Skip to main content

Advertisement

Log in

A generic framework for blockchain-assisted on-chain auditing for off-chain storage

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In recent times, blockchain-based data auditing protocols have emerged as a cutting-edge area of study. Nevertheless, a conspicuous dearth of a generic framework upon which to ground such protocols is evident. This study introduces a pioneering and all-encompassing framework, designated as “Blockchain-assisted On-chain Auditing for Off-chain Storage” (BA2OC). The BA2OC framework operates without the reliance on a predefined auditor for the auditing process or a centralized verifier for the verification of on-chain auditing. It is conceivable that BA2OC forms the cornerstone of public data auditing protocols underpinned by blockchain technology. This framework bestows evidence of data ownership, ensures data integrity, facilitates public verification, supports batch verification, and bolsters the security against cyber threats through the utilization of cryptographic tools. The analysis underscores the comprehensive nature of the BA2OC framework, which positions it as the linchpin of blockchain-based public auditing protocols. Following a parametric evaluation of the BA2OC framework, this study takes into account real-world considerations, such as the utilization of the RSA cryptosystem and Android-based smartphones, to proffer a concrete protocol. The investigation further demonstrates that the BA2OC framework minimizes communication overhead while maintaining operational efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data availability

The data that support the findings of this study are available from the corresponding author upon reasonable request.

References

  1. Horey, J., Begoli, E., Gunasekaran, R., Lim, S.-H., Nutaro, J.: Big data platforms as a service: challenges and approach. In: 4th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 12) (2012)

  2. Cai, H., Boyi, X., Jiang, L., Vasilakos, A.V.: IoT-based big data storage systems in cloud computing: perspectives and challenges. IEEE Internet Things J. 4(1), 75–87 (2016)

    Article  Google Scholar 

  3. Di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM workshop on Computer security architecture, pp. 63–69 (2007)

  4. Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. 26(12), 3461–3470 (2014)

    Article  Google Scholar 

  5. Kumar, R.S., Saxena, A.: Data integrity proofs in cloud storage. In: 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011), pp. 1–4. IEEE (2011)

  6. Luo, W., Bai, G.: Ensuring the data integrity in cloud data storage. In: 2011 IEEE International Conference on Cloud Computing and Intelligence Systems, pp. 240–243. IEEE (2011)

  7. Ferretti, L., Pierazzi, F., Colajanni, M., Marchetti, M., Missiroli, M.: Efficient detection of unauthorized data modification in cloud databases. In: 2014 IEEE Symposium on Computers and Communications (ISCC), pp. 1–6. IEEE (2014)

  8. Loeb, S.E., Shamoo, A.E.: Data audit: its place in auditing. Account. Res. 1(1), 23–32 (1989)

    Article  Google Scholar 

  9. Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: 2010 Proceedings IEEE Infocom, pp. 1–9. IEEE (2010)

  10. Garg, N., Bawa, S., Kumar, N.: An efficient data integrity auditing protocol for cloud computing. Future Gener. Comput. Syst. 109, 306–316 (2020)

    Article  Google Scholar 

  11. King, J.L.: Centralized versus decentralized computing: organizational considerations and management options. ACM Comput. Surv. (CSUR) 15(4), 319–349 (1983)

    Article  Google Scholar 

  12. Kolb, J., AbdelBaky, M., Katz, R.H., Culler, D.E.: Core concepts, challenges, and future directions in blockchain: a centralized tutorial. ACM Comput. Surv. (CSUR) 53(1), 1–39 (2020)

    Article  Google Scholar 

  13. Nakamoto, S., Bitcoin, A.: A peer-to-peer electronic cash system. Bitcoin. 4(2), 15 (2008). https://bitcoin.org/bitcoin.pdf

  14. Lin, I.-C., Liao, T.-C.: A survey of blockchain security issues and challenges. Int. J. Netw. Secur. 19(5), 653–659 (2017)

