SPECIAL SECTION ON BLOCKCHAIN-ENABLED TRUSTWORTHY SYSTEMS

Received April 19, 2020, accepted April 29, 2020, date of publication May 6, 2020, date of current version May 21, 2020.
Digital Object Identifier 10.1109/ACCESS.2020.2992649

BDSS-FA: A Blockchain-Based Data Security

Sharing Platform With Fine-Grained
Access Control
HONG XU 1,2 , QIAN HE1,2 , XUECONG LI1,3 , BINGCHENG JIANG2,3 , AND KUANGYU QIN1,2
1 State and Local Joint Engineering Research Center for Satellite Navigation and Location Service, Guilin University of Electronic Technology, Guilin 541004,
China
2 Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China
3 CETC Key Laboratory of Aerospace Information Applications, Shijiazhuang 050081, China

Corresponding author: Qian He (heqian@guet.edu.cn)

This work was supported in part by the National Natural Science Foundation of China under Grant 61661015 and Grant 61967005, in part
by the Guangxi Innovation-Driven Development Project under Grant AA17202024, in part by the Guangxi Key Laboratory of
Cryptography and Information Security Found under Grant GCIS201701, in part by the Guangxi Collaborative Innovation Center of Cloud
Computing and Big Data Found under Grant YD1901, in part by the Innovation Project of GUET Graduate Education under Grant
2019YCXS046, in part by the CETC Key Laboratory of Aerospace Information Applications Found, in part by the Young and
Middle-Aged Backbone Teacher of Guangxi Colleges and Universities Found, and in part by the Innovation Research Team of Guangxi
Natural Science Foundation under Grant 2019GXNSFGA245004.

ABSTRACT Aiming at the problem of privacy leakage during data sharing in the Internet of Things, a
blockchain based secure data sharing platform with fine-grained access control(BSDS-FA) is proposed. First,
this paper proposes a new hierarchical attribute-based encryption algorithm, which uses hierarchical attribute
structure and multi-level authorization center. The algorithm implements flexible and fine-grained access
control by distributing different user attributes to different authorization centers. Then, it combined with
the Fabric blockchain technology to solve the problem of huge decryption cost for users in the Internet of
things. Smart contract in blockchain executes high-complexity partial decryption algorithm to reduce the
users’ decryption overhead. Blockchain can also realize the traceability of historical operations to meet the
security requirements of data restriction open and transparent supervision. Finally, the hierarchical attribute-
based encryption algorithm is proved to be CPA-safe. The theoretical analysis and experimental results show
that BDSS-FA provides more secure and reliable data sharing services for users in the Internet of Things.

INDEX TERMS Attribute-based encryption, access control, blockchain, smart contract, Internet of Things
(IoT).

I. INTRODUCTION sharing mechanism between different organizations for IoT

With the rapid development of Internet and sensor technol- has become a huge challenge [5].
ogy, more and more physical entities are connected to the Traditional data sharing mechanism generally upload IoT
Internet through sensors to realize information sharing, and device data to the third-party service agency through sensors,
the Internet of things(IoT) is born in this background [1], [2]. and then the third-party service agency mines and analyzes
IoT can not only realize the connection between things and these data through machine learning and statistical analysis
things, people and things, people and people, but also has to provide users with more convenient services. However,
been widely used in industry, agriculture, smart city, health while people enjoy high-quality and personalized services,
care and other fields, which playing an important role in the there is also the risk of personal privacy being revealed.
development of national economy and human society [3], [4]. Take wearable devices as examples, wearable devices include
In the face of increasing data volumes and increasingly com- medical devices (blood glucose meters, sphygmomanome-
plex network topologies, how to establish an effective data ters, oximeter watches, etc.) and sports health devices (smart
bracelets, etc.) [6]. Users constantly monitor their physical
The associate editor coordinating the review of this manuscript and indicators through sensors, and send these sensing data to a
approving it for publication was Hong-Ning Dai . third party based on their own health status, which providing

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
87552 VOLUME 8, 2020
H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

