Abstract
With the widespread use of smart devices, a huge volume of data is generated every day, which is helpful for device user and device enterprises. However, the data generated by the smart device contains the user’s privacy, and the data is easy to be modified, forged, which requires a suitable scheme to protect the privacy of the data seller, the authenticity of the data, the fairness during the data trading process. In order to solve the problems, we design a novel fair and verifiable data trading scheme by combining hash function, signature, oblivious transfer, smart contract and private blockchain. The hash function is used for data integrity, the signature is used for the source of the data, the oblivious transfer is used for data verification, the smart contract is used for the encryption key trading, and the private blockchain is used as a ledger for the verification record, trading record and user reputation. The performance analysis shows that our scheme has enough features to help users complete data trading, and our scheme provides an extra function, the reputation record of users to reduce the possibility of user being deceived. The security analysis shows that our scheme provides IND-CCA security, anonymity, and has the capability of resisting collusion attack and data seller fraud. The fairness and practicability of the scheme are verified by simulation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Juang, W.S., Shue, Y.Y.: A secure and privacy protection digital goods trading scheme in cloud computing. In: 2010 International Computer Symposium (ICS 2010), pp. 288–293. IEEE (2010)
Chen, C.L., Liao, J.J.: Fair offline digital content transaction system. IET Inf. Secur. 6(3), 123–130 (2012)
Hwang, R.J., Lai, C.H.: Provable fair document exchange protocol with transaction privacy for e-commerce. Symmetry 7(2), 464–487 (2015)
Delgado-Segura, S., et al.: A fair protocol for data trading based on Bitcoin transactions. Future Gener. Comput. Syst. (2017). https://doi.org/10.1016/j.future.2017.08.021
Kiyomoto, S., Fukushima, K.: Fair-trading protocol for anonymised datasets requirements and solution. In: 2018 4th International Conference on Information Management (ICIM), pp. 13–16. IEEE (2018)
Wang, D., Gao, J., Yu, H., Li, X.: A novel digital rights management in P2P networks based on Bitcoin system. In: Li, F., Takagi, T., Xu, C., Zhang, X. (eds.) FCS 2018. CCIS, vol. 879, pp. 227–240. Springer, Singapore (2018). https://doi.org/10.1007/978-981-13-3095-7_18
Zhao, Y., Yu, Y., Li, Y.: Machine learning based privacy-preserving fair data trading in big data marke. Inf. Sci. 478, 449–460 (2019)
Missier, P., Bajoudah, S., Capossele, A., et al.: Mind My Value: a decentralized infrastructure for fair and trusted IoT data trading. In: Proceedings of the Seventh International Conference on the Internet of Things, p. 15. ACM (2017)
Alrawahi, A.S., Lee, K., Lotfi, A.: Trading of cloud of things resources. In: Proceedings of the Second International Conference on Internet of things and Cloud Computing, p. 163. ACM (2017)
Perera, C.: Sensing as a service (S2aaS): Buying and selling IoT data. arXiv preprint arXiv:1702.02380 (2017)
Huang, Z., Su, X., Zhang, Y., et al.: A decentralized solution for IoT data trusted exchange based-on blockchain. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1180–1184. IEEE (2017)
Juang, W.S., Shue, Y.Y.: A secure and privacy protection digital goods trading scheme in cloud computing. In: 2010 International Computer Symposium (ICS 2010), pp. 288–293. IEEE (2010)
Lin, S.J., Liu, D.C.: An incentive-based electronic payment scheme for digital content transactions over the Internet. J. Netw. Comput. Appl. 32(3), 589–598 (2009)
Lin, S.-J., Liu, D.-C.: A fair-exchange and customer-anonymity electronic commerce protocol for digital content transactions. In: Janowski, T., Mohanty, H. (eds.) ICDCIT 2007. LNCS, vol. 4882, pp. 321–326. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77115-9_34
Cattelan, R.G., He, S., Kirovski, D.: Prototyping a novel platform for free-trade of digital content. In: Proceedings of the 12th Brazilian Symposium on Multimedia and the Web, pp. 79–88. ACM (2006)
Fan, C.I., Juang, W.S., Chen, M.T.: Efficient fair content exchange in cloud computing. In: 2010 International Computer Symposium (ICS 2010), pp. 294–299. IEEE (2010)
Qian, W., Qi, S.: A fair transaction protocol with an offline semi-trusted third party. In: Phillips-Wren, G., Jain, L.C., Nakamatsu, K., Howlett, R.J. (eds.) Advances in Intelligent Decision Technologies, pp. 249–257. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14616-9_24
Rabin, M.O.: How to exchange secrets by oblivious transfer. Report no[R], TR-81, Harvard Aiken Computation Laboratory (1981)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Yang, B.: Provable Security in Cryptography. Tsinghua University Press, Beijing (2017). (In Chinese)
Acknowledgement
This work is supported in part by the National Key Research and Development Program of China (No. 2016YFB0800601), the Natural Science Foundation of China (No. 61303217, 61502372).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1. Oblivious Transfer.
