In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

PORs: Proofs of Retrievability for Large Files

Personal Health Records (PHRs) should remain the lifelong property of patients, who should be able to show them conveniently and securely to selected caregivers and institutions. In this paper, we present My PHR Machines, a cloud-based PHR system taking a radically new architectural solution to health record portability. In My PHR Machines, health-related data and the application software to view and/or analyze it are separately deployed in the PHR system. After uploading their medical data to My PHR Machines, patients can access them again from remote virtual machines that contain the right software to visualize and analyze them without any need for conversion. Patients can share their remote virtual machine session with selected caregivers, who will need only a Web browser to access the pre-loaded fragments of their lifelong PHR. We discuss a prototype of My PHR Machines applied to two use cases, i.e., radiology image sharing and personalized medicine.

Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute–Based Encryption

The rapid developments in the Internet of Medical Things (IoMT) help the smart healthcare systems to deliver more sophisticated real-time services. At the same time, IoMT also raises many privacy and security issues. Also, the heterogeneous nature of these devices makes it challenging to develop a common security standard solution. Furthermore, the existing cloud-centric IoMT healthcare systems depend on cloud computing for electrical health records (EHR) and medical services, which is not suggestible for a decentralized IoMT healthcare systems. In this article, we have proposed a blockchain-based novel architecture that provides a decentralized EHR and smart-contract-based service automation without compromising with the system security and privacy. In this architecture, we have introduced the hybrid computing paradigm with the blockchain-based distributed data storage system to overcome blockchain-based cloud-centric IoMT healthcare system drawbacks, such as high latency, high storage cost, and single point of failure. A decentralized selective ring-based access control mechanism is introduced along with device authentication and patient records anonymity algorithms to improve the proposed system’s security capabilities. We have evaluated the latency and cost effectiveness of data sharing on the proposed system using Blockchain. Also, we conducted a logical system analysis, which reveals that our architecture-based security and privacy mechanisms are capable of fulfilling the requirements of decentralized IoMT smart healthcare systems. Experimental analysis proves that our fortified-chain-based H-CPS needs insignificant storage and has a response time in the order of milliseconds as compared to traditional centralized H-CPS while providing decentralized automated access control, security, and privacy.

Fortified-Chain: A Blockchain-Based Framework for Security and Privacy-Assured Internet of Medical Things With Effective Access Control

Telecare medical information system (TMIS) implemented in wireless body area network (WBAN) is convenient and time-saving for patients and doctors. TMIS is realized using wearable devices worn by a patient, and wearable devices generate patient health data and transmit them to a server through a public channel. Unfortunately, a malicious attacker can attempt performing various attacks through such a channel. Therefore, establishing a secure authentication process between a patient and a server is essential. Moreover, wearable devices have limited storage power. Cloud computing can be considered to resolve this problem by providing a storage service in the TMIS environment. In this environment, access control of the patient health data is essential for the quality of healthcare. Furthermore, the database of the cloud server is a major target for an attacker. The attacker can try to modify, forge, or delete the stored data. To resolve these problems, we propose a secure authentication protocol for a cloud-assisted TMIS with access control using blockchain. We employ ciphertext-policy attribute-based encryption (CP-ABE) to establish access control for health data stored in the cloud server, and apply blockchain to guarantee data integrity. To prove robustness of the proposed protocol, we conduct informal analysis and Burrows-Adabi-Needham (BAN) logic analysis, and we formally validate the proposed protocol using automated validation of internet security protocols and applications (AVISPA). Consequently, we show that the proposed protocol provides more security and has better efficiency compared to related protocols. Therefore, the proposed protocol is proper for a practical TMIS environment.

/pdf/design-of-secure-authentication-protocol-for-cloud-assisted-1b4yvbqt38.pdf

Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain

Industry 4.0 connects the latest technologies such as cloud computing, Internet of things (IoT), machine learning and artificial intelligence (ML/AI), and blockchain to provide more automation in the industrial process and also bridges the gap between the physical and digital worlds through the cyber-physical system. The inherent feature of IoT devices creates the industry to smart industry (referred to as industrial IoT, i.e., IIoT) through its data-driven decision policies. However, several challenges such as decentralization, security and privacy vulnerability, single point of failure (SPOF), and trust issues exist in the IoT system. Blockchain is one of the promising technologies that can bring about opportunities for addressing the challenges of IoT systems. In this article, we have investigated the integration of IoT with blockchain technology and provided an in-depth study of the blockchain-enabled IoT and IIoT systems. The state-of-the-art research is categorized into data storage and management technique, big data and cloud computing technique (finance and data auditing), and industrial sectors (supply chain, energy, and healthcare sector). The insightful discussion based on the different categories is also presented in the paper. In particular, first, we introduce the IoT and IIoT and then discuss the need for smart contracts in IoT and IIoT systems. Next, we concentrate on the convergence of blockchain and IoT with state-of-the-art research. In addition, this article also provides the open and future research directions towards this era with the highlighted observations.

