Prepared by the researche
- Alaa majeed shnin – Al-Furat Al-Awsat Technical University / Kufa, Babylon Technical Institute
- Jenan Jader msad – Department of Computer Science /Al-Furat Al-Awsat Technical University/ Karbala technical institute, Iraq
Democratic Arabic Center
Journal of Iranian orbits : Twenty-Eighth Issue – June 2025
A Periodical International Journal published by the “Democratic Arab Center” Germany – Berlin
:To download the pdf version of the research papers, please visit the following link
ABSTRACT
Cloud storage has become a widespread trend with its efficient and convenient features. However, this also brings new security risks, such as identity forgery, data theft, privacy disclosure and other security problems. Based on blockchain, elliptic curve cryptography and other technologies, this paper proposes a blockchain-based cloud environment data storage scheme, which can provide users with decentralized identity authentication and data integrity verification functions, and the transaction information of data storage is stored on the chain to realize the safe storage of data.
Challenges in Traditional Cloud Storage
Data Breaches: Centralized cloud storage systems are vulnerable to data breaches, where unauthorized access can compromise sensitive information.
Data Integrity: There is a risk of data tampering or modification by malicious actors or even cloud providers.
Lack of Transparency: Users often have limited visibility into how their data is stored and managed.
Blockchain’s Role in Enhancing Cloud Storage Security
Blockchain technology, with its decentralized and immutable nature, can address these challenges:
Decentralization: Data is distributed across a network of nodes, reducing the risk of a single point of failure and making it more difficult for attackers to compromise the entire system.
Immutability: Once data is recorded on the blockchain, it cannot be altered or deleted, ensuring data integrity and provenance.
Transparency: All transactions and data modifications are recorded on the blockchain, providing users with a transparent and auditable history of their data.
Key Components of a Secure, Blockchain-Based Data Storage Scheme
Data Encryption: Data is encrypted before being stored on the blockchain or in the cloud. This ensures confidentiality and prevents unauthorized access.
Smart Contracts: Smart contracts can be used to automate data storage, retrieval, and access control. They can also be used to enforce data usage policies and ensure compliance with regulations.
Decentralized Identity Management: Blockchain can be used to manage user identities and access permissions, enhancing security and privacy.
Data Integrity Verification: Blockchain’s cryptographic hash functions can be used to verify the integrity of data stored in the cloud. Any modifications to the data will result in a mismatch between the hash on the blockchain and the actual data.
Example: IPFS (InterPlanetary File System)
IPFS is a decentralized storage and content distribution system that leverages blockchain technology. It allows users to store and share data across a distributed network of nodes, enhancing data availability and resilience.
Conclusion
Blockchain technology offers a promising approach to enhancing the security and privacy of cloud storage. By combining the strengths of blockchain and cloud computing, we can create a more secure and trustworthy environment for storing and managing digital data.Keywords: cloud data storage, blockchain, identity authentication, integrity verification
Keywords: cloud data storage, blockchain, identity authentication, integrity verification
INTRODUCTION
Data storage is a convenient data management service provided by the cloud platform for network users. It has the advantages of flexible data access and flexible storage space configuration. However, data storage in the cloud environment means that users lose physical control of data [1-3]. There are some security threats to data storage in cloud environment. Identity forgery is a persistent threat to the authenticity of communications. Attackers often forge identities to launch network attacks such as session hijacking, man-in-the-middle attacks and DDoS attacks. In the absence of effective authentication, attackers can easily generate a large number of attack traffic containing false addresses, deceive innocent recipients, and evade filtering and audit trails; As a trusted third party, certificate authority (CA) may also be attacked. If CA is manipulated by an attacker, it can issue certificates to any malicious websites or users. Users cannot identify these malicious websites and users by verifying CA signatures, resulting in users being cheated by phishing websites, causing users to suffer economic losses and personal privacy information being disclosed; In the multi-tenant mode of cloud platform, different users share unified storage resources. If the isolation between tenants is not complete, attackers may break through the isolation barrier to access, steal and tamper with the data of other users.
In this case, we need to perform data integrity verification to determine whether the data is completely stored on an untrusted cloud server. In addition, we also need to authenticate their security access to cloud storage node.
Blockchain is a distributed ledger technology constructed by a series of network nodes [4,5]. Blockchain data is a chain structure that is stored in blocks in the form of transactions through the consensus mechanism [6], and then composed of blocks. It has the characteristics of being tamper-proof, trustworthy, traceable, decentralized, untrusted, cryptographic algorithm security and undeniable.
In this paper, we studied the problems and security risks of data storage in the current cloud environment, and built a blockchain-based cloud environment data security storage solution to realize the security storage of user data in the cloud environment.
