research-article

BACC: Blockchain-Based Access Control For Cloud Data

Authors:

Nasrin Sohrabi,

Ibrahim KhalilAuthors Info & Claims

ACSW '20: Proceedings of the Australasian Computer Science Week Multiconference

Article No.: 10, Pages 1 - 10

https://doi.org/10.1145/3373017.3373027

Published: 04 February 2020 Publication History

Abstract

Controlling the access over the stored data in the cloud is one of the fundamental security requirements, especially with the wide usage of cloud storage servers for nearly most of the enterprise applications. Traditional cloud-based access control solutions are based on a centralized approach (i.e. a cloud server becomes the central authority to control accesses to the data), which makes it difficult to prevent malicious cloud servers from disclosing user’s data; and therefore compromising the privacy of the stored data. Additionally, the centralization of authority can cause a single point of failure. Furthermore, to provide confidentiality, which is one of the essential security requirements, user’s data is encrypted before it is stored on the cloud. Most of the cloud servers store the decryption keys, after they encrypt the data, in their premises. This compromises data privacy. In this paper we propose a new model that addresses the aforementioned issues. To address the centralization problem, we distributed the access control tasks to smart contracts over a decentralized network, i.e. blockchain. To address the latter, we used Shamir secret sharing scheme to manage the encryption keys. Then we introduced a new type of node, called master node, to our blockchain platform, to store the decryption key parts.

References

[1]

[n.d.]. Solidity document. https://solidity.readthedocs.io/en/v0.5.3/index.html

[2]

Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn, and George Danezis. 2017. Sok: Consensus in the Age of Blockchains. arXiv preprint arXiv:1711.03936(2017). arxiv:1711.03936http://arxiv.org/abs/1711.03936

[3]

Imran Bashir. 2018. Mastering Blockchain. Pakt Publishing.

[4]

Konstantinos Christidis and Michael Devetsikiotis. 2016. Blockchains and Smart Contracts for the Internet of Things. IEEE Access (2016). https://doi.org/10.1109/ACCESS.2016.2566339

[5]

Adrian J. Duncan, Sadie Creese, and Michael Goldsmith. 2012. Insider attacks in cloud computing. Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. (2012), 857–862. https://doi.org/10.1109/TrustCom.2012.188

Digital Library

[6]

Ittay; Eyal, Adem; Efe Gencer, Emin; Gun Sirer, and Robbert Van Renesse. 2016. Bitcoin-NG: A Scalable Blockchain Protocol Ittay. USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16) (2016).

[7]

Alan Freier, Philip Karlton, and Paul Kocher. 2011. The secure sockets layer (SSL) protocol version 3.0. Technical Report.

[8]

Michael T. Goodrich and Roberto Tamassia. 2011. Introduction to computere security. pearson.

[9]

Jail Guo, Wnzhuo Yang, Kwok-Yan Lam, and Xun Yi. 2018. Using Blockchain to Control Access to Cloud Data. In International Conference, Inscrypt. Springer, Fuzho, China, 274–288. https://doi.org/10.1007/978-3-030-14234-6

[10]

Vincent C Hu, D Richard Kuhn, David F Ferraiolo, and Jeffrey Voas. 2015. Attribute-based access control. Computer 48, 2 (2015), 85–88.

Digital Library

[11]

Andreas M.Antonopoulos. 2017. Mastering Bitcoin. O’Reilly.

[12]

Wood Gavin M.Antonopoulos Andreas. 2018. Mastering Ethereum. O’Reilly. https://github.com/ethereumbook/ethereumbook

[13]

Ritesh Modi. 2018. Solidity Programming Essentials. Packt Publishing.

[14]

Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Self-Published Paper(2008).

[15]

Aafaf Ouaddah, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2016. FairAccess: a new Blockchain-based access control framework for the Internet of Things. Security and Communication Networks 9, 18 (2016), 5943–5964. https://doi.org/10.1002/sec.1748

[16]

Aafaf Ouaddah, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Towards a novel privacy-preserving access control model based on blockchain technology in IoT. (2017), 523–533.

[17]

Ethereum-IDE Remix. [n.d.]. Remix documentation. https://remix.readthedocs.io/en/latest/index.html

[18]

Ravi S Sandhu, Hal L Feinstein, Charles E Youman, and Edward J Coyne. 1996. RolemBased Access Control Models m. 29, 2 (1996), 38–47.

[19]

Ravi S Sandhu and Pierangela Samarati. 1994. Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to breach of security.IEEE Communications MagazineSeptember (1994), 40–48.

[20]

Adi Shamir. 1979. How to share a secret. ACM 22 (11)(1979), 159–168.

[21]

S. Subashini and V. Kavitha. 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34, 1(2011), 1–11. https://doi.org/10.1016/j.jnca.2010.07.006

Digital Library

[22]

Vivy Suhendra. 2011. A survey on access control deployment. In International conference on security technology. Springer, 11–20.

[23]

Melanie Swan. 2015. Blockchain Blueprint for a new economy. O’Reilly.

[24]

Younis A. Younis, Kashif Kifayat, and Madjid Merabti. 2014. An access control model for cloud computing. Journal of Information Security and Applications 19 (2014). https://doi.org/10.1016/j.jisa.2014.04.003

[25]

Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for web services. (2005).

