Skip to main content

Advertisement

SpringerLink
Log in

Accountable privacy preserving attribute-based access control for cloud services enforced using blockchain

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

When dealing with cloud services, there are important security requirements that are highly recommended to be achieved, notably, access control. Cloud services have provided several mechanisms based on traditional solutions for access management. All have ultimately failed as forgery-proof methods. Reality is a word replete with unauthorized access breaches. Therefore, the need for new grounds for robust access management in cloud services is still urgently needed. In this paper, we stand on the blockchain technology to introduce the BC-ABAC as a reliable, flexible, transparent, and fine-grained access control that preserves user identity privacy and ensures accountability. To show the feasibility of the solution, we developed a prototype on a permissioned blockchain and we conducted some experiments to measure the scalability of the solution. Finally, we give a threat model analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. 1 zettabyte = 1e+12 gigabytes.

  2. 1 exabyte = 1e+9 gigabytes.

  3. For the Quorum blockchain, the BC manager can add a new user peer by adding enode://remotekey@ip:port to the permissioned-nodes.json file.

  4. https://github.com/jpmorganchase/quorum/issues/346, https://medium.com/menapay/menapay-blockchain-tests-quorum-tps-8aac5f51820b, https://hackernoon.com/quorum-stress-test-1-140-tps-792f39d0b43f.

References

  1. Index, Cisco Global Cloud: Forecast and methodology, 2016–2020 white paper (2018)

  2. Xorlogics.: 2017. Survey: Is Cloud Security Still a Concern in 2017. http://www.xorlogics.com/2017/07/16/survey-is-cloudsecurity-still-a-concern-in-2017/

  3. 2017 Internet Crime Report.: pp. 17–25. https://pdf.ic3.gov/2017_IC3Report.pdf (2017)

  4. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  5. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  6. Meghanathan, N.: Review of access control models for cloud computing. Comput. Sci. Inf. Sci. 3(1), 77–85 (2013)

    Google Scholar 

  7. Khan, A.R.: Access control in cloud computing environment. ARPN J. Eng. Appl. Sci. 7(5), 613–615 (2012)

    Google Scholar 

  8. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer, Berlin (2005)

  9. Maji, H. K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Cryptographers’ Track at the RSA Conference, pp. 376–392. Springer, Berlin (2011)

  10. Belguith, S., Kaaniche, N., Laurent, M., Jemai, A., Attia, R.: Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted iot. Comput. Netw. 133, 141–156 (2018)

    Article  Google Scholar 

  11. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decent. Bus. Rev. 21260 (2008)

  12. Bruda, S.D., Salehi, F., Malik, Y., Abdulrazak, B.: A peer-to-peer architecture for remote service discovery. Procedia Comput. Sci. 10, 976–983 (2012)

    Article  Google Scholar 

  13. Nofer, M., Gomber, P., Hinz, O., Schiereck, D.: Blockchain. Bus. Inf. Syst. Eng. 59(3), 183–187 (2017)

    Article  Google Scholar 

  14. Thakur, M.: Authentication, authorization and accounting with Ethereum blockchain. Helsingfors universitet (2017)

  15. Amritanand, C., Vipin, P.: A survey on blockchain based access control for IoT. In: Proceedings of International Conference on Recent Trends in Computing, Communication & Networking Technologies (ICRTCCNT) 2019, Available at SSRN: https://ssrn.com/abstract=3431137 or https://doi.org/10.2139/ssrn.3431137(2019)

  16. Stahnke, S., Shumaiev, K., Cuellar, J., Kasinathan, P.: Enforcing a cross-organizational workflow: an experience report. In: Enterprise, Business-Process and Information Systems Modeling, pp. 85–98. Springer, Cham (2020)

  17. Rouhani, S., Deters, R.: Blockchain based access control systems: state of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, pp. 423–428 (2019)

  18. Buterin, V.: A next-generation smart contract and decentralized application platform. White Paper (2014)

  19. Istanbul BFT. https://github.com/ethereum/EIPs/issues/650. Accessed, 2018 (2018)

  20. Raft-based consensus for Ethereum/Quorum. https://github.com/jpmorganchase/quorum/blob/master/raft/doc.md. Accessed (2018)

  21. Morgan Chase, J.P.: A permissioned implementation of Ethereum supporting data privacy. https://github.com/jpmorganchase/quorum/tree/v2.1.0. Accessed (2018)

  22. Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Muralidharan, S.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, p. 30. ACM (2018)

  23. Chase, J.M.: Quorum white paper. https://github.com/ConsenSys/quorum/blob/master/docs/Quorum%20Whitepaper%20v0.2.pdf. Accessed 20 Feb 2019 (2018)

  24. Cruz, J.P., Kaji, Y., Yanai, N.: RBAC-SC: role-based access control using smart contract. IEEE Access 6, 12240–12251 (2018)

    Article  Google Scholar 

  25. Kaaniche, N.: Cloud data storage security based on cryptographic mechanisms. Doctoral dissertation, Institut National des Télécommunications (2014)

  26. Private Transaction Processing in Quorum. https://github.com/jpmorganchase/quorum/wiki/Transaction-Processing#private-transaction-process-flow. Accessed (2018)

  27. Ghorbel, A., Ghorbel, M., Jmaiel, M.: PRIARMOR: An IaaS solution for low-level privacy enforcement in the cloud. In: 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 119–124. IEEE (2017)