users with more timely treatment. However, in the process of The Validation Contract is responsible for detecting the valid-
data transmission, user privacy is likely to be exposed, such as ity of user access right, while the Decryption Contract is
the user’s location information and various physical function responsible for performing partial decryption for the cipher-
data. In order to eliminate third-party service organizations text of HABE, which reducing the computational overhead of
and quickly realize the secure sharing of data in peer-to- data consumer and improving decryption performance.
peer network, blockchain technology has attracted extensive (3) Based on the data sharing model, BSDS-FA is imple-
attention, bringing opportunities to solve the challenges of mented for the actual data distribution system, and the secu-
IoT [7]. rity of HABE is proved. The experimental results show that
Blockchain is a peer-to-peer network with distributed con- BSDS-FA is practical and effective.
nection, which can prevent the data collected by IoT from The remainder of the paper is organized as follows. Section
being transmitted through third-party service organizations, II discusses the related work. Section III introduces the sys-
improve the transmission rate of data, and reduce transmis- tem model. In section IV, the relevant algorithms of HABE
sion delay. In order to securely store and transmit this data and the main functional modules of BSDS-FA are introduced
to ensure its integrity, validity and authenticity, the access in detail. Section V describes the specific design of two smart
control has also become an important research content to contracts. Section VI proves the security of HABE algorithm.
ensure the secure sharing of data in the IoT. Therefore, many Section VII tests the performance of BSDS-FA, and the work
scholars have combined the blockchain technology with the is summarized in section VIII.
existing access control model to carry out a series of research
work. Zyskind and Nathan [8] combined the discretionary II. RELATED WORK
access control model (DAC) to manage sensitive data off- With the large-scale deployment of sensors, the amount of
chain through the access control policy on the blockchain. data in IoT is exploding, but these data will produce different
Cruz et al. [9] used blockchain to solve cross-organizational values for different organizations. In order to make these
access control issues in the role-based access control model data play a greater role, the shared data, data providers and
(RBAC), which achieving cross-organizational authentica- data consumers are generally integrated into a platform to
tion for user roles. Maesa et al. [10] extended the stan- achieve valuable interconnection of data. However, many of
dard workflow of the attribute-based access control model the shared data in the data sharing platform contain the pri-
(ABAC), replacing the traditional database with blockchain vate information of data providers. If the necessary security
to store policies, and managing access policies in the form of measures are not provided for the shared data, it is easy to
transactions. However, the above method is only applicable cause the privacy leakage of users and threaten the personal
to specific scenarios, and the access control is single, which safety or property security of the data provider. Therefore,
is not suitable for one-to-many encryption scenarios in IoT. the security of data sharing in IoT has attracted widespread
At present, attribute-based encryption algorithms(ABE) attention.
[11] are considered as a solution to the problem of secure In the data sharing platform, Balamurugan et al. [13]
access control. ABE is developed on the basis of Identity- transfers data by issuing tokens, and only data consumers
based Encryption(IBE), which is particularly suitable for one- with tokens can access the shared data in the data sharing
to-many encryption scenarios. When the decryptor satisfies platform. However, with the increase of data consumers, the
certain requirements specified by the encryptor, the decryptor load of data providers will also increase dramatically, result-
can successfully decrypt the ciphertext that she/he wants to ing in instability or even collapse of data sharing platform.
access. ABE algorithm not only guarantees data confiden- In view of this, Sun and Ji [14] introduced a third-party
tiality but also provides fine-grained access control to data. service organization in the data sharing platform, and the
Therefore, under the environment with high data sharing rate interaction between data providers and data consumers was
of IoT, ABE encryption algorithm can effectively solve the conducted through third-party service organizations, which
problem of secure access control for outsourced data. greatly improved the execution efficiency of the platform.
Therefore, based on literature [12], this paper proposes However, the construction and maintenance cost of the data
a blockchain-based secure data sharing platform and fine- sharing platform is high, and it is vulnerable to malicious
grained access control (BSDS-FA) combined with ABE. The attacks by illegal users, resulting in data leakage or tampering.
main contributions of this paper are summarized as follows: Therefore, in order to quickly realize the safe sharing of
(1) Aiming at the problem of access control in data shar- data in the data sharing platform, blockchain technology is
ing, a new hierarchical attribute-based encryption algorithm introduced.
(HABE) was proposed. By assigning different users to dif- Blockchain is a distributed database system with multiple
ferent authorization centers for management, the system independent nodes, which can also be understood as dis-
performance of a single authorization agency is improved, tributed ledger [15]. It makes comprehensive use of cryptog-
and BSDS-FA can provide fine-grained access control while raphy, consensus mechanism, distributed network and other
ensuring the security of shared data. technologies to realize an interaction mode based on decen-
(2) Based on the Fabric blockchain, designing two smart tralized credit, which has practical significance for promoting
contracts – Validation Contract and Decryption Contract. the application of the IoT. In 2017, the ministry of industry

VOLUME 8, 2020 87553

 H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

and information technology released the ‘‘Blockchain-

Reference Architecture’’ and ‘‘Blockchain-Data format spec-
ification’’ [16], [17], aiming to provide a standard for the
practical application of blockchain and provide guidance
to open the IoT distributed platform by using blockchain.
Shafagh et al. [18] proposed a data-centric storage system
for IoT based on blockchain, but the scheme is limited to the
theoretical level and has not been verified by experiments.
Ge et al. [19] proposed a lightweight information sharing
security framework for IoT based on blockchain, and the
security, feasibility and effectiveness of the framework were
proved by simulation experiments. However, when the frame-
work is applied to specific industries, there are shortcom-
ings in both privacy protection capabilities and concurrency
capabilities.
In addition, none of the above schemes consider the prob-
FIGURE 1. Model framework of BSDS-FA.
lem of user access control, which makes the shared data
possible to be stolen by illegal users, resulting in the disclo-
sure of privacy. With the rapid development of blockchain III. MODEL AND FUNCTION
technology, platforms such as Ethereum and Hyperledger A. SYSTEM INITIALIZATION
began to support various types of smart contracts [20]. BSDS-FA is designed based on blockchain and HABE, which
Azaria et al. [21], Ekblaw et al. [22], and Dagher et al. [23] can provide a secure data sharing mechanism with traceability
combines smart contracts with access control to achieve auto- and fine-grained access control. The system framework is
matic permission management of medical data, and realizes shown in Fig. 1, including Key Generation Center(KGC),
the integration and permission management of distributed Data Owner(DO), P2P based data distribution platform, IPFS
medical data of different organizations based on the Ethereum Cluster, Fabric Blockchain and Data Consumer(DC).
platform. However, the scheme adopts the PoW consensus The functions of the six entities are as follows.
mechanism, which makes the calculation overhead too large
when maintaining the consistency of the blockchain. There- 1) KEY GENERATION CENTER
fore, Xue et al. [24] improved the consensus mechanism,
In BSDS-FA, KGC consists of a central authorization cen-
using the DPoS consensus mechanism to reduce the com-
ter(AC) and multiple domain authorization centers(DAC).
putational burden of nodes, but it brought extraordinary data
For AC, it is responsible for the generation and distribution of
storage overhead, which was not practical. A secure FaBric
system parameters, and management of the first-level DAC.
blockchain-based data transmission technique for industrial
For DAC, it is mainly responsible for generating correspond-
IoT [25] was proposed to improve the security of data in
ing keys for subordinate domain authorization centers or data
the transmission process, which reducing the communication
consumers. Note that the function of each DAC is roughly the
overhead.
same. The only difference is that the attribute set managed by
Although the above schemes all provide access control for
each DAC is different, and the lower-level DAC is managed
shared data, their access control is relatively single, which
by the higher-level DAC.
cannot provide good privacy protection for the IoT with com-
plex attributes. Attribute-based encryption algorithm [11] can
realize fine-grained access control based on user attributes, 2) DATA OWNER
which is one of the key technologies to solve the cur- DO is a provider of shared data. DO collects raw data in
rent secure sharing of IoT data. Rahulamathavan et al. [26] IoT devices and shares remotely sensitive data with oth-
introduced the attribute-based encryption algorithm into ers through P2P-based data distribution platform. When DO
the IoT ecosystem based on blockchain, improving the wants to publish data, DO formulates HABE access control
security of shared data in the system. However, the sys- for the shared data, and only users who meet the access
tem stores all the data directly in the blockchain, which control have access to get the data in BSDS-FA.
greatly increases the storage burden of the blockchain.
Wang et al. [27] designed a data security sharing model based 3) P2P-BASED DATA DISTRIBUTION PLATFORM
on blockchain, which can provide fine-grained access con- When DO wants to share data, the platform will generate
trol while data is securely shared. However, the decryp- the corresponding seed information description file, and then
tion overhead of the data consumers in this model is perform two tasks: 1) The platform publishes the encrypted
huge, which is not suitable for the scalable data sharing file sent by the data owner to the IPFS cluster; 2) The
in IoT. platform uses the DO’s PK to encrypt the random key with

