UPM Institutional Repository

Toward efficient attribute-based searchable encryption for access control over blockchain


Citation

Hussein, Al-Abadi Hassan Mansur (2021) Toward efficient attribute-based searchable encryption for access control over blockchain. Doctoral thesis, Universiti Putra Malaysia.

Abstract

Blockchain technology offered a technical aspect that ultimately transforms the existing personal health record (PHR) systems into decentralised networks to decrease the possibility of a single point of security failure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. By contrast, storing vast medical data significantly affects the repository storage of blockchain. This study bridges the gap between PHRs and blockchain by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme searching on outsourced encrypted medical data. In the literature, the most promising solution technique to provide such a search on encrypted outsourced data is the searchable encryption schemes. Consequently, the advantages over the other searchable encryption scheme in the construction of secure, searchable fine-grained access control for outsourced encrypted data. However, the existing CP-ABSE schemes still ciphertext-policy attribute-based searchable encryption CP-ABSE has significant suffered from several issues. First, the key escrow in the trusted private key generator (PKG). Second, expensive computational operations in its data outsource and retrieval aspects. Third, secure conjunctive keyword search mechanisms. Fourth, support on-demand users and attribute revocation for dynamic policy updates. These concerns have not been addressed in the decentralised storage repository (IPFS) to exchange personal health records over the blockchain environment. This thesis aims to ensure patient data security by proposing a new two-fold fine-grained search access control policy for outsourcing encrypted medical data in normal and revocable situations. This thesis proposed a new provable lightweight cryptographic concept named blockchain-based attribute-based searchable encryption BC-ABSE by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve an effective and secure searchable access control scheme. The (BC-ABSE) cryptographic concept is capable of achieving the following vital aspects: (1) Efficient and secure multikeyword searchable fine-grained access control of data over IPFS (2) Confidentiality of data by eliminating a trusted private key generator (PKG). Based on the decisional bilinear Diffie Hellman (DBDH) hardness assumptions and the discrete logarithm (DL) problems, the rigorous security analysis shows that the proposed scheme is secure against the chosen-keyword attack (SCKA) and keyword secrecy in the standard model. Besides, the user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that BC-ABSE is resistant to man-in-themiddle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of BC-ABSE in terms of computation overhead, storage cost, and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that BC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems This thesis also proposed new efficient and secure user revocation and attributes policy update mechanism throughout BC-ABSE in the case of users revoking or upgrading their attributes in the system. Therefore, proxy re-encryption and lazy revocation are modelled on smart contracts to effectively revoke the attribute without needing an authentication centre and any additional communications between any authority. The security analysis shows that the indirect revocation model in BC-ABSE is able to prevent forward and backward attacks. The asymptotic complexity comparison and implementation results indicate that the proposed scheme can balance the security goals with practical computation efficiency. The proposed revocation mechanism simulation results on the blockchain network have high transaction throughput and guarantee reasonable transaction latency compared to the existing conventional revocation mechanism.


Download File

[img] Text
FSKTM 2021 15 - IR.pdf

Download (1MB)

Additional Metadata

Item Type: Thesis (Doctoral)
Subject: Blockchains (Databases)
Subject: Blockchains (Databases) - Access control
Call Number: FSKTM 2021 15
Chairman Supervisor: Sharifah Md Yasin, PhD
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Ms. Rohana Alias
Date Deposited: 27 Sep 2024 03:18
Last Modified: 27 Sep 2024 03:18
URI: http://psasir.upm.edu.my/id/eprint/112224
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item