Research On Secure Data Sharing Method For Cloud-Blockchain Integration

With the rapid development of emerging information technologies such as big data,cloud computing and mobile Internet,many enterprises or individuals are hosting their data in the cloud to enjoy the rich storage and computing resources brought by cloud computing technology.Cloud-based data sharing has become a significant technology trend due to its convenience and affordability.However,the cloud server is a semi-trusted entity,and to ensure data security and user privacy,users must encrypt data before outsourcing to the cloud.This approach makes it a challenging problem to implement access control to encrypted data while implementing retrieval of encrypted data.Ciphertext policy attribute-based encryption(CPABE)is considered as one of the most promising solutions for providing secure data access control in public cloud storage.However,existing centralized solutions inevitably suffer from the limitations of single point of failure,low reliability,and poor scalability.In addition,attribute management and maintenance in CP-ABE solutions often require high costs.To address the challenges of centralization,fine-grained access control and ciphertext searchability faced in the process of data sharing,this paper investigates the data security sharing mechanism for the new model of cloud-blockchain integration based on CP-ABE,searchable encryption and blockchain technology.This novel service model makes full use of the powerful storage and computing resources in the cloud while combining the security features of blockchain to provide a secure cloud-blockchain integration data sharing service model,and the main research work is as follows:(1)A reliable and controllable data sharing method based on blockchain in the model of cloud-blockchain integration is proposed.The method maps attributes in CP-ABE as attribute tokens on the blockchain,and designs an attribute token-based data sharing mechanism on the blockchain to support immediate and fine-grained attribute revocation.Lightweight,secure and trusted attribute management operations are performed on user attributes in CP-ABE via blockchain.The solution is based on the permissioned blockchain Hyperledger Fabric,and uses a multi-channel Fabric deployment architecture and smart contracts to implement data management and access control.Combining CP-ABE with blockchain enables a universal data sharing solution that supports fine-grained data access control for access control management of data sharing in distributed environments.(2)A blockchain-assisted secure data sharing method supporting fine-grained access control and multi-keyword fuzzy search in the model of cloud-blockchain integration is proposed.An efficient symmetric searchable encryption algorithm is used in the keyword encryption and retrieval stages,and a keyword search method combining CP-ABE is constructed,which effectively reduces the computational cost.The method combines the advantages of CP-ABE and blockchain-based searchable encryption to ensure the reliability of the search process by implementing authorization and search with the help of smart contracts.The method implements ciphertext-based search while implementing access control.Security analysis and proofs show that the proposed method has more comprehensive security features.In addition,the method supports multi-keyword fuzzy search with AND and OR semantics,which is more in line with practical application requirements.In summary,this thesis proposes a secure data sharing mechanism for cloud-blockchain integration,and performes a detailed security analysis and proof.This thesis measures the feasibility of the approach in the Hyperledger Fabric blockchain platform and evaluates the efficiency of smart contracts.It validates the effectiveness and efficiency of the approaches by conducting extensive experiments on real data sets.Utilizing blockchain,CP-ABE and searchable encryption,a decentralized data secure sharing mechanism supporting fine-grained access control and search authorization is realized,which provides a promising approaches for secure data sharing among different organizations.