Research On Secure And Verifiable Data Sharing Technology Based On Blockchain And CP-ABE

With the emergence and development of new generation information technologies such as the Internet of Things(Io T)and cloud computing,many users outsource the massive data generated by Io T devices to public clouds for storage and sharing.While enjoying the convenient cloud services,users also face new security challenges.Firstly,there are data security issues.The outsourcing of user data to cloud storage can lead to the separation of data ownership and management rights,which may cause security risks including data leakage and unauthorized access.Secondly,cloud servers are not completely trustworthy.The third-party cloud servers may tamper with users’ data for financial gain.To ensure the security of the shared data,users usually encrypt data before outsourcing storage.Although symmetric encryption and traditional public-key encryption techniques can guarantee data confidentiality,they can only achieve one-toone encrypted data sharing and suffer from the problems including high cost of key management costs and key leakage.Attribute-based encryption(ABE)technologies,especially the ciphertext-policy attribute-based encryption(CP-ABE)technologies,can provide fine-grained access control for one-to-many data sharing while ensuring data confidentiality and security.Although the traditional ABE technology can ensure security of sharing data,it still faces the problems such as incomplete privacy protection and high computational overhead in practical applications.Firstly,explicit storage of access policies may lead to privacy leakage for users.Secondly,for the limited battery capacity and computing resources of Io T terminal devices,it is difficult to afford to the high computational cost in the encryption and decryption processes.Thirdly,the traditional single-authorization ABE schemes have the problems including single points of failure and performance bottlenecks in distributed large-scale application scenarios.Fourthly,it is difficult to trace the identity of users who leaked secret keys.Lastly,incompletely trustworthy cloud servers may tamper with ciphertext data or return incorrect computation results.Aiming to the aforementioned problems,this thesis proposes three data sharing schemes based on CP-ABE and blockchain technology for practical applications in the collaborative scenario of cloud computing and Io T.The details of this work are as follows:(1)Aiming to the problems of explicit storage of access policy and the limited resources of Io T devices in traditional CP-ABE schemes,this thesis proposes an efficient CP-ABE scheme that supports policy hiding based on blockchain technology.Firstly,user privacy is protected by partially hiding of the access policies.Secondly,an online/offline encryption and outsourced decryption mechanism is introduced to improve the computation efficiency of terminal users.Thirdly,the integrity of ciphertext data stored by the cloud server is verified using blockchain.(2)Aiming to the problems of the existing policy-hiding CP-ABE schemes are mostly based on the construction of composite order groups and the difficulty of authentication,this thesis proposes a CP-ABE scheme that supports policy hiding and trusted authentication based on blockchain.Firstly,the prime-order groups instead of the composite order groups are employed to achieve a higher computational efficiency.Secondly,before the decryption stage,an access right authentication stage executed by smart contracts is added.It only needs a small amount of calculation to determine whether the user has decryption rights,and the self-executing smart contracts in the blockchain can ensure the credibility of the authentication results.Thirdly,the online/offline mechanisms are introduced in both the key generation and encryption stages,and the expensive pairing computation in the decryption stage is outsourced to the cloud service,so as to effectively improve the registration and encryption and decryption efficiency for end users.(3)Aiming to the problems of single authorized authority,difficult to trace users of leaked keys,and limited resources of terminal users in the existing CP-ABE schemes,this thesis proposes a multi-authorized CP-ABE scheme that supports outsourced verification and traceability based on blockchain.Firstly,multi-authorized authorities are introduced to improve the scalability of the proposed scheme.Secondly,the users’ identities are bound with their attribute keys to effectively prevent user collusion attacks and trace malicious users with abused keys.Thirdly,most of the computation in the encryption and decryption stages is outsourced to the cloud server to minimize the computational burden of users.And then,the returned computation results from the cloud server are automated verified by smart contracts to achieve trusted verification.