User Centric Block-Level Attribute Based Encryption in Cloud Using Blockchains

Cloud computing is a collection of distributed storage Network which can provide various services and store the data in the efficient manner. The advantages of cloud computing is its remote access where data can accessed in real time using Remote Method Innovation (RMI). The problem of data security in cloud environment is a major concern since the data can be accessed by any time by any user. Due to the lack of providing the efficient security the cloud computing they fail to achieve higher performance in providing the efficient service. To improve the performance in data security, the block chains are used for securing the data in the cloud environment. However, the traditional block chain technique are not suitable to provide efficient security to the cloud data stored in the cloud. In this paper, an efficient user centric block level Attribute Based Encryption (UCBL-ABE) scheme is presented to provide the efficient security of cloud data in cloud environment. The proposed approach performs data transaction by employing the block chain. The proposed system provides efficient privacy with access control to the user access according to the behavior of cloud user using Data Level Access Trust (DLAT). Based on DLAT, the user access has been restricted in the cloud environment. The proposed protocol is implemented in real time using Java programming language and uses IBM cloud. The implementation results justifies that the proposed system can able to provide efficient security to the data present in and cloud and also enhances the cloud performance.


Introduction
The growing size of organizational has challenged the organizations to maintain their data in a centralized server. Since due to the computational cost, the organizations are not able to afford a huge amount to purchase high complex data servers to store their data. The revolution and boom of the cloud environment have become a sophisticated solution for their storage problem where they can maintain their data in the cloud and can avail the services of the cloud at nominal cost. The organization has the responsibility to maintain data integrity and provide efficient security to the customer data which has been stored in the cloud.
To ensure the integrity and privacy of the data stored in the cloud, the different access policies and privacy methods should be designed effectively. The users of the cloud are restricted based on their level namely: service level, data level, and attribute level. By maintaining the access profile based on the data, attribute, and service, the access restriction is obtained to ensure the integrity and privacy of the user's data stored in the cloud.
The blockchain is one of the modern security standards which has been used for data security in a variety of environments. The blockchain comes with several blocks and each block has three parts namely the data part, hash code, and reference part. Fig. 1 shows the sample blockchain used in the cloud environment. The blockchain consists of three blocks and each block contains the data part, hash code, and reference part. The data part consists of the user's data which are stored in the cloud. The reference part is used to identify the next block of data. The hash code block is used to encrypt the data from the block. Fig. 2, gives the blockchain model used for the cloud data security, where the user's access is verified and data accessed is encrypted with blockchain encryption and decrypted mechanism with the hash code available in each block.
The proposed model restricts the user access based on Data Level Access Trust (DLAT) and data security is provided using the User-Centric Block Level Attribute-Based Encryption (UCBL-ABE) scheme. Attribute-based access control scheme for cloud frameworks enormously works on the access management. We use Blockchain innovation to record the appropriation of attributes to stay away from  The entrance control measure has likewise been enhanced to address the issue of high efficiency and lightweight calculation for cloud security. Security and performance analysis show that our plan could successfully oppose multiple attacks and be efficiently carried out in frameworks. Where as trust level based data storage and trust level based information access control arrangement which changes the control interaction of data storage and information access. The introduced course of action enables straightforward data dealing with subject to given out trust levels to limit game plans in a distributed data storage environment and the arranged affectability level of the data to be taken care. The rest of the manuscript is organized as follows.
Section 2, discusses the details of the proposed UCBL-ABE scheme and Section 3 provides the evaluation results on the proposed UCBL-ABE. Finally, Section 4 provides the conclusion and future work.
Motivated from all these observations in this paper an efficient user-centric block-level Attribute-Based Encryption (UCBL-ABE) scheme is proposed to provide the efficient security of cloud data in the cloud environment. The observations of this literature survey are that most of the existing systems have suffered to achieve higher performance in terms of security and energy-efficient in nature. Motivated from all these observations in this paper an efficient user-centric block-level Attribute-Based Encryption (UCBL-ABE) scheme is proposed to provide the efficient security of cloud data in the cloud environment. Moreover, the proposed system provides efficient privacy with access control to the user access according to the behavior of cloud users using Data Level Access Trust (DLAT).

