Abstract Access control is a security technique that can restrict access to protected resources, and data to only authorized users. In this paper, we design a blockchain-based access control scheme for cloud storage that is enabled by revocation. First, initialize blockchain to generate global parameters, generate complete user encryption keys and decryption keys, and perform data encryption. When the blockchain receives a user’s access request, the authorization contract determines if it is on the revocation list. If not, the key is checked. Then, it determines abnormal access and adds its identity to the revocation list, preventing further access to the database. The access control model is created by combining attribute-based encryption. After the security analysis and operational efficiency test, it can be considered that the model meets the security features, such as IND-CPA security. Regarding the time overhead of generating encryption keys, the computational overhead of this paper is the lowest, and the time required to generate encryption keys for 10 attributes is only 0.09 seconds, and for 100 attributes is only 1.62 seconds, which is better than the performance of the two attribute-based access control schemes, FIFC and AACE. The user access time overhead for 10 to 100 attributes at user encryption time is 1.38, 1.56, 1.98, 2.1, 2.53, 2.76, 3.03, 3.27, 3.66, and 3.94 seconds, respectively. The lowest decryption time consumed ensures data security and a good access experience. This study achieves fine-grained access control while protecting data privacy.
Read full abstract