  28. Downloads: Go Ethereum. https://geth.ethereum.org/downloads (2019)

  29. Dannen, C.: Introducing Ethereum and Solidity, p. 185. Apress, Berkeley (2017)

    Book  Google Scholar 

  30. Truffle Suite: Sweet Tools for Smart Contracts. https://www.trufflesuite.com. (2019)

  31. Baliga, A., Subhod, I., Kamat, P., Chatterjee, S.: Performance evaluation of the quorum blockchain platform. https://arxiv.org/pdf/1809.03421.pdf (2018)

  32. Horvath, M.: Attribute-based encryption optimized for cloud computing. In: International Conference on Current Trends in Theory and Practice of Informatics, pp. 566–577. Springer, Berlin (2015)

  33. Belguith, S., Kaaniche, N., Jemai, A., Laurent, M., Attia, R.: Pabac: a privacy preserving attribute based framework for fine grained access control in clouds. In: SECRYPT 2016: 13th International Conference on Security and Cryptography (vol. 4, pp. 133–146). SciTePress (2016)

  34. Li, J., Chen, X., Chow, S.S., Huang, Q., Wong, D.S., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. 112, 89–96 (2018)

    Article  Google Scholar 

  35. Zhou, J., Duan, H., Liang, K., Yan, Q., Chen, F., Yu, F.R., Chen, J.: Securing outsourced data in the multi-authority cloud with fine-grained access control and efficient attribute revocation. Comput. J. 60(8), 1210–1222 (2017)

    Article  Google Scholar 

  36. Qiu, M., Gai, K., Thuraisingham, B., Tao, L., Zhao, H.: Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Futur. Gener. Comput. Syst. 80, 421–429 (2018)

    Article  Google Scholar 

  37. Xiong, S., Ni, Q., Wang, L., Wang, Q.: SEM-ACSIT: secure and efficient multiauthority access control for IoT cloud storage. IEEE Internet Things J. 7(4), 2914–2927 (2020)

    Article  Google Scholar 

  38. Daniel, K.: Nameid: Your crypto-openid (2013)

  39. Larcheveque, E.: Bitcoin address authentication protocol (BitID) (2016)

  40. Lundkvist, C., Heck, R., Torstensson, J., Mitton, Z., Sena, M.: Uport: A platform for self-sovereign identity. https://whitepaper.uport.me/uPort_ whitepaper_DRAFT20170221.pdf (2017)

  41. Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: FairAccess: a new Blockchain-based access control framework for the Internet of Things. Security Commun. Netw. 9(18), 5943–5964 (2016)

    Article  Google Scholar 

  42. Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: Using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)

  43. Xia, Q., Sifah, E.B., Smahi, A., Amofa, S., Zhang, X.: BBDS: Blockchain-based data sharing for electronic medical records in cloud environments. Information 8(2), 44 (2017)

    Article  Google Scholar 

  44. Hardjono, T., Pentland, A.S.: Verifiable Anonymous Identities and Access Control in Permissioned Blockchains. Accessed on 14 (2017)

  45. Zhu, Y., Qin, Y., Gan, G., Shuai, Y., Chu, W.C.C.: TBAC: transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Vol. 1, pp. 535–544. IEEE (2018)

  46. Alansari, S., Paci, F., Sassone, V.: A distributed access control system for cloud federations. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2131–2136. IEEE (2017)

  47. Alansari, S., Paci, F., Margheri, A., Sassone, V.: Privacy-preserving access control in cloud federations. In: 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), pp. 757–760. IEEE (2017)

  48. Sohrabi, N., Yi, X., Tari, Z., Khalil, I.: BACC: Blockchain-based access control for cloud data. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–10 (2020)

  49. Qin, X., Huang, Y., Yang, Z., Li, X.: A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J. Syst. Archit. 112, 101854 (2021)

    Article  Google Scholar 

  50. Maesa, D.D.F., Mori, P., Ricci, L.: Blockchain based access control. In: IFIP International Conference on Distributed Applications and Interoperable Systems, pp. 206–220. Springer, Cham (2017)

  51. Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: The case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623. IEEE (2017)

  52. Zyskind, G., Nathan, O.: Decentralizing privacy: using blockchain to protect personal data. In: Security and privacy workshops (SPW), 2015 IEEE, pp. 180–184. IEEE (2015)

  53. Le, T., Mutka, M.W.: CapChain: A privacy preserving access control framework based on blockchain for pervasive environments. In: 2018 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 57–64. IEEE (2018)

  54. Yang, C., Tan, L., Shi, N., Xu, B., Cao, Y., Yu, K.: AuthPrivacyChain: a blockchain-based access control framework with privacy protection in cloud. IEEE Access 8, 70604–70615 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ReDCAD Laboratory, ENIS, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia

    Amal Ghorbel, Mahmoud Ghorbel & Mohamed Jmaiel

  2. Centre de Recherche en Numérique de Sfax, 3021, Sfax, Tunisia

    Mohamed Jmaiel

Authors
  1. Amal Ghorbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahmoud Ghorbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Jmaiel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amal Ghorbel.

Ethics declarations

Conflict of interest

All authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ghorbel, A., Ghorbel, M. & Jmaiel, M. Accountable privacy preserving attribute-based access control for cloud services enforced using blockchain. Int. J. Inf. Secur. 21, 489–508 (2022). https://doi.org/10.1007/s10207-021-00565-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00565-4

Keywords

Search

Navigation