BACC: Blockchain-Based Access Control For Cloud Data

Controlling the access over the stored data in the cloud is one of the fundamental security requirements, especially with the wide usage of cloud storage servers for nearly most of the enterprise applications. Traditional cloud-based access control solutions are based on a centralized approach (i.e. a cloud server becomes the central authority to control accesses to the data), which makes it difficult to prevent malicious cloud servers from disclosing user's data; and therefore compromising the privacy of the stored data. Additionally, the centralization of authority can cause a single point of failure. Furthermore, to provide confidentiality, which is one of the essential security requirements, user's data is encrypted before it is stored on the cloud. Most of the cloud servers store the decryption keys, after they encrypt the data, in their premises. This compromises data privacy. In this paper we propose a new model that addresses the aforementioned issues. To address the centralization problem, we distributed the access control tasks to smart contracts over a decentralized network, i.e. blockchain. To address the latter, we used Shamir secret sharing scheme to manage the encryption keys. Then we introduced a new type of node, called master node, to our blockchain platform, to store the decryption key parts.