FACOS: Enabling Privacy Protection Through Fine-Grained Access Control With On-Chain and Off-Chain System

作     者：Liu, Chao Hou, Cankun Jiang, Tianyu Ning, Jianting Qiao, Hui Wu, Yusen 

作者机构：Wuhan Univ Sch Cyber Sci & Engn Wuhan 430072 Peoples R China Tsinghua Univ Dept Informat Technol Yangtze Delta Reg Inst Jiaxing 314006 Peoples R China Fujian Prov Key Lab Data Intens Comp Quanzhou 362000 Peoples R China Key Lab Intelligent Comp & Informat Proc Quanzhou 362000 Peoples R China Fujian Normal Univ Coll Comp & Cyber Secur Fuzhou 350007 Peoples R China Ocean Univ China Coll Engn Qingdao 266100 Peoples R China Yugong Technol Co Ltd Res & Dev Ctr Hangzhou 310000 Peoples R China Univ Miami Dept Comp Sci Miami FL 33146 USA 

出 版 物：《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 (IEEE Trans. Inf. Forensics Secur.)

年 卷 期：2024年第19卷

页      面：7060-7074页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Access control Blockchains Encryption Security Data privacy Memory Government Blockchain privacy and security data sharing fault tolerance fine-grained access control 

摘      要：Data-driven landscape across finance, government, and healthcare, the continuous generation of information demands robust solutions for secure storage, efficient dissemination, and fine-grained access control. Blockchain technology emerges as a significant tool, offering decentralized storage while upholding the tenets of data security and accessibility. However, on-chain and off-chain strategies are still confronted with issues such as untrusted off-chain data storage, absence of data ownership, limited access control policy for clients, and a deficiency in data privacy and auditability. To solve these challenges, we propose a permissioned blockchain-based privacy-preserving fine-grained access control on-chain and off-chain system, namely FACOS. We applied three fine-grained access control solutions and comprehensively analyzed them in different aspects, which provides an intuitive perspective for system designers and clients to choose the appropriate access control method for their systems. Compared to similar work that only stores encrypted data in centralized or non-fault-tolerant IPFS systems, we enhanced off-chain data storage security and robustness by utilizing a highly efficient and secure asynchronous Byzantine fault tolerance (BFT) protocol in the off-chain environment. As each of the clients needs to be verified and authorized before accessing the data, we involved the Trusted Execution Environment (TEE)-based solution to verify the credentials of clients. Additionally, our evaluation results demonstrated that our system (https://***/cliu717/AsynchronousStorage) offers better scalability and practicality than other state-of-the-art designs. We deployed our system on Alibaba Cloud and Tencent Cloud and conducted multiple evaluations. The results indicate that it takes about 2.79 seconds for a client to execute the protocol for uploading and about 0.96 seconds for downloading. Compared to other decentralized systems, our system exhibits efficient l