Merkle tree for the file into subgroups. Then, it computes , where is a cryptographic pseudorandom generator and .(2)After receiving the auxiliary information from cloud, the algorithm computes by constructing a path to the root of Merkle tree. It checks if and . If the verification is successful, the data are validated.

5.2.5. Decryption Phase

: given the secret key of data user and the ciphertext , the algorithm can find a set of constances which makes the equation hold if the data user is authorized. Then, for each row of access policy, the algorithm computes

Next, according to the constances , the algorithm computes the following equation:

Finally, the algorithm outputs the recovered plaintext of data.

5.2.6. User Tracing

: if there exists a dispute each time, the DO should be traced by recovering his real identity by the agency in charge of the DO. As a member of blockchain, requests the blockchain for traitor tracing. The blockchain responds to the with the disputable data after running consensus protocol by which at least two-thirds of nodes in blockchain confirm the validity of the request and generate the new block as the proof of traitor tracing with synchronization.

Then, the algorithm computes and gets the corresponding identity of user being traced.

6. Security Analysis

In this section, we give a brief security analysis for our proposal.

Theorem 1. The scheme satisfies the correctness of decryption.

Proof. Our scheme can guarantee that the data user gets correct plaintext if and only if his attribute set satisfies the LSSS access policy .

Theorem 2. The scheme satisfies the requirement of fine-grained access and collusion resistance.

Proof. In our scheme, on the one hand, the secret value is separated according to secret sharing matrix , and only the attribute set that is identical to an authorized set in can satisfy matrix and reconstruct . That is, only users with enough access rights which are identical to authorized attribute set can recover the secret and plaintext. On the other hand, the authorities generate the attribute secret key for system users including the hash value of each user’s global identity, which is unique for them. If two or more users want to launch collusion attack against our scheme, they have to combine their secret key components corresponding to different attributes. However, as the key component embeds which relates to user identity and which is randomized element for each user, it is impossible to conduct successful collusion attack against our scheme.

Theorem 3. The scheme satisfies the requirement of public auditability.

Proof. The security proof of these security requirements is similar to [14].

Theorem 4. The scheme satisfies the requirements of anonymity and traceability.

Proof. The security proof of these security requirements is similar to [14].

7. Performance Evaluation

In this section, we give a thorough performance analysis of our scheme by implementation and comparison with another existing related work [20] from theoretical computation and storage complexity and actual time and storage cost.

Table 2 summarizes the computation and storage complexity comparison between our scheme and the scheme in [20]. We analyze the computation complexity of , , and of the two schemes. From the comparison, we can infer that as our scheme introduces group signature for data integrity verification, and introduce some extra overhead in computation complexity, while the scheme in [20] also incurs some overhead by introducing tracing mechanism. On the other hand, we analyze the storage complexity of the two schemes from SK Size and PP Size, which denote the secret key size and public parameter size, respectively. We note that, for the same reason, the public key size and secret key of system users in our scheme increase for signature generation, while the storage complexity of the other scheme shows the same thing.

Figure 4 plots the comparison of encryption time cost for our scheme and the scheme in [20]. As we can see, the time cost in encryption algorithm in two schemes is affected by the complexity of policy. It is in proportion to the row number of access policy. We set the number of files from 1 to 5, and, no matter in which condition, the encryption time cost in our scheme is less than that in [20].

(a)

(b)

(c)

(d)

Figure 5 plots the comparison of encryption time cost for our scheme and the scheme in [20]. It is obvious that the time cost of decryption algorithm in both schemes is affected by policy complexity as in encryption. We test the time cost in different file number condition, and the result shows that the time cost in our scheme is far less than that in the other scheme for the same attribute size and same number of files.

(a)

(b)

(c)

(d)

Figure 6 plots the comparison of authority public parameter and user secret key storage cost for our scheme and the scheme in [20]. We note that both schemes have constant public parameter size having no relationship with the size of attribute. This is consistent with the property of large universe. The size of public parameter for each authority in our scheme is far less. Moreover, for the size of secret key, we note that our scheme has a smaller size in key length than the other scheme.

(a)

(b)

8. Conclusion

In this paper, we propose a blockchain-based fine-grained data-sharing scheme for multiple groups in cloud-based IoT systems. In our proposal, we design a novel multiauthority large universe CP-ABE scheme to guarantee the fine-grained access control and data integrity across multiple group by integrating group signature into our scheme. Moreover, to ease the need for a third trusted auditor in traditional data public auditing schemes, we introduce blockchain technique to enable a distributed data public auditing. In addition, with the group signature, our scheme also realizes anonymity and traitor tracing. The security analysis and performance evaluation show that our scheme is practical for large-scale IoT systems.

