Open Access

ARTICLE

Cross-Domain Bilateral Access Control on Blockchain-Cloud Based Data Trading System

Youngho Park¹, Su Jin Shin², Sang Uk Shin^3,*

1 Electronics and Information Communications Research Center, Pukyong National University, Busan, 48513, Republic of Korea
2 Department of Information Security, Graduate School, Pukyong National University, Busan, 48513, Republic of Korea
3 Division of Computer Engineering, Pukyong National University, Busan, 48513, Republic of Korea

* Corresponding Author: Sang Uk Shin. Email:

(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)

Computer Modeling in Engineering & Sciences 2024, 141(1), 671-688. https://doi.org/10.32604/cmes.2024.052378

Received 31 March 2024; Accepted 16 July 2024; Issue published 20 August 2024

Abstract

Data trading enables data owners and data requesters to sell and purchase data. With the emergence of blockchain technology, research on blockchain-based data trading systems is receiving a lot of attention. Particularly, to reduce the on-chain storage cost, a novel paradigm of blockchain and cloud fusion has been widely considered as a promising data trading platform. Moreover, the fact that data can be used for commercial purposes will encourage users and organizations from various fields to participate in the data marketplace. In the data marketplace, it is a challenge how to trade the data securely outsourced to the external cloud in a way that restricts access to the data only to authorized users across multiple domains. In this paper, we propose a cross-domain bilateral access control protocol for blockchain-cloud based data trading systems. We consider a system model that consists of domain authorities, data senders, data receivers, a blockchain layer, and a cloud provider. The proposed protocol enables access control and source identification of the outsourced data by leveraging identity-based cryptographic techniques. In the proposed protocol, the outsourced data of the sender is encrypted under the target receiver’s identity, and the cloud provider performs policy-match verification on the authorization tags of the sender and receiver generated by the identity-based signature scheme. Therefore, data trading can be achieved only if the identities of the data sender and receiver simultaneously meet the policies specified by each other. To demonstrate efficiency, we evaluate the performance of the proposed protocol and compare it with existing studies.

---

Keywords

---