Blockchain Based Proxy Re-Encryption
Blockchain Based Proxy Re-Encryption
The evolution of the Internet of Things has seen data sharing as one of its most useful
applications in cloud computing. As eye-catching as this technology has been, data security
remains one of the obstacles it faces since the wrongful use of data leads to several damages. In
this article, propose a proxy re-encryption approach to secure data sharing in cloud
environments. Data owners can outsource their encrypted data to the cloud using identity-based
encryption, while proxy re-encryption construction will grant legitimate users access to the data.
With the Internet of Things devices being resource-constrained, an edge device acts as a proxy
server to handle intensive computations. Also, make use of the features of information-centric
networking to deliver cached content in the proxy effectively, thus improving the quality of
service and making good use of the network bandwidth. Further, our system model is based on
blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the
bottlenecks in centralized systems and achieves fine-grained access control to data. The security
analysis and evaluation of our scheme show the promise of our approach in ensuring data
confidentiality, integrity, and security.
Keywords: Access control, blockchain, data security, identity based proxy re-encryption,
information-centric network (ICN), Internet of Things (IoT).
INTRODUCTION
The Internet of Things (IoT) has emerged as a technology that has great significance to the world
nowadays and its utilization has given rise to an expanded growth in network traffic volumes
over the years. It is expected that a lot of devices will get connected in the years ahead. Data is a
central notion to the IoT paradigm as the data collected serves several purposes in applications
such as healthcare, vehicular networks, smart cities, industries, and manufacturing, among
others. The sensors measure a host of parameters that are very useful for stakeholders involved.
Consequently, as enticing as IoT seems to be, its advancement has introduced new challenges to
security and privacy. IoT needs to be secured against attacks that hinder it from providing the
required services, in addition to those that pose threats to the confidentiality, integrity, and
privacy of data.
A viable solution is to encrypt the data before outsourcing to the cloud servers. Attackers can
only see the data in its encrypted form when traditional security measures fail. In data sharing,
any information must be encrypted from the source and only decrypted by authorized users in
order to preserve its protection. Conventional encryption techniques can be used, where the
decryption key is shared among all the data users designated by the data owner. The use of
symmetric encryption implies that the same key is shared between the data owner and users, or at
least the participants agree on a key. This solution is very inefficient. Furthermore, the data
owners do not know in advance who the intended data users are, and, therefore, the encrypted
data needs to be decrypted and subsequently encrypted with a key known to both the data owner
and the users. This decrypt-and-encrypt solution means the data owner has to be online all the
time, which is practically not feasible. The problem becomes increasingly complex when there
are multiple pieces of data and diverse data owners and users.
Although simple, the traditional encryption schemes involve complex key management protocols
and, hence, are not apt for data sharing. Proxy re-encryption (PRE), a notion first proposed by
Blaze , allows a proxy to transform a file computed under a delegator’s public key into an
encryption intended for a delegatee. Let the data owner be the delegator and the data user be the
delegate. In such a scheme, the data owner can send encrypted messages to the user temporarily
without revealing his secret key. The data owner or a trusted third party generates the re-
encryption key. A proxy runs the re-encryption algorithm with the key and revamps the
ciphertext before sending the new ciphertext to the user. An intrinsic trait of a PRE scheme is
that the proxy is not fully trusted (it has no idea of the data owner’s secret key). This is seen as a
prime candidate for delegating access to encrypted data in a secured manner, which is a crucial
component in any data-sharing scenario. In addition, PRE allows for encrypted data in the cloud
to be shared to authorized users while maintaining its confidentiality from illegitimate parties.
Data disclosures can be minimized through the use of encryption since only users delegated by
the data owner can effectively access the outsourced data.
LITERATURE SURVEY
Description :Consider a CIA agent who wants to authenticate herself to a server but does not
want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that
the CIA server does not want to reveal its CIA credentials to anyone but CIA agents - not even to
other CIA servers. first show how pairing-based cryptography can be used to implement such
secret handshakes. then propose a formal definition for secure secret handshakes, and prove that
our pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption. Our
protocols support role-based group membership authentication, traceability, indistinguishability
to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secret-
handshake scheme can be implemented as a TLS cipher suite. We report on the performance of
our preliminary Java implementation
Author by: Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky & Giuseppe Persiano
Description: Study the problem of searching on data that is encrypted using a public key system.
Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email
gateway wants to test whether the email contains the keyword “urgent” so that it could route the
email accordingly. Alice, on the other hand does not wish to give the gateway the ability to
decrypt all her messages. define and construct a mechanism that enables Alice to provide a key
to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the
email without learning anything else about the email. refer to this mechanism as Public Key
Encryption with keyword Search. As another example, consider a mail server that stores various
messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail
server a key that will enable the server to identify all messages containing some specific
keyword, but learn nothing else.
The appeal for low-latency applications introduced the notion of ICN, where data owners can
distribute and assign unique names to their data which can be replicated and saved in network
caches. This ensures that there is an efficient data delivery and utilization of network bandwidth,
which is a prerequisite for the IoT ecosystem regardless of the enormous growth in network
volumes. On issues of trust, a decentralized, distributed system that can smoothen secure and
trusted data sharing was introduced by Nakamoto. This is the blockchain technology, and it has
gained much attention due to its ability to preserve data privacy. Although there exist
optimization issues when storing vast sizes of data, emerging system applications have used the
blockchain for access control in database management. Data confidentiality and user revocation
can also be achieved using blockchain.
In this module, it Performs Following activities Login, View All Cloud files, View Transactions,
View Results, View Time Delay Results, View Throughput Results, Logout.
PROXY
In this module, it Performs Following activities Login, View Data Owners and Authorize, View
Data Users and Authorize, View Key Request From Data Owner and Provide, View
Transactions, Logout.
TRUSTED AUTHORITY
In this module, it Performs Following activities Login, View Key Request and Generate, View
Transactions, Logout.
DATA OWNER
In this module, it Performs Following activities Register & Login, Upload, View All Files,
Check Remote Data Integrity, Logout.
DATA USER
In this module, it Performs Following activities Register & Login, Search Data, Request Secret
Key, Download, Logout.
REFERENCES
[1] Cloud Security Alliance, “Security guidance for critical areas of focus in cloud computing
v3.0,” CSA, Tech. Rep., 2003.
[2] Y. Zhang, J. Chen, R. Du, L. Deng, Y. Xiang, and Q. Zhou, “Feacs: A flexible and efficient
access control scheme for cloud computing,”in Trust, Security and Privacy in Computing and
Communications, 2014 IEEE 13th International Conference on, Sept 2014, pp. 310–319.
[3] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and
provably secure realization,” in Public Key Cryptography - PKC 2011, 2011, vol. 6571, pp. 53–
70.
[4] B. B and V. P, “Extensive survey on usage of attribute based encryption in cloud,” Journal of
Emerging Technologies in Web Intelligence, vol. 6, no. 3, 2014.
[5] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained
access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and
Communications Security, ser. CCS
[6] InterNational Committee for Information Technology Standards, “INCITS 494-2012 -
information technology - role based access control – policy enhanced,” INCITS, Standard, Jul.
2012.
[7] E. Coyne and T. R. Weil, “Abac and rbac: Scalable, flexible, and auditable access
management,” IT Professional, vol. 15, no. 3, pp. 14– 16, 2013.
[8] Empower ID, “Best practices in enterprise authorization: The RBAC/ABAC hybrid
approach,” Empower ID, White paper, 2013.
[9] D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding attributes to rolebased access control,”
Computer, vol. 43, no. 6, pp. 79–81, 2010.