The main contents of the rest of this paper are as follows: In Chapter 2, we introduces the releted work. Chapter 3 proposes a blockchain-based cloud environment data storage scheme. Chapter 4 Conduct security and performance analysis. Chapter 5 is our conclusion.
- RELATED WORK
In terms of identity authentication, Instant Karma PKI (IKP) [7,8] is an automated platform that can report CA behavior, which can motivate CA to correctly distribute certificates and help system members quickly feedback unauthorized certificate distribution behavior. However, most schemes retain the existence of CA[9]. As a central node of identity authentication, CA needs to interact with both sides of authentication for many times, which violates the original
intention of blockchain decentralization. He et al. proposed a new node authentication model in distributed interactive systems based on elliptic curve discrete logarithm problem, and established a two-way authentication relationship between nodes [10]. No CA is needed to help verify the authenticity of the generated key. However, the establishment of a centralized trusted key distribution center (KDC) does not solve the problem of node attack failure caused by centralization.
In terms of integrity verification, some existing data verification systems have introduced the concept of third-party auditor (TPA) [11-14]. TPA can verify the integrity of cloud data. Once it finds that the data has been modified, it will send an alert so that it can take corresponding security measures. The problem with this implementation strategy is that the system needs to maintain a secure channel to ensure that TPA can access data trusted. Other schemes for data integrity verification pay attention to safety while ignoring efficiency and lack practicality [15-18].
To sum up, there are still problems in the current cloud data storage process, such as the centralization of the identity authentication process and the excessive cost of the integrity verification process. It is necessary to use blockchain technology to realize the security and efficiency of the cloud data storage process.
- SECURE, BLOCKCHAIN-BASED DATA STORAGE SCHEME FOR CLOUD
ENVIRONMENTS
In view of the security problems of data storage in the cloud environment, this chapter proposes a blockchain-based data security storage scheme in the cloud environment. The scheme architecture includes three parts: blockchain network, cloud storage environment and user. As shown in Figure X, it provides decentralized identity authentication and data integrity verification functions. The functions of each part are shown in Figure 1:
Figure 1. Blockchain-based Data Security Storage Scheme.
Cloud environment
Blockchain network: maintain two chains of authentication chain and storage chain, and provide public key infrastructure (PKI) and data integrity verification function. PKI is mainly responsible for realizing the initialization function of key distribution between users and storage nodes in the cloud environment. After the key distribution is completed, the transaction information (identity, address, public key, certificate) is submitted to the consensus service node to perform the consensus process and generate the authentication chain block. The certification process does not require the participation of CA. Data integrity verification realizes the integrity verification function of data uploaded to the storage node in the cloud environment. The storage chain block is generated according to the transaction information (user identity, file information, slice information, and benchmark value) of the data storage. The integrity verification of the data stored in the cloud environment will recalculate the integrity hash value and complete the verification process by comparing it with the benchmark value of the data in the storage chain. The authentication chain and storage chain
blocks record the transactions and status results that occur within a period of time, which is a consensus on the current status of the ledger. In this way, the blocks that record the authentication information and data integrity information form a linear linked list structure. The linked list can only be added but not deleted, which can ensure the security of the transaction information.
Cloud storage node: stores the identity private key of the node, completes the authentication process with the user and calculates the data transmission key; Complete the integrity verification process of user data with blockchain network.
User: stores the user’s private key, completes the authentication process with the storage node, and calculates the data transmission key; Send a data integrity verification request to the storage node to verify data integrity.
2.1 Blockchain-based two-way identity authentication
Initialize key distribution: The blockchain network selects a node as the PKI through the consensus mechanism. Under the condition that the elliptic curve problem is difficult to solve, it selects a secure elliptic curve on the finite field Fq . Select a base point P on and ensure that the order of P is a large prime number. PKI generates a random number s ( ) as its private key, and then calculates its public key . The public key S is submitted to the consensus service node to perform the consensus process, and the generated block is stored in the authentication chain. The blockchain network is also responsible for generating ID information for users and storage nodes in the cloud environment, and distributing ID for each user and storage node in the cloud environment, . Blockchain network PKI distributes the private key to an ‘s new user node U, PKI first calculates the signature parameter of user U1: ; (where h( ) is a hash function, is the coordinate value of the point on the elliptic curve on the x-axis, is the character connector). is stored locally as the private key of user U, and the public key is , user public key and submits to the consensus service node to execute the consensus process and generate blocks to store in the authentication chain. The initialization key distribution process and transaction information storage process of the newly added storage node N are the same as that of the user node U.
The two-way authentication process between user node U and storage node N is shown in Figure 2:
UserNode:U StorageNode:N
Yes,Complete!
