Abstract
Cloud storage provides convenience for data owners. But it faces serious challenges from data tampering and abuse. Flexible access control method is an effective way to protect shared data security. Existing attribute-based access control methods attempt to improve the access flexibility and security of shared data. But there are some problems for resource-limited lightweight devices as performance and security to be solved. Blockchain can construct a trusted network for data owner to deal with data validity and digital forensics. This paper proposes a novel blockchain-based lightweight access control scheme. The proposed scheme uses blockchain to construct a trusted sharing network by consensus mechanism. The lightweight attribute-based sharing scheme is used to support fine-grained access control of data. In this scheme, it obfuscates the access control policy with fuzzy attribute set to improve system security, and reduces the computing complexity of system users by outsourcing complex operations to semi-trusted proxy servers. The security analysis shows that the scheme is \(\left( {\left( {S,\rho } \right),n - 1,\varepsilon } \right)\)-secure against collusion attack between users and attribute authorities. The performance analysis results show that the proposed scheme reduces the computational complexity of user devices and provides faster response time compared with benchmark and state-of-the-art technologies.
Similar content being viewed by others
References
Networking, C.V.: Cisco global cloud index: Forecast and methodology, 2015–2020: White paper. Cisco Public, San Jose (2016)
Index, V.N.: Cisco Annual Internet Report (2018–2023) White Paper. Cisco Annual Internet Report (2020)
Zheng, Z., Xie, S., Dai, H., et al.: An overview of blockchain technology: Architecture, consensus, and future trends. 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564. IEEE (2017).
Coelho, P., Junior, T.C., Bessani, A., et al.: Byzantine fault-tolerant atomic multicast. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 39–50. IEEE (2018).
Tao, Q., Cui, X., Huang, X., et al.: Food safety supervision system based on hierarchical multi-domain blockchain network. IEEE Access 7, 51817–51826 (2019). https://doi.org/10.1109/ACCESS.2019.2911265
Ke, G., Wang, S., Wu, H.: Parallel incremental attribute-based encryption for mobile cloud data storage and sharing. J Ambient Intell Human Comput (2021). https://doi.org/10.1007/s12652-020-02842-x
Liu, P.T.S.: Medical record system using blockchain, big data and tokenization. International conference on information and communications security, pp. 254–261. Springer, Cham (2016).
Lin, I.C., Liao, T.C.: A survey of blockchain security issues and challenges. IJ Netw. Secur. 19, 653–659 (2017)
Yadav, A., Singh, N., Kushwaha, D.: Sidechain: storage land registry data using blockchain improve performance of search records. Cluster Comput. 25, 1475–1495 (2022). https://doi.org/10.1007/s10586-022-03535-0
Zyskind, G., Zekrifa, D.M.S., Alex, P., et al.: Decentralizing privacy: Using blockchain to protect personal data. IEEE Security & Privacy Workshops, pp. 1–1. IEEE (2015).
Tan, B., Yan, J., Chen, S., et al.: The impact of blockchain on food supply chain: The case of Walmart. International conference on smart blockchain, pp. 167–177. Springer, Cham (2018).
Martins, S., Yang, Y.: Introduction to bitcoins: A pseudo-anonymous electronic currency system. Proceedings of the 2011 conference of the center for advanced studies on collaborative research, pp. 349–350. IBM Corp. (2011).
Sahai, A., Waters, B.: Fuzzy identity-based encryption. Annual international conference on the theory and applications of cryptographic techniques, pp. 457–473. Springer, Berlin, Heidelberg (2005).
Reumann, J., Saha, D., Sahu. S., et al.: Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls. U.S. Patent 8,381,209[P]. 2013–2–19 (2013).