    Google Scholar 

  15. Kaaniche, N., Laurent, M.: A blockchain-based data usage auditing architecture with enhanced privacy and availability. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA), pp. 1–5. IEEE (2017)

  16. Narula, N., Vasquez, W., Virza, M.: zkLedger:Privacy-Preserving auditing for distributed ledgers. In: 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18), pp. 65–80 (2018)

  17. Hwang, G.-H., Chen, P.-H., Lu, C.-H., Chiu, C., Lin, H.-C., Jheng, A.-J.: InfiniteChain: a multi-chain architecture with distributed auditing of sidechains for public blockchains. In: Blockchain-ICBC 2018: First International Conference, Held as Part of the Services Conference Federation, SCF 2018, Seattle, WA, USA, 2018, Proceedings, vol. 1, pp. 47–60. Springer (2018)

  18. Chen, J., Yao, S., Yuan, Q., He, K., Ji, S., Du, R.: Certchain: public and efficient certificate audit based on blockchain for TLS connections. In: IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pp. 2060–2068. IEEE (2018)

  19. Li, S., Liu, J., Yang, G., Han, J.: A blockchain-based public auditing scheme for cloud storage environment without trusted auditors. Wirel. Commun. Mob. Comput. 2020, 1–13 (2020)

    Google Scholar 

  20. Li, J., Jigang, W., Jiang, G., Srikanthan, T.: Blockchain-based public auditing for big data in cloud storage. Inf. Process. Manag. 57(6), 102382 (2020)

    Article  Google Scholar 

  21. Fan, K., Bao, Z., Liu, M., Vasilakos, A.V., Shi, W.: Dredas: decentralized, reliable and efficient remote outsourced data auditing scheme with blockchain smart contract for industrial IoT. Future Gener. Comput. Syst. 110, 665–674 (2020)

    Article  Google Scholar 

  22. Wang, H., Qin, H., Zhao, M., Wei, X., Shen, H., Susilo, W.: Blockchain-based fair payment smart contract for public cloud storage auditing. Inf. Sci. 519, 348–362 (2020)

    Article  MathSciNet  Google Scholar 

  23. Merkle, R.C.: A digital signature based on a conventional encryption function. In: Conference on the Theory and Application of Cryptographic Techniques, pp. 369–378. Springer, Berlin (1987)

  24. Shoup, V.: Practical threshold signatures. In: Advances in Cryptology-EUROCRYPT 2000: International Conference on the Theory and Application of Cryptographic Techniques Bruges, Belgium, 2000 Proceedings 19, pp. 207–220. Springer, Berlin (2000)

  25. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: International Workshop on Public Key Cryptography, pp. 31–46. Springer, Berlin (2002)

  26. Attema, T., Cramer, R., Rambaud, M.: Compressed sigma-protocols for bilinear circuits and applications to logarithmic-sized transparent threshold signature schemes. IACR Cryptol. ePrint Arch. 2020, 1447 (2020)

    Google Scholar 

  27. Castro, M., Liskov, B.: Practical byzantine fault tolerance. OsDI 99(1999), 173–186 (1999)

    Google Scholar 

  28. Feng, L., Zhang, H., Chen, Y., Lou, L.: Scalable dynamic multi-agent practical byzantine fault-tolerant consensus in permissioned blockchain. Appl. Sci. 8(10), 1919 (2018)

    Article  Google Scholar 

  29. Zheng, R., Jiang, J., Hao, X., Ren, W., Xiong, F., Ren, Y.: bcBIM: a blockchain-based big data model for BIM modification audit and provenance in mobile cloud. Math. Probl. Eng. 2019 (2019)

  30. Ahmad, A., Saad, M., Njilla, L., Kamhoua, C., Bassiouni, M., Mohaisen, A.: Blocktrail: a scalable multichain solution for blockchain-based audit trails. In: ICC 2019-2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2019)

  31. Huang, H., Chen, X., Wang, J.: Blockchain-based multiple groups data sharing with anonymity and traceability. Sci. China Inf. Sci. 63, 1–13 (2020)

    Article  MathSciNet  Google Scholar 

  32. Huang, L., Zhang, G., Shui, Yu., Anmin, F., Yearwood, J.: SeShare: secure cloud data sharing based on blockchain and public auditing. Concurr. Comput. Pract. Exp. 31(22), e4359 (2019)

    Article  Google Scholar 

  33. Yu, H., Yang, Z., Sinnott, R.O.: Decentralized big data auditing for smart city environments leveraging blockchain technology. IEEE Access 7, 6288–6296 (2018)

    Article  Google Scholar 

  34. Zhang, Y., Chunxiang, X., Lin, X., Shen, X.: Blockchain-based public integrity verification for cloud storage against procrastinating auditors. IEEE Trans. Cloud Comput. 9(3), 923–937 (2019)

    Article  Google Scholar 

  35. Xu, Y., Ren, J., Zhang, Y., Zhang, C., Shen, B., Zhang, Y.: Blockchain empowered arbitrable data auditing scheme for network storage as a service. IEEE Trans. Serv. Comput. 13(2), 289–300 (2019)

    Google Scholar 

  36. Xu, Y., Zhang, C., Wang, G., Qin, Z., Zeng, Q.: A blockchain-enabled deduplicatable data auditing mechanism for network storage services. IEEE Trans. Emerg. Top. Comput. 9(3), 1421–1432 (2020)

    Article  Google Scholar 

  37. Zhao, Q., Chen, S., Liu, Z., Baker, T., Zhang, Y.: Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems. Inf. Process. Manag. 57(6), 102355 (2020)

    Article  Google Scholar 

  38. Wang, H., Wang, X.A., Xiao, S., JiaSen, L.: Decentralized data outsourcing auditing protocol based on blockchain. J. Ambient Intell. Hum. Comput. 12(2), 2703–2714 (2021)

    Article  Google Scholar 

  39. Li, H., Guo, F., Wang, L., Wang, J., Wang, B., Chuankun, W.: A blockchain-based public auditing protocol with self-certified public keys for cloud data. Secur. Commun. Netw. 2021, 1–10 (2021)

    Google Scholar 

  40. Zhang, G., Yang, Z., Xie, H., Liu, W.: A secure authorized deduplication scheme for cloud data based on blockchain. Inf. Process. Manag. 58(3), 102510 (2021)

    Article  Google Scholar 

  41. Banaeian Far, S., Imani Rad, A.: Distributed auditing protocol for blockchain’ based transactions using a distributed signature. Secur. Priv. 4(3), e156 (2021)

    Article  Google Scholar 

  42. Han, H., Shiwakoti, R.K., Jarvis, R., Mordi, C., Botchie, D.: Accounting and auditing with blockchain technology and artificial intelligence: a literature review. Int. J. Account. Inf. Syst. 48, 100598 (2023)

    Article  Google Scholar 

  43. Jahanbin, P., Sharma, R.S., Wingreen, S.T., Kshetri, N., Choo, K.K.R.: Towards CRISP’ BC: 3TIC specification framework for Blockchain use’ cases. IET Blockchain 3(3), 159–168 (2023)

    Article  Google Scholar 

  44. Xiao, J., Huang, H., Chenhuang, W., Chen, Q., Huang, Z.: A collaborative auditing scheme with dynamic data updates based on blockchain. Connect. Sci. 35(1), 2213863 (2023)

    Article  Google Scholar 

  45. Dwivedi, S.K., Amin, R., Vollala, S.: Design of secured blockchain based decentralized authentication protocol for sensor networks with auditing and accountability. Comput. Commun. 197, 124–140 (2023)

    Article  Google Scholar 

  46. Far, S.B., Asaar, M.R., Haghbin, A.: Distributed auditing protocol for untraceable transactions. J. Inf. Secur. Appl. 73, 103429 (2023)

