Abstract
The massive amounts of data produced and gathered by smart devices through the internet support a wide range of applications, considerably improving our daily lives. Data sharing among smart devices must be safeguarded due to the sensitivity of the data involved in the transmission. The Internet of Things (IoT) environment must be protected from unauthorised access due to a variety of variables, including its attractiveness to cybercriminals, previous successful cyber-attacks, and consumers’ perceptions of security and reliability. Blockchain technology appears to be one promising technology that appears to address these security challenges extremely effectively. However, given the volume and rate at which smart devices generate data, Blockchain appears to be inefficient for storing it. The pace of data collection in the IoT context and the speed of transaction confirmation in the Blockchain network are the two key elements behind this. We connect the Blockchain and the Inter-Planetary File System (IPFS) in this study to permit data recording on a distributed storage and a mechanism to restrict access to recorded data to authorised organisations only. Over the Blockchain network, the access policy definition for safe data sharing and cryptographic hash content is stored. The real IoT-generated data, on the other hand, is collected via a distributed storage network, which improves availability and security. The proposed scheme’s analysis and performance evaluation show that it is secure and feasible. Furthermore, simulations are undertaken to assess the operating costs of smart contracts and to test the efficacy and viability of the suggested architecture.
Introduction
The growth of technologies like Artificial Intelligence (AI), Big data, and cloud-based computation has enabled a huge amount of data generated through conventional or mobile equipment. However, the majority of Internet of Things (IoT) systems rely on a central storage scheme which is not as efficient from an IoT perspective and has its limitations. A few of the primary limitations of such systems are censorship of the data recorded at the central server; in addition to this their reliability and trustworthiness are questionable as they are prone to record tampering and hacking [1]. Blockchain offers a secure, distributed, and almost tamper-proof technology for data management in any environment. However, in the context of IoT, not much efficiency and scalability are witnessed, due to the pace of data generation in the IoT environment and the pace of transaction validation in Blockchain networks [2, 3]. When smart devices connect with the IoT network in great numbers, a huge volume of real-time data is produced as a result of their communication. Moreover, considering the available consensus protocols, the pace of block creation, and the pace of transaction validation in Blockchain, it seems very difficult to match the pace of data creation in the IoT environment.
The Interplanetary File System (IPFS) is a peer to peer distributed file system that relies on content-based retrieval of records and employs the concepts of cryptographic hash which are similar to uniform resource locator (URL) on the web. The IPFS is also termed a version-controlled structure, as all the past versions of a file that got changed over sometime are recorded on the IPFS. The existing storage models and sharing systems are confronted with safety, scalability, and reliability concerns which are ensured by the IPFS. In the IPFS, identical files are having identical hash which ensures originality and eliminates redundancy [4, 5]. To make sure the consistency of recorded data among the peer nodes of the distributed storage system, the cryptographic hash is distributed among all the peers. Moreover, the content-based addressing scheme enabled through IPFS results in high throughput. This paper proposes a solution to eradicate the limitations of both centralized storage systems and Blockchain storage systems and in addition to this, the incorporation of Blockchain and IPFS make sure that the reliability and availability of data are achieved.
In this work, we connect the Blockchain and Inter-Planetary File System (IPFS) to facilitate data recordings on a distributed storage and a mechanism to query those recorded data. Initially, we presented Blockchain-enabled and IPFS-based data storage architecture. The proposed architecture enforces the automatic encapsulation and parsing of sensor-generated data (images, text, and video). Subsequently, the cryptographic hash of these data is recorded onto the Blockchain and actual data is uploaded onto the IPFS.
Objective, Motivation, and Major Contributions
The prime concern in the central data storage model is that the moment data is recorded on the server, data owners almost lose ownership of their data and resulting in a privacy breach. Additionally, the central storage system may resulting single point of failure. To address such issues, in this paper, we integrated Blockchain technology with Inter Planetary File System (IPFS) and presented an architecture for managing & sharing healthcare data. Blockchain-based applications attain consensus on instruction execution or transaction through the smart contract. A system comprises diverse nodes that run the smart contracts, store Blockchain, and process all the transactions. Subsequently, this leads to many concerns while operating with huge data files, and the prime concerns among them are the replication of data on the nodes, the expensive mining process, and the inefficiency of recording huge files on the Blockchain [6, 7].