87554 VOLUME 8, 2020

H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

HABE algorithm and publishes the encrypted results to Fab- 4) DATA DOWNLOAD
ric blockchain. Data download is mainly performed by DC. DC completes
the process of data access through smart contracts, IPFS
4) IPFS CLUSTER cluster and P2P-based distribution mechanisms, requiring
It is a distributed file system that combines distributed hash that only users with access rights to access shared data
tables, incentive block exchanges, and self-certified names- in BSDS-FA.
paces. It is mainly responsible for storing encrypted files
uploaded by DO through P2P-based data distribution plat- IV. REALIZATION AND APPLICATION
form, and storing the hash value of the encrypted files on In Section III, we briefly introduced the functions of the four
the block chain, which alleviating the storage pressure of functional modules. Next, we will give a detailed description
blockchain. of the specific execution process of this function module.

5) FABRIC BLOCKCHAIN A. SYSTEM INITIALIZATION

Smart contracts are deployed on blockchain to realize the System initialization is generally run when BSDS-FA plat-
interaction of on-chain and off-chain data. When data con- form is started, and the specific process is shown in Algo-
sumer wants to access data in BSDS-FA, Validation Contract rithm 1. The main flow of the algorithm is as follows: First,
is mainly responsible for verifying whether the user has BSDS-FA platform determines the depth d of the user’s key
access to get the shared data, and Decryption Contract is structure (Line 1 of Algorithm 1). Then, the Setup algorithm
mainly responsible for providing partial decryption to users of HABE is called to get the system public key PK and the
with access right, which improving the decryption perfor- system main key MK, and the PK and MK are uploaded to
mance of data consumer. the smart contract(Line 2-3 of Algorithm 1).
6) DATA CONSUMER
Algorithm 1 The process of system initialization
It is a user who is interested in data in BSDS-FA and wants
Input: d
to access them. DC accesses shared data through the Internet,
Output: PK,MK
and only users with access right can decrypt the shared data
1. d ← CA initializes the depth of user’s key structure
to obtain the plain text.
2. PK , MK ← HABESetup (d)
3. CAupload thePK , MK to the smart contract
B. SYSTEM FUNCTION
4. return PK, MK
BSDS-FA mainly includes four functional modules: system
initialization, user registration, data upload, data download.
Now, the main functions of these four modules will be The Setup algorithm of HABE is as follows:
described as a whole. Setup(d) ⇒ (PK , MK ). The algorithm selects a cyclic
group G with order p and generator g. At the same time, AC
1) SYSTEM INITIALIZATION picks random parameters α, βi ∈ Zp , ∀i{1, 2 . . . d}, where
System initialization is mainly performed by AC of KGC. d is the depth of user key structure. Then it outputs PK =
When BSDS-FA is started, AC initializes system parameters {G, g, h1 = gβ1 , y1 = g1/β1 , h2 = gβ2 , y2 = g1/β2 , e(g, g)α }
to ensure the normal operation of BSDS-FA. and MK = {β1 , β2 , gα }. Here we assume that d = 2.

2) USER REGISTRATION B. USER REGISTRATION

User registration is mainly performed by AC and DAC of User registration generally creates new users for BSDS-FA
KGC. When a user wants to access the shared data in platform and the specific process is shown in Algorithm 2.
BSDS-FA, he/she will submit his/her own set of attributes to When a user wants to join BSDS-FA platform, he /she will
BSDS-FA, and BSDS-FA will verify the user’s identity and send a registration request to BSDS-FA, and then submit
complete the user registration. his/her identity information according to the requirements of
BSDS-FA (Line 1 of Algorithm 2). When BSDS-FA receives
3) DATA UPLOAD the user’s registration request, it will verify that the user’s
Data upload is mainly performed by DO. The shared data of identity is legal (Line 2 of Algorithm 2). If the user is a legal
the data owner is stored in the IPFS cluster after symmetric user, the user will be registered, otherwise BSDS-FA rejects
encryption, and the encryption key is uploaded to the smart the user’s registration request (Lines 3-4 of Algorithm 2).
contract on the blockchain after being encrypted by HABE When BSDS-FA performs a registration operation for the
(HABE is an asymmetric encryption algorithm). Therefore, user, the AC of KGC first calls the Keygen algorithm of
through the combination of symmetric encryption and asym- HABE to generate corresponding transformation key TKi
metric encryption, BSDS-FA can improve the encryption and and private key SKi for the top-level domain authorization
decryption performance while ensuring the security of shared center (Line 6-7 of Algorithm 2). Then, the top-level domain
data. authorization center calls the Delegate algorithm of HABE