Related Works
Various approaches have been proposed for providing efficient cloud data security using the Blockchain technique. Some of the techniques are discussed as follows.
The new robust key pre-distribution [1] scheme has been proposed to provide cloud security to the user's data stored in the cloud environment. Their proposed system provides better security during data communication without compromising network security. The square matrix of a pool of keys is generated based on eigenvalue and eigenvectors. Their simulation results justify that the proposed system significantly reduces the overhead and provides secure data communication to the nodes of WSN.
ETARP [2] has been proposed to provide security with better energy optimization in WSN and this routing protocol is mainly used in unfriendly environments such as a battlefield. The route selection in the proposed routing protocol is carried out based on the utility theory. The key idea of this routing protocol is it selects the optimized route based on the maximum utility. The advantage of this routing protocol is it provides energy-efficient trust-based secure routing in the network. The limitations of this protocol are it has more overhead when it is compared to other state of art protocols in WSN.
In [3] authors have proposed a system that can improve the network efficiency and precision in WSN by using a two-phase distributed PSO algorithm to solve the flip ambiguity problem. In the proposed system, by using the boundary box method, the initial search space is defined. The main role of the refinement phase is to carry out error corrections that occur due to flip ambiguity.
In [4] authors employ a multi-objective particle swarm optimization localization algorithm (MOPSOLA) to identify the localization in WSN. The proposed algorithm uses the space distance constraint and the geometric topology as multi-objective functions. The advantage of this system is its localization accuracy. The limitations are its computation overhead.
In this system [5] authors use Blockchain technology to award the nodes who stores more data in WSN.
The proposed system has two Blockchains. The first Blockchain is used for data storage and another one is used for access control. The advantage of this system is it provides efficient access control for the nodes of WSN.
A Blockchain-based Contractual routing (BCR) [6] has been designed for IoT devices to provide efficient distributed authentication. The proposed system discovers an optimal route to transmit the data to the destination node. The advantages of this system are its route reliability and limitations are its occurrence of computational overhead.
A survey [7] has been carried out by the authors to shows how Blockchain technology has improved the security of IoT devices. In this survey, the various challenges of IoT are addressed.
A novel trust-based secured routing [8] is proposed by the authors for energy-efficient routing in WSN using Blockchain technology. In the proposed scheme, the routing information is obtained from the Blockchain which is available in the network by using reinforcement learning to identify the most efficient links in the network.
The author proposed UC protocol [9] where he has employed Blockchain technology to provide security to IoT-based cloud systems. The advantages of their approach are their security to the IoT devices and the limitations are their computational and communication overhead.
In [10] author proposed edge computing-based peer-to-peer Blockchain technology to provide efficient security to the devices in IoT. The proposed Blockchain technology provides data integrity by using anonymous user authentication. The limitations are it is not lightweight in nature.
In [11] author has proposed a security mechanism in the Blockchain that can provide security to the bit coins in the IoT environment. The advantages of their system are their energy efficiency and limitations are it is vulnerable to various types of attacks in IoT-based Blockchain technology.
In [12] author has proposed stochastic models to detect and verify the probabilities of occurrence of errors in the IoT-based Blockchain network. The advantage of this system is its accurate error detection which is occurred in the network. The limitations are its overhead involved during the error detection in the network.
In [13] author has proposed a system that can able to detect malicious nodes in the network by using Blockchain Trust Model (BTM). The proposed system constructs a Blockchain data structure to identify and detect malicious nodes. The advantages of their system are better detection accuracy of malicious nodes and limitations are its overhead involved in communication and computation The author proposed cryptographic checksums signatures [14] mechanism to detect and recover the attacks in WSN. The proposed system provides data integrity with efficient anonymous user authentication to detect the malicious nodes in the network. The limitations are the malicious nodes detection is not accurate and it has overhead in terms of computation.
In [15] authors have proposed a signcryption mechanism based on offline/online methods to provide efficient authentication to the devices in the IoT environment. The advantages system is secure data transmission to the medical server and efficient data access by using the remote method. The limitations are its overhead due to computation and communication.
In [16], the author presents a nonlinear cooperative control algorithm based on game theory and Blockchain. Here, a new model is proposed for the automatic processing and management of data in heterogeneous distributed wireless sensor networks stored in a Blockchain. The advantage of this model it provides interoperability with better security in WSNs. The limitations are its overhead in terms of computation and communication.
In [17] author has proposed the system which can able to detect malicious nodes attack by using Proof of Authority (PoA) in the network. The advantage of this system is it provides efficient node authentication. The limitations are the malicious node detection is not accurate.
In [18][19][20][21][22] authors have provided security by designing Blockchain-based distributed collocation storage architecture in WSN. They have used an asymmetric signature and trust [23][24][25][26] for providing efficient security in WSN. The advantages are its better security and the limitations are its both computational and computational overhead.
In [27][28][29][30] authors proposed a trust model based on fuzzy logic for proving trust-based security in WSN. The advantage of this system is the accurate detection of malicious nodes in the network. The limitations are less accuracy of malicious node detection and it has overhead in terms of communication and computation [31][32][33][34][35].
The observations of this literature survey are that most of the existing systems have suffered to achieve higher performance in terms of security and energy-efficient in nature [36][37][38][39][40]. Motivated from all these observations in this paper an efficient user-centric block-level Attribute-Based Encryption (UCBL-ABE) scheme is proposed to provide the efficient security of cloud data in the cloud environment [41,42]. Moreover, the proposed system provides efficient privacy with access control to the user access according to the behavior of cloud users using Data Level Access Trust (DLAT).