Data Availability

Data are available upon request to the corresponding author.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was funded by the National Natural Science Foundation of China (nos. 61902291 and 62072352), China Postdoctoral Science Foundation Funded Project (2019M653567), National Natural Science Foundation of Shaanxi Province (2019JM-425), and the Fundamental Research Funds for the Central Universities (JB191507).

References

C. Savaglio, M. Ganzha, M. Paprzycki, C. Bădică, M. Ivanović, and G. Fortino, “Agent-based internet of things: state-of-the-art and research challenges,” Future Generation Computer Systems, vol. 102, pp. 1038–1053, 2020.
View at: Publisher Site | Google Scholar
H. Tabrizchi and M. K. Rafsanjani, “A survey on security challenges in cloud computing: issues, threats, and solutions,” The Journal of Supercomputing, vol. 2, no. 1, pp. 1–40, 2020.
View at: Google Scholar
J. Zhang, J. Ma, Z. Ma, N. Lu, and D. Wei, “Efficient hierarchical data access control for resource-limited users in cloud-based e-health,” in Proceedings of the 2019 International Conference on Networking and Network Applications (NaNA), Daegu, Korea, October 2019.
View at: Google Scholar
Q. Huang, Y. Yang, and J. Fu, “Secure data group sharing and dissemination with attribute and time conditions in public cloud,” IEEE Transactions on Services Computing, vol. 42, 2018.
View at: Google Scholar
H. Xiong, H. Zhang, and J. Sun, “Attribute-based privacy-preserving data sharing for dynamic groups in cloud computing,” IEEE Systems Journal, vol. 13, no. 3, pp. 2739–2750, 2018.
View at: Google Scholar
P. Zhang, Z. Chen, J. K. Liu, K. Liang, and H. Liu, “An efficient access control scheme with outsourcing capability and attribute update for fog computing,” Future Generation Computer Systems, vol. 78, pp. 753–762, 2018.
View at: Publisher Site | Google Scholar
W. Shen, J. Qin, J. Yu, R. Hao, and J. Hu, “Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 331–346, 2018.
View at: Google Scholar
N. Garg, S. Bawa, and N. Kumar, “An efficient data integrity auditing protocol for cloud computing,” Future Generation Computer Systems, vol. 109, 2020.
View at: Google Scholar
S. Hiremath and R. S. Kunte, “Homomorphic authentication scheme for proof of retrievability with public verifiability,” in 2020 4th International Conference on Intelligent Computing and Control Systems (ICICCS)., pp. 1017–1022, Madurai, India, June 2020.
View at: Google Scholar
X. Lu, Z. Pan, and H. Xian, “An integrity verification scheme of cloud storage for internet-of-things mobile terminal devices,” Computers & Security, vol. 92, Article ID 101686, 2020.
View at: Publisher Site | Google Scholar
C.-C. Lee, P.-F. Ho, and M.-S. Hwang, “A secure e-auction scheme based on group signatures,” Information Systems Frontiers, vol. 11, no. 3, pp. 335–343, 2009.
View at: Publisher Site | Google Scholar
C.-C. Lee, Y.-M. Lai, and P.-J. Cheng, “An efficient multiple session key establishment scheme for vanet group integration,” IEEE Intelligent Systems, vol. 31, no. 6, pp. 35–43, 2016.
View at: Publisher Site | Google Scholar
C.-T. Li, D.-H. Shih, C.-C. Wang, C.-L. Chen, and C.-C. Lee, “A blockchain based data aggregation and group authentication scheme for electronic medical system,” IEEE Access, vol. 8, pp. 173 904–173 917, 2020.
View at: Publisher Site | Google Scholar
H. Huang, X. Chen, and J. Wang, “Blockchain-based multiple groups data sharing with anonymity and traceability,” Science China Information Sciences, vol. 63, no. 3, Article ID 130101, 2020.
View at: Publisher Site | Google Scholar
A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Annual International Conference On the Theory and Applications Of Cryptographic Techniques, pp. 457–473, Aarhus, Denmark, May 2005.
View at: Google Scholar
V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98, Zurich, Switzerland, April 2006.
View at: Google Scholar
Z. Zhang, P. Zeng, B. Pan, and K.-K. R. Choo, “Large-universe attribute-based encryption with public traceability for cloud storage,” IEEE Internet of Things Journal, vol. 33, 2020.
View at: Google Scholar