VOLUME 8, 2020 87555

 H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

to generate corresponding TKi+1 and SKi+1 for the lower- C. DATA UPLOAD
level domain authorization center, and uploads the TKi+1 The data upload process is that the data owner provides shared
and SKi+1 to the smart contract (Line 8-10 of Algorithm 2). data to BSDS-FA platform. In order to ensure the security of
Note that TKi , SKi and TKi+1 , SKi+1 are used to represent the the shared data, the data owner will formulate access control
upper and lower relationship of the authorization center, so policies and perform encryption operations for the shared
the conversion key and private key corresponding to a certain data. The specific process is shown in Algorithm 3. When
user is still represented by TK and SK respectively. the data owner wants to upload the shared data, a random key
ψ is generated for the shared data (Line 1 of Algorithm 3),
Algorithm 2 The process of user registration and then the shared data is symmetric encrypted using the
Input: PK, MK, 3 random key to obtain EncryptedFile (Line 2 of Algorithm 3).
Output: TKi+1 , SKi+1 In addition, the data owner formulates an access policy 0
1. DC send registration request (Line 3 of Algorithm 3) for the shared data, and obtains the
2. KGC verifies the identity of user PK from the smart contract, and then sends EncryptedFile,
3. if verification result != true then 0, ψ, PK to P2P based data distribution platform. When P2P
4. return NULL platform receives this data, it stores the EncryptedFile on the
5. Else IPFS cluster (Line 4 of Algorithm 3). At the same time, the
6. AC of KGC executes: seed resource server also generates the corresponding P2P
7. TKi , SKi ← HABEKeyGen (PK , MK , 3) seed file for the random key ψ, and then P2P platform uses
8. Top-level domain authorization center(DAC) encryption algorithm of HABE to encrypt the seed file, and
executes: store the encrypted result CT in the smart contract (Line 5-6
9. TKi+1 , SKi+1 ← HABEDelegate (TKi , SKi , u, 3̃) of Algorithm 3).
10. DAC uploadsTKi+1 , SKi+1 to the smart contract
11. return TKi+1 , SKi+1 Algorithm 3 The process of data upload
12. end if Input: file, ψ,PK, 0
Output: CT
The KeyGen algorithm and Delegate algorithm of HABE 1. ψ ← DO generate random symmetric key
are as follows: 2. EncryptedFile ← AESencrypt (file, ψ)
(1)KeyGen(PK , MK , 3) ⇒ (TKi , SKi ). After DC submits 3. DO formulates access control 0
his own attribute set 3 = {A0 , A1 , · · · Am }, where Ai = 4. IPFSAddr ← send EncryptedFile to IPFS Cluster
{ai,1 , ai,2 , . . . ai,ni } with ai,j being the j th attribute of Ai and 5. CT ← HABEEncrypt (PK,ψ, 0)
ni being the number of attributes in Ai , the algorithm will gen- 6. The encrypted result CT stored in the smart contract
erate a random number r, z ∈ Zp for DAC, preventing illegal 7. return CT
users from conspiring to obtain user privacy. For the same
reason, random numbers ri ∈ Zp is generated for each set Ai The encryption algorithm of HABE is as follows:
of 3, and random numbers ri,j ∈ Zp is generated for each ele- Encrypt(PK , ψ, 0) ⇒ (CT ) : DO establishs access con-
(α+r)/z
ment ai,j of Ai .Then it outputs TKi = {3, D = y1 , Di,j = trol 0 for data visitors. 0 is a tree structure, and each node
gri /z · H (ai,j )ri,j /z , D0i,j = gri,j /z , for0 ≤ i ≤ m, x in 0 corresponds to a polynomial qx of order dx ,where
(r+r )/z
1 ≤ j ≤ ni , Ei = y2 i , for 1 ≤ i ≤ m} and SKi = z. dx = kx − 1 and kx is the threshold of node x. Note that
The element Ei of TKi is used to decrypt of transform node, dx = 0 when x is leaf node. Starting from the root node r in
which can implement cross-set query of attributes. When the 0, DO picks a random value s ∈ Zp and makes qx (0) = s.
transform node is converted, ri0 can be converted to ri through Next, DO randomly picks some numbers representing other
Ei /Ei0 . values of qx to compute polynomial completely. For any other
(2)Delegate(TKi , SKi , u, 3̃) ⇒ (TKi+1 , SKi+1 ): When a nonroot node x, qx (0) = qparent(x) (index(x)), and then selects
new subordinate DACi+1 or DC wants to join the system, other values of the polynomial. In addition, qx of leaf node is
the superordinate DACi will verify its identity and generate constant. Then it outputs CT = {0, C = ψ · e(g, g)α·s , C̃ =
a subset 3̃(3̃ ⊂ 3) of attributes for it. As in KeyGen hs1 , C̄ = hs2 , ∀y ∈ Y : Cy = gqy(0) , Cy0 = H (attr(y))qy (0) , ∀x ∈
algorithm, this algorithm selects a random number r̂ ∈ Zp for q (0)
X : Ĉx = h2x }, where Y represents the set of leaf nodes
DAC or DC, random numbers r̂i ∈ Zp for each set Ai of 3̃ and and X represents the set of transform nodes.
random numbers r̂i,j ∈ Zp for each element ai,j of Ai . Then
it outputs TKi+1 or TKuser = {3̃, D̃ = D · gr̂/(z·β1 ) , D̃i,j = D. DATA DOWNLOAD
Di,j · gr̂i /z · H (ai,j )r̂i,j /z , D̃0 i,j = D0i,j · gr̂i,j /z , for ai,j ∈ 3̃, Ẽi = The data download process is that the data consumer wants
Ei · g(r̂+r̂i )/(z·β2 ) , for Ai ∈ 3̃} and SKi+1 or SKuser = z. Note to access the shared data in BSDS-FA platform and the
that TKi+1 and SKi+1 are generated for the new subordinate specific process is shown in Algorithm 4. When a data con-
DACi+1 , while TKuser and SKuser are generated for the new sumer wants to access shared data, he/she will send a query
users DC. request to BSDS-FA (Line 1 of Algorithm 4). Then Validation