Dynamic User Centric Block Level ABE Model
The proposed security model in the cloud computing environment maintains profiles of users in form of taxonomy. Attribute-based encryption (ABE) calculation acknowledges adaptable and fine-grained admittance control, countless clients buy in or withdraw the various administrations habitually in the cloud, which takes a huge expense for membership management. The taxonomy contains information related to the access constraints of various users and the users are classified under various groups based on the different taxonomy. According to the taxonomy, the user's request is processed towards access control and data encryption with blockchain. Fig. 3 gives the architecture of the Proposed UCBL-ABE Scheme in a detailed manner. It consists of four phases namely DLAT Access Restriction, BlockChain Generation phase, Hash Code Generation, Dynamic Block-Level Encryption.

DLAT Access Restriction
The cloud environment has the number of users who can access the service and data present in the cloud. Consider, there exists K number of data points and each has N number of attributes. Similarly, if there exists S number of users in the environment, then not all the users of the set S have access to all the data points and attributes present in the cloud. The cloud will have various data belongs to different users and customers. It is necessary to restrict the users from accessing the other data which have no access for them. It can be enforced by the DLAT (Data Level Access Trust) based access restriction. According to this, whenever a user requests access to the specific data, then the profile taxonomy can be used in verifying the access privilege for the user based on all the attributes required. Similarly, the behavior of the user in accessing the data has been used in measuring the DLAT measure. According to the value of DLAT, the access restriction is performed.
Consider the data requested is D, then the features present in the data D has been identified using the below equation.
Now according to the profile taxonomy PT, the number of attributes to which the user has access is identified as follows: FlðjÞ 2 PT ðiÞ:User ¼¼ U where, U is the User id Now, the trust of user in accessing the data is measured by measuring the earlier access.
Now the value of DLAT is measured as follows: Based on DLAT the access restriction is performed. If DLAT value is high, then the users have been granted permission to access the data in the cloud else, the users are not given the privilege to access the data in the cloud. The Pseudo Code of DLAT Access Restriction is given in Algorithm 1.

Else
Return false.

Stop
The access restriction with DLAT algorithm is performed according to the DLAT measure which is computed for the user request given. Based on the value of DLAT, the method performs access restriction for the user.

Block Chain Generation
The Blockchain generation scheme is executed when the data required has been extracted by accessing the cloud. When user access is granted, the method accesses the data and obtains the required data. From the data, the method extracts the attributes to which the user has access. Now, using the attribute taxonomy AT, the method selects a unique encryption scheme and key from the scheme and key sets. According to with encryption scheme and key generated, the data attributes are encrypted. Moreover, the method generates a random number R from the group Z*P, which represents the number of blocks to be generated in the chain. According to the value of R, the method generates the block chain and split the data into R number of blocks. Generated Blockchain and data blocks are used to perform dynamic block-level encryption and decryption. The algorithm for the Blockchain generation is given in algorithm 2.
For each feature f of fes

END
The Algorithm 2 represents how the block chain is generated. The method encrypts each attribute with different encryption scheme and key. Further, the data has been split into number of blocks. According to the number of block a block chain is generated.

