Skip to main content
SpringerLink
Log in

B-FLACS: blockchain-based flexible lightweight access control scheme for data sharing in cloud

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Cloud storage provides convenience for data owners. But it faces serious challenges from data tampering and abuse. Flexible access control method is an effective way to protect shared data security. Existing attribute-based access control methods attempt to improve the access flexibility and security of shared data. But there are some problems for resource-limited lightweight devices as performance and security to be solved. Blockchain can construct a trusted network for data owner to deal with data validity and digital forensics. This paper proposes a novel blockchain-based lightweight access control scheme. The proposed scheme uses blockchain to construct a trusted sharing network by consensus mechanism. The lightweight attribute-based sharing scheme is used to support fine-grained access control of data. In this scheme, it obfuscates the access control policy with fuzzy attribute set to improve system security, and reduces the computing complexity of system users by outsourcing complex operations to semi-trusted proxy servers. The security analysis shows that the scheme is \(\left( {\left( {S,\rho } \right),n - 1,\varepsilon } \right)\)-secure against collusion attack between users and attribute authorities. The performance analysis results show that the proposed scheme reduces the computational complexity of user devices and provides faster response time compared with benchmark and state-of-the-art technologies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Networking, C.V.: Cisco global cloud index: Forecast and methodology, 2015–2020: White paper. Cisco Public, San Jose (2016)

    Google Scholar 

  2. Index, V.N.: Cisco Annual Internet Report (2018–2023) White Paper. Cisco Annual Internet Report (2020)

    Google Scholar 

  3. Zheng, Z., Xie, S., Dai, H., et al.: An overview of blockchain technology: Architecture, consensus, and future trends. 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564. IEEE (2017).

  4. Coelho, P., Junior, T.C., Bessani, A., et al.: Byzantine fault-tolerant atomic multicast. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 39–50. IEEE (2018).

  5. Tao, Q., Cui, X., Huang, X., et al.: Food safety supervision system based on hierarchical multi-domain blockchain network. IEEE Access 7, 51817–51826 (2019). https://doi.org/10.1109/ACCESS.2019.2911265

    Article  Google Scholar 

  6. Ke, G., Wang, S., Wu, H.: Parallel incremental attribute-based encryption for mobile cloud data storage and sharing. J Ambient Intell Human Comput (2021). https://doi.org/10.1007/s12652-020-02842-x

    Article  Google Scholar 

  7. Liu, P.T.S.: Medical record system using blockchain, big data and tokenization. International conference on information and communications security, pp. 254–261. Springer, Cham (2016).

  8. Lin, I.C., Liao, T.C.: A survey of blockchain security issues and challenges. IJ Netw. Secur. 19, 653–659 (2017)

    Google Scholar 

  9. Yadav, A., Singh, N., Kushwaha, D.: Sidechain: storage land registry data using blockchain improve performance of search records. Cluster Comput. 25, 1475–1495 (2022). https://doi.org/10.1007/s10586-022-03535-0

    Article  Google Scholar 

  10. Zyskind, G., Zekrifa, D.M.S., Alex, P., et al.: Decentralizing privacy: Using blockchain to protect personal data. IEEE Security & Privacy Workshops, pp. 1–1. IEEE (2015).

  11. Tan, B., Yan, J., Chen, S., et al.: The impact of blockchain on food supply chain: The case of Walmart. International conference on smart blockchain, pp. 167–177. Springer, Cham (2018).

  12. Martins, S., Yang, Y.: Introduction to bitcoins: A pseudo-anonymous electronic currency system. Proceedings of the 2011 conference of the center for advanced studies on collaborative research, pp. 349–350. IBM Corp. (2011).

  13. Sahai, A., Waters, B.: Fuzzy identity-based encryption. Annual international conference on the theory and applications of cryptographic techniques, pp. 457–473. Springer, Berlin, Heidelberg (2005).

  14. Reumann, J., Saha, D., Sahu. S., et al.: Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls. U.S. Patent 8,381,209[P]. 2013–2–19 (2013).

  15. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., et al.: Role-based access control models. Computer 29, 38–47 (1996)

    Article  Google Scholar 

  16. Nkenyereye, L., Hossain, M., et al.: Blockchain-enabled EHR framework for internet of medical things. Comput. Mater. Continua 67(1), 211–221 (2021)

    Article  Google Scholar 

  17. Aafaf, O., et al.: FairAccess: A new Blockchain-based access control framework for the Internet of Things. Secur. Commun. Netw. 9(18), 5943–5965 (2017)

    Google Scholar 

  18. Guo, R., Shi, H., Zhao, Q., et al.: Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6, 11676–11686 (2018)

    Article  Google Scholar 

  19. Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13), pp. 463–474. ACM, New York (2013). doi: https://doi.org/10.1145/2508859.2516672

  20. Li, X.F., Feng, D.G., Chen, Z.W., et al.: Model for attribute based access control. J. Commun. 4, 95–103 (2008)

    Google Scholar 

  21. Xin, J., Ram, K., Ravi, S.: A unified attribute-based access control model covering DAC, MAC and RBAC. In Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy, pp. 41–55. Springer-Verlag, Berlin, Heidelberg (2012).

