Blockchain Based Proxy Re-Encryption Approach to Secure Data

Sharing in the Internet of Things

ABSTRACT

The evolution of the Internet of Things has seen data sharing as one of its most useful
applications in cloud computing. As eye-catching as this technology has been, data security
remains one of the obstacles it faces since the wrongful use of data leads to several damages. In
this article, propose a proxy re-encryption approach to secure data sharing in cloud
environments. Data owners can outsource their encrypted data to the cloud using identity-based
encryption, while proxy re-encryption construction will grant legitimate users access to the data.
With the Internet of Things devices being resource-constrained, an edge device acts as a proxy
server to handle intensive computations. Also, make use of the features of information-centric
networking to deliver cached content in the proxy effectively, thus improving the quality of
service and making good use of the network bandwidth. Further, our system model is based on
blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the
bottlenecks in centralized systems and achieves fine-grained access control to data. The security
analysis and evaluation of our scheme show the promise of our approach in ensuring data
confidentiality, integrity, and security.

Keywords: Access control, blockchain, data security, identity based proxy re-encryption,
information-centric network (ICN), Internet of Things (IoT).
 INTRODUCTION

The Internet of Things (IoT) has emerged as a technology that has great significance to the world
nowadays and its utilization has given rise to an expanded growth in network traffic volumes
over the years. It is expected that a lot of devices will get connected in the years ahead. Data is a
central notion to the IoT paradigm as the data collected serves several purposes in applications
such as healthcare, vehicular networks, smart cities, industries, and manufacturing, among
others. The sensors measure a host of parameters that are very useful for stakeholders involved.
Consequently, as enticing as IoT seems to be, its advancement has introduced new challenges to
security and privacy. IoT needs to be secured against attacks that hinder it from providing the
required services, in addition to those that pose threats to the confidentiality, integrity, and
privacy of data.

A viable solution is to encrypt the data before outsourcing to the cloud servers. Attackers can
only see the data in its encrypted form when traditional security measures fail. In data sharing,
any information must be encrypted from the source and only decrypted by authorized users in
order to preserve its protection. Conventional encryption techniques can be used, where the
decryption key is shared among all the data users designated by the data owner. The use of
symmetric encryption implies that the same key is shared between the data owner and users, or at
least the participants agree on a key. This solution is very inefficient. Furthermore, the data
owners do not know in advance who the intended data users are, and, therefore, the encrypted
data needs to be decrypted and subsequently encrypted with a key known to both the data owner
and the users. This decrypt-and-encrypt solution means the data owner has to be online all the
time, which is practically not feasible. The problem becomes increasingly complex when there
are multiple pieces of data and diverse data owners and users.

Although simple, the traditional encryption schemes involve complex key management protocols
and, hence, are not apt for data sharing. Proxy re-encryption (PRE), a notion first proposed by
Blaze , allows a proxy to transform a file computed under a delegator’s public key into an
encryption intended for a delegatee. Let the data owner be the delegator and the data user be the
delegate. In such a scheme, the data owner can send encrypted messages to the user temporarily
without revealing his secret key. The data owner or a trusted third party generates the re-
encryption key. A proxy runs the re-encryption algorithm with the key and revamps the
ciphertext before sending the new ciphertext to the user. An intrinsic trait of a PRE scheme is
that the proxy is not fully trusted (it has no idea of the data owner’s secret key). This is seen as a
prime candidate for delegating access to encrypted data in a secured manner, which is a crucial
component in any data-sharing scenario. In addition, PRE allows for encrypted data in the cloud
to be shared to authorized users while maintaining its confidentiality from illegitimate parties.
Data disclosures can be minimized through the use of encryption since only users delegated by
the data owner can effectively access the outsourced data.
 LITERATURE SURVEY

1.Title: Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications

Author by:Ala Al-Fuqaha
Description : This paper provides an overview of the Internet of Things (IoT) with emphasis on
enabling technologies, protocols, and application issues. The IoT is enabled by the latest
developments in RFID, smart sensors, communication technologies, and Internet protocols. The
basic premise is to have smart sensors collaborate directly without human involvement to deliver
a new class of applications. The current revolution in Internet, mobile, and machine-to-machine
(M2M) technologies can be seen as the first phase of the IoT. In the coming years, the IoT is
expected to bridge diverse technologies to enable new applications by connecting physical
objects together in support of intelligent decision making. This paper starts by providing a
horizontal overview of the IoT. Then, give an overview of some technical details that pertain to
the IoT enabling technologies, protocols, and applications. Compared to other survey papers in
the field, our objective is to provide a more thorough summary of the most relevant protocols
and application issues to enable researchers and application developers to get up to speed quickly
on how the different protocols fit together to deliver desired functionalities without having to go
through RFCs and the standards specifications. also provide an overview of some of the key IoT
challenges presented in the recent literature and provide a summary of related research work.
Moreover, we explore the relation between the IoT and other emerging technologies including
big data analytics and cloud and fog computing. also present the need for better horizontal
integration among IoT services. Finally, present detailed service use-cases to illustrate how the
different protocols presented in the paper fit together to deliver desired IoT services.

