VMC2-PS: Blockchain-based multi-copy data Pub/Sub service with fine-grained access control for multi-cloud storage

Abstract

Data Pub/Sub services provide a secure manner for publishers and subscribers to selectively share and receive data. Besides enabling privacy protection and anti-malicious propagation of data, blockchain-based multi-cloud storage schemes have recently been proposed. However, existing data Pub/Sub works fail to achieve the following features: (i) multi-copy and multi-cloud storage; (ii) ciphertext integrity verification; (iii) fine-grained bilateral access control. Therefore, we design a fine-grained and verifiable data Pub/Sub service, VMC${}^2$-PS, which implements multi-cloud multi-copy storage and ciphertext integrity verification with fine-grained bilateral access control. Technically, we perform attribute-based keyword search operations by the edge nodes and employ a dual-policy framework to define access/subscription policy. To realize integrity verification, we employ blockchain technology for ciphertext verification using the Merkle tree and store the ciphertext (copy) as blocks on multiple cloud servers. Moreover, we provide the security model and analyze the security of the solution, then evaluate its performance in real cloud environments. Especially, VMC${}^2$-PS runs 12$\times$ faster than relevant solutions in the data encryption phase (with the number of attributes is 50).