    Google Scholar 

  47. Far, S.B., Asaar, M.R., Haghbin, A.: Zero’ knowledge’ based distributed auditing protocol. Secur. Priv. 6(3), e289 (2023)

    Article  Google Scholar 

  48. Peng, C., Sun, H., Yang, M., Wang, Y.-L.: A survey on security communication and control for smart grids under malicious cyber attacks. IEEE Trans. Syst. Man Cybern. Syst. 49(8), 1554–1569 (2019)

    Article  Google Scholar 

  49. Sengupta, J., Ruj, S., Bit, S.D.: A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. Appl. 149, 102481 (2020)

    Article  Google Scholar 

  50. https://www.namecoin.org/resources/whitepaper/

  51. https://www.peercoin.net/resources#whitepaper

  52. https://coinnws.com/dogecoin-whitepaper/

  53. https://whitepaper.io/coin/litecoin

  54. https://primecoin.io/bin/primecoin-paper.pdf

  55. https://www.getmonero.org/resources/research-lab/

  56. Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)

  57. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE (2013)

  58. Gregory, M.: CoinJoin: bitcoin privacy for the real world. In: Post on Bitcoin Forum (2013)

  59. Tanwar, S., Kaneriya, S., Kumar, N., Zeadally, S.: ElectroBlocks: a blockchain’ based energy trading scheme for smart grid systems. Int. J. Commun. Syst. 33(15), e4547 (2020)

    Article  Google Scholar 

  60. Akram, S.V., Malik, P.K., Singh, R., Anita, G., Tanwar, S.: Adoption of blockchain technology in various realms: opportunities and challenges. Secur. Priv. 3(5), e109 (2020)

    Article  Google Scholar 

  61. Saha, A., Amin, R., Kunal, S., Vollala, S., Dwivedi, S.K.: Review on “Blockchain technology based medical healthcare system with privacy issues’’. Secur. Priv. 2(5), e83 (2019)

    Article  Google Scholar 

  62. Dimitriou, T.: Efficient, coercion-free and universally verifiable blockchain-based voting. Comput. Netw. 174, 107234 (2020)

    Article  Google Scholar 

  63. Sankar, L.S., Sindhu, M., Sethumadhavan, M.: Survey of consensus protocols on blockchain applications. In: 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS), pp. 1–5. IEEE (2017)

  64. Feng, L., Zhang, H., Chen, Y., Lou, L.: Scalable dynamic multi-agent practical byzantine fault-tolerant consensus in permissioned blockchain. Appl. Sci. 8(10), 1919 (2018)

    Article  Google Scholar 

  65. Lin, C., He, D., Huang, X., Khan, M.K., Choo, K.K.: DCAP: a secure and efficient decentralized conditional anonymous payment system based on blockchain. IEEE Trans. Inf. Forensics Secur. 15, 2440–2452 (2020)

    Article  Google Scholar 

  66. Zhao, Y., Li, Y., Qilin, M., Yang, B., Yong, Yu.: Secure pub-sub: blockchain-based fair payment with reputation for reliable cyber physical systems. IEEE Access 6, 12295–12303 (2018)

    Article  Google Scholar 

  67. Kumar, V., Ahmad, M., Kumari, A., Kumari, S., Khan, M.K.: SEBAP: a secure and efficient biometric’ assisted authentication protocol using ECC for vehicular cloud computing. Int. J. Commun. Syst. 34(2), e4103 (2021)

    Article  Google Scholar 

Download references

Acknowledgements

We, as authors, appreciate anonymous reviewers for their valuable comments on this work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Maryam Rajabzadeh Asaar.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Banaeian Far, S., Rajabzadeh Asaar, M. & Haghbin, A. A generic framework for blockchain-assisted on-chain auditing for off-chain storage. Int. J. Inf. Secur. 23, 2407–2435 (2024). https://doi.org/10.1007/s10207-024-00846-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-024-00846-8

Keywords

Navigation