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., et al.: Role-based access control models. Computer 29, 38–47 (1996)
Nkenyereye, L., Hossain, M., et al.: Blockchain-enabled EHR framework for internet of medical things. Comput. Mater. Continua 67(1), 211–221 (2021)
Aafaf, O., et al.: FairAccess: A new Blockchain-based access control framework for the Internet of Things. Secur. Commun. Netw. 9(18), 5943–5965 (2017)
Guo, R., Shi, H., Zhao, Q., et al.: Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6, 11676–11686 (2018)
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13), pp. 463–474. ACM, New York (2013). doi: https://doi.org/10.1145/2508859.2516672
Li, X.F., Feng, D.G., Chen, Z.W., et al.: Model for attribute based access control. J. Commun. 4, 95–103 (2008)
Xin, J., Ram, K., Ravi, S.: A unified attribute-based access control model covering DAC, MAC and RBAC. In Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy, pp. 41–55. Springer-Verlag, Berlin, Heidelberg (2012).
Belguith, S., Kaaniche, N., Russello, G. PU-ABE: Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT. 2018 IEEE 11th international conference on cloud computing, pp. 924–927. IEEE (2018).
Saidi, A., Nouali, O., Amira, A.: SHARE-ABE: An efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing. Cluster Comput. 25, 167–185 (2022). https://doi.org/10.1007/s10586-021-03382-5
Huang, X.F., Tao, Q., Qin, B.D., et al.: Multi-authority attribute based encryption scheme with revocation. 2015 24th International Conference on Computer Communication and Networks (ICCCN), pp. 1–5. IEEE (2015). Doi: https://doi.org/10.1109/ICCCN.2015.7288431
Chase, M.: Multi-authority attribute based encryption. Theory of cryptography conference, pp. 515–534. Springer, Berlin, Heidelberg (2007).
Sun, Y., Zhang, R., Wang, X., et al.: A decentralizing attribute-based signature for healthcare blockchain. 2018 27th International Conference on Computer Communication and Networks (ICCCN), pp. 1–9. IEEE (2018).
Xu, S., Li, Y., Deng, R., et al.: Lightweight and expressive fine-grained access control for healthcare Internet-of-Things. In IEEE transactions on cloud computing, pp. 1–1 (2019). doi: https://doi.org/10.1109/TCC.2019.2936481
Sun, J., Su, Y., Qin, J., et al.: Outsourced decentralized multi-authority attribute based signature and its application in IoT. IEEE Trans. Cloud Comput. (2019). https://doi.org/10.1109/TCC.2019.2902380
Li, J., Chen, X., Chow, S.S.M., et al.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018)
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25, 1735–1744 (2014)
Sabitha, S., Rajasree, M.: Multi-level on-demand access control for flexible data sharing in cloud. Cluster Comput. 24, 1455–1478 (2021). https://doi.org/10.1007/s10586-020-03195-y
Liu, B., Xu, J.: Access control based on proxy re-encryption technology for personal health record systems. Artificial Intelligence and Security, pp. 1–1 (2020).
Zhang, Y., Li, J., Chen, X., et al.: Anonymous attribute-based proxy re-encryption for access control in cloud computing. Secur. Commun. Net.o 9(14), 2397–2411 (2016)
Liu, Y., Ren, Y., Ge, C., et al.: A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system. Inform. Secur. Tech. Rep. 47, 125–131 (2019)
Li, B., Huang, D., Wang, Z., et al.: Attribute-based access control for ICN naming scheme. IEEE Trans. Dependable Secure Comput. 15, 194–206 (2016)
Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the Internet of Things. Futur. Gener. Comput. Syst. 49, 104–112 (2015)
Acknowledgements
The authors would like to thank anonymous reviewers and the journal editor for their valuable comments, which helped improve this paper's content and quality.
Funding
This work was supported by the Open Research Fund Program of Key Laboratory of Agricultural Blockchain Application, Ministry of Agriculture and Rural Affairs under Grant No. 2022KLABA06, in part by the National Key R&D Program of China (No. 2018YFC1604000) and the National Natural Science Foundation of China (Nos. 61572374).
Author information
Authors and Affiliations
Contributions
QT: Conceptualization, Methodology, Software, Writing; XC: Writing-Reviewing, Funding acquisition.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that we have no conflicts of interest to report regarding the present study.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Tao, Q., Cui, X. B-FLACS: blockchain-based flexible lightweight access control scheme for data sharing in cloud. Cluster Comput 26, 3931–3941 (2023). https://doi.org/10.1007/s10586-022-03782-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-022-03782-1