Article Preview
TopIntroduction
Nowadays zetabytes of digital information is stored in cloud storage and is maintained by a larger organization with huge storage capacities for providing flexible and scalable services in pay-per-usage. The stored information consists of sensitive and non-sensitive attributes (Sanchez et al., 2017). Sensitive attribute values (SAV) like financial, medical and asset information requires higher level security than the nonsensitive attribute values (NSAV). Generally, private cloud provides a higher level of security to SAV. However, a private cloud is maintained by third party Cloud service providers (CSP) (Puthal et al., 2015). Additionally, the data integrity of the SAV is verified by Public Auditors. Hence, SAV security and integrity are depending on the CSP and PA, not a Data Owner (DO) (Liu et al., 2015). At present, user data are accessed by an inter-organization for improving their business and provide better services to customers. Hence, data security mechanisms must be devised by considering the role of inter-organization members and DO (Liang et al. 2018).
Currently, user financial transaction information is maintained by bank employees and access control depends on the maintaining organization terms and conditions. Moreover, online transactions are playing vital role in user regular activities, but no surety for reliability and integrity of user financial information. Online transactions are having high security and privacy risks than the traditional banking system (Aithal, 2016). Similarly, the user’s financial information is accessed by an inter-organization like loan, marketing and insurance organization. Hence, user financial information requires data security, integrity and usability. For providing trade-off between security and usability, SI is segregated from NSAV (Albadri et al., 2016) and the encryption are applied only to the SAV and stored in cloud storage. In a cloud based banking system, access control is defined and monitored by bank employees are in the form of Attribute Based Encryption (ABE). In cloud storage, centralized storage and access control plays a vital role. The major challenges of centralized storage are provided confidentially to the SAV, maintaining data integrity and data availability to authorized adversaries (Hur et al., 2011). The top most threats of cloud storage are, data loss, data leakage and account hijacking. Hence, SAV requires encryption technique (Bistarelli et al., 2019).
The fore-mentioned issues can be alleviated by a decentralized storage with the monitoring and verification process. The decentralized storage process removes the centralized access control over the user data when multiple parties are involved in the process (Wang et al., 2018). Blockchain is a blooming decentralized storage technique which provides a tamper-proof record of the members involved in the network. Blockchain maintains a decentralized ledger for storing identical information in all the nodes involved in a network and does not require the trusted third parties to manage or maintain stored data. Additionally, the blocks which are added to blockchain are immutable (Thomas et al., 2016). The created and broadcasted blocks are repeatedly verified. Hence, data integrity is maintained through blockchain technologies (Li, 2018). In a blockchain ledger, every block consists of hash values of the previous block, current block, timestamp and data, etc. The hash value calculation is a one-way function i.e. the reverse process is not allowed. Due to hash property the perfect data integrity is maintained in a blockchain technique. i.e. block construction process is unable to reverse (Kshetri, 2017). Hence, the blockchain provides better security and access control to user information.
The major issue in blockchain is storage capacity because the storage capacity of blocks in blockchain is minimal and unable to store a huge volume of data like a cloud (Do et al., 2017). Hence, the segregated minimal amount of encrypted SAV is stored in an off-chaining mode of blockchain and remaining NSAV is stored in cloud storage.
The continuing sections of this paper are organized as follows: In section 2, related works that are associated with blockchain based data storage and access control are discussed with its merits and demerits. In section 3, the proposed blocks and blockchain generation process, SAV encryption and decryption techniques are discussed with its algorithm. In section 4 and 5 time and security complexity of the proposed system are discussed. Finally, section 6 concludes with the proposed work and future enhancement.