Abstract
Cloud services have become increasingly popular during the past few years. Through these services, users can store their data remotely and access them any time and from anywhere. These services are offered by centralized systems where an organization or company usually offers their resources to users. The centralized nature of these systems causes several problems; a single point of failure exists, security issues might provide unwarranted access to intruders and there are privacy issues to consider as well. A solution to these problems is the decentralization of the system. A core technology that can help in this respect is the blockchain. It does not require any centralized control and its security model is based on the nodes of the blockchain network to share and verify transactions. This work aims to develop a secure decentralized cloud service, which does not expose the users’ personal data. To this effect, a framework that implements a cloud service using the Ethereum blockchain ecosystem and the Swarm decentralized storage platform was developed. In this, file access is provided through user-specific decryption keys. By developing a decentralized cloud, using a secure encryption model for the data, a service which is more secure, and where the users have full control over their data is possible.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IPFS: a peer-to-peer hypermedia protocol designed to make the web faster, safer, and more open. https://ipfs.io/. Accessed 29 May 2020
Metamask: a crypto wallet & gateway to blockchain apps. https://metamask.io. Accessed 21 May 2020
Sia: decentralized storage for the post-cloud world. https://sia.tech/. Accessed 28 May 2020
Storj decentralized cloud storage. https://storj.io. Accessed 28 May 2020
Swarm: storage and communication for a sovereign digital society. https://swarm.ethereum.org/. Accessed 22 May 2020
web3js: Ethereum javascript api. https://web3js.readthedocs.io. Accessed 25 May 2020
Announcing the advanced encryption standard (aes). Federal Information Processing Standards Publication 197. United States National Institute of Standards and Technology (NIST), November 2001. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf
Solidity. https://solidity.readthedocs.io (2020). Accessed 08 May 2020
Adams, C., Lloyd, S.: Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional (2003)
Benet, J.: IPFS - Content Addressed, Versioned, P2P File System. arXiv e-prints arXiv:1407.3561, July 2014
Buterin, V.: A next-generation smart contract and decentralized application platform-ethereum whitepaper, 2014 (2014). https://www.weusecoins.com/assets/pdf/library/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf. Accessed 24 May 2020
De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Managing and accessing data in the cloud: Privacy risks and approaches. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–9 (2012)
Dhillon, V., Metcalf, D., Hooper, M.: Unpacking Ethereum, pp. 25–45. Apress, Berkeley, CA (2017). https://doi.org/10.1007/978-1-4842-3081-7_4
Faraj Al-Janabi, S.T., Abd-alrazzaq, H.K.: Combining mediated and identity-based cryptography for securing E-mail. In: Ariwa, E., El-Qawasmeh, E. (eds.) DEIS 2011. CCIS, vol. 194, pp. 1–15. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22603-8_1
Ion, I., Sachdeva, N., Kumaraguru, P., ÄŚapkun, S.: Home is safer than the cloud! privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security. SOUPS 2011, Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2078827.2078845
Ka, S., Jayanthi, S.: A review on cloud data security and its mitigation techniques. Procedia Comput. Sci. 48, 347–352 (2015)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14992-4_13
Kaur, M., Singh, H.: A review of cloud computing security issues. Int. J. Educ. Manag. Eng. 5, 32–41 (2015)
Li, D., Du, R., Fu, Y., Au, M.H.: Meta-key: a secure data-sharing protocol under blockchain-based decentralized storage architecture. IEEE Netw. Lett. 1(1), 30–33 (2019)
Li, J., Wu, J., Chen, L.: Block-secure: blockchain based scheme for secure p2p cloud storage. Inf. Sci. 465, 219–231 (2018). https://doi.org/10.1016/j.ins.2018.06.071
Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: Provchain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), pp. 468–477 (2017)
Mell, P., Grance, T.: The NIST definition of cloud computing. NIST Special Publication, pp. 800–145 (2011)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Nechvatal, J.: Public-key cryptography. Technical Report NIST Special Publication 800–2, National Institute of Standards & Technology, Research Information Center, Gaithersburg, MD 20899 (1991)
Nizamuddin, N., Salah, K., Azad, M.A., Arshad, J., Rehman, M.: Decentralized document version control using ethereum blockchain and IPFS. Comput. Electr. Eng. 76, 183–197 (2019). https://doi.org/10.1016/j.compeleceng.2019.03.014
Pearson, S.: Taking account of privacy when designing cloud computing services. In: 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52 (2009)
Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing. CCN, pp. 3–42. Springer, London (2013). https://doi.org/10.1007/978-1-4471-4189-1_1
Peng, Y., Zhao, W., Xie, F., Dai, Z.H., Gao, Y., Chen, D.Q.: Secure cloud storage based on cryptographic techniques. J. China Univ. Posts Telecommun. 19, 182–189 (2012). https://doi.org/10.1016/S1005-8885(11)60424-X
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342
Soghoian, C.: Caught in the cloud: privacy, encryption, and government back doors in the web 2.0 era. J. Telecommun. High Technol. Law 8, 359 (2010)
Takabi, H., Joshi, J.B.D., Ahn, G.: Security and privacy challenges in cloud computing environments. IEEE Secur. Privacy 8(6), 24–31 (2010)
Vacca, J.R.: Public Key Infrastructure: Building Trusted Applications and Web Services. CRC Press, Boca Raton (2004)
Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutorials 15(2), 843–859 (2013)
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 2010 Sixth International Conference on Semantics, Knowledge and Grids, pp. 105–112 (2010)
Acknowledgement
This research has been co-financed by the European Union H2020 Research and Innovation Programme under Grant Agreements No. 826404 and No 871403.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Siopi, M., Vlahavas, G., Karasavvas, K., Vakali, A. (2020). DeCStor: A Framework for Privately and Securely Sharing Files Using a Public Blockchain. In: Appice, A., Tsoumakas, G., Manolopoulos, Y., Matwin, S. (eds) Discovery Science. DS 2020. Lecture Notes in Computer Science(), vol 12323. Springer, Cham. https://doi.org/10.1007/978-3-030-61527-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-61527-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61526-0
Online ISBN: 978-3-030-61527-7
eBook Packages: Computer ScienceComputer Science (R0)