2.Title: Secret handshakes from pairing-based key agreements

Author by: D. Balfanz

Description :Consider a CIA agent who wants to authenticate herself to a server but does not
want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that
the CIA server does not want to reveal its CIA credentials to anyone but CIA agents - not even to
other CIA servers. first show how pairing-based cryptography can be used to implement such
secret handshakes. then propose a formal definition for secure secret handshakes, and prove that
our pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption. Our
protocols support role-based group membership authentication, traceability, indistinguishability
to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secret-
handshake scheme can be implemented as a TLS cipher suite. We report on the performance of
our preliminary Java implementation

3.Title: Public key encryption with keyword search

Author by: Dan Boneh,  Giovanni Di Crescenzo,  Rafail Ostrovsky &  Giuseppe Persiano 
Description: Study the problem of searching on data that is encrypted using a public key system.
Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email
gateway wants to test whether the email contains the keyword “urgent” so that it could route the
email accordingly. Alice, on the other hand does not wish to give the gateway the ability to
decrypt all her messages. define and construct a mechanism that enables Alice to provide a key
to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the
email without learning anything else about the email. refer to this mechanism as Public Key
Encryption with keyword Search. As another example, consider a mail server that stores various
messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail
server a key that will enable the server to identify all messages containing some specific
keyword, but learn nothing else.

4.Title: An identity based encryption scheme based on quadratic residues

Author by : X Li and X Yang

Description: present a novel public key cryptosystem in which the public key of a subscriber
can be chosen to be a publicly known value, such as his identity. We discuss the security of the
proposed scheme, and show that this is related to the difficulty of solving the quadratic
residuosity problem
 PROPOSED SYSTEM
The proposed an improvement in IoT data sharing by combining PRE with identity-based
encryption (IBE), information-centric networking (ICN), and blockchain technology.
Shamir first presented the notion of IBE, in which a sender encrypts a message to a recipient
using the identity (email address, domain name, ip address, etc.) as the public key. It is a very
powerful primitive used to combat numerous key distribution problems and has consented to the
development of several cryptographic protocols, including public-key searchable encryption,
secret handshakes, and chosen ciphertext attack (CCA) secure public-key encryption . IBE is
preferred over attribute-based encryption (ABE) because ABE involves heavy computations on
data encryption, decryption, and key management, and these processes are not convenient for the
resource-constrained IoT devices. The strength of this article is increased by borrowing the idea
of ICN to cater for the growth in information sharing.

The appeal for low-latency applications introduced the notion of ICN, where data owners can
distribute and assign unique names to their data which can be replicated and saved in network
caches. This ensures that there is an efficient data delivery and utilization of network bandwidth,
which is a prerequisite for the IoT ecosystem regardless of the enormous growth in network
volumes. On issues of trust, a decentralized, distributed system that can smoothen secure and
trusted data sharing was introduced by Nakamoto. This is the blockchain technology, and it has
gained much attention due to its ability to preserve data privacy. Although there exist
optimization issues when storing vast sizes of data, emerging system applications have used the
blockchain for access control in database management. Data confidentiality and user revocation
can also be achieved using blockchain.

Advantages of Proposed System

 Apt For Data Sharing

 Maintaining its confidentiality from illegitimate parties
 Data disclosures can be minimized through the use of encryption
 Effective
 MODULES

In this proposed system there are five modules they are:

1. Cloud Service Provider

2. Trusted Authority
3. Data Owner
4. Proxy
5. Data User

CLOUD SERVICE PROVIDER

In this module, it Performs Following activities Login, View All Cloud files, View Transactions,
View Results, View Time Delay Results, View Throughput Results, Logout.

PROXY

In this module, it Performs Following activities Login, View Data Owners and Authorize, View
Data Users and Authorize, View Key Request From Data Owner and Provide, View
Transactions, Logout.

TRUSTED AUTHORITY

In this module, it Performs Following activities Login, View Key Request and Generate, View
Transactions, Logout.

DATA OWNER

In this module, it Performs Following activities Register & Login, Upload, View All Files,
Check Remote Data Integrity, Logout.

DATA USER

In this module, it Performs Following activities Register & Login, Search Data, Request Secret
Key, Download, Logout.
 REFERENCES
[1] Cloud Security Alliance, “Security guidance for critical areas of focus in cloud computing
v3.0,” CSA, Tech. Rep., 2003.
[2] Y. Zhang, J. Chen, R. Du, L. Deng, Y. Xiang, and Q. Zhou, “Feacs: A flexible and efficient
access control scheme for cloud computing,”in Trust, Security and Privacy in Computing and
Communications, 2014 IEEE 13th International Conference on, Sept 2014, pp. 310–319.
[3] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and
provably secure realization,” in Public Key Cryptography - PKC 2011, 2011, vol. 6571, pp. 53–
70.
[4] B. B and V. P, “Extensive survey on usage of attribute based encryption in cloud,” Journal of
Emerging Technologies in Web Intelligence, vol. 6, no. 3, 2014.
[5] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained
access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and
Communications Security, ser. CCS
[6] InterNational Committee for Information Technology Standards, “INCITS 494-2012 -
information technology - role based access control – policy enhanced,” INCITS, Standard, Jul.
2012.
[7] E. Coyne and T. R. Weil, “Abac and rbac: Scalable, flexible, and auditable access
management,” IT Professional, vol. 15, no. 3, pp. 14– 16, 2013.
[8] Empower ID, “Best practices in enterprise authorization: The RBAC/ABAC hybrid
approach,” Empower ID, White paper, 2013.
[9] D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding attributes to rolebased access control,”
Computer, vol. 43, no. 6, pp. 79–81, 2010.