Journal of Ambient Intelligence and Humanized Computing (2022) 13:769–787

https://doi.org/10.1007/s12652-021-02929-z

ORIGINAL RESEARCH

Decentralized blockchain based authentication for secure data sharing

in Cloud‑IoT

DeBlock-Sec

Uma Narayanan1 · Varghese Paul2 · Shelbi Joseph1

Received: 13 July 2020 / Accepted: 25 January 2021 / Published online: 16 February 2021
© The Author(s), under exclusive licence to Springer-Verlag GmbH, DE part of Springer Nature 2021

Abstract
Cloud integrated Internet of Things (Cloud-IoT) has gained huge attention over this decade. As millions of devices are con-
nected over the internet, security becomes a more challenging issue in the Cloud-IoT environment. Many research works
have contributed to ensuring security in Cloud-IoT. But none of the works has proven its security strength and efficiency.
In particular, centralized authentication and complex encryption schemes increase the overhead even for low-level security.
This paper proposes a novel Decentralized Blockchain-based Security (DeBlock-Sec) scheme, which is most suitable for
resource-constrained IoT environment to abridge the security issue. The overall system works upon three significant phases,
(1) authentication phase, (2) data encryption phase, and (3) data retrieval phase. For authentication, we propose a novel
Decentralized Blockchain-based Authentication (DBA) protocol. The DBA protocol uses multiple factors to authenticate
users and devices. In the next phase, data encryption is carried on the IoT devices. As the amount of data to be encrypted
is large in size, the encryption is performed in the spark environment since the confidentiality of data is vital. The data
retrieval phase allows users to access the data stored in the Cloud. Dendrimer Fractal Tree Indexing is followed to minimize
the searching time and the Revised Diffie-Hellman algorithm is presented for key exchange. The extensive experiments
performed in Spark environment show that the proposed work achieves better performance in terms of time consumption
(encryption, decryption and search), storage space, and throughput. Our proposed technique is a promising research direc-
tion for real IIoT security.

Keywords Block-chain · Lightweight cryptography · Authentication · Big data spark · Cloud-IoT

1 Introduction annual growth rate (CAGR) of 11 percentage according to

new research published by Transforma Insights. In 2000,
The Internet of Things (IoT) is the fast-growing technology RFID tags were first implemented, fuelled by the demand
that establishes communication among millions of resource- for improved logistics. Figure 1 shows the reach of IoT. The
constrained tiny devices (Ray 2018; Sethi and Sarangi 2017). surge in IoT device happen in around 2010 when the cost of
The amount of attention IoT is getting is growing exponen- sensor devices dropped rapidly leading to application of IoT
tially. The term “Internet of Things” was not created until in many areas such as routing, inventorying and loss pre-
1999. Since then, the field of IoT has grown tremendously. vention. IoT technologies’ applications are multiple because
At the end of 2019 there were 7.6 billion active IoT devices, it is adjustable to almost any technology fit for providing
a figure which will grow to 24.1 billion in 2030, a compound significant data regarding its own operation and even about
the environmental conditions that we need to monitor and
* Uma Narayanan
control from a distance. Nowadays, many companies from
uma@cusat.ac.in different sectors are adopting this technology to simplify,
improve, automate and control different processes. Next, we
1
Cochin University of Science and Technology, Kochi, India show some of the surprising practical applications of the IoT.
2
Rajagiri School of Information and Technology, Ernakulam,
India

13
Vol.:(0123456789)
770 U. Narayanan et al.

of Cloud Computing motivates the researchers and industries

to integrate Cloud computing with IoT (Cloud-IoT) envi-
ronment (Jerker 2017). The Cloud-integrated IoT has wide
applications such as smart healthcare, smart city, industry
4.0 and so on (Elhoseny et al. 2018). The general structure
of an IoT network, as shown in Fig. 2 includes device to
interact with the environment; a gateway to gather the data
and communicate with Cloud; and Cloud to store, process,
and analyze the data. The massive amount of big data is
generated by the IoT devices and this data is stored and ana-
lyzed in the Cloud Computing, a detailed view is as shown
in Fig. 3. Although the integration of Cloud and IoT results
Fig. 1  Technology reach of IoT in many advantages, there is a huge need to develop security
schemes in the Cloud-IoT environment. In general, secu-
Wearables—Wearable technology is a hallmark of IoT rity is the major issue in IoT (Alaba et al. 2017) and Cloud
applications and probably is one of the earliest industries Computing (Singh and Chatterjee 2017). The security issues
to have deployed the IoT at its service. We happen to see presented (Wang et al. 2018) in these paradigms increase the
Fit Bits, heart rate monitors and smartwatches everywhere vulnerability for user privacy and data. Thus it is necessary
these days. to build effective security schemes to mitigate the vulner-
Smart cities—a city that utilizes innovation to improve abilities in Cloud-IoT. Security has become extremely sig-
efficiency, maintainability, and personal satisfaction for the nificant in every application from the last decade, especially
people living and working in the city.
Connected Healthcare—utilizing consumer innovations
to interface patients and medical services providers outside
of the emergency clinic.
Smart home- utilizing gadgets to control the appliances
and devices in a home.
Farming—Farmers can utilize IoT farming applications
to upgrade numerous particular tasks, for example, decid-
ing the best an ideal time to harvest crops, determining how
much fertilizer are need according to the soil and detecting
soil supplements and moisture content of soil.
Tracking and monitoring—Many organizations use IoT Fig. 2  General structure of IoT Network
innovations to track their resources. To track and monitor,
IoT use global positioning frameworks or radio frequency
(RF). The gadgets can be utilized to recognize and check
resources over significant distances.
Smart Retail—Retailers have started adopting IoT solu-
tions and using IoT embedded systems across a number of
applications that improve store operations such as increasing
purchases, reducing theft, enabling inventory management,
and enhancing the consumer’s shopping experience.
Industrial IoT- uses machine learning and big data to gen-
erate value from sensor data.
The tiny IoT devices are major sources for generating
“Big Data”. This big data opens the door for processing,
predicting and storage requirements for the IoT environment.
For the analysis (Narayanan et al. 2017, 2017; Unnikrishnan
et al. 2017) of big data we need large storage space. Here
comes the Cloud Computing that lends the flexible storage
for data and processing (Varghese 2018; Yang et al. 2017).
Big data storage is easier with the Cloud. Cloud computing
allows its users to access their data remotely. The flexibility Fig. 3  Cloud integrated IoT model