  22. Belguith, S., Kaaniche, N., Russello, G. PU-ABE: Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT. 2018 IEEE 11th international conference on cloud computing, pp. 924–927. IEEE (2018).

  23. Saidi, A., Nouali, O., Amira, A.: SHARE-ABE: An efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing. Cluster Comput. 25, 167–185 (2022). https://doi.org/10.1007/s10586-021-03382-5

    Article  Google Scholar 

  24. Huang, X.F., Tao, Q., Qin, B.D., et al.: Multi-authority attribute based encryption scheme with revocation. 2015 24th International Conference on Computer Communication and Networks (ICCCN), pp. 1–5. IEEE (2015). Doi: https://doi.org/10.1109/ICCCN.2015.7288431

  25. Chase, M.: Multi-authority attribute based encryption. Theory of cryptography conference, pp. 515–534. Springer, Berlin, Heidelberg (2007).

  26. Sun, Y., Zhang, R., Wang, X., et al.: A decentralizing attribute-based signature for healthcare blockchain. 2018 27th International Conference on Computer Communication and Networks (ICCCN), pp. 1–9. IEEE (2018).

  27. Xu, S., Li, Y., Deng, R., et al.: Lightweight and expressive fine-grained access control for healthcare Internet-of-Things. In IEEE transactions on cloud computing, pp. 1–1 (2019). doi: https://doi.org/10.1109/TCC.2019.2936481

  28. Sun, J., Su, Y., Qin, J., et al.: Outsourced decentralized multi-authority attribute based signature and its application in IoT. IEEE Trans. Cloud Comput. (2019). https://doi.org/10.1109/TCC.2019.2902380

    Article  Google Scholar 

  29. Li, J., Chen, X., Chow, S.S.M., et al.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018)

    Article  Google Scholar 

  30. Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25, 1735–1744 (2014)

    Article  Google Scholar 

  31. Sabitha, S., Rajasree, M.: Multi-level on-demand access control for flexible data sharing in cloud. Cluster Comput. 24, 1455–1478 (2021). https://doi.org/10.1007/s10586-020-03195-y

    Article  Google Scholar 

  32. Liu, B., Xu, J.: Access control based on proxy re-encryption technology for personal health record systems. Artificial Intelligence and Security, pp. 1–1 (2020).

  33. Zhang, Y., Li, J., Chen, X., et al.: Anonymous attribute-based proxy re-encryption for access control in cloud computing. Secur. Commun. Net.o 9(14), 2397–2411 (2016)

    Article  Google Scholar 

  34. Liu, Y., Ren, Y., Ge, C., et al.: A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system. Inform. Secur. Tech. Rep. 47, 125–131 (2019)

    Google Scholar 

  35. Li, B., Huang, D., Wang, Z., et al.: Attribute-based access control for ICN naming scheme. IEEE Trans. Dependable Secure Comput. 15, 194–206 (2016)

    Article  Google Scholar 

  36. Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the Internet of Things. Futur. Gener. Comput. Syst. 49, 104–112 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank anonymous reviewers and the journal editor for their valuable comments, which helped improve this paper's content and quality.

Funding

This work was supported by the Open Research Fund Program of Key Laboratory of Agricultural Blockchain Application, Ministry of Agriculture and Rural Affairs under Grant No. 2022KLABA06, in part by the National Key R&D Program of China (No. 2018YFC1604000) and the National Natural Science Foundation of China (Nos. 61572374).

Author information

Authors and Affiliations

  1. Key Laboratory of Agricultural Blockchain Application, Ministry of Agriculture and Rural Affairs, Agricultural Information Institute, Chinese Academy of Agricultural Sciences, Beijing, China

    Qi Tao

  2. South China Normal University, Guangdong, China

    Qi Tao

  3. The Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China

    Xiaohui Cui

Authors
  1. Qi Tao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaohui Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

QT: Conceptualization, Methodology, Software, Writing; XC: Writing-Reviewing, Funding acquisition.

Corresponding author

Correspondence to Qi Tao.

Ethics declarations

Conflict of interest

The authors declare that we have no conflicts of interest to report regarding the present study.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tao, Q., Cui, X. B-FLACS: blockchain-based flexible lightweight access control scheme for data sharing in cloud. Cluster Comput 26, 3931–3941 (2023). https://doi.org/10.1007/s10586-022-03782-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03782-1

Keywords

Search

Navigation