Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

156

M. Bakro et al.

Methodology

To maintain the data security of cloud user, we include two new layers in the cloud,

where the ﬁrst layer (encryption/decryption) is integrated into the SaaS layer, which

guarantees the user the conﬁdentiality of his information while moving over the

Internet or against hackers and intruders from the cloud service provider (CSP)

employees, and this hybrid layer consists of AES and ECC algorithms, where the

AES secret key is a user password or is randomly generator, that is encrypted through

an asymmetric ECC algorithm whose public key is randomly generated (by RNB

random number generator), in order to prevent that of AES secret key from being

forced attacked and as a key distribution mechanism by ECC, so that each user

has unique keys from other users and without the intervention of the cloud service

provider, which leads to increased security for each user, and after creating the keys,

the data are encrypted using AES, and the length of the key is 128 bits, which is the

same length of the encrypted data block. As for the second layer, it represents the

blockchain and is integrated into the IaaS layer, which guarantees the user the avail-

ability and safety of its information via the hash algorithm (SHA-256) found within

the blockchain, where the encrypted data are divided into digital signature(hashing),

then it is stored in the blocks of the chain to ensure the integrity of the data by

comparing the data hash values encrypted within the chain blocks, as shown in

Fig. 10.

The work will be divided into two levels:

1. The front user interface:

It represents the SaaS layer and is either a web application or an Android application

as it is in our research, and this application provides the ability to deal with data

stored in the cloud (upload/download). When the customer chooses a ﬁle to store in

the cloud, the ECC public key is randomly generated and encrypts the secret key of the

AES algorithm, AES will encrypt the ﬁle that has been divided into blocks of length

128 bits the same length secret key of the AES algorithm, after which the segmented

encrypted data are pushed into the infrastructure of the cloud. Fragmentation is useful

for speeding up transferring the ﬁles to the cloud. In the case that the user wants to

download the ﬁle, the same process is performed but in reverse, where the secret key

of AES is decrypted using the ECC private key, then the data blocks are decrypted

using AES and checked for integrity and collected to obtain the original ﬁle.

2. The back end:

It is represented by IaaS as the cloud service provider infrastructure layer, and in our

research, we used a local server to store data instead of service provider servers like

AWS and others. After the encrypted data are pushed to store, the encrypted data are

divided into a ﬁxed length, and the digital signature is created. Therefore, for every

chain that belongs to a speciﬁc user, the hashing signature of the encrypted data is

stored in the blockchain according to timestamp with the storage of other parameters

(hash and previous hash). We wrote our code inside the virtual cloud so that the