/pdf/blockchain-based-internet-of-things-and-industrial-iot-a-4fo94kkiai.pdf

Blockchain-Based Internet of Things and Industrial IoT: A Comprehensive Survey

Electronic medical data have significant advantages over paper-based patient records when it comes to storage and retrieval. However, most existing medical data sharing schemes have security risks, such as being prone to data tampering and forgery, and do not support the ability to verify the authenticity of the data source. To solve these problems, we propose a medical data sharing scheme based on attribute cryptosystem and blockchain technology in this paper. First, the encrypted medical data are stored in the cloud, and the storage address and medical-related information are written into the blockchain, which can ensure efficient storage and eliminate the possibility of irreversible modification of the data. Second, the proposed scheme combines attribute-based encryption (ABE) and attribute-based signature (ABS), which achieves the sharing of medical data in many-to-many communications. The ABE achieves data privacy and fine-grained access control, and the ABS verifies the authenticity of the source of the medical data while protecting the signer's identity. Moreover, the data user outsources most of the operations of medical data ciphertext decryption to the cloud service provider (CSP), which can greatly reduce the computational burden. Finally, results of the analysis show that our scheme satisfies the requirements for confidentiality and unforgeability in the random oracle model, and that the proposed scheme offers higher computational performance than other similar schemes.

/pdf/medical-data-sharing-scheme-based-on-attribute-cryptosystem-90thtonvhv.pdf

Medical Data Sharing Scheme Based on Attribute Cryptosystem and Blockchain Technology

Cloud storage services provide convenient data storage services for individuals and enterprises. Data owners can remotely access and update outsourcing data. But there are still many security problems, such as data integrity. Although the public audit schemes allow users to authorize third-party auditors (TPA) to verify the integrity of cloud data, there are still a series of problems in the existing public audit schemes. First of all, most of the existing schemes are based on the traditional or identity public key infrastructure. There is a problem of certificate management or key escrow. And they do not support dynamic data update and user identity tracking for group users. Then, existing multi-replica data public audit schemes store all replicas on a cloud storage server. Once the cloud server fails, all replicas will be damaged. Finally, most existing schemes require TPA to be trusted. In practice, TPA may deviate from the public audit protocol or collude with cloud servers to deceive users. To solve these problems, we propose a certificateless multi-replica and multi-cloud data public audit scheme based on blockchain technology. In our scheme, the dynamic hash table and modification record table are introduced to achieve dynamic update of group user data and identity tracking. All replicas are stored in different cloud servers, and their integrity can be audited at the same time. In addition, we use the unpredictability of blocks in the blockchain to construct fair challenge information, thereby preventing malicious TPA and cloud servers from colluding to deceive users. Each audit result is written into the blockchain, which is convenient for users to audit the behavior of TPA. The analysis results show that our proposed scheme is secure in the random oracle model and has higher efficiency in communication and computation cost compared with similar schemes.

/pdf/multi-replica-and-multi-cloud-data-public-audit-scheme-based-5fcf5k27ct.pdf

Multi-Replica and Multi-Cloud Data Public Audit Scheme Based on Blockchain

As a quite attractive secure search mechanism in cloud environments, searchable encryption allows encrypted files to be searched by keyword and does not reveal any information about original data files. However, most existing searchable encryption schemes only support single keyword ciphertext retrieval, and they cannot resist against inside keyword guessing attacks. Besides, the previous schemes rarely focus on integrity verification and fair transactions without any third party. Focusing on these problems, we propose a multi-keyword certificateless searchable public key authenticated encryption scheme based on blockchain. We use certificateless cryptosystem to encrypt keywords, which avoids the problems of certificate management in traditional cryptosystem and key escrow in identity-based cryptosystem. Our scheme also supports multi-keyword search, which locates encrypted files precisely and returns the desired files. Moreover, we upload the real encrypted files to the cloud server, while the encrypted indexes are put in blockchain, which ensures the anti-tampering, integrity and traceability of the encrypted indexes. The anti-tampering of blockchain also ensures that users can receive accurate search results without any third party verification. Furthermore, we utilize smart contract to track monetary rewards, which enables fair transactions between data owners and users without any trusted third party. We prove that the proposed scheme is secure against inside keyword guessing attacks in the random oracle model. Finally, our performance evaluation shows that the proposed scheme has higher computational performance than other related schemes.