The restrictions imposed on the size of each block necessitate the decomposition of files and their congregation off-Blockchain. Additionally, information about the congregation of files is also needed to be recorded which sometimes requires significant space [8]. However, the management and access of this additional data can be done by exploiting smart contracts but transmitting and recording huge files through smart contract enforces its execution at every node which in turn incurs more gas costs. Moreover, another repercussion of storing large files on the Blockchain is that working with miner nodes incurs more costs. Large file results in high data require to be broadcasted, handled, processed, and recorded by the node, which in turn necessitates high bandwidth and additional storage for the Blockchain [9, 10]. The above observations settle that Blockchain is not the appropriate platform to share as well as to store huge data files. Providentially, file-sharing frameworks can incorporate Blockchain along with IPFS to make benefit from Blockchain technology and can keep their file sizes small enough for efficient processing and scalability.
Like public Blockchain, data recorded on IPFS can management be queried and accessed by any entity connected to IPFS which in turn creates a significant issue for applications based on Blockchain and having huge files containing delicate or private information [11]. Therefore, a Blockchain and IPFS-based framework are required which is capable to offer access to an authorized entity only. All the access policies are defined and deployed on the Blockchain. Moreover, all data storage and/or data access request to the IPFS is required to be evaluated first before providing the requested service. The IPFS then interacts with the smart contract to enforce the required policy evaluation. Subsequently, based on the result of the evaluated policy, either request is granted or denied by the IPFS. This framework must let user list their new files on the IPFS, and allow and withdraw predefined access policies by creating and transmitting transactions through the smart contract. The interaction between the IPFS node and smart contract lets the former depend later for the access policy evaluation and enforcement. The significant contributions of this article are as follows: A Blockchain-powered, IPFS-based resource access management framework is presented for secure resource sharing in the healthcare domain. IPFS-based data storage model offers high availability of uncensored data. This scheme facilitates two-phase authorization for data access- static authorization (based on predefined access policies) and dynamic authorization (based on resource access behaviour)
Scope and Organization of the Study
In this work, we have simulated a solution to record data on the decentralized storage to prevent censorship of the data & single point of failure and attain better availability of data as well as services. The proposed architecture is supported by Blockchain to achieve confidentiality and integrity of data. Therefore, the basic information security model: CIA Triad (Confidentiality, Integrity, and Availability) [12, 13] is effectively accomplished. However, our proposal is restricted to a single Blockchain platform while in a practical scenario a system might compose of hybrid Blockchain platforms. Additionally, interoperability between different Blockchain platforms requires to be addressed. The remaining part of the paper is organized as follows: Section 1 discusses the introduction part of the paper. The literature work in the domain is discussed in section 2. The preliminaries studies and background details are covered in section 3. Section 4 introduces system model and & design part. Section 5 comprises of simulation result analysis and discussion. Finally, conclusion and future scope is discussed in section 6. Moreover, Table 1 includes the abbreviations of the all acronyms used throughout the article.
Abbreviation description
Abbreviation description
This segment analyses literature work that leverages Blockchain-powered and IPFS-based data storage techniques and access control mechanisms. Moreover, Blockchain-based systems with an emphasis on privacy concerns are also analysed.
The emergence and adoption of Blockchain technology as an influential tool for offering tamper-proof data in the domain of data security has significant dominance as well as development space. Additionally, healthcare sector data poses a different necessity for data security and privacy. To avail the benefits associated with Blockchain technology, several researchers in the healthcare sector have already started incorporating it. Healthcare data recording, data sharing, payment, privacy safeguarding, and drug anti-forging are the few applications where Blockchain has been significantly effective. Balamurugan et al. [14] offer token-based authentication and access control mechanisms for the IoT environment. The proposed platform facilitates resource sharing among smart devices having a valid token, which is approved by the data providers. However, in this scheme, in addition, to a large number of data consumers, the load at data providers increases significantly and lowers the performance of the model. Additionally, this model does not employ compact tokens and on top of this, there is no support for either dual authentication or access control scalability. Sun et al. [15] presented a data-sharing platform for the IoT environment. The proposed framework enjoys greater execution efficiency as resource sharing among smart devices is enabled through a third-party service organization. However, the creation and maintenance of data sharing incur more costs and are susceptible to multiple attacks by unauthorized entities. This platform does not address data tampering or data leakage issues.