Figure 2. Blockchain-based Two-way Identity Authentication
User U first generates a random number bound with a timestamp, calculates the shared storage key = with storage node N by looking up the public key information of storage node N in the authentication chain, calculates , and sends authentication request Request and authentication information to storage node N in the cloud environment.
After the cloud environment storage node N receives the authentication request from user U, node N also generates a random number bound with a timestamp. It calculates the shared storage key = with user node U by looking up the public key information of user node U in the authentication chain, and then storage node N calculates and ( using the it has. Finally, storage node N sends the authentication information and to user node U.
After receiving the verification information and from storage node N, user U first verifies whether and are equal. If not, storage node N fails verification; If it is equal, the verification passes, and then uses to calculate
( ), and sends as the verification information to storage node N.
Storage node N verifies whether is equal to . If it is not equal, user node U fails verification. If it is equal, it passes verification.
After the user node U and the cloud environment storage node N are successfully authenticated, the cloud storage node and the user are both trusted, and the two-way authentication is completed and the shared transmission key is obtained.
2.2 Blockchain-based data integrity verification
The data storage technology of blockchain is applied to ensure the undeniable and integrity of data. For data stored in the cloud environment, in order to maintain the privacy of sensitive data, we propose an integrity verification scheme, as shown in Figure 3.
UserNode
Figure 3. Blockchain-based Data Integrity Verification
StorageNode
User node U data upload: After the two-way authentication between user node U and storage node N is completed, user node U selects the data file to be uploaded. According to the different confidentiality of the file, the file with high confidentiality is used as the private file, and the private file is encrypted with the personal public key . After the encryption is completed, the data file is encrypted with the shared transmission key and uploaded to storage node N.
Data storage of storage node N: After receiving the encrypted data file uploaded by user node U, storage node N first decrypts the data file using the key . After decryption, the data file is sliced, and each slice is hashed to obtain the
integrity verification benchmark. Then store the slice file, take the data user identity information, file information, slice information and the integrity benchmark value of each slice as the transaction information, submit the transaction information to the consensus service node of the blockchain network to perform the consensus process and generate blocks to join the storage chain.
Blockchain network verify data integrity: In order to ensure the security of data stored in the cloud environment, it is necessary to verify the integrity of the stored files. The integrity verification initiation method is divided into two types: the immediate demand of the user node and the periodic demand of the storage node.
For the request initiated by the user node, the blockchain network selects a node as the verification node through the consensus mechanism. The storage node calculates the integrity check value of each slice of the storage file and submits it to the verification node. The verification node obtains the block of the storage file in the blockchain network’s storage chain, and compares the integrity verification benchmark value of each slice file in the block with the integrity check value. If it is equal, the integrity verification passes, If a slice file is not equal, the integrity verification fails. Feedback the verification results to the user nodes and store them in the storage chain of blockchain network;
For the requests regularly initiated by the storage node, different from the immediate demandss of user nodes, in the absence of completion time requirements, considering that the storage node stores a large number of files and consumes a lot of computing resources for the periodic integrity verification task. To save computing resourcesthe integrity verification scheme adopts the slice file rotation verification scheme. The verification nodes in the blockchain network select a slice file in order to verify according to the block information of the file to be verified in the storage chain. If the slice file integrity verification passes, the integrity verification passes this time, store the integrity verification results in the storage chain of the blockchain network for users to query. The results of the periodic integrity verification task for each slice of the data file can be summarized to achieve the integrity verification of the entire datafile.
- SECURITY AND PERFORMANCE ANALYSIS
3.1 Security analysis
Based on blockchain technology and elliptic curve encryption system, this scheme proposes two-way authentication between users and storage nodes in cloud storage environment. Both parties to be verified must provide complete and effective authentication information. Under the condition of meeting the security and privacy of network data communication, the data on the authentication chain and storage chain cannot be tampered with. It is difficult to solve the elliptic curve discrete logarithm problem. It is difficult for malicious nodes to decrypt the ciphertext, which can ensure the effectiveness and strong security of the scheme.
In the process of obtaining the authentication of the cloud storage node, the random number of the binding timestamp is transmitted in the form of ciphertext through the encryption function. The ciphertext of the user information transmitted according to the channel is unidirectional, which is difficult to crack even if it is intercepted, thus ensuring the privacy and security of the user information.
3.2 Performance analysis
Performance analysis of two-way identity authentication protocol. Compared with RSA algorithm, elliptic curve encryption algorithm (ECC) has higher security. Given the same security level, ECC algorithm needs a shorter key length than RSA. This means less traffic, faster transmission and faster speed, which can improve the performance of encryption. In addition, ECC algorithm has less computational burden and can achieve the same security level on fewer resources.