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 771

with the rapid advancements in communication networks security objectives: confidentiality, integrity, and informa-
and multimedia applications (Gutub et al. 2017). tion availability using advanced security tools and protocols.
The author Leloglu (2017) believe that, despite the enor- The techniques to achieve above mention objective includ-
mous benefits the users are getting from the Internet of ing steganography (Gutub and Al-Shaarani 2020; Gutub
Things, there are challenges that come along with it that and Al-Ghamdi 2020; Alotaibi et al. 2019; Stoyanova and
need to be looked at. Privacy and security (Hassan and Tasheva 2015), is concerned about hiding data or cryptogra-
Mohamad Noor 2019) are among the most significant and phy (Alassaf and Gutub 2019; Sahu and Swain 2019), which
primary concerns cited in many fields of IoT applications. encrypt data (Tawalbeh and Tawalbeh 2017). Encryption and
The presence of remote healthcare monitoring systems has steganography are distinct in the sense that the former pro-
reduced the cost of treatment while enhancing the quality tects the data by encoding it and the latter hides the data
of services. The successful deployment of health care sys- altogether (Gupta et al. 2012). In 1979, a new cryptographic
tems depends on having adequate security and privacy of the technique was developed; namely, secret sharing, invented
patient’s data (Alassaf and Gutub 2019; Alassaf et al. 2017). by Shamir (1979) and Bleckley (1979) independently.
The paper (Farooqi et al. 2019) point out the challenges in Responsible for protecting secret data via several partici-
a smart community. pants called secret sharing (Ito et al. 1989). This scheme can
The adoption of IoT in manufacturing enables the transi- be used in many sensitive protocols alone or as an assistant
tion of traditional manufacturing systems into modern digi- to cryptography (Beimel 2011; AlKhodaidi and Gutub 2020;
talized ones, generating significant economic opportunities Al-Ghamdi et al. 2019).
through industries re-shaping. Industrial IoT empowers mod- IoT-systems require higher availability and reliability of
ern companies to adopt new data-driven strategies and han- the information. Authentication is a major solution to ensure
dle global competitive pressure more easily. According to security in Cloud-IoT (El-Hajj et al. 2017; Wang et al. 2018).
Gartner’s predictions there will be nearly 20 billion devices The process of authentication allows only legitimate users
connected to the IoT by 2020 and a large majority of them to access the data stored in the Cloud environment. Multi-
will come from the industrial sector. Data generated by the ple factors (like identity, password, biometric, etc.), cryp-
lower level of industries, directly from the machine tools and tographic functions (like encryption, hashing) and digital
the human operators, is of high importance for industries. certificates are utilized to enable authentication. In any way,
This data can be used and analyzed to provide meaning- the authentication algorithm must identify the unauthorized
ful information to the higher levels of the industries mak- users in the system. Further, the key management mecha-
ing them adaptive and flexible. As a result, specific focus nism has been concentrated to provide better data security
should be given to transforming the basis of the produc- in the Cloud (Manogaran et al. 2017). Many cryptographic
tion systems into cyber-physical production systems. The primitives such as Rivest Shamir Adleman (RSA), Advanced
absence of security is one of the significant issues that make Encryption Standard (AES), Elliptic Curve Cryptography
IIoT-frameworks extremely unattractive for Industrial users. (ECC), etc., have been widely sued to provide data secu-
For instance, applications such as smart grid, the danger rity. Similarly, attribute-based encryption and access control
of a deadly interruption with serious effects on production mechanisms have gained much attention (Guan et al. 2017;
outcome and energy infrastructure. A famous example is Cui et al. 2018). The attribute-based algorithms take the
the Philips–Hue-attack (Ronen et al. 2017), where remote- multiple user’s attributes to generate ciphertext, access poli-
controlled light bulbs could be attacked, reprogrammed and cies and signatures. The possible attributes are user ID, pass-
immediately turned on for an entire city, leading potentially word, location and so on. For data integrity verification, a
to a black-out due to the sudden energy consumption. This short signature algorithm and hash methods are utilized (Zhu
shows the consequence of failures in IIoT-device is more et al. 2019; Almazrooie et al. 2020). Though many research
severe than in regular IoT-devices: As a system causes an works have been presented to improve security in Cloud-IoT,
individual or financial fatality, the requirements of IIoT in there is still a huge need for developing security. The major
any terms of safety, security and availability are far higher research issues and challenges in security provisioning are,
than for normal IoT-systems.
The main challenge towards this transformation is the • Most of the research works consider authentication and
design and development of standard and secure communi- other security primitives in a centralized server or party.
cation protocols capable of interfacing existing systems and In practice, it increases the security vulnerability since it
collecting and exchanging manufacturing data. Information is possible to crack all sensitive information by compro-
security attempts to protect data without affecting the work mising a single server. Thus, centralized security mecha-
of the service negatively while ensuring confidentiality, nisms will lack in security.
integrity, and availability–known CIA of Cybersecurity. The • In the Cloud-IoT environment, a large number of devices
security admin design a security system to achieve the three and users share information through cloud computing.

13
772 U. Narayanan et al.

In this case, the Cloud must be scalable and have to sup- • In the data retrieval phase, IoT users are allowed to
port a vast number of users. Unfortunately, the existing retrieve encrypted data from the Cloud. For this purpose,
research works are limited to a certain number of users. we present Dendrimer Fractal Tree Indexing (DenFT),
• Processing and encrypting massive data in IoT devices which is fast and scalable. Further, the secret key is
often leads to higher energy consumption and slower per- exchanged securely by using the Revised Diffie-Hellman
formance. The designed algorithms must be lightweight (ReDH) algorithm.
and fast to be incorporated in the IoT environment. • The overall research work is experimentally analyzed and
a use case of Industrial IoT (IIoT) application has been
demonstrated.
1.1 Motivations and major contributions
1.2 Paper layout
The main motivation behind this work is due to the existing
complex cryptography algorithms and centralized authen- The rest of this paper is organized as follows: Sect. 2 pro-
tication schemes that are used for security mechanisms. vides an extensive literature review on existing works. In
The growing number of users and devices leads to the need Sect. 3, the research problems are defines. Section 4 explains
of an efficient security scheme for secure data sharing in the overall proposed research in detail. In Sect. 5, the pro-
the Cloud-IoT environment. Researchers are working hard posed work is analyzed through extensive experiments and
to tackle these challenges as there is still a huge scope for the comparative analysis is provided. In Sect. 6, we conclude
improvement. This hope has motivated us to work proac- our contributions and highlight future research directions
tively to improve/propose a system architecture capable of
effectively and efficiently storing the data in a secured and
privacy-preserved manner. Recent studies have addressed 2 Related works
that blockchain which is the decentralized environment for
Cloud-IoT security (Kshetri 2017; Reyna et al. 2018). Block- In recent times, more research works have been presented in
chain is a decentralized environment that provides a distrib- the field of Cloud-IoT security. In this section, we analyze
uted, immutable, transparent and secure environment. Thus, the existing research works with its pros and cons. Authenti-
we are motivated to use blockchain for security provision- cation was the first and foremost research direction in Cloud-
ing over the Cloud-IoT environment. The major objective IoT security. An online authentication scheme was presented
of this work is to enable secure data sharing among author- to preserve user privacy by using online fingerprint (Zhu
ized users and devices over the Cloud-IoT environment. To et al. 2018). This e-Finga scheme was designed with multiple
achieve this objective, we have the following contributions, online authenticated servers (OASers) to authorize the users.
An asymmetric encryption algorithm (ECC algorithm) was
• A decentralized Blockchain-based security (DeBlock- used for credential encryption and the Euclidean distance
Sec) scheme is developed to secure the Cloud-IoT envi- was used to match the credentials. Based on this distance,
ronment. The DeBlock-Sec scheme relies on three sig- the user was authenticated by OASers. This work preserves
nificant phases, such as authentication, encryption and the user’s privacy, but the authentication efficiency is poor.
data retrieval. The major issue with the fingerprint is that it has lower-level
• In the first phase, the authentication process is performed security than other biometrics. The fingerprint can be forged
by novel Decentralized Blockchain-based Authentication easily. Thus, this authentication scheme is not efficient.
(DBA) protocol. The DBA protocol uses customized Along with the fingerprint, the user ID and password were
multiple factors for IoT devices and users. For authen- considered to authenticate the users (Maitra et al. 2019).
tication of IoT devices we considered ID, password, and Here, the authentication process uses a fuzzy extractor and
location. Similarly, for authentication of IoT users we the ElGamal algorithm. The ElGamal has the homomor-
considered ID, password and finger vein (biometric). The phic property that allows computations over the encrypted
proposed DBA protocol accurately detects the unauthor- data. The user credentials were encrypted by the ElGamal
ized access. algorithm. Then, the biometric was extracted by the fuzzy
• In the next phase, data encryption is performed by IoT algorithm. As said earlier, the fingerprint was easily forge-
devices to secure the data in the cloud environment. able and had a lower security level. In addition, the ElGamal
Since a huge amount of data is generated and needs to algorithm has higher computational complexity, which is not
be encrypted, the encryption process is performed in the suitable for IoT applications. A lightweight authentication
Spark-enabled cloud environment by using the SALSA20 scheme was presented with one-way hash functions, XOR
algorithm. The proposed algorithm is lightweight, fast operations and smartcard (Zhou et al. 2019). The user cre-
and relatively secure. dentials were hashed and stored in the smartcard. Whenever

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 773

the user wants to be authenticated, the user selects ID and cloud server, then the parallel data search process was eas-
password and sends them through a secure channel. This ID ily executed in a cloud server. In addition, ID-AVL tree was
and password are matched with the stored credentials. The constructed incrementally hence it can be easily updated. In
pitfall of this work is that is the smart card is lost, and then the search process, the data was first searched in the ID-AVL
the authentication is less secure. It can be seen that the exist- tree if there no data is found, then the data was searched in
ing authentication research works have been concentrated the RF tree. This increases the searching time drastically.
the user level authentication. But in the IoT environment, Also, the symmetric key encryption which is used in this
it is necessary to authenticate the devices also to achieve a work has a lower security level. Attribute-based secure
better security level. searching was enabled in the Cloud-IoT (Long et al. 2019).
A blockchain-based security scheme was proposed for An attribute-based keyword search with lightweight decryp-
data sharing (Hao et al. 2019). Additionally, the fine-grained tion in multi-authority (ABKS-LD-MA) was proposed. The
access control scheme was presented with the fully attrib- algorithm allows multiple keywords to search based on the
ute hidden policy. A Fuzzy attribute positioning mechanism set of attributes. But this attribute-based search is not suit-
based on a garbled filter was used to locate the attributes able for the IoT environment since it involves large data
efficiently and decrypt the ciphertext successfully. Here and a large number of devices. It also increases the search
user privacy was achieved by hiding the whole attributes. time. A secure key-exchange mechanism was presented with
Access control is inefficient and has higher complexity. A three-factor authentication (Banerjee et al. 2019). Here the
forward-secure identity-based encryption scheme was pro- key exchange process was performed between the authorized
posed based on subtree (Meshram et al. 2019). Here new users only. The considered factors were ID, password and
identity-based encryption technique was applied in a cloud smartcard. Further, key agreement policy was enabled for
environment. This proposed work has four phases, namely key exchange. But this exchange process is inefficient and
setup, extraction, encryption, and decryption. In the setup insecure.Since the users who have passed the authentication
phase, key administration generates two cyclic then ran- process can easily get the key, the authentication used here is
domly selects the vectors as secret vectors. It generates cor- insecure, resulting in the increase of vulnerability.
responding public vectors and constructs the hash functions. The overall literature shows that there is a huge need to
The master key was kept as secret and the public parameter develop security schemes in the Cloud-IoT environment.
was known to everyone. Hash functions and private keys The existing research works have some problems and limi-
were calculated in the extraction phase. Random Value and tations that make them unsuitable for the lightweight IoT
random public points were considered to encrypt the data in environment.
the encryption phase. In the decryption phase, the cipher-
text was decrypted by EX-OR with hashed values. The main
limitation of this work is that this work is not suitable for 3 Problem definition
the large-scale environment. The existing encryption algo-
rithms often have higher complexity and not suitable for the In this section, we present specific problems defined by prior
resource-constrained environment. research works. Then, we introduce the problem statement
Secure data retrieval was achieved by secure indexing of this research works. A lightweight multi-factor authen-
and key exchange policies. An efficient predicate encryption tication scheme was proposed with the user ID, password
policy was introduced with fine-grained searchable capabil- and smartcard (Sharma and Kalra 2018). All of these cre-
ity (An et al. 2016). This predicate encryption was designed dentials were stored in the centralized cloud server, which
by the dual system encryption technique. Here the public key increases the vulnerability possibility of cracking. Typically,
encryption with fine-grained keyword search notation was the smartcard is inefficient for authentication since the user
introduced to evaluate the multiple keywords present in the must carry the credential all time. Here, the smartcard plays
ciphertext. This predicate encryption method was efficient the main role in password changing. If the card is lost or
for many cloud applications. Data was encrypted by block stolen, then the attacker can change the password, which
cipher, such as AES. However, the search index was not effi- will be a severe threat. A blockchain-based mutual authen-
cient in this work. Further, AES is the symmetric encryption tication was enabled in an industrial IoT environment (Lin
algorithm that needs an efficient key exchange mechanism. et al. 2018). The blockchain uses a double Secure Hashing
In data retrieval, retrieval features (RF) tree and ID-AVL tree Algorithm (SHA-256)2 for hash generation. The genera-
was constructed in the IIoT environment (Fu et al. 2018). tion of double hashing increases the time consumption and
To improve the search efficiency, an RF tree, which was complexity. Encryption AES is also a time-consuming pro-
the height-balanced tree was introduced. In this, all feature cess and exchanging the same key for decryption increases
vectors of objects were organized based on their relative vulnerability. For resource-constrained devices, attribute-
similarities. If the data user sends the query request to the based access control and encryption were presented (Li

13
774 U. Narayanan et al.

et al. 2018). The access control based on ID, password and speeds up the overall process and provides large storage
location can be easily hacked. The attribute-based encryp- capabilities. The DeBlock-Sec major relies on three phases
tion is only suitable for the small-scale environment since it as authentication, encryption and data retrieval. Authentica-
has higher complexity but a lower security level. To enable tion is performed for both IoT devices and users. The author-
secure search, an inverted index structure was used (Li et al. ized IoT devices are allowed to access the cloud environment
2018). The index updating is not flexible in the inverted to store the big data generated. Before that, data security is
index since it doesn’t support updation. It also has a large ensured by the encryption process. To enable data retrieval,
search time which is not suitable for fast retrieval. In addi- fast indexing mechanism is proposed. The authorized IoT
tion, it has large storage overhead and requires high main- users are allowed to retrieve the data from the Cloud. For
tenance costs to update, delete and insert. In prior research decryption, key exchange policy has been derived. The
works, authentication, encryption and retrieval still need prime aim of the proposed system is to provide a better
better algorithms. From the above problems, we highlight security level.
the problem statement as “A lightweight security system for
the integrated Cloud-IoT environment ”, since the security 4.2 Phase 1: User and Device Authentication
provisioning over the Cloud-IoT environment is affected
by the centralized mechanism, higher complexity, and time Authentication is the first phase in the proposed DeBlock-
consumption. This problem statement frames the following Sec system. We propose a novel DBA protocol that authen-
research questions, ticates both IoT devices and IoT users. The proposed DBA
protocol includes two processes, such as registration and
• How to design an efficient and fast security scheme for authentication. The DBA protocol’s main novelty relies on
the IoT environment? using decentralized blockchain technology for authentication
• How to adopt the blockchain technology for the resource- along with the lightweight hash function. The hash genera-
constrained environment? tion process uses Streebog lightweight hashing algorithm.
• What are the criteria for a better authentication process Both procedures can be explained as follows
in the Cloud-IoT environment?
• How to design scalable and fast search in the cloud envi- 4.2.1 Device and user registration
ronment?
The proposed DBA algorithm uses multiple credentials to
authenticate the IoT device and users. In Table 1, a detailed
4 Proposed DeBlock‑Sec for Cloud‑IoT description of the authentication factors is provided. In each
block, all credentials are hashed and stored.
This section explains the overall proposed work in detail. The considered IoT device credentials are device ID
The overall research work has three main phases as in (nID), password (nPW) and location (Loc). Similarly, the
Fig. 4 and each phase is explained with the corresponding considered credentials for IoT users are user ID (UID), pass-
algorithm. word (UPW) and finger vein (Fv). Finger vein is the new
biometric that is highly reliable in user authentication. In the
4.1 System model proposed DBA protocol, the user and device credentials are
stored in the blockchain, the distributed environment instead
The overall system has four major entities such as n num- of storing it in the centralized cloud server. The involve-
ber of IoT devices (n1 , n2 , … nn ) , m number of IoT users ment of blockchain in the authentication process increases
(U1 , U2 , … , Um ) , blockchain and the Cloud. The overall the security level of the User’s and the Device’s credentials.
DeBlock-Sec model is illustrated in Fig. 5. The IoT devices In the blockchain, the credentials are stored in the form of a
are the sources or owners of the big data generation that hash function. For all registered IoT devices, the secret key
needs to be stored in the Cloud. The data is stored in the (𝜉 ) is generated by the blockchain server.
Spark cloud environment. The involvement of the Spark
4.2.2 Authentication process