Ge et al. [16] presented a Blockchain-based lightweight and secure data-sharing platform for the IoT environment. However, on deploying this model in a particular industry, it is noted that this framework is neither capable to handle concurrency nor offer privacy protection to the shared data significantly. Xue et al. [17] proposed a Blockchain-powered medical data-sharing mechanism with an enhanced consensus protocol. The refined consensus protocol addresses the problem of examining, recording, and syncing healthcare data among various healthcare organizations. However, this scheme imposes significant data storage overhead. Liang et al. [18] introduced hyperledger fabric-based information-sharing scheme applicable to power networks. The authentication and network consensus are done by the power node, added dynamically through a different kind of transaction. Multiple trading centres exploit data consensus mechanisms for data storage resulting in ease of supervision and incurring a low cost of management. However, as of now, it applies to small-scale applications.
Xu et al. [19] presented ABE(Attribute-based Encryption) technology-based hierarchical attribute-based encryption (HABE) algorithm by introducing many hierarchical authorization centres. This scheme also provides a smart contract-enabled access control mechanism for systems with huge data and enormous users. The two smart contracts employ to minimize decryption costs and offer secure access to shared data are the decryption contract and validation contract respectively. The Decryption contract aims to enhance the user’s decryption performance by carrying out fractional encryption on the cipher text. The Validation contract analyses users ’ access rights and ensures only valid users with appropriate attributes are having the privilege to access shared information. Al Breiki et al. [20] presented a Blockchain-based decentralized and scalable solution for access control and data management in the IoT environment. The author utilizes the features of multiple oracles that act as an interface between IoT, Blockchain, and users to offer interoperability among the participating entities. The proposed mechanism employs multiple smart contracts: access control contract, reputation contract, and aggregator contract. The access contract forwards the access query to the aggregator contract that passes this query to a set of oracles. The trusted oracles fetch required data and based on their reputation score aggregator collects the desired data. The reputation score is computed by the reputation contract and it also creates an access token for the users. However, this mechanism retrieves data that is not used completely at a time. Moreover, multiple oracles lead to higher costs and higher latency.
Battah et al. [21] proposed a Blockchain-based authorization mechanism to access IPFS-encrypted data. In this work, the data owner (DO) employs a symmetric key method to encrypt its data and send it to the IPFS with another encrypted key. Eventually, do use the private key and public key of the data requestor (DR) to generate a re-encryption key. On receiving an access request from DR, the smart contract verifies the request and issues an access token if validation is successful. Additionally, for the validation of access query multi-party authorization is employed. After receiving encrypted IPFS data, DR first decrypts the key with its private key and then decrypts the desired data with recently decrypted eventually. However, several cycles of encryption and decryption incur a higher cost of data sharing. Sun et al. [22] proposed a Blockchain and IPFS-based storage and access control scheme for insurance data. The client on registering themselves with an insurance agency receives a pair of public and private keys and their insurance is recorded on the IPFS and the corresponding cryptographic hash is uploaded on the Blockchain. While claiming for the insurance, this model verifies the claim as well as the client and returns a token encompassing the cryptographic hash. Subsequently, the insurance record is downloaded by the client through hash value forwarded towards the encrypted insurance record to the fog node for decryption.
Marangappanavar et al. [23] envisaged a Blockchain-powered and IPFS-based four-layer framework for decentralized storage and access control namely: user-layer, query layer, data control-layer, and storage-layer. This framework was proposed for the healthcare domain. The user-layer deals with the storage and access of data and comprises patients, doctors, and medical-claim agencies. The query layer acts as an interface for the participating entities and is responsible for retrieving, recording, sharing, and answering queries. Once a user has registered him/her into the system, the query-layer delivers a private key and address to the user. The data control layer performs some computation and keeps track of actions performed on the data. Additionally, it ensures that data is not accessed without the consent of the corresponding patient. The storage layer is accountable for recording the data on the IPFS and its hash on the Blockchain. The access policies are enforced through the smart contract. However, the key limitation of this framework is scalability as it is meant for a single hospital.
Shuaib et al. [24] presented a Blockchain-based framework for sharing medical records on decentralized storage independent of third-party intermediaries. The medical records are primarily in the form of medical images which are first encrypted and subsequently their cryptographic hash is recorded on the decentralized storage media, making the entire storage model more secure and free from central storage issues such as single point of failure and censorship of data. Zaabar et. al. [25] presented a Blockchain-based solution to address security issues primarily cyber threats. The proposed system is developed on top of Hyperledger Fabric and IPFS enables remote patient monitoring and offers off-chain storage of encrypted health data over IPFS. The simulation and testing were done using Hyperledger Caliper for evaluating its usefulness for throughput and latency. Azbeg et al. [26] presented a Blockchain and IPFS-based healthcare system (BlockMedCare) for managing chronic diseases such as diabetes. In this proposal, patients are equipped with IoT-enabled wearable devices through which the system collects and share their data with concerned medical teams. All the related entities such as doctors, hospitals, and diagnostic centres connect with patients through a Blockchain network to access patients’ health data which is recorded on IPFS in encrypted form. Further, the notable work in the literature including [33–35] is also analysed against various security parameters and technology as depicted in Table 2.
Comparative analysis of state-of-the-art techniques
Comparative analysis of state-of-the-art techniques
Previous work in the literature has certain limitations such as dependency on conventional central storage schemes, scalability issues of the system, and IoT devices being part of the Blockchain network resulting in high communicational and computational overhead. To fill the gap analyzed in the literature, we proposed a Blockchain-powered and IPFS-based architecture that enables the IoT-generated data to be recorded on distributed storage, and their corresponding hash is stored on the Blockchain. The proposed model employs static and dynamic, a two-phase authorization scheme to match the dynamic nature of the IoT system.
This section covers a few fundamental concepts related to the proposed work in the context of a secure healthcare data-sharing model. Further subsections present key terminologies such as IPFS, Blockchain, and Hyperledger Fabric which are integral concepts in the proposed work.
Inter Planetary File System (IPFS)
The IPFS is a P2P hypermedia protocol and distributed file system linking several computation systems [27]. The design objective of this protocol is to store versioned records on decentralized media. The nodes of IPFS are allocated a node id, which is derived by hashing their public key. The conventional storage scheme offers location-based addressing whereas IPFS facilitates content-based addressing. Each node of IPFS stores objects containing data files and keeps a distributed hash table (DHT) which is used to locate other peer nodes in the network. Every file recorded on the IPFS has a cryptographic hash through which actual content is located in the network. IPFS is an appropriate storage model for version control, as making a minor change in the existing file, creates a different content hash. In this storage scheme, every file to be uploaded is decomposed into smaller chunks, having data and links. It has an advantage over traditional cloud storage as every data is distributed over multiple nodes and the notion of centralized storage is eliminated which makes the entire system not vulnerable to the single point of failure.
Blockchain
A Blockchain network contains several interconnected nodes that maintain distributed ledger [28]. The distributed ledger comprises a chain of blocks connected with the previous block and the first block within the Blockchain is called the genesis block. Moreover, every block stores the hash of the previous block and timestamp in addition to the data. The entire connected node possesses a copy of the ledger and is capable to verify the transaction within it. Blockchain is most suited when several entities are required to share and exchange values or information even without trusting each other. Blockchain has emerged as an influential tool for offering tamper-proof data in the domain of data security and enjoys a significant dominance as well as development space.
Hyperledger Fabric
Hyperledger Fabric is the first Blockchain platform supporting the implementation of distributed applications inscribed in a general programming language. Fabric architecture is based on an execute-order-validate model and splits the flow of transactions into three phases which might execute on different entities within the network [29]. Each program of fabric executes within docker containers which provide an environment where the resources and the programs are completely separated. Fabric employs Kafka for its ordering mechanism which in turn uses the zookeeper consensus algorithm resulting in quicker consensus even in case of extensive applications. A few key terminologies of Hyperledger fabric are described in Table 3.
Key terminology
Key terminology
This section comprises many sub-sections each covering some aspects of the system model and design part. Firstly the data management model is discussed followed by the policy model of the proposed architecture. Subsequently, we covered architecture design and then system interaction and workflow. Eventually, all three types of smart contract and their interconnection is discussed in the smart contract layer.