/pdf/multi-keyword-certificateless-searchable-public-key-49ledmwoh8.pdf

Multi-Keyword Certificateless Searchable Public Key Authenticated Encryption Scheme Based on Blockchain

The sharing of electronic health records (EHRs) has shown great advantages in the accurate treatment of patients and the development of medical institutions. However, it is easy to cause some security problems in the process of medical data sharing. Generally, after a patient's EHRs are generated by different medical institutions, they are outsourced to the cloud server (CS) by the authorized medical institutions for storage, which causes the patient to lose control of EHRs. Moreover, malicious medical institutions and semi-trusted cloud servers may collude to tamper with EHRs to seek benefits, which threatens the integrity of EHRs. Therefore, we propose a blockchain-assisted verifiable outsourced attribute-based signcryption scheme (BVOABSC) which realizes the secure sharing of EHRs in a multi-authority cloud storge environment. Firstly, we use the attribute-based signcryption algorithm to realize the confidentiality and unforgeability of the EHRs and protect the privacy of the signer. Secondly, it greatly reduces the computational burden of users by using verifiable outsourcing computation mechanism. Most of the designcryption calculation is performed by the cloud server, and the correctness of the generated partial designcryption ciphertext is verified by users. Furthermore, we use blockchain technology to protect outsourced EHRs from tampering by illegal users. Specifically, each operation on outsourced EHRs is stored as a transaction on the public blockchain, which ensures that EHRs cannot be modified. At the same time, the auditor can verify the integrity of the outsourced EHRs by checking the corresponding transactions. In addition, the smart contract created by the patient can solve the problems in cloud storage, such as tampering EHRs and returning incorrect results. Finally, security analysis and performance evaluation show that the proposed BVOABSC scheme satisfies stronger security and higher efficiency than similar schemes.

/pdf/a-blockchain-assisted-verifiable-outsourced-attribute-based-528w1xtiy2.pdf

A Blockchain-Assisted Verifiable Outsourced Attribute-Based Signcryption Scheme for EHRs Sharing in the Cloud

With the widespread application of cloud storage, users could obtain many conveniences such as low-price data remote storage and flexible data sharing. Considering cloud service provider (CSP) is not full-trusted, lots of cloud auditing schemes are proposed to ensure the shared data security and integrity. However, existing cloud auditing schemes have some security risks, such as user identity disclosure, denial of service attack and single-manager abuse of power. To solve the above issues, we use certificateless signature technology to construct a privacy-preserving cloud auditing scheme for multiple users with authorization and traceability in this paper. Unlike the traditional schemes, our scheme realizes user identity anonymity without group signature and ring signature techniques, which guarantees the tag is compact. Meanwhile, our scheme supports that at least d managers could trace the identity of malicious user collaboratively, which avoids the abuse of single-manager power and provides non-frameability. Furthermore, we introduce an identity authentication process between the third-party auditor (TPA) and the CSP to prevent the denial of service attack. That is, our scheme could solve the problem that anyone can challenge the CSP for the proofs, which averts network congestion and waste of cloud resources. In terms of function, the proposed scheme also supports efficient user revocation from a group. Certificateless cryptography ensures that our scheme does not involve certificate management burden and the key escrow problem. The security analysis shows that our scheme is provably secure against two types of adversaries in the environment of certificateless cryptography. The performance analysis demonstrates that our scheme is efficient

/pdf/privacy-preserving-cloud-auditing-for-multiple-users-scheme-238qy9epsw.pdf

Ting Li

Papers

Medical Data Sharing Scheme Based on Attribute Cryptosystem and Blockchain Technology

Multi-Replica and Multi-Cloud Data Public Audit Scheme Based on Blockchain

Multi-Keyword Certificateless Searchable Public Key Authenticated Encryption Scheme Based on Blockchain

A Blockchain-Assisted Verifiable Outsourced Attribute-Based Signcryption Scheme for EHRs Sharing in the Cloud

Privacy-Preserving Cloud Auditing for Multiple Users Scheme With Authorization and Traceability