87556 VOLUME 8, 2020

H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

Contract calls Verify algorithm to verify whether the user’s is shown in Algorithm 5, where attr, children, satisfiable and
attribute set meets the access control (Lines 2-3 of Algorithm label are member variables of access control 0.
4). If the user does not have permission to access the data,
Algorithm 5 The process of verification algorithm
BSDS-FA will reject the user’s request (Lines 4-5 of Algo-
Input: 3, 0
rithm 4). Otherwise, Decryption Contract executes the Part-
Output: 0(3)
Dec algorithm to obtain the semi-decryption ciphertext CT 0
1. convert set 3 to an array user_attr of string type
for the user, and sends the CT 0 to P2P based data distribution
2. len = len(user_attr)
platform (Line 6-7 of Algorithm 4). P2P platform decrypts
3. if 0 is leaf node then:
the CT 0 using the Decrypt algorithm of HABE to obtain
4. for i ∈ [0, len) do:
a random key ψ, and send it to the data consumer (Lines
5. if 0.attr == user_attr [i] then:
9-10 of Algorithm 4). Finally, the data consumer obtains the
6. 0.satisfiable = true
EncryptedFile on the IPFS cluster and uses the random key ψ
7. 0.label = user_attr [i].label
to symmetric decrypt the EncryptedFile to obtain shared data
8. end if
(Lines 11-13 of Algorithm 4).
9. end for
10 else:
Algorithm 4 The process of data download
11. for j ∈[0, len(0.children) ) do:
Input: 0, 3User 12. Verify(0. children[j], 3)
Output: file 13. end for
1. DC send data access request to smart contract 14. var parentLabel string
2. Smart Contract executes: 15. for k ∈ [0,len(0.children) ) do:
3. 0(3) ← Verify(0, 3User ) 16. if 0.children[k].satisfiable = true:
4. if 0(3) == NULL then: 17. parentLabel + = 0.label
5. return NULL 18. end if
6. else 19. end for
7. CT 0 ← PartDec(CT, TKUser ) 20. 0.label = parentLabel;
8. end if 21. end if
9. P2P based data distribution platform executes: 22. 0(3) = 0.label
10. ψ ← HABEDecrypt (CT 0 , SKUser ) 23. return 0(3)
11. DC executes:
12. EncryptedFile ← get file on IPFS according to
In Algorithm 5,if 0(3) is NULL, it indicates that the
IPFSAddr
authentication of DC has failed, that is, DC does not have
13. file ← AESDecrpt (EncryptedFile, ψ)
permission to access the shared data in BSDS-FA. Otherwise,
14. return file
DC can perform normal decryption on the shared data.

The Verify algorithm and PartDec algorithm will be intro- B. DECRYPTION CONTRACT
duced in Section V. While the Decrypt algorithm of HABE is Decryption Contract mainly performs partial decryption
as follows: for the data requested by DC. When the result 0(3)
Decrypt(CT 0 , SK ) : When CT 0 is not empty, it indi- of Verify algorithm is empty, returns ⊥; otherwise, Part-
cates that DC has the right to access the ciphertext, and Dec algorithm randomly picks a i from 0(3), and then
then DC performs a decryption operation on the CT 0 to calls the function PartDecNode(CT , TK , node, i) recursively
obtain the plaintext information ψ = C/E SK = ψ · from the root node r. The specific execution process of
e(g, g)α·s /e(g, g)(αs/z)·z . PartDecNode(CT , TK , node, i) is shown in Algorithm 6.
In algorithm 6, Fnode is obtained by Lagrange interpolation,
V. SMART CONTRACT DESIGN where k = index(child), B0child = {index(child):
Smart contract allows both parties to conduct trusted child ∈ Bnode }.The specific calculation process is as fol-
transactions that are traceable and irreversible without the lows:
supervision of a third-party manager. This section will intro-
Y 1k,B0 (0)
Fnode = Fchild child
duce Verify algorithm of Validation Contract and PartDec child∈Bnode
algorithm of Decrption Contract. Y ri ·qchild (0) 1k,B0child (0)
= (e(g, g) z )
A. VALIDATION CONTRACT
child∈Bnode
Validation Contract mainly verifies the access right of DC. 1k,B0child (0)
ri ·qparent(child) (index(child))
The verification algorithm is a recursive algorithm and is
Y
= (e(g, g) z )
implemented with Go language. It will judge whether user’s child∈Bnode
attributes of DC meet access control 0 of HABE and stores ri ·qnode (0)
the subset labels with 0(3). The specific execution process = e(g, g) z

VOLUME 8, 2020 87557

 H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

Algorithm 6 The process of PartDecNode(CT,TK,node,i) Definition 1: If adversary A wins the attack game with a
Input: CT,TK,node,i negligible advantage in any polynomial time, then the scheme
Output: F in this paper reaches CPA security.
1. if node is leaf node then: Proof: First, simulator B is constructed to play the role
2. if node.attr == ai,j (ai,j ∈ Ai , Ai ∈ 3) then: of challenger in the attack game. Next, the bilinear group G
3. F = e(Cnode , Di,j )/e(Cnode 0 , D0i,j ) and bilinear mapping e : G × G → GT are defined. Note that
= e(g, g) ri ·q node (0)/z p is a prime and p is the order of G, and g is the generator
4. else: of G.
5. return NULL Initialization: Given a DBDH problem for simulator B,
6. end if then adversary A chooses an access policy 0 and sends it to
7. else: simulator B.
8. for j ∈[0, len(node.children) ) do: System establishment: Simulator B generates random
9. child = node. children[j] numbers α, βi ∈ Zp , ∀i{1, 2 . . . d} according to the depth of
10. childLabel = child.label key structure, then PK = {G, g, h1 = gβ1 , y1 = g1/β1 , h2 =
11. if i ∈ childLabel then: gβ2 , y2 = g1/β2 , e(g, g)α } and MK = {β1 , β2 , gα }, and sends
12. Fchild = PartDecNode(CT , TK , child, i) PK to adversary A, while simulator B reserves MK.
13. else : Phase 1: Adversary A selects the attribute set 3 = {A0 ,
14. pick i0 ∈ Snode A1 , · · · Am } and submits it to simulator B for private key SK
15. if i0 6 = i and child is translating node then: and conversion key TK query, and all the attribute sets Ai (0 ≤
16. 0
Fchild = PartDecNode(CT , TK , child, i0 ) i ≤ m) used by adversary A for key query do not satisfy
17. else: the access policy 0. Next, simulator B selects random values
18. return NULL r, r 0 , z ∈ Zp to calculate TKuser =(D = g(α+r)/βz , ∀ai ∈ S :
19. end if Di = gr/z · H (ai )ri /z , D0i = gri /z ) and SKuser = z. Finally,
20. if i = 0 then: simulator B sends SK to adversary A.
21. Fchild = e(Ei0 , Ĉchild )/Fchild 0 Challenge phase: Adversary A randomly selects two
= e(g, g) r·q child (0)/z equal-length ciphertexts M0 , M1 and sends them to the
22. else: simulator. The simulator chooses one of them Mb , where
23. Fchild = e(Ei /Ei0 , Ĉchild ) · Fchild 0 = b ∈ {0, 1}, calculates the ciphertext CT = {0, C = ψ·
e(g, g) r i ·q child (0)/z e(g, g)α·s , C̃ = hs1 , C̄ = hs2 , ∀y ∈ Y : Cy = gqy(0) , Cy0 =
q (0)
24. end if H (attr(y))qy (0) , ∀x ∈ X : Ĉx = h2x } and sends it to
25. end if opponent A.
26. end for Phase 2: Repeat Phase 1.
Q 1k,B0 (0)
27. Fnode = Fchild child Guessing phase: Adversary A outputs guess b0 ∈ {0, 1}.
child∈Bnode
If b0 = b, adversary A guesses Z = e(g, g)abc , and the
28. if i = 0 then:
advantage of simulator to solve DBDH guess problem is
29. Fnode = e(g, g)r·qnode (0)/z
Pr[b0 = b|Z = e(g, g)abc ] = 1/2 + ε. If b0 6 = b, the z
30. else:
guessed by adversary A is only a random number on G, that
31. Fnode = e(g, g)ri ·qnode (0)/z
is, the adversary A cannot obtain any information related to
32. F = Fnode
the plaintext Mb , while the advantage of simulator to solve
33. return F
DBDH guess problem is Pr[b0 6 = b|Z = e(g, g)z ] = 1/2.
From the above conjecture process, it can be seen that the
advantage of simulator to solve DBDH conjecture problem is
When algorithm 6 is finished, the result F corresponding ε/2. Therefore, in this scheme, if the advantage ε of adversary
to the root node r will be obtained, that is F = Fr . So when A to win the game cannot be ignored, then the simulator can
i = 0, F = e(g, g)r·s/z , otherwise F = e(g, g)ri ·s/z .Then solve DBDH hypothesis problem with advantage ε/2, that is,
calculate R, when i = 0, R = F, otherwise R = simulator can break DBDH hypothesis problem. However,
e(Ei , Ĉr )/F=e(g, g)r·s/z . there is no non-negligible advantage to solve DBDH problem
Finally, calculate E = e(C̃, D)/R = e(g, g)αs/z . Then it in polynomial time, so adversary A does not break the scheme
outputs CT0 = (C, E). proposed in this paper with non-negligible advantage, that is,
the scheme proposed in this paper is CPA security.
VI. SCHEME ANALYSIS
Theorem 1: If adversary cannot break CP-ABE with a
non-negligible advantage ε in any polynomial time, then VII. EXPERIMENTS ANALYSIS
there is no polynomial time to make that the adver- A. EXPERIMENTAL ENVIRONMENT
sary can solve the DBDH problem with a non-negligible Based on Java and Go language, this paper implements
advantage ε/2. BSDS-FA platform. In this experiment, the experimental

87558 VOLUME 8, 2020

H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

TABLE 1. The configuration of blockchain. TABLE 2. The cost time of different attribute.

environment mainly includes P2P-based data distribution

platform and Fabric blockchain.
P2P-based data distribution platform mainly consists of a
notebook computer (CPU: Intel i7-4710MQ, OS: Windows
10, Memory: 16G) and four workstations (CPU: Intel Xeon
E3 (4 core), Memory: 16G). The data management system is
deployed on a workstation, and DO in BSDS-FA can upload
shared data through the system. The laptop and three other
workstations simulate DC in BSDS-FA.
The deployed Fabric blockchain consists of three organiza-
tions, each of which has one blockchain node (3 Peer nodes),
three IPFS nodes, three Zookeeper service nodes, four Kafka
service nodes and three ordering sort service nodes. These
components are respectively deployed on one workstation FIGURE 2. The cost time of different attribute.
(CPU: Intel Xeon i7-7700(4 core, 3.6GHz), Memory:8G,
Hard Disk Memory:500G) according to the server type serial
number. The configuration used is shown in Table 1.
In addition, the experiments in this paper were carried on
the real data set Kosarak. The Kosarak data set is the number
of clicks on the Hungarian news website provided by Ferenc
Bodon. Each record represents the track of the news page
accessed by user within a certain day. It contains 41270 news
pages and 990002 records. However, the Kosarak data set
is about 12.2MB, and the experiments in this paper were
conducted with 10MB, so the records in the Kosarak data set
have been partially deleted.
B. ENCRYPTION AND DECRYPTION PERFORMANCE
In HABE, the number of exponential operations and bilinear
mapping operations performed by the user during decryp- FIGURE 3. Distribution time of 10MB data in different bandwidth.
tion is often proportional to the complexity of the access
control policy defined in the ciphertext. Therefore, when the The comparison of cost time under the different attributes
access control policy is more complicated, the decryptor’s is shown in Fig.2.
computational overhead is greater. However, in the era of IoT, The experimental comparison results show that by out-
the overly complex operation of attribute-based decryption sourcing a large amount of calculations in the decryption
not only improves the performance requirements of users’ process to the Decryption Contract, the user’s decryption
decryption devices, but also makes users wait too long in calculation overhead is greatly reduced, the user’s waiting
the process of decryption, affecting user’s experience. In this time is shortened, and the user experience is improved.
scheme, the design of the Decryption Contract enables the
user to perform only a small number of operations, which C. CFILE DISTRIBUTION PERFORMANCE
reduces the user’s computing overhead. At the same time, by File distribution performance is different for different sys-
using HABE to provide fine-grained access control, which tems. This paper compares the Original P2P distribution sys-
improves the user experience. tem, BTS-PD [12] and BSDS-FA. The experiment result is
The experiments test local encryption time, local decryp- shown in Fig.3.
tion time and the decryption time of Decrypt Contract when Fig.3 shows that the file distribution time of BSDS-FA
the number of attributes contained in CT is 10-50. The results is slightly higher than Original P2P and BTS-PD, but it
are shown in Table 2. is not much higher. Although the file distribution time of

