Confidentiality Management In Cloud Using Blockchain
What is Data Confidentiality?
Data confidentiality is protection of data from illegal access from unauthorized users. Data must be encrypted in order to protect it from malicious access and threats. Cloud computing ensures data confidentiality by using the enhanced crypto mechanism to protect data.
Data Confidentiality using Blockchain
Before the data is outsourced it is encrypted. The service owner gets the encrypted data and the client remains responsible for access control policy, encrypting and decrypting data and managing all the keys. When the access is shared by the user it becomes more vulnerable for malicious attacks.
Blockchain can be used to encrypt data by public keys and a group of identifiers called a class. The owner will have a master key which will enable him to create other keys for data or a class. Every user will get an aggregate key which will enable them to access a particular set of data. The aggregate key can be used to decipher a definite part of the ciphertext. In this way cryptosystem can be used to ensure confidentiality by minimizing the access of data in cloud computing.
1) Access Control
When the data is initially outsourced to the cloud, the security mechanism needs more attention as the data is vulnerable. In order to minimize threats and security risks the data owner needs to control the access and restrict the usability of data. There are many techniques that has been proposed to keep data content confidential and keep unauthorized entity from accessing and disclosing the data by using access control while permitting many authorized entities to share those data.
2) Public Key Encryption
In public key encryption two types of keys are used to encrypt the data. The public key is available for anyone to use while the private key is used for encryption and decryption.
With public-key cryptography authentication is also possible. A sender can combine a message with a private key to create a digital signature on the message. Anyone with the sender’s corresponding public key can combine that message with a claimed digital signature. If the signature matches the message, the origin of the message is verified.
3) Identity Based Encryption (IBE)
In Identity Based Encryption, the owner of data can encrypt the data and specify the identity of an authorized entity who can decrypt it. In order to decrypt the data, the entity’s identity must match with the identity specified by the owner. This encryption method does not include exchange of keys.
4) Attribute Based Encryption (ABE)
In Attribute Based Encryption, an identity of a user is identified by a set of attributes. This set of attributes generates the secret key. Also, it defines the access structure used for access control. The access control is responsible for encrypting the data to ensure its confidentiality while allowing it to share among a group of users.