Data Management Model
This section elaborates on how IoT data is segmented into different classes, uploaded onto the decentralized storage, managed, and eventually consumed by authorized entities within the IoT ecosystem. The entire IoT-generated data is managed through a tree-like structure having distinct sub-root for different classes of data resources such as picture, video, and text files. The data file among the remaining class of resources is relatively quite small in size and thus required to be accumulated within the block at the edge layer and the data block within a specific period say for a day is captured in the data package. Subsequently, these blocks/packages are forwarded for storage onto the IPFS. The proposed framework relies on Blockchain and IPFS-based data storage and management model. The storage structure of the proposed architecture is depicted in Fig. 1.
Storage structure of proposed architecture.
With the evolution of technology, system and data susceptibilities are also advancing. From a security perspective, an access policy is something that protects the system from vulnerable threats and assigns appropriate access rights to legitimate entities only. The proposed architecture for secure data sharing in an IoT environment performs two-phase authorizations before granting access to secure resources. The first authorization phase is static and verifies predefined access rights, and the second phase covers dynamic aspects which are based on the trust score of the requesting entity. The trust score is a cumulative sum of its historical access interactions, with recent interactions having higher weight age and the oldest interactions having the least weight age. Additionally, once the entity is successfully verified, the Blockchain returns encrypted recordHash with the requestor public key along with a timestamp and a signed session key.
Architecture Design
In this segment, we present Blockchain-powered IPFS-based Resource Access Management (BI-RAM) framework together with its components Patient, Hospital, Insurance Agency, Management Hub, Device Manager, and Blockchain network. The patient, hospital, and insurance agency are also referred to as smart entities. The management hub acts as an interface between smart entities and the Blockchain network. Each smart entity is required to register itself under at least one device manager, which is also part of the Blockchain network. The device managers define access rights for the smart entities registered with them with their consent. All the data generated by smart entities are recorded on the IPFS and their data hash (content hash) is uploaded on the Blockchain. The complete architecture of the proposed system is depicted in Fig. 2.
Proposed architecture.
The interaction pattern of the proposed system is exhibited through the sequence diagram in the Fig. 3. The entire operation is elucidated as follows:
Data sharing sequence.
The patient takes an appointment for treatment. The hospital submits an upload query to the IPFS for submitting health records about patient diagnosis and treatment. The IPFS verifies hospital identity, if found legitimate, records are uploaded and the corresponding hash record is returned, otherwise, the request is denied. The identity verification is done by the Blockchain. Considering privacy concerns, the hospital encrypts the hash record and sends it to the management hub. The management hub forwards the query to the Blockchain network. The Blockchain verifies the identity and uploads the record. Meanwhile, the patient claims health insurance for their medical bill. The insurance agency queries the related data to the management hub. The management hub translates the request into the Blockchain action and forwards it to the Blockchain network. The Blockchain executes the action and verifies the authorization of the insurance agency. On successful verification, an encrypted hash record along with a timestamp is returned, otherwise, access is denied. The management hub forwards the message in CoAP format to the insurance agency. The message is decrypted by the insurance agency to obtain the hash record. Subsequently, a query is submitted to IPFS for the actual record. After receiving the query, the IPFS verifies the validity of the timestamp and hash data. On successful verification, the relevant record is returned, otherwise, access is denied. On receiving the requested record, the insurance agency will cross-verify its hash value with the hash record obtained from the Blockchain for validity. Afterward, the insurance agency goes for the claim settlement as well as returns an interaction score to the Blockchain through the management hub. Finally, after claim settlement, the patient returns an agency score to the Blockchain. The Blockchain records both trust scores onto the state database for future interactions and the data sharing process.
The interconnection of vital components of the proposed solution is depicted in the Fig. 4.
Key component of the proposed solution.
The proposed framework is based on three smart contracts to facilitate record sharing among the smart entities: Access Rights Contract (ARC), Entity Contract (EC), and Trust Contract (TC). The ARC is accountable for enforcing access management policies, which EC uses to register smart entities onto the Blockchain and provides methods to upload and download records from the IPFS. The TC offers a procedure to assign trust scores to each participating entity according to their historical data-sharing behaviour. On each access query, ARC invokes the corresponding method of EC to verify the identity of the requested entity, and following this trust score is obtained through TC. Finally, ARC determines the access rights of the requested entity and returns a relevant result based on the assessment.
A comprehensive illustration of the smart contract employed in the proposed work is presented in the further subsections in Fig. 5 followed by the related algorithms:
Smart contract of the proposed architecture.
EC is responsible for maintaining entity-related information which is utilized during the entity identification process. The various methods encompassed by EC are registerEntity, getEntity, and identifyEntity. The registerEntity records the information of the entity during its registration under a device manager. The getEntity returns information of the entity whenever queried by the Blockchain node and identifyEntity is used to authenticate the requested entity. Additionally, EC also contains the function to add hash records onto the Blockchain and retrieve hash records from the Blockchain through addHash and fetchHash respectively.
Trust Contract (TC)
The primary goal of TC is to evaluate the historical interaction behaviour of the participating entities in the data-sharing activities. It implements four functions to achieve this: setScore, getScore, setPenalty and getPenalty. The setScore function determines the trust score of participating entities based on their access pattern whereas the setPenalty function imposes a fine on the entity for their undesired access pattern. The getPenalty and getScore functions are used to fetch the imposed penalty and trust score respectively of an entity under examination.
Access Rights Contract (ARC)
ARC is the key contract to enforce access control among smart entities and enables only legitimate entities to share and access records over the network. On arrival of an access query, ARC fetches identity information from EC and trust score from TC. Subsequently, predefined access rights and the cumulative trust score of the requesting entity are assessed, and based on this evaluation either allow or deny result is produced. ARC contains several methods to achieve the above-mentioned objective: newPolicy, removePolicy, modifyPolicy, and validateAccess. The newPolicy function inserts new access rights, the removePolicy function deletes existing access rights, the modifyPolicy function modifies existing access rights, and the validateAccess function verifies requested access rights.
The pseudo code of validateAccess method of Access Right Contract (ARC) is shown in Fig. 6 following it other algorithms are discussed.
Validate access method of ARC smart contract.
This section starts with setting the experimental environment followed by its result analysis and result discussion in connection with notable solutions from the same domain. The experimental environment depicts the advantages of the proposed solution compared with state-of-the-art techniques.
Experimental Setup
The simulation of the proposed data-sharing model is based on a permissioned Blockchain “Hyperledger fabric” that employs Kafka to achieve consensus among network nodes. Kafka is a crash fault-tolerant consensus protocol that safeguards the network against crashes and network partitioning and attains an effective finality. The built-in library of Node.js known as “crypto” is utilized for encrypting and decrypting Blockchain transactions. This library leverages the AES (Advanced Encryption Standard) encryption algorithm to perform these cryptographic operations. The experimental setup is simulated using Java script and Go language. The Blockchain node is deployed on 4 systems and simulations are executed on Intel(R) Core (TM) i5, CPU 2.25 GHz, 8 GB RAM, running on Ubuntu 20.04 each. The management hub that acts as an interface between IoT smart devices and Blockchain nodes is a JavaScript interface. To interact with Blockchain nodes, the interface employs web3 JavaScript, and to communicate with smart devices it uses the CoAP JavaScript library. The simulations of the proposed model were performed on Kosarak [30, 31], a real data set representing the number of clicks of a news portal. The number of news pages accessed within a specific day by a user is recorded by the data set. The experimental work was performed on the 10 MB of data while the Kosarak data set size was slightly larger, so a fraction of records were removed from the data set. The tabular illustration of the environmental setup of the proposed work is denoted in Table 4.
Environmental setup of the proposed network
Environmental setup of the proposed network
The data dispersion time of the original p2p and the proposed scheme is illustrated in the Fig. 7. Although the proposed scheme incurs a little more dispersal time than the original p2p, the proposed scheme ensures record security through its decentralized access control mechanism. Additionally, the experiment is also done on bulky files with a size of up to 1GB, and a similar set of outcomes has resulted which signifies that the running cost of encoding and decoding has a negligible impact on the running cost of the entire model. Thus, the proposed scheme is relatively more appropriate for the context of the IoT environment.
10 MB data distribution.
The permissioned Blockchain network is integrated with a distributed file system (IPFS storage system) that enhances the system’s performance against several parameters. The IPFS is a P2P hypermedia protocol and distributed file system linking several computation systems. The design objective of this protocol is to store versioned records on decentralized media. The conventional storage scheme offers location-based addressing whereas IPFS facilitates content-based addressing. Every file recorded on the IPFS has a cryptographic hash through which actual content is located in the network. Figure 8 exhibits the graph for IoT data uploaded per minute against the IoT data processed per minute. The orange line denotes the framework with Blockchain and the blue line signifies the framework with Blockchain and IPFS. It is quite evident from the graph, the framework with both Blockchain and IPFS performs exceedingly well to process a large set of IoT data, whereas the framework with only Blockchain almost remains saturated in processing such huge IoT data.
Storage rate comparison.
We evaluated the running time and average running time of EC and APC methods against multiple queries respectively in Figs. 9, and 12, where consumers are set to 50, 100, 200, 400, and 800. Writing new hash and new policy or modifying existing policy incur more time as compared to reading hash or policies. Retrieving any sort of information (fetching hash value or policy) from the Blockchain is faster as no transaction is involved in the process. Moreover, transaction within the Blockchain network takes time to get approved by the network thus adding new policies or new hash incur more time as compared to fetching information from the Blockchain network.
Running time of EC’s methods.
Avg. running time of EC’s method.
Running time of APC’s methods.
Avg. running time of APC’s methods.
The storage size requirement of off-chain storage on IPFS against varying transactions such as 40, 80, 160, and 320 transactions for the proposed work and work in [32] is exhibited through Fig. 13. It is clearly reflected in this figure that the proposed approach performs slightly better than the work in [32].
Storage size of off-chain storage.
Additionally, the execution time for upload of multiple transactions is depicted through Fig. 14 which represents performance of our approach against the work in [32].
Execution time for upload of transactions.
We conducted a comprehensive security analysis of the proposed system, evaluating its adherence to the key security principles such as: Confidentiality, Integrity, Availability, Authorization, and Non-repudiation (CIAAN) model. By incorporating Blockchain (BC) technology into the proposed architecture, we successfully achieved the security requirements outlined by the CIAAN model as described in Table 5.
Security parameters and description
Security parameters and description
Our proposal is currently limited to a single Blockchain platform, which may not fully reflect the practical scenario where systems often consist of hybrid Blockchain platforms. Recognizing this limitation, it is crucial to address the issue of interoperability between different Blockchain platforms. The ability to seamlessly communicate and share data across diverse Blockchain platforms is an important aspect that needs to be explored and resolved. By addressing interoperability challenges, we can ensure that our proposal aligns with real-world requirements, accommodating the heterogeneous nature of Blockchain deployments and facilitating efficient collaboration between different platforms.
Conclusion and Future Scope
In this work, we propose a scalable access management mechanism that integrates Blockchain technology and IPFS, which jointly address multiple limitations of prevailing solutions for data sharing in IoT. The IPFS-based storage resolves single point of failure and censorship of data in the conventional central storage scheme with high availability of recorded data, lesser charge for storage, and better throughput. In the proposed framework, IoT devices do not belong to the Blockchain network and thus resulting in a substantial reduction in the communicational and computational overhead. Moreover, the management hub enables multiple IoT devices to connect with the Blockchain and makes the entire system more scalable. To attain aforesaid points, three types of the smart contract are deployed in the system namely ARC, EC, and TC. The ARC is the key contract and facilitates access management of smart devices. The EC provides functions to register and regulate smart devices and record and fetch hashed data. The TC provides functions to compute the trust score of participating entities based on their historical access behaviour and imposes some penalties for inadmissible access patterns. We examined statistical data and validated the proficiency of the approach in the context of large data processing through simulation. Additionally, simulations are performed to evaluate the running cost of smart contracts and their methods. However, as of now, the proposed model does not highlight the synchronization process for the transaction between the hybrid Blockchain platforms. In future work, we are aiming to achieve interoperability of the proposed architecture with hybrid Blockchain platforms. By subjecting the scenario to a complex and diverse setting, we can gain valuable insights into the effectiveness and robustness of the solution, enabling us to refine and enhance its performance. Moreover, we intend to explore additional Blockchain techniques, such as different consensus algorithms, to broaden our understanding of their applicability and benefits within the presented system. By investigating and evaluating various Blockchain techniques, we aim to determine if any of them can be integrated into the existing system to further enhance its functionality and performance. This exploration will enable us to assess the potential advantages and drawbacks of different Blockchain approaches and determine their suitability for integration, thereby expanding the scope and capabilities of the system.