How to achieve fine-grained Privacy in Blockchain?

This short blog describes how to use the state-of-the-art attribute-based encryption to achieve fine-grained privacy in the blockchain. To the best of my knowledge, this is the first attempt to merge the attribute-based encryption with blockchain technology to achieve fine-grained privacy of transactions data

Motivation

The key features of blockchain technology are distributed structure, independent verification, and immutability. It is the backbone technology for bitcoins. In bitcoin networks, even though the identities of the end-users are anonymised, anyone could be able to see the transaction data. This is a problem, in terms of privacy, when the blockchain technology applied in other domains.

Now blockchain has been used in several applications such as tracking diamonds, renting bikes (or anything related to IoT), renting spare rooms, selling wines or tracking antiques or vintage cars and much more. These applications use "tokenization" techniques to link the physical objects in digital domains. Hence if someone likes to buy something on the blockchain, the buyer can see the history of the items (or provenance of the items) - a great solution to avoid "fake-goods".

When we link physical objects in digital domains, anonymising the identities of users might be infeasible. If someone is renting a house or cycle through the blockchain, people must know the location hence the identity of the owners (directly or indirectly). It may also possible for someone to "copy" or "steal" the history of a product from blockchain.

Hence it is more appropriate to develop a privacy-preserving solution to protect the transactions data. It is possible to enforce fine-grain access control to the transaction data. Attribute-based encryption can be exploited to serve for this solution. For the first time, we linked the state-of-the-art attribute-based encryption with the blockchain in one of our recent paper accepted in IEEE ANTS conference [Privacy-preserving Blockchain based IoT Ecosystem using Attribute-based Encryption].

Case study: How to use this in IoT healthcare domain?

Let me describe a hierarchical IoT network model with a cluster head for a given set of IoT sensors. The cluster head is assumed to be more powerful than IoT devices and performs computationally intensive operations such as data processing and encryption. The data recorded by IoT devices are transmitted to the cluster head for processing and transmission.

As shown in this picture, there are a number of blockchain miners who verify transactions and contribute to the blockchain. These miners could be service providers or even cluster heads.

In order to enable attribute-based encryption (ABE), there will be a number of attribute authorities (AAs) part of this network. Let us briefly define the concept of ABE and how it will be used for blockchain in the next subsection followed by the blockchain transaction architecture.

What is attribute-based encryption?

ABE supports both confidentiality and access control via single encryption. There are four parties involved in ABE, namely cluster head (data owners), blockchain miners, attribute authorities (AA) and distributed ledger (or blockchain with blocks of transactions). The cluster head aggregates or processes the data from sensors and encrypts them before the transaction. The cluster head encrypts the data in such a way that the transactions can be seen and verified by particular miners who have the right attributes.

In healthcare scenarios, for example, the cluster head may define a miner policy such as ``DOCTORS" or ``NURSES" to its encryption. Hence the miner who has ``DOCTORS'' attribute or ``NURSES'' attribute can decrypt and verify the transactions. Moreover, once these transactions are appended on the blockchain (i.e., distributed ledger system), only users who have this '' DOCTOR'' or ``NURSES'' attribute can be able to use the data. This will allow the data owner to control the data privacy through fine-grained access control.

The new blockchain model

Let us consider healthcare applications where patients use various medical IoT devices to measure health parameters such as weight, heart rate, blood pressure, sugar level etc using various sensors in the devices. Doctors will decide on the types of sensors, and how frequent the readings must be taken and uploaded. The patients' smartphone or home router or both could act as a cluster head.

During the registration process, the cluster head receives a unique identification number. The cluster head exploits public-key cryptography to generate a private and public key pair. The public key will be given to the hospital server where it is stored against the unique identifier. This information (patients unique identifier, public key and types of sensors) can be retrieved by miners and users of the blockchain in the future. The unique identifier (ID) cannot be used by miners or users to identify the patient's privacy-sensitive information such as name, address, etc.

Once the initial setup is completed, the cluster head collects the sensor data and generates a transaction to distribute to the peers for validation.

As shown in this picture, there will be a number of entries in each transaction. The transaction data starts with unique ID, date and time, and sequence number. These are purely used for identification and administrative purposes. Then application types will be appended. The application types i.e., diabetic, cholesterol can be used for easy identification. If the data will be used for research purposes in future, the application type will enable researchers to aggregate the correct type of data. 

Then based on the application type, the cluster head will decide on the attributes for encryption. In this health care case, the cluster head will choose attributes such as doctors, nurses, hospitals, locations etc and build an access structure. The example shown in the above picture has an access structure where miners or users who have obtained credentials for doctors or nurses from the AAs can decrypt, verify and use the data in this transaction.

Once the access structure is decided, the cluster head will apply ABE to encrypt the sensor data and append the ciphertext in the transaction. Then the hash value of the transaction data will be signed by the private key of the cluster head to generate a digital signature. The generated digital signature will also be appended to the transaction data. Finally, this transaction data will be announced to the blockchain network by the cluster head. The following subsection describes the verification step.

Transaction verification

The miners who are connected directly with the cluster head obtain this transaction data. Then these miners will spread the transaction data to other miners for verification. Eventually, all the miners in the blockchain network will receive the transaction data. 

Each miner will check if s/he has right attributes to verify the transaction. S/he will not proceed if s/he does not have the right attributes. Otherwise, s/he will retrieve the public key and sensor types' details corresponding to the ID from the hospital server or from the initial block of the blockchain. 

S/he will then use his/her credentials obtained from the AAs for the given attributes to decrypt the encrypted sensor data. Then the miner will cross check if the types of sensors used in the transaction are matching with the sensor types obtained from the hospital server. Then s/he will check if the data value for each sensor is within the predefined range. For example, blood pressure value must be between 0mmHg and 300mmHg. This will avoid out-of-range values.

If there is new sensor information or the range of a given sensor data is out of range, the transaction data will be rejected by the miner. This news will be spread across the blockchain network. If the transaction is verified by most of the miners who have right credentials for the attributes then this transaction data will be passed and queued in the pending block. 

Mining and adding new block to the blockchain

Similar to the blockchain model used in cryptocurrencies, mining of new blocks in this IoT scenario will also be done periodically. For example, every ten minutes a new block will be mined and appended to the existing blockchain. 

All the verified transaction data in the pending block will be used by any miners. for mining a new block i.e., mining a new block is not restricted by attributes. As per blockchain principles, miners will try to find a new hash value for the pending transaction data subject to restrictions e.g. the hash value must contain 50 leading zeros. 

The restriction will be increased periodically based on the increment of computing power used by the miners in the network. For example, if the blockchain is updated every 10 minutes and the new hash value for the current block is obtained by miners in five minutes then it means the computing power of miners have doubled. Hence the restriction for generating new hash value will be increased to match the computing power.

Reward system for miners

Blockchain-based on cryptocurrency models offer crypto coins to the successful miner who gets the new hash value for the pending transactions. When it comes to IoT ecosystems, the miners must be rewarded to make this model sustainable. In the big data world, data is more valuable and various service providers and research organisations rely on accurate data to provide efficient services. The miners can be rewarded with tokens to access the data in the future. 

Conclusions

This blog proposes a novel blockchain architecture to preserve the privacy of transaction data using the attribute-based encryption technique. This is the first approach that combines the state-of-the-art encryption technique with the blockchain technology. The simplicity and fine-grained nature of attribute-based encryption controls who can see and use the transaction data. The proposed model slightly changed the blockchain protocol procedure to adopt the attribute-based encryption technique without jeopardising the fundamental security properties of blockchains. In our paper, we analysed the security and privacy of the proposed model and developed strategies to mitigate some known attacks. We also numerically evaluated and shown that the blockchain-powered IoT can benefit from attribute-based encryption in terms of achieving privacy for minimal computational overhead.

Thank you for reading this blog. If you are researching in this domain, please consider citing out paper [Yogachandran Rahulamathavan, Raphael C,-W Phan, Muttukrishnan Rajarajan, and Sudip Misra, Privacy-preserving Blockchain based IoT Ecosystem using Attribute-based Encryption, IEEE International Conference on Advanced Networks and Telecommunications Systems, 17-20 December 2017 – C. V. Raman College of Engineering, Bhubaneswar, Odisha, India]

Please feel free to share this blog with your network.

Thank you,

Dr Yogachandran Rahulamathavan, PhD(UK), BEng(Hons), MIEEE, MIET, PGCAP (1st Year), Lecturer in Cyber Security and Privacy, Institute for Digital Technologies, Loughborough University London, 3 Lesney Avenue, The Broadcast Centre, Queen Elizabeth Olympic Park, London E15 2GZ