Citation
Hussein, Al-Abadi Hassan Mansur
(2021)
Toward efficient attribute-based searchable encryption for access control over blockchain.
Doctoral thesis, Universiti Putra Malaysia.
Abstract
Blockchain technology offered a technical aspect that ultimately transforms the existing
personal health record (PHR) systems into decentralised networks to decrease the
possibility of a single point of security failure. However, such technology possesses some
drawbacks, such as issues in privacy and storage capacity. By contrast, storing vast
medical data significantly affects the repository storage of blockchain. This study bridges
the gap between PHRs and blockchain by offloading the vast medical data into the
InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic
authorisation and access control scheme searching on outsourced encrypted medical data.
In the literature, the most promising solution technique to provide such a search on
encrypted outsourced data is the searchable encryption schemes. Consequently, the
advantages over the other searchable encryption scheme in the construction of secure,
searchable fine-grained access control for outsourced encrypted data. However, the
existing CP-ABSE schemes still ciphertext-policy attribute-based searchable encryption
CP-ABSE has significant suffered from several issues. First, the key escrow in the trusted
private key generator (PKG). Second, expensive computational operations in its data
outsource and retrieval aspects. Third, secure conjunctive keyword search mechanisms.
Fourth, support on-demand users and attribute revocation for dynamic policy updates.
These concerns have not been addressed in the decentralised storage repository (IPFS)
to exchange personal health records over the blockchain environment. This thesis aims
to ensure patient data security by proposing a new two-fold fine-grained search access
control policy for outsourcing encrypted medical data in normal and revocable situations.
This thesis proposed a new provable lightweight cryptographic concept named
blockchain-based attribute-based searchable encryption BC-ABSE by extending
ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric
encryption (SSE) and by leveraging the technology of smart contracts to achieve an
effective and secure searchable access control scheme. The (BC-ABSE) cryptographic
concept is capable of achieving the following vital aspects: (1) Efficient and secure
multikeyword searchable fine-grained access control of data over IPFS (2)
Confidentiality of data by eliminating a trusted private key generator (PKG). Based on
the decisional bilinear Diffie Hellman (DBDH) hardness assumptions and the discrete
logarithm (DL) problems, the rigorous security analysis shows that the proposed scheme
is secure against the chosen-keyword attack (SCKA) and keyword secrecy in the standard
model. Besides, the user collusion attacks are prevented, and the tamper-proof resistance
of data is ensured. Furthermore, security validation is verified by simulating a formal
verification scenario using Automated Validation of Internet Security Protocols and
Applications (AVISPA), thereby unveiling that BC-ABSE is resistant to man-in-themiddle
(MIM) and replay attacks. The experimental analysis utilised real-world datasets
to demonstrate the efficiency and utility of BC-ABSE in terms of computation overhead,
storage cost, and communication overhead. The proposed scheme is also designed and
developed to evaluate throughput and latency transactions using a standard benchmark
tool known as Caliper. Lastly, simulation results show that BC-ABSE has high
throughput and low latency, with an ultimate increase in network life compared with
traditional healthcare systems
This thesis also proposed new efficient and secure user revocation and attributes policy
update mechanism throughout BC-ABSE in the case of users revoking or upgrading their
attributes in the system. Therefore, proxy re-encryption and lazy revocation are modelled
on smart contracts to effectively revoke the attribute without needing an authentication
centre and any additional communications between any authority. The security analysis
shows that the indirect revocation model in BC-ABSE is able to prevent forward and
backward attacks. The asymptotic complexity comparison and implementation results
indicate that the proposed scheme can balance the security goals with practical
computation efficiency. The proposed revocation mechanism simulation results on the
blockchain network have high transaction throughput and guarantee reasonable
transaction latency compared to the existing conventional revocation mechanism.
Download File
Additional Metadata
Actions (login required)
|
View Item |