[26]

Yuanyu Zhang, Shoji Kasahara, Yulong Shen, Xiaohong Jiang, and Jianxiong Wan. 2018. Smart Contract-Based Access Control for the Internet of Things. IEEE Internet of Things Journal(2018). https://doi.org/10.1109/JIOT.2018.2847705

[27]

Zibin Zheng, Shaoan Xie, Hongning Dai, Xiangping Chen, and Huaimin Wang. 2017. An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends. Proceedings - 2017 IEEE 6th International Congress on Big Data, BigData Congress 2017 (2017), 557–564. https://doi.org/10.1109/BigDataCongress.2017.85

[28]

Dimitrios Zissis and Dimitrios Lekkas. 2012. Addressing cloud computing security issues. Future Generation Computer Systems(2012). https://doi.org/10.1016/j.future.2010.12.006

Cited By

Mishra PR. G(2024)A Block-chain Based Mechanism for Securely Storing Data on Cloud and IOTEngineering World10.37394/232025.2024.6.156(144-153)Online publication date: 30-Oct-2024
https://doi.org/10.37394/232025.2024.6.15
Das SPriyadarshini RMishra MBarik R(2024)Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative StudyJournal of Cybersecurity and Privacy10.3390/jcp40400474:4(1018-1043)Online publication date: 2-Dec-2024
https://doi.org/10.3390/jcp4040047
Punia AGulia PGill NIbeke EIwendi CShukla P(2024)A systematic review on blockchain-based access control systems in cloud environmentJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00697-713:1Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1186/s13677-024-00697-7
Show More Cited By

BACC: Blockchain-Based Access Control For Cloud Data
1. Security and privacy
  1. Security services
  2. Systems security

Recommendations

An efficient signcryption for data access control in cloud computing

Data storage is one of main services in cloud computing. How to ensure the confidentiality and authorized access of data is the central issue of data storage. In this paper, we propose a novel data access control scheme that can simultaneously achieve ...
Using Blockchain to Control Access to Cloud Data
Information Security and Cryptology
Abstract
As cloud storage becomes more common, data security is an increasing concern. In this paper, we propose a new approach to control access to the user’s data stored in the cloud with the state-of-the-arts decentralized blockchain technology. In ...
Attribute-based data access control in mobile cloud computing

With the thriving growth of the cloud computing, the security and privacy concerns of outsourcing data have been increasing dramatically. However, because of delegating the management of data to an untrusted cloud server in data outsourcing process, the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSW '20: Proceedings of the Australasian Computer Science Week Multiconference

February 2020

367 pages

ISBN:9781450376976

DOI:10.1145/3373017

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 February 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSW '20

ACSW '20: Australasian Computer Science Week 2020

February 4 - 6, 2020

VIC, Melbourne, Australia

Acceptance Rates

Overall Acceptance Rate 61 of 141 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
737
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mishra PR. G(2024)A Block-chain Based Mechanism for Securely Storing Data on Cloud and IOTEngineering World10.37394/232025.2024.6.156(144-153)Online publication date: 30-Oct-2024
https://doi.org/10.37394/232025.2024.6.15
Das SPriyadarshini RMishra MBarik R(2024)Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative StudyJournal of Cybersecurity and Privacy10.3390/jcp40400474:4(1018-1043)Online publication date: 2-Dec-2024
https://doi.org/10.3390/jcp4040047
Punia AGulia PGill NIbeke EIwendi CShukla P(2024)A systematic review on blockchain-based access control systems in cloud environmentJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00697-713:1Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1186/s13677-024-00697-7
Xie MFu QHong HRen ZZhang ZKuai J(2024)ABBDAC: A Novel Attribute-Based Blockchain Data Access Control Scheme in Cloud EnvironmentIEEE Internet of Things Journal10.1109/JIOT.2024.345278511:24(40218-40228)Online publication date: 15-Dec-2024
https://doi.org/10.1109/JIOT.2024.3452785
Das SMishra MPriyadarshini RBarik RSaikia M(2024)A secure, privacy-preserving, and cost-efficient decentralized cloud storage framework using blockchainJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2024.10226036:10(102260)Online publication date: Dec-2024
https://doi.org/10.1016/j.jksuci.2024.102260
Park KPark Y(2024)MIoT-CDPS: Complete decentralized privacy-preserving scheme for medical internet of thingsInternet of Things10.1016/j.iot.2024.10125027(101250)Online publication date: Oct-2024
https://doi.org/10.1016/j.iot.2024.101250
Tiwari CJha V(2024)THC-DFECC-based privacy preserved smart contract creation for cloud data securityInternational Journal of Information Technology10.1007/s41870-024-02040-416:7(4191-4207)Online publication date: 27-Jun-2024
https://doi.org/10.1007/s41870-024-02040-4
Yan CXu HLi P(2023)“Every Dog Has His Day”International Journal of Information Security and Privacy10.4018/IJISP.31869717:1(1-27)Online publication date: 10-Mar-2023
https://doi.org/10.4018/IJISP.318697
Hammad MIqbal JHassan CHussain SUllah SUddin MMalik UAbdelhaq MAlsaqour R(2023)Blockchain-Based Decentralized Architecture for Software Version ControlApplied Sciences10.3390/app1305306613:5(3066)Online publication date: 27-Feb-2023
https://doi.org/10.3390/app13053066
Cha SChang CXiang YHuang TYeh K(2023)Enhancing OAuth With Blockchain Technologies for Data PortabilityIEEE Transactions on Cloud Computing10.1109/TCC.2021.309484611:1(349-366)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TCC.2021.3094846
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten