A Blockchain-Based Authentication and Authorization Scheme for Distributed Mobile Cloud Computing Services

Abstract

Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Keywords: access control; authentication; authorization; blockchain; mobile cloud computing.

Figure 1

The architecture of MCC hierarchical services system.

Figure 2

Our system architecture and transaction structure: one transaction records a user’s subscription information on n SPs.

Figure 3

The structure and transaction process of Fabric.

Figure 4

Overview of our blockchain: two peers, an order, and a chaincode including four smart contracts.

Figure 5

The smart contract of Check_registration&subscription() invoked in the virtual machine.

Figure 6

The smart contracts invoked in the java application: the “Register” button is clicked, the smart contract Algorithm 2 Check_registration&subscription() is invoked through Fabric-sdk-java, and registration information is entered in the text box as input algorithm parameters. Then, the smart contract returns the running result. The same is true for the button “Read" of Algorithm 3 Read() and the button “Update” of Algorithm 4 Check_user_update().

Figure 7

Computation cost versus scheme [8,12,15].

Figure 8

Communication cost versus scheme [8,12,15].

Figure 9

Storage overhead comparison of the increase in SPs.

Figure 10

Storage overhead in $one$$to$$one$ type regarding the increase in users.

Figure 11

Storage overhead in ours regarding the increase in users.