Article Preview
TopIntroduction
With the exponential growth of cloud computing, an increasing number of people access to its services from their desktop computers, laptops, and mobile devices (Tablet, Smartphone, etc.). Cloud computing provides on-demand services to its users (Mell & Grance, 2011). Data storage is a critical function provided by cloud computing. Users, on the other hand, are concerned about data security and breaches. Hence, cloud storage privacy security has become a major cloud computing problem. Data encryption has been a crucial element in maintaining data confidentiality and privacy since security has been considered as a feature of the cloud.
To maintain data confidentiality, encryption algorithms and robust authentication mechanisms have been utilized. Encryption is the process of translating information into a Ciphertext that can only be interpreted by authorized users (Paul & Mathew, 2020). Recently, many data storage and access control approaches and strategies have been implemented to enable users to securely access, save and exchange data in the cloud. Among these techniques, the most commonly applied are attribute-based encryption (ABE), homomorphic encryption (HE), and elliptic curve cryptography. ABE was first proposed by Sahai and Waters (Sahai, Amit and Waters, 2005) in 2005. It depends on attributes to construct decryption keys, reducing key management time and effort, “ABE provides both confidentiality and fine-grained access control to outsourced data,” (Li et al., 2013).
Ronald Rivest, Leonard Adleman, and Michael Dertouzos first suggested HE in 1978 (Rivest et al., 1978). It can operate on Ciphertexts without disclosing any plain data details (Konstantin G. Kogos, Kseniia S. Filippova, 2017). “ECC was invented in 1985 by Victor Miller and Neal Koblitz,” (Koblitz, 1987; Miller, 1986). It is an asymmetric encryption method that uses algebraic structures based on elliptic curves over finite fields (Hong et al., 2016).
Even if the previously cited approaches seem interesting, they are still suffering from some weaknesses, such as increased computational complexity, important time consumption, super encrypted message size, and some vulnerabilities.
To overcome the issues of existing solutions, we propose a hybrid approach that combines elliptic curve cryptography and Blockchain technology.
Adopting both ECC methods and blockchain protocols increases the speed and effectiveness of the suggested strategy. Due to the small size of the elliptic curve key, all computational costs are minimized, resulting in minimal energy consumption. On the other hand, the blockchain provides decentralized digital ledgers that can withstand data tampering attacks. This ensures data confidentiality and integrity and secure communication in a cloud computing environment. The main contributions of this work are summed up as follows:
- •
On the user side, we combine Elliptic Curve Integrated Encryption Scheme and ECDSA digital signatures to enforce data security in terms of confidentiality and integrity.
- •
We employed Blockchain technology to secure communications between users and cloud storage and assure resistance to data tampering attacks.
- •
To confirm the safety of our technology, we analyze the security of the proposed scheme using the open-source AVISPA software package. The result proved that our suggested security mechanism provides high protection against both man-in-the-middle and replay attacks.
- •
We also conduct a performance analysis on the proposed scheme. The results demonstrated that our proposed method is more efficient in terms of time complexity, computational cost, and storage cost compared to a set of existing solutions.