Abstract
Massive amount of IoT data poses unique challenges in centralized data management systems. Specifically, IoT data can originate from heterogeneous and distributed sources, and commonly regulations forbid data from different IoT stakeholders to be managed via central governance. To serve for IoT applications, recent proposals leverage distributed ledgers (e.g., blockchains) to function on top of distributed data storage with improved data interoperability. Unfortunately, most of them do not consider data security and privacy in the first place. Along with this transformative paradigm, in this paper, we propose a ledger-assisted architecture for secure distributed IoT data management. This architecture adapts searchable encryption to decentralized storage network to enable encrypted query processing. Meanwhile, it is designed to leverage the distributed ledger to harden both data and query integrity. To deal with continuously generated IoT data, we further devise an efficient secure data insertion protocol, and employ a recent variant of blockchain for users to validate updated query results in a scalable manner. Evaluations on Azure blockchain service confirm the practicality of our proposed architecture.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Traffic flow: cargo/passengers flow, online at http://nlftp.mlit.go.jp/ksj-e/jpgis/datalist/KsjTmplt-S05-d.html.
Azure blockchain service: online at https://azure.microsoft.com/en-us/solutions/blockchain/.
Azure latency test: online at http://www.azurespeed.com.
References
Ateniese, G., Magri, B., Venturi, D., Andrade, E.: Redactable blockchain–or–rewriting history in bitcoin and friends. In: Proc. of IEEE EuroS&P (2017)
Bost, R.: Sophos: forward secure searchable encryption. In: Proc. of ACM CCS (2016)
Bost, R., Fouque, P., Pointcheval, D.: Verifiable dynamic symmetric searchable encryption: optimality and forward security. IACR Cryptol. ePrint Arch. (2016)
Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: Proc. of ACM CCS (2017)
Cai, C., Yuan, X., Wang, C.: Hardening distributed and encrypted keyword search via blockchain. In: Proc. of IEEE PAC (2017a)
Cai, C., Yuan, X., Wang, C.: Towards trustworthy and private keyword search in encrypted decentralized storage. In: Proc. of IEEE ICC (2017b)
Cash, D., Jaeger, J., Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M.C., Steiner, M.: Dynamic searchable encryption in very large databases: data structures and implementation. In: Proc. of NDSS (2014)
Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Proc. of ACM CCS (2015)
Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)
Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A., Saxena, P., Shi, E., Sirer, E.G., et al.: On scaling decentralized blockchains (position paper). In: Proc. of FC (2016)
Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)
Dorri, A., Kanhere, S.S., Jurdak, R.: Towards an optimized blockchain for iot. In: Proc. of ACM IoTDI (2017)
IBM. Ibm iot and blockchain project. https://www.ibm.com/internet-of-things/platform/private-blockchain/ (2017)
Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M., Steiner, M.: Outsourced symmetric private information retrieval. In: Proc. of ACM CCS (2013)
Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: Proc. of IEEE S&P (2016)
Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proc. of NDSS (2000)
Reynolds, P., Vahdat, A.: Peer-to-peer keyword search: a retrospective. In: Proc. of ACM/IFIP/USENIX Middleware (2013)
Shafagh, H., Hithnawi, A., Dröscher, A., Duquennoy, S., Hu, W.: Talos: encrypted query processing for the internet of things. In: Proc. of ACM SenSys (2015)
Shafagh, H., Hithnawi, A., Duquennoy, S.: Towards blockchain-based auditable storage and sharing of iot data. In: Proc. of ACM cloud computing security workshop (2017)
Song, X., Dong, C., Yuan, D., Xu, Q., Zhao, M.: Forward private searchable symmetric encryption with optimized i/o efficiency. IEEE TDSC (2018)
Stephen, J.J., Savvides, S., Sundaram, V., Ardekani, M.S., Eugster, P.: Styx: stream processing with trustworthy cloud-based execution. In: Proc. of ACM SoCC (2016)
Stolpe, M.: The internet of things: opportunities and challenges for distributed data analysis. ACM SIGKDD Explor. Newsl. 18(1), 15–34 (2016)
Sun, S.F., Liu, J.K., Sakzad, A., Steinfeld, R., Yuen, T.H.: An efficient non-interactive multi-client searchable encryption with support for boolean queries. In: Proc. of ESORICS (2016)
Sun, S.F., Yuan, X., Liu, J.K., Steinfeld, R., Sakzad, A., Vo, V., Nepal, S.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: Proc. of ACM CCS (2018a)
Sun, S.F., Yuan, X., Liu, J.K., Steinfeld, R., Sakzad, A., Vo, V., Nepal, S.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: Proc. of ACM CCS (2018b)
Verizon. State of the market: internet of things 2016. https://www.verizon.com/about/sites/default/files/state-of-the-internet-of-things-market-report-2016.pdf (2016)
Wilkinson, S., Boshevski, T., Brandoff, J., Buterin, V., Hall, G., Gerbes, P., Hutchins, P., Pollard, C.: Storj a peer-to-peer cloud storage network. https://storj.io/storj.pdf (2016)
Xu, L., Yuan, X., Wang, C., Wang, Q., Xu, C.: Hardening database padding for searchable encryption. In: Proc. of IEEE INFOCOM (2019)
Xue, W., Luo, C., Lan, G., Rana, R.K., Hu, W., Seneviratne, A.: Kryptein: a compressive-sensing-based encryption scheme for the internet of things. In: Proc. of ACM/IEEE IPSN (2017)
Yang, A., Xu, J., Weng, J., Zhou, J., Wong, D.S.: Lightweight and privacy-preserving delegatable proofs of storage with data dynamics in cloud storage. IEEE Trans. Cloud Comput. (2018). https://doi.org/10.1109/TCC.2018.2851256
Yuan, X., Guo, Y., Wang, X., Wang, C., Li, B., Jia, X.: Enckv: an encrypted key-value store with rich queries. In: Proc. of ACM AsiaCCS (2017)
Yuan, X., Cai, C., Wang, Q., Li, Q.: Towards a ledger-assisted architecture for secure query processing over distributed iot data. In: Proc. of IEEE conference on dependable and secure computing (DSC) (2019)
Zhang, B., Mor, N., Kolb, J., Chan, D.S., Lutz, K., Allman, E., Wawrzynek, J., Lee, E.A., Kubiatowicz, J.: The cloud is not enough: saving iot from the cloud. In: Proc. of USENIX HotCloud (2015)
Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Proc. of USENIX Security (2016)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yuan, X., Cai, C., Wang, C. et al. A scalable ledger-assisted architecture for secure query processing over distributed IoT data. CCF Trans. Netw. 3, 97–111 (2020). https://doi.org/10.1007/s42045-020-00038-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s42045-020-00038-7