VOLUME 8, 2020 87559

 H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

Original P2P and BTS-PD is lower, but there is no access for [10] D. D. F. Maesa, P. Mori, and L. Ricci, ‘‘Blockchain based access control,’’
shared data, resulting in loss of data security, while BSDS-FA in Proc. IFIP Int. Conf. Distrib. Appl. Interoperable Syst., in Lecture Notes
in Computer Science, vol. 10320. Cham, Switzerland: Springer, 2017, pp.
can provide fine-grained access control while ensuring data 206–220.
security, so the time consumption is worth it. In addition, [11] A. Sahai and B. Waters, ‘‘Fuzzy identity-based encryption,’’ in
this experiment is also conducted with a large file of 1GB, Proc. Int. Conf. Theory Appl. Cryptograph. Techn. Berlin, Germany:
Springer-Verlag, 2005, pp. 457–473.
and the result is similar to this experiment, which indicates [12] X. C. Li, Q. He, B. C. Jiang, X. Qin, and K. Y. Qin, ‘‘BTS-PD: A
that the time cost of encryption and decryption has little blockchain based traceability system for P2P distribution,’’ in Blockchain
effect on the running process of the whole system. Therefore, and Trustworthy Systems (Communications in Computer and Information
Science), vol. 1156. Singapore: Springer, 2019, pp. 607–620.
BSDS-FA is more suitable for the practical application sce- [13] B. Balamurugan, P. V. Krishna, M. Ninnala Devi, R. Meenakshi, and
narios in IoT. V. Ahinaya, ‘‘Enhanced framework for verifying user authorization and
data correctness using token management system in the cloud,’’ in Proc.
Int. Conf. Circuits, Power Comput. Technol. (ICCPCT), Mar. 2014,
VIII. CONCLUSION pp. 1443–1447.
In order to protect the privacy of users in the data shar- [14] A. B. Sun and T. K. Ji, ‘‘Big data open sharing platform and industrial
ing process of IoT, this paper proposes a blockchain ecological construction for smart cities,’’ Big Data, vol. 2, no. 4, pp. 69–82,
2016.
based secure data sharing platform with fine-grained access [15] W. D. Cai, L. Yu, R. Wang, N. Liu, and E. Y. Deng, ‘‘Research on the
control(BSDS-FA). This paper first proposes a new hierar- development method of application system based on blockchain,’’ J. Softw.,
chical attribute-based encryption algorithm(HABE), which vol. 28, no. 6, pp. 1474–1487, 2017.
[16] China Electronics Standardization Institute. Blockchain-Reference
introduces multiple authorization centers and hierarchizes the Architecture [EB/OL]. Accessed: Dec. 27, 2017. [Online]. Available:
authorization centers on the basis of the traditional attribute- http://www.cesi.ac.cn/201705/2478.html.
based encryption algorithm. So that in the case of massive [17] China Electronics Standardization Institute. Blockchain-Data format
specification [EB/OL]. Accessed: Dec. 27, 2017. [Online]. Available:
data and massive users, HABE can also provide users with http://www.cesi.ac.cn/images/editor/
fine-grained access control while ensuring the security of [18] H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, ‘‘Towards
user data. Then, the HABE algorithm combined with smart blockchain-based auditable storage and sharing of IoT data,’’ in Proc.
Cloud Comput. Secur. Workshop (CCSW), Dallas, TX, USA, Nov. 2017,
contract technology is applied to BSDS-FA, so that BSDS- pp. 45–50.
FA can not only prevent illegal users from accessing shared [19] L. Ge, X. S. Ji, T. Jiang, and Y. M. Jiang, ‘‘Security mechanism of IoT
data, but also reduce the user’s decryption overhead. Among information sharing based on blockchain technology,’’ J. Comput. Appl.,
vol. 39, no. 02, pp. 458–463, 2019.
them, Validation Contract to review the user permissions, so [20] Z. Zheng, S. Xie, H.-N. Dai, W. Chen, X. Chen, J. Weng, and M. Imran,
that only users whose attribute set meets the access control ‘‘An overview on smart contracts: Challenges, advances and platforms,’’
have the right to access shared data; Decryption Contract was Future Gener. Comput. Syst., vol. 105, pp. 475–491, Apr. 2020.
[21] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, ‘‘MedRec: Using
used to perform partial decryption operation on ciphertext blockchain for medical data access and permission management,’’ in Proc.
of HABE to improve user’s decryption performance. Finally, 2nd Int. Conf. Open Big Data (OBD), Aug. 2016, pp. 25–30.
the safety proof of BDSS-FA was carried out, and relevant [22] A. Ekblaw, A. A. Azaria, J. D. Halamka, and A. Lippman, ‘‘A case study for
blockchain in healthcare: ‘MedRec’ prototype for electronic health records
experiments were carried out. Experimental results show that and medical research data,’’ Massachusetts Inst. Technol., Cambridge,
BDSS-FA can provide users with more secure and reliable MA, USA, Tech. Rep. 5–56-ONC, 2016.
data sharing services while providing fine-grained access [23] G. G. Dagher, J. Mohler, M. Milojkovic, and P. B. Marella, ‘‘Ancile:
Privacy-preserving framework for access control and interoperability of
control without affecting download performance. electronic health records using blockchain technology,’’ Sustain. Cities
Soc., vol. 39, pp. 283–297, May 2018.
REFERENCES [24] T. F. Xue, Q. C. Fu, Z. Wang, and X. Y. Wang, ‘‘A medical data sharing
[1] A. N. Peng, W. Zhou, Y. Jia, and Y. Q. Zhang, ‘‘Review of security research model via blockchain,’’ J. Automat., vol. 43, no. 9, pp. 1555–1562, 2017.
on Internet of Things operating system,’’ J. Commun., vol. 39, no. 3, [25] W. Liang, M. Tang, J. Long, X. Peng, J. Xu, and K.-C. Li, ‘‘A secure FaB-
pp. 22–34, 2018. ric blockchain-based data transmission technique for industrial Internet-
[2] Y. Q. Gao, X. Y. Li, and B. X. Fang, ‘‘A survey of Internet of Things of-Things,’’ IEEE Trans. Ind. Informat., vol. 15, no. 6, pp. 3582–3592,
searching techniques,’’ J. Commun., vol. 36, no. 12, pp. 57–76, 2015. Jun. 2019.
[3] J. R. Li, X. Y. Li, L. L. Gao, and B. X. Fang, ‘‘Research on data forwarding [26] Y. Rahulamathavan, R. C.-W. Phan, M. Rajarajan, S. Misra, and
model in the Internet of Things environment,’’ J. Softw., vol. 29, no. 1, A. Kondoz, ‘‘Privacy-preserving blockchain based IoT ecosystem using
pp. 196–224, 2018. attribute-based encryption,’’ in Proc. IEEE Int. Conf. Adv. Netw. Telecom-
[4] H. M. Chen, H. L. Shi, Y. Li, and L. Cui, ‘‘Middleware for Internet of mun. Syst. (ANTS), Dec. 2017, pp. 1–6.
Things services: Challenges and research progress,’’ Chin. J. Comput., [27] X. L. Wang, X. Z. Jiang, and Y. Li, ‘‘Model for data access control and
vol. 40, no. 08, pp. 1725–1749, 2017. Sharing based on blockchain,’’ J. Softw., vol. 6, pp. 1661–1669, Oct. 2019.
[5] J. G. Yu, H. Zhang, Y. Li, L. S. Mao, and P. X. Ji, ‘‘Blockchain-based
IoT data sharing model,’’ Small Micro Comput. Syst., vol. 40, no. 11,
pp. 2324–2329, 2019.
[6] F. F. Mag, S. B. Liu, X. X. Xiong, and G. X. Niu, ‘‘Local differential privacy HONG XU was born in Meishan, Sichuan, China,
protection of wearable devices’ numerical sensitive data,’’ J. Comput. in 1995. She received the B.S. degree from Leshan
Appl., vol. 39, no. 7, pp. 1985–1990, 2019. Normal University, in 2017. She is currently pur-
[7] H.-N. Dai, Z. Zheng, and Y. Zhang, ‘‘Blockchain for Internet of Things: suing the M.S. degree with the Guilin University
A survey,’’ IEEE Internet Things J., vol. 6, no. 5, pp. 8076–8094, Oct. 2019. of Electronic Technology. Her research interests
[8] G. Zyskind and O. Nathan, ‘‘Decentralizing privacy: Using blockchain to include cloud computing and information security.
protect personal data,’’ in Proc. IEEE Secur. Privacy Workshops (SPW),
Oct. 2015, pp. 180–184.
[9] J. P. Cruz, Y. Kaji, and N. Yanai, ‘‘RBAC-SC: Role-based access control
using smart contract,’’ IEEE Access, vol. 6, pp. 12240–12251, 2018.

87560 VOLUME 8, 2020

H. Xu et al.: BDSS-FA: A Blockchain-Based Data Security Sharing Platform

QIAN HE was born in Hunan, China, in 1979. He BINGCHENG JIANG was born in Shanwei,
received the bachelor’s degree in engineering from Guangdong, China, in 1990. He received the
Hunan University, in 2001, the master’s degree in B.S. degree from the Dongguan University of
engineering from the Guilin University of Elec- Technology and the M.S. degree from the Guilin
tronic Technology, in 2004, and the Ph.D. degree University of Electronic Technology, where he is
in engineering from the State Key Laboratory of currently pursuing the Ph.D. degree. His research
Networking and Switching Technology, Beijing interests include information security and service
University of Posts and Telecommunications, in computing.
January 2011. After graduating, he stayed in the
school to work at the Network Center. In 2004, he
was selected to be sent to Tsinghua University to participate in the training
of key software teachers in western universities of the Ministry of Education.
He is currently a Postdoctoral Fellow with the School of Computer Science,
National University of Defense Technology, and a Visiting Scholar with
The University of Manchester. He is also a Full Professor with the Guilin
University of Electronic Technology. He chairs the National Natural Science
Foundation of China, Research on Web Services Organization and Auto-
matic Construction Methods Based on Active Peer-to-Peer Architecture. In
addition, as a main member, he participated in one National Natural Science
Foundation and two national defense pre-research projects. He has published
more than 20 articles and SCI/EI included more than 10 articles. He is a
Senior Member of CCF. He won the Second Prize of Guangxi Science and
Technology Progress Award.
KUANGYU QIN received the B.E. degree in
XUECONG LI was born in Luoyang, Henan, mechanical engineering from the University of
China, in 1995. She received the B.S. degree from Science and Technology Beijing, China, in 1995,
Henan Agricultural University. She is currently the M.C.A. degree in computer applications from
pursuing the M.S. degree with the Guilin Univer- Bangalore University, India, in 2008, and the Ph.D.
sity of Electronic Technology. Her research inter- degree from Wuhan University. He is currently
ests include blockchain and information security. a Senior Engineer with the Guilin University
of Electronic Technology. His research interests
include software defined networking, network
management, and network security.

VOLUME 8, 2020 87561