Oblivious Transfer is a basic cryptographic primitive that is widely used in areas such as secure multiparty computing.
Oblivious Transfer was first proposed by Rabin [18] in 1981. In his OT protocol, sender S sends a message m to receiver R, and receiver R accepts information m with a probability of \( 1/2 \). So at the end of the interaction, S does not know if R accepted the message.
In 1985 Even, Goldreich, and Lempel proposed 1-out-2 OT [19]. In the new scheme sender S send two messages m0 and m1 to R, and R selects a number b as the input. When the agreement ends, S cannot get any useful information from b. R only get the message mb and cannot get any information of \( m_{1 - b} \)
Using the idea of 1-out-2 OT, it is extended to m-out-n OT, allowing the receiver to select m random numbers at a time and accept the data corresponding to the random number of all data sent by the sender. In this way, it is possible to ensure that the data received by the receiver each time is different, and by reasonably controlling the sizes of m and n, it can ensure that the receiver cannot obtain all of the data within a certain time even if the data is received multiple times.
2. Blockchain.
In 2008, the concept of blockchain was first proposed by Satoshi [20]. In the following years, it became a core component of electronic currency bitcoin: as a public ledger for all transactions. The blockchain database can be managed autonomously by leveraging a peer-to-peer network and a distributed timestamp server.
The original blockchain is a decentralized database, which contains a list of blocks that have a growing and well-aligned record. Each block contains a timestamp and a link to the previous block: the design of blockchain makes the data untamperable—once recorded, the data in one block is irreversible.
The blockchain has several important features: 1. Decentralization. Due to the use of distributed accounting and storage, the system does not have centralized hardware or management, and the rights and obligations of any node are equal. 2. Openness. The system is open, the blockchain data is open to everyone, and anyone can query the blockchain data through a public interface. 3. Autonomy. The blockchain uses consensus-based norms and protocols, making trust in “people” a trust in the machine. 4. Information cannot be modified. Utilizing the characteristics of the anti-collision hash function, once the information is verified and added to the blockchain, it is stored permanently, so the data stability and reliability of the blockchain is extremely high. 5. Anonymity. Since the exchanges between nodes follow a fixed algorithm, their data interaction does not require confirmation of the user’s true identity.
3. An application scenario.
With the advancement of society, the use of smart devices is getting higher and higher, and the data generated by smart devices will be more and more. At present, many large companies have recommended specific information and services to users through data mining to enhance the user experience. For example, Taobao recommends relevant products to users based on their purchase records and search records. Meituan recommends high-quality catering to users based on their location and evaluation information.
For larger companies, they may only need their own software-generated data for effective data analysis. But for small companies or individuals who are just starting out, they need to purchase data for analysis and research.
Because the data generated by smart devices is often owned by individuals and has limited value. It would be unrealistic to ask them to rely on the sale of these data to make a living. However, selling through a central organization requires worrying about the disclosure of information, failure of the central organization or malicious sale of data, and they are more willing to sell the data they own by one-to-one.
However, at present, such kind of distributed scheme is difficult to achieve data security and fairness of data transactions.
For the data seller Alice who has generated some digital content by smart devices, wants to sell some digital content. On the one hand, she hopes to get some income by selling the digital content, on the other hand, he does not want to pay a fee to a third party. She can sell her digital content through our system.
-
1.
Alice processes data as described in step in Sect. 4.2. She uploads the description, the ciphertext storage path, hash value of the segmented digital content and symmetric keys and the signature on the private blockchain.
-
2.
Assume that Bob wants to get some data. He can search the description on the blockchain. If the description meets his requirement, he can upload his request on the blockchain.
-
3.
After Alice see the request, she works with Bob for data validation as described in step in Sect. 4.3. Through the process of data validation, Bob can see a portion of the plaintext, and can re-encrypt to verify whether Alice is cheating.
If Bob decide to purchase the digital content, he generates a smart contract like Fig. 4. All the information in the smart contract can be obtained through interaction between Bob and Alice. Then he uploads the smart contract on the Ethereum. If Alice can complete the equation in the smart contract, she will get the currency. At the same time, Bob will get the information about the private key. Then he can get the digital content he needs by simply calculating.
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yu, H., Gao, J., Wu, T., Li, X. (2019). A Novel Fair and Verifiable Data Trading Scheme. In: Shen, B., Wang, B., Han, J., Yu, Y. (eds) Frontiers in Cyber Security. FCS 2019. Communications in Computer and Information Science, vol 1105. Springer, Singapore. https://doi.org/10.1007/978-981-15-0818-9_20
Download citation
DOI: https://doi.org/10.1007/978-981-15-0818-9_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0817-2
Online ISBN: 978-981-15-0818-9
eBook Packages: Computer ScienceComputer Science (R0)