Integrity verification performance analysis. In order to ensure the integrity of data files that have not been verified for a long time and reduce the overhead of computing resources on the cloud, this scheme designs a slice file rotation verification scheme according to the characteristics of data file slice storage, and summarizes the integrity verification results of each slice file to achieve the integrity verification of the entire file.
- CONCLUSION
In view of the problems and risks of data storage in the cloud environment, a blockchain-based data security storage scheme for the cloud environment is constructed, and the blockchain technology is introduced into the process of identity authentication and data storage. The scheme simplifies the authentication process, improves the efficiency of
authentication, and has extremely strong security by combining the consensus mechanism, identity authentication and privacy protection, encryption and other technologies.
REFERENCES
[1] Deng Guo FENG et al. Study on Cloud Computing Security[J]. Journal of Software, 2011, 22(1) : 71-83.
[2] Fu Xie and Yun Yun Du. Research on Cloud Computing Security Based on the Remote Attestation[J]. Applied Mechanics and Materials, 2013, 2388(321-324): 2657-2664.
[3] Dubey Ruchi and Gaud Nirmal. A Survey on Security of Cloud Computing[J]. International Journal of Computer Applications, 2016, 150(3): 11-17.
[4] Dan Wang and Jindong Zhao and Yingjie Wang. A Survey on Privacy Protection of Blockchain: The Technology and Application[J]. IEEE Access, 2020, 8: 108766-108781.
[5] Li, Xiaoqi; Jiang, Peng; Chen, Ting; Luo, Xiapu; Wen, Qiaoyan (2017). A Survey on the security of blockchain systems. Future Generation Computer Systems, (), S0167739X17318332–. doi: 10.1016/j.future.2017.08.020
[6] Wang Qianwen et al. A Comparative Study of Blockchain Consensus Algorithms[J]. Journal of Physics: Conference Series, 2020, 1437: 012007-012007.
[7] S. Matsumoto and R. M. Reischuk, “IKP: Turning a PKI Around with Decentralized Automated Incentives,” 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 2017, pp. 410-426, doi: 10.1109/SP.2017.57.
[8] Fu Tai ZHANG et al. Research on Certificateless Public Key Cryptography[J]. Journal of Software, 2011, 22(6) : 1316-1332.
[9] He Wencai, Du Min, Chen Zhiwei, Liu Peihe, Han Yanyan. Distributed File Interaction System Node Authentication Scheme [J]. Journal of Communications, 2013,34 (S1): 14-20
[10] He Wencai, Du Min, Chen Zhiwei, et al. Node authentication scheme of distributed file interaction system [J].
Journal of Communications, 2013,34 (S1): 14-20
[11] I. Zikratov, A. Kuzmin, V. Akimenko, V. Niculichev and L. Yalansky, “Ensuring data integrity using blockchain technology,” 2017 20th Conference of Open Innovations Association (FRUCT), St. Petersburg, Russia, 2017, pp. 534-539, doi: 10.23919/FRUCT.2017.8071359.
[12] B. Liu, X. L. Yu, S. Chen, X. Xu and L. Zhu, “Blockchain Based Data Integrity Service Framework for IoT Data,” 2017 IEEE International Conference on Web Services (ICWS), Honolulu, HI, USA, 2017, pp. 468-475, doi: 10.1109/ICWS.2017.54.
[13] Wang Huaqun and Wang Qihua and He Debiao. Blockchain-Based Private Provable Data Possession[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(5): 1-1.
[14] B. Liu, X. L. Yu, S. Chen, X. Xu and L. Zhu, “Blockchain Based Data Integrity Service Framework for IoT Data,” 2017 IEEE International Conference on Web Services (ICWS), Honolulu, HI, USA, 2017, pp. 468-475, doi: 10.1109/ICWS.2017.54.
[15] Wang Lipeng, Guan Zhi, Li Qingshan, Chen Zhong, Hu Mingsheng. Overview of blockchain data security services [J]. Journal of Software, 2023,34 (01): 1-32. DOI: 10.13328/j.cnki.jobs.006402
[16] Liu Mingda, Chen Zuoning, Shi Yijuan, Tang Lingtao, Cao Dan. Research progress of blockchain in the field of data security [J]. Journal of Computer Science, 2021,44 (01): 1-27
[17] Dong Xiangqian, Guo Bing, Shen Yan, Duan Xuliang, Shen Yuncheng, Zhang Hong. An efficient and safe decentralized data sharing model [J]. Journal of Computer Science, 2018,41 (05): 1021-1036
[18] Tan Haibo, Zhou Tong, Zhao He, Zhao Zhe, Wang Weidong, Zhang Zhongxian, Sheng Nianzu, Li Xiaofeng. Blockchain-based archive data protection and sharing methods [J]. Journal of Software, 2019, 30 (09): 2620- 2635. DOI: 10.13328