Hash Code Generation
Blockchain hash every exchange prior to packaging them together into blocks. Hash pointers connect each block to its predecessor, by holding a hash of the information in the past block. Since each block connects to its predecessor, information in the Blockchain is changeless. The hashing function implies that an adjustment of any exchange will deliver a completely unique hash, which will change the hashes of every single ensuing blocks. Each block of the chain contains data and hash code concerning the next block. From the hash code, the receiver can obtain the code to identify the encryption key used. By identifying the key, the receiver can decrypt the cipher text to get the original data. In the proposed system it uses a key set that contains the number of keys which has been used for data encryption. The selection of keys is performed according to the prime and polynomial scheme. The method uses a character set that has several alphabets and characters. The key set and character set are distributed to the user in the initial stage itself. Now, first, the method generates a random number according to the size of the character set used. Now consider, the character set Cs is used which has N number of characters then, the hash character is generated as follows: Hash character Hc = R Randomð1; sizeðCsÞÞ Now, the random number of generated is 8, then the hash character is y, then the method computes the ascii value of the character. Say if the ascii value of y is 36, then the method verify the prime factor of the value y. now the hash code is generated as follows: Algorithm 2: (continued) R = generate random number upto the size of key set.

Hash code = y+R
If the value of R is 12 then the hash code is as follows: Hash code = y12.
The algorithm for the hash code generation is explained in the Algorithm 3. The Generated hash code is added to the block considered and encrypted data is added to the block. According to the hash code the user can identify which key should be used to decrypt the text to obtain original data.

Dynamic Block Level Encryption
The block-level encryption is performed when the algorithm is given with the data blocks generated. For each data block, the method generates a hash code and encrypts the data with the key identified in the hash code generation phase. The encrypted text is generated in the hash code generation phase added to the block and reference is generated to the next block of data. Generated blockchain with data has been populated as result to the user. The algorithm for the dynamic block-level encryption is given in Algorithm 4. BCðiÞ ¼ HashCodeGenerationðblÞ

End END
The pseudo code of algorithm 4 provides how the block level encryption is performed in IoT based block chain for the cloud environment.

Dynamic Block Level Decryption
The decryption of data to obtain the original data from the blockchain is performed in this stage. The method is given with the blockchain which contains the number of blocks and each has data, hash code, and reference unit. First, the method reads the blockchain and for each block, the hash code is identified and the encoded text is taken. The hash code is split with character and numeric. Now according to the character, the ASCII value is generated and identified for prime value. According to the status of the prime factor, the method computes the index of the key to be selected. Based on the key identified, the data has been decrypted to obtain the original text. Algorithm 5 gives the Pseudo Code of Block Level Encryption.

Algorithm 4: (continued)
Algorithm 5 gives pseudo code that represent the working of block level decryption algorithm which decode the hash code and identify the key index to be used for decrypt the data to obtain original data.

Experimental Results
The proposed role-based class level access trust block chain algorithm has been implemented and evaluated for its performance. The proposed CLAT algorithm is hardcoded in advanced java. The simulation parameters used in the proposed system is given in Tab. 1. Fig. 4 gives the performance in security has been measured for the proposed UCBL-ABE algorithm under varying number of users and compared with the values of other methods. The proposed UCBL-ABE algorithms have achieved higher performance in terms of security compared to other methods.     Performance in time complexity has been measured at varying number of users and presented in Fig. 7. The proposed UCBL-ABE algorithms have produced less time complexity than other methods.Through intensive examination conveyed and the outcomes acquired for each model, Compared to different models, this proposed UCBL-ABE model gives higher throughput and performance.

Conclusion and Future Work
This paper proposes a novel user-centric block-level attribute-based encryption scheme with a Blockchain towards cloud data security. The execution results justifies that the proposed framework can ready to give efficient security to the data present in and cloud and furthermore improves the cloud execution. The proposed technique works on the performance of information encryption and decoding. Additionally, the technique works on the performance of data security. The method maintains the number of data and taxonomy for the users and attributes. In the proposed system, whenever a user requests the data, the user has been measured for Data level access Trust (DLAT) based on which the user access has been restricted. Moreover, the data extracted from the cloud has been encrypted with block-level encryption and added to the block of the chain according to the hash code generation. The hash code generation is performed according to the index of the key in the key set and the character selected from the character set. Encoded data and hash code generated are added to the block of the chain. Similarly, at the decryption, the prime value of the character present in the hash code of the block is used to find the index of the key to performing data decryption. The proposed method improves the performance of data encryption and decryption. Also, the method improves the performance of data security.
Funding Statement: The authors received no specific funding for this study.

Conflicts of Interest:
The authors declare that they have no conflicts of interest to report regarding the present study.