The next process in phase 1 is authentication. Whenever a

device or User needs to access the Cloud, then the User and
Device must be authenticated. For this purpose, the Device
or User must submit their credentials to the Cloud. The pro-
posed DPA protocol is not only secure but also preserves
Fig. 4  Proposed DeBlock-Sec model phases user privacy. The user/device initiates the authentication

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 775

Fig. 5  Proposed DeBlock-Sec

model

Table 1  Authentication credentials used in DBA protocol

Credentials Used for Description

Identity (ID) Users and devices Unique ID is assigned for each User and Device
This ID is assigned by the block-server
ID is known to the devices, users and block-server only
Password Users and devices Unique password is generated and registered by users and devices at block-server
The password can be updated by the devices or users
Finger vein Users Biometric used to validate the user
Each User registers the finger vein to block-server and it is stored as the binary
strings in the blocks
Location Devices Each device is distributed over the environment
All devices are static and the location is also static
At each time the device location is acquired from x, y coordinates

request (Auth_Req). The Auth_Req is sent to the Cloud. Ui H(UID) ⊕ H(UPW) ⊕ H(Fv) ⟹ Cloud (1)
Upon receiving the Auth_Req, the cloud server sends the
request for authentication credentials (Auth_Cre). Here the For a hash generation, Streebog hashing algorithm which
authentication credentials represent the credentials that are is used in the blockchain is used. The Streebog hashing
stored in the registration process. Then the user/device sub- algorithm is a new and lightweight hashing algorithm that
mits the corresponding credentials in the form of a hash generates the hash values in 256-bits and 512-bits as per
function as follows, the procedure illustrated in pseudocode:1 shown in Table 2

13
776 U. Narayanan et al.

Table 2  Pseudocode 1: Streebog based hashing

1 Start
2 Pad (M → pad Mk ‖M(k−1) ‖...‖M0
3 Assign H0 = Initial Value
4 N0 = 0
5 For i=0; i < (K-1); i++
6 H(i+1) = g(Hi , Mi , Ni )
7 N(i+1) = Ni + 512 mod 2512
8 𝛴 ← 𝛴 + Mi mod 2512
9 H(K+1) = g(HK , MK , NK )
10 N(K+1) = N K + 𝜌mod2512
11 𝛴 ← 𝛴 + Mk mod 2512
12 H(K+2) = g(H(K+1) , N(K+1) , 0)
13 H = g(H(K+2) , 𝛴, 0)
14 Return (H)
15 End

The Streebog algorithm generates the hash values of the

message M as the function of compression (g). At first, the
message M is padded and divided into i message blocks.
Then, the compression function is applied for each message
block Mi . At last, the hash value is generated by adding all
message blocks. In the proposed DBA protocol, message
M represents the AuthCre. Each credential is hashed as per
the procedure of the Streebog algorithm. This hash value Fig. 6  Process of DBA protocol
is submitted to the Cloud. That means the Cloud has no
detail about the User’s or Device’s credentials. All creden- algorithm is relatively fast and considers the sensitivity level
tials are submitted to the Cloud in the form of hash val- of the data for encryption. We propose SALSA20which is
ues. The Cloud then sends the AuthCre to the blockchain a fast and lightweight algorithm for encryption. The overall
server which is responsible for managing the blockchain. procedure of proposed algorithm is shown in Fig. 7. Since
The blockchain server verifies the credentials by analyzing the amount of data that needs to be encrypted is large, the
the corresponding block. If the credentials are valid, then the proposed work allows the IoT device to perform encryption
blockchain server sends Valid() report to the Cloud. Other- in the Spark environment.
wise, it sends Ignore() report to the Cloud. The Cloud allows In the Spark environment, the overall encryption work is
or ignores the user/device request upon the report received assigned to the Master node. Then, the process is divided
from the Cloud. In Fig. 6, the procedure of the proposed into multiple tasks and each task is allocated to the worker
DBA protocol is illustrated. node for encryption. The overall encryption is performed
As the blockchain is a distributed and secure environ- in parallel. In each worker node, two main processes are
ment, the credentials are kept secure and none can crack the performed. First, the sensitivity level of the data is detected
credentials. The proposed DBA protocol considers impor- by the ScoreSen method. Then, the encryption is performed
tant criteria such as finger vein and location which are more by the SALSA20 algorithm with different key sizes. Let d
secure than traditional criteria. Thus, the proposed DBA be the data from ­ni IoT device that is assigned to a worker
protocol accurately detects and prevents unauthorized user/ node w. At first, the ScoreSen is computed by w based on
device access in the system. The users/devices that have significant parameters. The considered parameters are the
completed this stage successfully are allowed to access the number of numerical characters (𝛼 ), the number of symbols
cloud environment. (𝛽 ) and the number of codewords (𝛾 ). Based on these values,
the core value is computed for d as follows
4.3 Phase 2: Fast Data Encryption
Score(d) = (𝛼 + 𝛽 + 𝛾)∕𝜇 (2)
In this phase, the IoT device that has completed the authenti-
cation process can encrypt the data. The proposed encryption

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 777

Fig. 7  Proposed SALSA20

encryption in spark

Here, 𝜇 denotes the total number of characters in the data. 4.4 Phase 3: Secure Data Retrieval
The score value is mapped between [0,1]. If the Score(d)
is greater than 0.5, then the data is considered to be sensi- The involvement of the data retrieval phase allows the
tive. Otherwise, the data is considered to be non-sensitive. users to search and retrieve the IoT data. To make this
The major reason for sensitivity score computation is that search fast and efficient, we propose DenFT based index-
sensitive data will require high-level security, whereas non- ing and security is provided by using ReDH algorithm.
sensitive data will require medium-level security. However, Before data retrieval, the user must have completed phase
high-level provisioning security leads to higher processing 1 (i.e.) authentication. The DenDT is an efficient index
time and energy consumption. Thus, the w first detects the structure that is scalable and enables accurate searching. In
sensitivity level of the data. Then, it performs the encryption the DenDT indexing, the keywords are maintained in the
process. For sensitive data, we proposed a SALSA20 algo- form of a binary search tree. Then, multiple fractal search
rithm with a 256-bits key size. For non-sensitive data, the trees are comprised to form a DenFT. When a user sends
algorithm is used with a 128-bit key size. The paper (Naray- a keyword, then the searching is performed in sequential
anan et al. 2020a) gives a detailed study of the proposed order. In the proposed DenFT, there is no need to maintain
encryption algorithm in mobile data applications. Com- a large fractal tree since multiple fractal trees are com-
paring with the existing state of art algorithm experiment bined in a single DenFT. The keyword is first searched in
results shows that our lightweight algorithm performs well the root and then searched in the first level child nodes. In
for large scale data. The SALSA20 encryption algorithm is DenFT, all first-level child nodes are verified first and the
also suitable for Healthcare applications (Narayanan et al. child which has a similar keyword is further searched in
2020b). For a detailed study of the algorithm, please refer depth. That is, the searching time is comparatively lower
to the work done in the previous papers’ work (Narayanan than other indexing methods. Let R be the root node and
et al. 2020a, b). L1 be the first level child node. The search process begins
In the proposed DeBlock-Sec system, the encryption pro- with similarity measurement at the R. In case the result is
cess is performed in the Spark environment which improves not found, then the keyword is searched in the L1 child. If
the energy efficiency and processing speed. In addition, the the keyword is presented, then the L1 child is searched in
proposed algorithm is eventually fast and works upon the depth in order to return the data accurately. Unlike other
sensitivity level. Therefore, this phase ensures a high level indices, the DenFT is fast and accurate. The steps are exe-
of security for the data stored in the Cloud environment. cuted for search as shown in Fig. 8

13
778 U. Narayanan et al.

A = G𝜉 modP (3)
This step is in the conventional Diffie-Hellman
exchange algorithm. In the revised algorithm, we revise
the secret key in order to improve the security level. The
ReDH algorithm reforms the secret key as follows,
𝜉 =Binary(𝜉) (4)

Binary(𝜉) =[𝜉1 , 𝜉2 ] (5)

𝜉Secure =𝜉1 ⊕ 𝜉2 (6)

3. Then, the equation () is formulated as follows,
Fig. 8  The DenDT indexing
A = G(𝜉Secure ) modP (7)

At the end, the results are retrieved in the form of 4. Similarly, the user sends the ID as follows,
ciphertext since the IoT devices encrypt the data stored
B = GID modP (8)
in the cloud. Thus, the user needs the secret key ( 𝜉 ) to
decrypt the data. However, the proposed SALSA20 is sym- 5. By receiving A, the user can retrieve 𝜉Secure as follows,
metric key encryption that uses same key for encryption
and decryption. Thus, the key must be secure. If the key 𝜉Secure = AID modP (9)
is cracked by the attackers, then the data security will be
From 𝜉 Secure, the value of 𝜉 is determined as the reverse
affected. Thus, we present ReDH algorithm to protect the
process. Thus, the 𝜉 is shared between Cloud and the user in
secret key through a secure key exchange process. The
the form of secret. The attacker is unable to get the key since
key exchange process is performed between Cloud and
it is secured by using XOR and binary operations. From the
the user. In the ReDH, the following steps are executed
received secret key, the user can decrypt the data. In Fig. 9,
for secure key exchange process,
the overall schema diagram is presented for DeBlockSec
system. It can be seen that the proposed work achieves bet-
1. Cloud and the user agree on a prime number P and a
ter security level from authentication to data retrieval. The
base G
involvement of blockchain technology serves a decentralized
2. Cloud sends the 𝜉 to the user in the form of,
environment to provide a better security level.

Fig. 9  Schema diagram of

DeBlock-Sec System

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 779

Table 3  System configuration Table 5  Sensors division by their external power requirements

Hardware Processor 2.50GHz Type Definition Example

CPU Dual core Passive Does not require external A temperature sensor
Memory 16 GB power to operate
Hard disk 1 Terabyte Active Requires external power A camera
Software Operating system Ubuntu 14.04 to operate
Python IDLE 3.6.7
Library PySpark
Spark 2.2.0
Table 6  Sensors sivision by type of signal the sensor produces
Hadoop 2.7
Type Definition Example

Analog Outputs an Accelerometers and temperature sensors

analog con-
Table 4  Experimentation settings
tinuous signal
Parameter Value Digital The output is Digital pressure sensors and digital
converted temperature sensors
Streebog hashing Block size 512 bits to discrete
Number of rounds 12 values
SALSA20 Number of rounds 20
Key size used 256-bits
and 128-
environment. Here we have demonstrated one use case
bits
scenario of IIoT which is a large-scale environment. In
IIoT, the big data is generated from the IoT devices that
are specified to perform particular tasks such as air qual-
5 Experimental evaluation ity monitoring, supply chain management, packing system
monitoring, etc. Further, the automatic data generated by
In this section, we present an experimental analysis of pieces of machinery is also part of the IIoT. There are
the proposed DeBlock-Sec system. This section first intro- many sensors available for IoT and a number of ways of
duces the experimental setup then provides a brief analysis categorizing them. The Tables 5, 6 and 7 are just a small
of the proposed work in terms of performance metrics. sample of the ways sensors can be grouped.
The data from sensors must be stored and analyzed for
further processing. As the data is related to the details about
5.1 Experimental setup industries, the data must be kept securely and not disclosed
to unauthorized users. In this context, the proposed DeBlock-
We develop the proposed DeBlock-Sec system in Python Sec system is more suitable for the IIoT environment. The
language. The Cloud environment is created with Apache use case of IIoT is illustrated in Fig. 10. As companies are
Spark and the IoT devices are considered to be data own- finding new use cases for IoT, the industry is continuously
ers. The implementation settings (hardware and software) growing. Some of the uses of IIoT (Industrial Internet of
are illustrated in Table 3. Things) we considered are listed below.
After system configuration, the experiments are initial-
ized. In the proposed system, the big data from IoT devices • Accelerate business agility by connecting globally dis-
is stored in the Hadoop clusters. Then, the encryption pro- persed devices, at the edge or in the cloud, with compre-
cess is performed in the Spark worker nodes. Besides, the hensive cloud services.
blockchain is implemented in Python and used for user • Use machine learning on edge and in the cloud to make
authentication. The Cloud designed with the Spark is com- predictions about machine maintenance, status, and state.
municated with the blockchain for user registration and • Improve operational efficiency, manage global assets, and
authentication. For each registered User, the block is cre- carry out firmware updates on Cloud IoT
ated in the blockchain. The blockchain is managed by the • Use localization intelligence to visualize where assets
block-server. In Table 4, the parameter settings considered are located in real-time, where they’ve traveled, and how
for simulation are depicted. often they’ve moved.
Use case of proposed DeBlock-Sec The proposed
DeBlock-Sec system is applicable for any large-scale IoT As shown in the Fig. 10, the industrial data is generated by
the authorized IoT devices (i.e.) the unauthorized devices are

13
780 U. Narayanan et al.

eliminated through DBA protocol. The sample data collected The detail of IoT devices is managed in the blockchain
by IoT device is shown in Figs. 11 and 12 shows the analysis instead of stored in the cloud server. Here, data security is
of data in BigQuery. achieved by using Spark enabled cloud environment which

Table 7  Sensors sivision by Type Definition Example

type of measuring device
Chemical Responds to chemical changes in its environment Gas sensor
Mechanical Responds to physical changes in its environment Microswitch
Electrical Responds to electrical changes in its environment Optical sensors

Fig. 10  Use case of DeBlock-

Sec system (IIoT)

Fig. 11  Sample data

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 781

Fig. 12  Data analysis in

BigQuery

implements a parallel SALSA20 algorithm to minimize the and proposed research works. The analysis shows that
time consumption. the majority of the research works have focused on either
In the proposed IIoT, there is no need for the devices to authentication or data security. Besides, none of these works
perform a large encryption process. This saves energy and has been achieved better user privacy. However, the Cloud-
time consumption for the IoT devices. Thus, the need for IoT environment needs to fulfill all three security concerns.
frequent device replacement is overwhelmed in this work. The proposed DeBlock-Sec system considers and achieves a
Furthermore, the IoT users are the admins of the industries better security level theoretically. Next, the proposed system
who have the authority to access the data. As the users are is analyzed experimentally.
also authenticated by the DBA protocol, the data is secure.
The proposed DeBlock-Sec system can handle big massive 5.2.1 Comparison of encryption time
data and suitable for large scale environments.
Encryption time is defined as the amount of time consumed
5.2 Comparative analysis to convert the plaintext into the ciphertext. It generally
depends upon the data size and the key size used for encryp-
This section compares the proposed DeBlock-Sec system tion. This metric is important to evaluate the efficacy of the
with prior research works in terms of performance metrics. proposed encryption algorithm.
Purpose of Block -AES: To enable user authentication In Fig. 13, the encryption time is compared between pro-
and Encryption posed and existing systems with respect to increasing data
Purpose of ABE: To provide data security size. The data size represents the size of the data generated
Purpose of Inverted Index: To enable secure search by each IoT device. The graphical analysis shows that the
Purpose of DeBlock-Sec: To design a new security sys- DeBlock-Sec system has relatively minimum time consump-
tem for resource constraint IoT tion compared to the existing works. The reason for higher
We compare the proposed DeBlock-Sec system with the time consumption in the Block-AES method is that the
existing Block-AES (Li et al. 2018), Attribute-based Encryp- typical AES algorithm has larger time consumption. Thus,
tion (Lin et al. 2018) and inverted index search (Shen et al. the encryption time is higher than the proposed algorithm.
2019). Table 8 provides a brief comparison of the existing The ABE based encryption also has encryption time that

13
782 U. Narayanan et al.

Table 8  Comparison of security Parameter Block-AES ABE Inverted Index DeBlock-Sec

properties with State of art
papers Environment Cloud-IIoT Cloud-IoT Cloud-IoT Cloud-IoT
Authentication ✓ X X ✓
User Privacy X X X ✓
Data Security ✓ ✓ X ✓
Decentralized ✓ ✓ X ✓
Management
Retrieval X X ✓
Key Exchange X X X ✓
Time Consumption ↑ ↑ ↑ ↓
✓-Achieved X-Not achieved
↑ −High; ↓ −Low

Fig. 13  Comparison of encryption time Fig. 14  Comparison of decryption time

is higher than DeBlock-Sec. The prime reason is that the original data. This metric is also significant in evaluating the
ABE algorithm has higher time consumption than AES due efficiency of the proposed encryption algorithm.
to the complexity and the system is not scalable. Thus the Figure 14 analyzes the decryption time obtained by pro-
ABE algorithm is unable to handle the large data size. Here, posed and existing research works. The analysis shows that
the proposed algorithm has encryption time, only 0.67 ms, the proposed work achieves lower decryption time. In gen-
which is much lower than existing works. As the proposed eral, the decryption process takes more time than encryption.
work uses a Spark environment for data encryption, the Further, the algorithm splits the data into multiple blocks
time consumption is reduced to a few milliseconds. Also, and decrypts in parallel. Therefore, the proposed DeBlock-
the SALSA20 algorithm is fast and also lightweight, which Sec system has a lower decryption time than other research
is suitable for the IoT environment. From this analysis, it can works. The proposed DeBlock-Sec system has decryption
be seen that the proposed DeBlock-Sec system is apt for the time as 0.2ms for the data size of 500KB while the Block-
Cloud-IoT environment. AES algorithm has 18ms and the ABE algorithm has 23ms.
This huge variation between proposed and existing works
shows that the proposed work is better than other research
5.2.2 Comparison of decryption time works and more suitable for the Cloud-IoT environment.
In Fig. 15, the average encryption and decryption time
Similar to encryption time, decryption time is defined as analysis is illustrated. The analysis shows that the existing
the time taken by the algorithm to convert ciphertext into works take a larger time for decryption than encryption. But

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 783

Fig. 15  Analysis of encryption and decryption time Fig. 16  Comparison on storage efficiency

in the proposed work, the encryption and decryption time suitable for a large-scale IoT environment for storage and
has an only small variation which makes the proposed work processing.
much better.
5.2.4 Comparison of throughput
5.2.3 Comparison on storage efficiency
Throughput is an important parameter that evaluates the
Storage efficiency is vital since it provides the efficacy of overall efficiency of the system. The throughput defines the
the proposed work to handle the huge amount of IoT data. In processing speed (authentication, encryption and retrieval)
general, IoT devices generate big data that needs to be stored of the system. In Fig. 17, the comparative analysis is pro-
and processed. This metric evaluates the ability of the pro- vided for throughput with respect to data size. Here, the data
posed work to handle the big data generated by IoT devices. size is increased each time and the existing works provide
In Fig. 16, the storage efficiency achieved by the proposed throughput with indirect proportion.
work is compared with prior research works. The compari- The throughput curve of the DeBlock-Sec has slight
son shows that the proposed work achieves storage efficiency variations in the graph. That is, the proposed system is
up to 98 % (i.e.) 98% of data is successfully processed with-
out any interruptions. Here the authentication credentials
are stored in the blockchain which is a decentralized envi-
ronment. Further, the data processing is held in the Spark
enabled cloud environment which is scalable and fast. In the
prior Block-AES algorithm, 23% of data is not processed due
to insufficient storage. Here overall analysis is performed
in the IoT device and Cloud which is not scalable. Thus,
the storage efficiency is low in this work. Besides, the ABE
algorithm has a storage efficiency of 60% which is much
lower than other research works.
The ABE algorithm needs to store all attributes for each
user, which increases the storage requirement. Thus, this
work has no storage to process the data. Similarly, the
inverted index has 58% of storage efficiency due to the large
size of the inverted index structure. In general, the inverted
index consumes more time and space which further affects
the overall efficiency. Therefore, the proposed work is
Fig. 17  Comparison on throughput

13
784 U. Narayanan et al.

not affected by any variations and suitable for any vary-

ing environment. The existing Block-AES has an aver-
age throughput of 10Mbps which is more than 50%
lower than the proposed work (The DeBlock-Sec system
has a throughput of 26.26 Mbps). Both Block-AES and
DeBlock-Sec use the blockchain for authentication. But
the Block-AES is unable to achieve better throughput
since the double SHA2 hashing algorithm’s involvement
limits the performance of blockchain. This drastically
affects the throughput. Besides, Block-AES is performed
in the cloud environment which has a lower speed. In the
ABE algorithm, the encryption process is only performed.
But this process is performed in the resource-constrained
device which affects the throughput. As the devices have
limited resources, the processing speed is reduced. Simi-
larly, the inverted index hash larger space consumption
with higher time consumption. Thus, the existing works
have lower throughput. The involvement of DBA proto- Fig. 18  Comparison on search time
col with Streebog algorithm improves the throughput in
the authentication process, SALSA20 algorithm improves
throughput in the encryption phase and DenFT improves Table 9  Numerical observations on average results
throughput in the retrieval phase. Metric Block-AES ABE Inverted Index DeBlock-Sec

Encryption time 20.28 25.35 N/A 0.245

(ms)
5.2.5 Comparison on search time
Decryption time 29.1 32.2 N/A 0.3
(ms)
Search time is related to the data retrieval phase. The
Storage efficiency 69.2 50.9 48.5 96.18
search time mainly relies on the time taken by the Cloud (%)
to retrieve the related data to the users. As the data stored Throughput 10 7.91 6.99 26.26
in the system is large, it is necessary to evaluate this metric (mbps)
to know the efficiency of the proposed system. Search time (ms) N/A N/A 16.36 0.27
In Fig. 18, the search time achieved by the proposed
work is compared with the existing work with respect
to the number of users. When the number of users is DeBlock-Sec achieves better data retrieval performance
increased, then the search time is also increased in the and the proposed DenFT outperforms with the inverted
existing work. But in the proposed DeBlock-Sec system, index method.
there are only small variations in the search time with-
out consideration of the number of users. This is because 5.2.6 Discussion on results
other work is implemented in the cloud environment while
DeBlock-Sec system works upon Spark enabled cloud In this subsection, we analyze the overall obtained results.
environment. In the Spark-enabled environment, each user The comparative analyses show that the proposed DeBlock-
request is searched in the worker node parallel. Besides, Sec system outperforms the existing research works. In this
the design of DenFT index helps in minimizing search section, we provide the average numerical values obtained
time considerably. from the experiments. Then we briefly discuss the efficiency
In the inverted index, it requires a large time to search a of the proposed work.
keyword. When the number of users is increased, it takes In Table 9, the average results are illustrated for each per-
a relatively large amount of time to retrieve the results. formance metric. The analysis confirms that the proposed
In contrast, the proposed DenFT index searches the key- DeBlock-Sec system has a better performance with respect
word in each level instead of depth. This type of search- to each metric. From this analysis, it is clear that the pro-
ing minimizes the search time up to 0.5ms even with 100 posed DeBlock-Sec is suitable for a large-scale environment
users. For the same number of users, the inverted index but has lower time consumption. The major reason for this
takes 25 ms which is large and not suitable for a practical achievement is that the proposed work is decentralized and
scenario. From this analysis, it is clear that the proposed works upon a Spark-enabled cloud environment. Further,

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 785

each phase is optimized with efficient algorithms such as This paper proposes a novel DeBlock-Sec system that is a
DBA protocol, SALSA20 algorithm, DenFT indexing and decentralized security system for the Cloud-IoT environ-
ReDH key exchange. Therefore, the proposed work ensures ment. The DeBlock-Sec ensures high-level security with
high-level security with better performance. necessary security concerns. The DeBlock-Sec system
In Table 10, the theoretical assessment of the proposed address the security concern by three main phases such as
system is illustrated. The analysis defines the efficiency authentication, encryption and retrieval. The authentica-
and the role of each proposed methodology in the proposed tion phase verifies the legitimacy of both IoT devices and
work. The proposed DeBlock-Sec not only improves effi- IoT users. For authentication, we present a novel DBA
ciency but also minimizes the complexity. The overall com- protocol that uses multiple credentials and blockchain
plexity of the proposed work is ([T(NM) + 2T(En) + 3T(S) technology to authenticate the uses and devices. Then,
+ T]) which is comparatively lower than prior research the data from authorized devices are encrypted in the
works. Here the T(NM) represents the time taken for n users Spark environment using the SALSA20 algorithm. The
and m devices authentication. T(En) defines the time for data SALSA20 algorithm which is lightweight cryptographic
encryption and T(s) defines the time for searching. In previ- algorithm relies upon the sensitivity level predicted by the
ous research works, the inverted index has logarithmic com- ScoreSen method. The encrypted data then stored in the
plexity which is relatively higher than the proposed work. Spark-enabled Cloud with an index. The index generation
Thus, the proposed work is efficient, not only performance follows a new DenFT indexing structure. In the retrieval
but also in complexity. Besides, the major processes are held phase, the user search keyword in the DenFT that enables
on the Spark environment (i.e.) the proposed work is suitable fast search. At last, the secret key exchange is secured by
for resource constraint environment. The proposed method using ReDH key exchange algorithm. Overall the proposed
is suitable for a large scale network of devices and cyber- DeBlock-Sec algorithm achieves better security levels
physical system of real-time application with constrained with better performance. The experiments are performed
resources. in a Spark environment. The use case scenario is also dis-
cussed to show the efficiency of proposed work in real-
time applications. The results show promising improve-
6 Conclusion and future work ments in encryption time (reduced to 0.13 ms), decryption
time (reduced to 0.14 ms), storage efficiency (improved
IoT devices and applications are playing a crucial role to 96%), throughput (improved to 26 Mbps), and search
in our modern life. Many real-life examples in the litera- time (reduced to 0.27 ms). The experiment results based
ture emphasize the severity of the security vulnerabilities on various metrics show that our proposed DeBlock-Sec
associated with using IoT devices. IoT-based analytics and more suitable for IIoT. Since IIoT-systems require higher
data processing have gained more extensive acceptance availability, reliability and security of information. We
nowadays, enhancing the productivity and efficiency of developed a security framework to mitigate security and
industrial infrastructures. However, existing security solu- privacy risks and be dynamic enough to adapt to changes
tions are inappropriate since they do not scale to large net- in the modern communication environment and different
works of heterogeneous devices and cyberphysical systems application deployment scenarios.
with constrained resources and real-time requirements.

Table 10  Theoretical Proposed methodology Results achieved

assessment of DeBlock-Sec
system DBA protocol Prevents unauthorized user and device access
Provides decentralized environment for authentication
Achieves high security level by using multiple credentials
SALSA20 algorithm Finds the data sensitivity level by ScoreSen method
Minimizes time consumption even for large amount of data
Provides better data security upon the data sensitivity level
DenFT index Enables user search over the Cloud-IoT
Scalable and efficient search for user keyword
Minimizes search time considerably
ReDH Key exchange Secure the secret key that is exchanged between users
Protects the key from attackers
Increases the security level

13
786 U. Narayanan et al.

The research work and results are believed to be very Cui H et al (2018) Achieving scalable access control over encrypted
attractive as a base for further research in this direction of data for edge computing networks. IEEE Access 6:30049–30059.
https​://doi.org/10.1109/ACCES​S.2018.28443​73
securing data in Cloud-IoT. In the future, we intend to pro- El-Hajj M et al (2017) Analysis of authentication techniques in Internet
pose a task scheduling procedure for legitimate IoT users of Things (IoT), vol 2017, pp 1–3. https:​ //doi.org/10.1109/CSNET​
and devices to improve overall efficiency. Further, we also .2017.82420​06
have planned to implement an intrusion detection system Elhoseny M et al (2018) A hybrid model of internet of things and
cloud computing to manage big data in health services appli-
(IDS) to detect specific attack which has a significant need cations. In: Future generation computer systems. https​://doi.
in a Cloud-IoT environment. org/10.1016/j.futur​e.2018.03.005. ISSN: 0167-739X
Farooqi N, Gutub A, Khozium MO (2019) Smart community chal-
Acknowledgements I respect and thank Prof. Dr. Varghese Paul, for lenges: enabling IoT/M2M technology case study. Life Sci J
providing me an opportunity to do the project work in CUSAT and giv- 16(7):11–17. https​://doi.org/10.7537/marsl​sj160​719.03
ing me all support and guidance which made me complete the project. Fu JS et al (2018) Secure data storage and searching for industrial
I am extremely thankful for providing such nice support and guidance, IoT by integrating fog computing and cloud computing. IEEE
although he had a busy schedule. Trans Ind Inf 14(10):4519–4528. https​: //doi.org/10.1109/
TII.2018.27933​50
Guan Z et al (2017) Achieving efficient and secure data acquisi-
Compliance with ethical standards tion for cloud-supported internet of things in smart grid. IEEE
Internet Things J 4(6):1934–1944. https​: //doi.org/10.1109/
Conflict of interest The authors declare that they have no conflict of JIOT.2017.26905​22
interest. Gupta S, Goyal A, Bharat B (2012) Information hiding using least
significant bit steganography and cryptography. Int J Mod
Educ Comput Sci 4(6):27–34. https​: //doi.org/10.5815/ijmec​
s.2012.06.04
References Gutub A, Al-Ghamdi M (2020) Hiding shares by multimedia image
steganography for optimized counting-based secret sharing.
Al-Ghamdi M, Al-Ghamdi M, Gutub A (2019) Security enhancement Multimedia Tools Appl 79(11–12):7951–7985. https​: //doi.
of shares generation process for multimedia counting- based org/10.1007/s1104​2-019-08427​-x
secret-sharing technique. Multimedia Tools Appl 78(12):16283– Gutub A, Al-Juaid N, Khan E (2017) Counting-based secret sharing
16310. https​://doi.org/10.1007/s1104​2-018-6977-2 technique for multimedia applications. Multimedia Tools Appl
Alaba FAA et al (2017) Internet of Things security: a survey. J 78(5):5591–5619. https​://doi.org/10.1007/s1104​2-017-5293-6
Netw Comput Appl 88(April):10–28. https​://doi.org/10.1016/j. Gutub A, Al-Shaarani F (2020) Efficient implementation of multi-
jnca.2017.04.002 image secret hiding based on LSB and DWT steganography
Alassaf N, Alkazemi B, Gutub A (2017) Applicable light-weight cryp- comparisons. Arab J Sci Eng 45(4):2631–2644. https​: //doi.
tography to secure medical data in IOT systems. J Res Eng Appl org/10.1007/s1336​9-020-04413​-w
Sci 2(2):50–58. https​://doi.org/10.46565​/jreas​.2017.v02i0​2.002 Hao J et al (2019) Fine-grained data access control with attribute-
Alassaf N, Gutub A (2019) Simulating light weight cryptography hiding policy for cloud-based IoT. Comput Netw 153:1–10.
implementation for IoT healthcare data security applications. Int https​://doi.org/10.1016/j.comne​t.2019.02.008
J E-Health Med Commun 10(4):1–15. https​://doi.org/10.4018/ Hassan WH, binti Mohamad Noor M (2019) Current research on
IJEHM​C.20191​00101​ Internet of Things (IoT) security: a survey. Comput Netw
AlKhodaidi T, Gutub A (2020) Trustworthy target key alteration help- 148:283–294. https​://doi.org/10.1016/j.comne​t.2018.11.025
ing counting-based secret sharing applicability. Arab J Sci Eng Ito M et al (1989) Secret sharing scheme realizing general access
45(4):3403–3423. https​://doi.org/10.22266​/ijies​2019.1031.07 structure. Electron Commun Jpn 72(9):56–64. https​: //doi.
Almazrooie M et al (2020) Integrity verification for digital Holy Quran org/10.1002/ecjc.44307​20906​
verses using cryptographic hash function and compression. J King Jerker D (2017) Local cloud internet of things automation: technol-
Saud Univ Comput Inf Sci 32(1):24–34. https:​ //doi.org/10.1016/j. ogy and business model features of distributed internet of things
jksuc​i.2018.02.006 automation solutions. IEEE Ind Electron Mag 11(4):8–21. https​
Alotaibi M et al (2019) Secure mobile computing authentication uti- ://doi.org/10.1109/MIE.2017.27593​42
lizing hash, cryptography and steganography combination. J Inf Kshetri N (2017) Can blockchain strengthen the internet of
Secur Cybercrim Res 10(26735/16587790):001 things? IEEE IT Profess 19(4):68–72. https​://doi.org/10.1109/
An X et al (2016) Efficient privacy preserving predicate encryption MITP.2017.30513​35
with fine-grained searchable capability for Cloud storage. Com- Leloglu E (2017) A review of security concerns in internet of things.
put Electr Eng 56:871–883. https​://doi.org/10.1016/j.compe​lecen​ J Comput Commun 05(01):121–136. https​://doi.org/10.4236/
g.2016.05.012 jcc.2017.51010​
Banerjee S et al (2019) A provably-secure and lightweight anonymous Li J et al (2018) Secure attribute-based data sharing for resource-
user authenticated session key exchange scheme for internet of limited users in cloud computing. Comput Secur 72:1–12. https​
things deployment. IEEE Internet Things J 6(5):8739–8752. https​ ://doi.org/10.1016/j.cose.2017.08.007
://doi.org/10.1109/JIOT.2019.29233​73 Lin C et al (2018) BSeIn: a blockchain-based secure mutual authen-
Beimel A (2011) Secret-sharing schemes: a survey, pp 11–46. https​:// tication with fi ne-grained access control system for indus-
doi.org/10.1007/978-3-642-20901​-7_2 try 4.0. J Netw Comput Appl 116(March):42–52. https​://doi.
Blakley GR (1979) Safeguarding cryptographic keys, pp 313–317. org/10.1016/j.jnca.2018.05.005
https​://doi.org/10.1109/AFIPS​.1979.98. http://www.compu​terhi​ Long J et al (2019) Lightweight distributed attribute based keyword
story​.org search system for internet of things, vol 11637. Springer, Berlin,
pp 253–264. https​://doi.org/10.1007/978-3-030-24900​-7. ISBN:
9783030249007

13
Decentralized blockchain based authentication for secure data sharing in Cloud‑IoT 787

Maitra T et al (2019) ElGamal cryptosystem-based secure authen- Shen M, Ma B, Zhu L (2019) Secure phrase search for intelligent
tication system for cloud-based IoT applications. IET Netw processing of encrypted data in cloud-based IoT. IEEE Internet
8(5):289–298. https​://doi.org/10.1049/iet-net.2019.0004 Things J 6(2):1998–2008
Manogaran G, Thota C, Lopez D (2017) Big data security intel- Singh A, Chatterjee K (2017) Cloud security issues and challenges: a
ligence for healthcare industry 4.0. Cybersecurity for Industry survey. J Netw Comput Appl 79:88–115. https:​ //doi.org/10.1016/j.
4.0. Springer, Berlin, pp 103–126. https​://doi.org/10.1007/978- jnca.2016.11.027
3-319-50660​-9. ISBN: 9783319506609 Stoyanova V, Tasheva Z (2015) Research of the characteristics of a
Meshram C et al (2019) An identity-based encryption technique steganography algorithm based on lsb method of embedding
using subtree for fuzzy user data sharing under cloud computing information in images, pp 56–59. ISBN: 5794718862. https​://
en- vironment. Soft Comput 23(24):13127–13138. https​://doi. www.resea​rchga​te.net/publi​catio​n/29775​8970
org/10.1007/s0050​0-019-03855​-1 Tawalbeh LA, Tawalbeh H (2017) Lightweight crypto and security.
Narayanan U, Varghese P, Shelbi J (2017) Different analytical tech- In: Security and privacy in cyber-physical systems, pp 243– 261.
niques for big data analysis: a review, pp 372–382. ISBN: https​://doi.org/10.1002/97811​19226​079.ch12
9781538618875 Unnikrishnan A, Uma N, Shelbi J (2017) Performance analysis of
Narayanan U, Varghese P, Shelbi J (2020a) A light weight encryp- various supervised algorithms on big data, pp 2293–2298. ISBN:
tion over big data in information stockpiling on cloud. Indones J 9781538618875
Electr Eng Comput Sci 17(1):389–397 https​://doi.org/10.11591​/ Varghese B (2018) Next generation cloud computing: new
ijeec​s.v17.i1.pp389​-397 trends and research directions. Future Gen Comput Syst
Narayanan U, Varghese P, Shelbi J (2020b) A novel system architecture 79(February):849–861
for secure authentication and data sharing in cloud enabled Big Wang F et al (2018) LAMANCO: a lightweight anonymous mutual
Data Environment. J King Saud Univ Comput Inf Sci. https​://doi. authentication scheme for n-times computing offloading in
org/10.1016/j.jksuc​i.2020.05.005 IoT. In: IEEE Internet of Things Journal PP(c), 1. 10.1109/
Narayanan U et al (2017) A survey on various supervised classification JIOT.2018.2888636
algorithms, pp 2118–2124. ISBN: 9781538618875 Wang W, Peng X, Yang LT (2018) Secure data collection, storage,
Ray PP (2018) A survey on Internet of Things architectures. J and access in cloud-assisted Iot. IEEE Cloud Comput 5(4):77–88.
King Saud Univ Comput Inf Sci 30(3):291–319. https​://doi. https​://doi.org/10.1109/MCC.2018.11112​2026
org/10.1016/j.jksuc​i.2016.10.003 Yang C et al (2017) Big Data and cloud computing: innovation oppor-
Reyna A et al (2018) On blockchain and its integration with IoT. Chal- tunities and challenges. Int J Digital Earth 10(1):13–53. https​://
lenges and opportunities. Future Gen Comput Syst 88:173–190. doi.org/10.1080/17538​947.2016.12397​71
https​://doi.org/10.1016/j.futur​e.2018.05.046 Zhou L et al (2019) Lightweight IoT-based authentication scheme in
Ronen E et al (2017) IoT goes nuclear: creating a zigbee chain reaction, cloud computing circumstance. Future Gen Comput Syst. https​://
pp 195–212. https​://doi.org/10.1109/SP.2017.14 doi.org/10.1016/j.futur​e.2018.08.038
Sahu AK, Swain G (2019) Dual stego-imaging based reversible data Zhu H et al (2018) Efficient and privacy-preserving online fingerprint
hiding using improved LSB matching. Int J Intell Eng Syst authentication scheme over outsourced data. IEEE Trans Cloud
12(5):63–73 https​://doi.org/10.22266​/ijies​2019.1031.07 Comput 6(1):1–11. https​://doi.org/10.1109/TCC.2018.28664​05
Sethi P, Sarangi SR (2017) Internet of Things: architectures, proto- Zhu H et al (2019) A secure and efficient data integrity verification
cols, and applications. J Electr Comput Eng 2017:1–26. https​:// scheme for cloud-IoT based on short signature. IEEE Access
doi.org/10.1155/2017/93240​35 7:90036–90044. https​://doi.org/10.1109/ACCES​S.2019.29244​86
Shamir A (1979) How to share a secret. In: Communication of ACM,
pp 612–613. https​://doi.org/10.1145/35916​8.35917​6 Publisher’s Note Springer Nature remains neutral with regard to
Sharma G, Kalra S (2018) A lightweight multi-factor secure smart card jurisdictional claims in published maps and institutional affiliations.
based re- mote user authentication scheme for cloud-IoT appli-
cations. J Inf Secur Appl 42:95–106. https​://doi.org/10.1016/j.
jisa.2018.08.003

13