P. K. Premkamal, S. K. Pasupuleti, and P. Alphonse, “Dynamic traceable cp-abe with revocation for outsourced big data in cloud storage,” International Journal of Communication Systems, vol. 34, no. 4, Article ID e4351, 2020.
View at: Google Scholar
A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Advances in Cryptology, vol. 6597, pp. 568–588, 2011.
View at: Google Scholar
K. Zhang, H. Li, J. Ma, and X. Liu, “Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability,” Science China Information Sciences, vol. 61, no. 3, Article ID 032102, 2018.
View at: Publisher Site | Google Scholar
K. Sethi, A. Pradhan, and P. Bera, “Practical traceable multi-authority cp-abe with outsourcing decryption and access policy updation,” Journal of Information Security and Applications, vol. 51, Article ID 102435, 2020.
View at: Publisher Site | Google Scholar
H. Huang, X. Chen, Q. Wu, X. Huang, and J. Shen, “Bitcoin-based fair payments for outsourcing computations of fog devices,” Future Generation Computer Systems, vol. 78, pp. 850–858, 2018.
View at: Publisher Site | Google Scholar
H. Huang, K. C. Li, and X. Chen, “Blockchain based fair three party contract signing protocol for fog computing,” Concurrency and Computation: Practice and Experience, vol. 31, no. 22, Article ID e4469, 2019.
View at: Publisher Site | Google Scholar
C. Yang, X. Chen, and Y. Xiang, “Blockchain-based publicly verifiable data deletion scheme for cloud storage,” Journal of Network and Computer Applications, vol. 103, pp. 185–193, 2018.
View at: Publisher Site | Google Scholar
J. Liang, W. Han, Z. Guo et al., “Desc: enabling secure data exchange based on smart contracts,” Science China Information Sciences, vol. 61, no. 4, Article ID 049102, 2018.
View at: Publisher Site | Google Scholar
E. Gaetani, L. Aniello, R. Baldoni, F. Lombardi, A. Margheri, and V. Sassone, “Blockchain-based database to ensure data integrity in cloud computing environments,” 2017.
View at: Google Scholar
S. Ghoshal and G. Paul, “Exploiting block-chain data structure for auditorless auditing on cloud data,” in Proceedings of the International Conference On Information Systems Security, pp. 359–371, Jaipur, India, December 2016.
View at: Google Scholar
X. Fu, X. Nie, T. Wu, and F. Li, “Large universe attribute based access control with efficient decryption in cloud storage system,” Journal of Systems and Software, vol. 135, pp. 157–164, 2018.
View at: Publisher Site | Google Scholar
D. Chaum and E. Van Heyst, “Group signatures,” in Workshop on the Theory and Application of Cryptographic Techniques, Springer, Berlin, Germany, 1991.
View at: Google Scholar
N. Nesa and I. Banerjee, “Combining merkle hash tree and chaotic cryptography for secure data fusion in iot,” in Transactions on Computational Science, Springer, Berlin, Germany, 2020.
View at: Google Scholar
S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” Manubot,” Tech. Rep., 2019, Technical Report.
View at: Google Scholar
S. Hakak, W. Z. Khan, G. A. Gilkar, M. Imran, and N. Guizani, “Securing smart cities through blockchain technology: architecture, requirements, and challenges,” IEEE Network, vol. 34, no. 1, pp. 8–14, 2020.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Teng Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

659

Downloads

883

Citations

Security and Communication Networks

Blockchain Techniques for Internet of Things Security

Blockchain-Based Fine-Grained Data Sharing for Multiple Groups in Internet of Things

Abstract

1. Introduction

2. Related Work

2.1. Attribute-Based Encryption

2.2. Blockchain

3. Preliminaries

3.1. Notations

3.2. Access Structure

3.3. Linear Secret Sharing Scheme (LSSS)

3.4. Group Signature

3.5. Merkle Hash Tree

3.6. Blockchain

3.7. Cryptographic Background

4. System Model and Security Requirements

4.1. System Model

4.2. Threat Model

4.3. System Framework

4.4. Security Model

5. Blockchain-Based Fine-Grained Data Sharing for Multiple Groups

5.1. Overview

5.2. Concrete Construction

5.2.1. Initialization Phase

5.2.2. Registration Phase

5.2.3. Encryption Phase

5.2.4. Data Auditing

5.2.5. Decryption Phase

5.2.6. User Tracing

6. Security Analysis

7. Performance Evaluation

8. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright