Muqaddas MS CS Thesis Final

Research based Data Rights Management over
Ethereum using Blockchain
by
Muqaddas Naz
CIIT/FA17-RCS-025/ISB
MS Thesis
in
Computer Science
COMSATS University Islamabad, Islamabad - Pakistan
Spring, 2019
COMSATS University Islamabad

A Thesis presented to
COMSATS University Islamabad
in partial fulfillment
of the requirement for the degree of
MS (Computer Science)
by
Muqaddas Naz
Spring, 2019
i
A Post Graduate Thesis submitted to the Department of Computer Science as

partial fulfillment of the requirement for the award of Degree of MS (Computer
Science).
Name Registration Number

Muqaddas Naz CIIT/FA17-RCS-025/ISB
Supervisor:
Dr. Nadeem Javaid,

Associate Professor, Department of Computer Science,
COMSATS University Islamabad,
Islamabad, Pakistan.
Co-Supervisor:
Dr. Sohail Iqbal,

Assistant Professor, Department of Computing,
School of Electrical Engineering and Computer Science (SEECS),
National University of Sciences and Technology (NUST), Islamabad, Pakistan.
ii
Final Approval
This thesis titled
Research based Data Rights Management over Ethereum using

Blockchain
by
Muqaddas Naz
has been approved

for the COMSATS University Islamabad, Islamabad, Pakistan.
External Examiner:
Dr. Muhammad Hasan Islam,
Professor, Department of Computer and Software Engineering,
College of Electrical and Mechanical Engineering (CEME),
National University of Sciences and Technology (NUST),
Rawalpindi, Pakistan.
Supervisor:
Dr. Nadeem Javaid,
COMSATS University Islamabad, Islamabad, Pakistan.
Co-Supervisor:
Dr. Sohail Iqbal,
School of Electrical Engineering and Computer Science (SEECS),
National University of Sciences and Technology (NUST),
Islamabad, Pakistan.
HoD:
Dr. Majid Iqbal Khan,
COMSATS University Islamabad, Islamabad, Pakistan.
iii
Declaration
I Muqaddas Naz (Registration No. CIIT/FA17-RCS-025/ISB) hereby declare that

I have produced the work presented in this thesis during the scheduled period of
study. I also declare that I have not taken any material from any source except
referred to wherever due that amount of plagiarism is within acceptable range.
If a violation of HEC rules on research has occurred in this thesis, I shall be
liable to punishable action under the plagiarism rules of the HEC and COMSATS
University.
Date:
Muqaddas Naz
iv
Certificate
It is certified that Muqaddas Naz (Registration No. CIIT/FA17-RCS-025/ISB)

has carried out all the work related to this thesis under my supervision at the
Department of Computer Science, COMSATS University Islamabad, Islamabad,
Pakistan and the work fulfills the requirement for award of MS degree.
Date:
Supervisor:
Dr. Nadeem Javaid,

Associate Professor,
Department of Computer Science.
Co-Supervisor:
Dr. Sohail Iqbal,

School of Electrical Engineering and
Computer Science (SEECS).
HoD:
Dr. Majid Iqbal Khan,

Associate Professor,
Department of Computer Science.
v
DEDICATION
Dedicated
to my Parents.
vi
ACKNOWLEDGEMENT
Foremost, I am sincerely thankful to my supervisor Dr. Nadeem Javaid for his

guidance, support and attention through out the tenure of MS degree. I remember
the time, when I joined ComSens Lab on 13 September, 2017. He accepted me
with all my gaps and deficiencies. I can never forget the moral support, he has
provided me in this period of time. I could not have imagined having a better
advisor and mentor for my MS study.
Besides my supervisor, I would like to thank my parents for their sacrifices and
efforts to make me a person I am today. They were my pushing force to keep me
going through my thick and thins.
Moreover, I am very much thankful to my special friends; Sundus, Zunaira, Itrat,

Sher and Hassan for my pillar of support.
vii
ABSTRACT
Research based Data Rights Management over Ethereum
using Blockchain
In a research community, data sharing is an essential step to gain maximum knowl-

edge from the prior work. Existing data sharing platforms depend on trusted
third party (TTP). Due to involvement of TTP, such systems lack trust, trans-
parency, security and immutability. To over come these issues, this thesis pro-
posed a blockchain based secure data sharing platform by leveraging the benefits
of interplanetary file system (IPFS). A meta data is uploaded to IPFS server by
owner and then divided into n secret shares. The proposed scheme achieves se-
curity and access control by executing the access roles written in smart contract
by owner. Users are first authenticated through RSA signatures and then submit
the requested amount as a price of digital content. After the successful delivery of
data, a user is encouraged to register reviews about data by announcing customer
incentives. In this way, maximum reviews are submitted against every file. In
this scenario, decentralized storage, Ethereum blockchain, encryption and decryp-
tion schemes and incentive mechanism are combined. To implement the proposed
scenario, smart contracts are written in solidity and deployed on local Ethereum
test network. The proposed scheme achieves transparency, security, access con-
trol, authenticity of owner and quality of data. In simulation results, an analysis is
performed on gas consumption and actual cost required in terms of USD, so that a
good price estimate can be done while deploying the implemented scenario in real
setup. Moreover, computational time for different encryption schemes are plotted
to represent the performance of implemented scheme, which is shamir secret shar-
ing (SSS). Results show that SSS shows least computational time as compared to
advanced encryption standard (AES) 128 and 256.
viii
Journal publications
1 Muqaddas Naz, Zafar Iqbal, Nadeem Javaid, Zahoor Ali Khan, Wadood
Abdul, Ahmad Almogren, and Atif Alamri. “Efficient Power Scheduling in
Smart Homes Using Hybrid Grey Wolf Differential Evolution Optimization
Technique with Real Time and Critical Peak Pricing Schemes.” Energies
2018, 11(2), 384, ISSN 1996-1073 (IF= 2.676, Q2).
ix
Conference proceedings
1 Naz, Muqaddas, Nadeem Javaid, Urva Latif, Talha Naeem Qureshi, Aqdas
Naz, and Zahoor Ali Khan, “Efficient Power Scheduling in Smart Homes
using Meta Heuristic Hybrid Grey Wolf Differential Evolution Optimization
Technique ”, in 32nd International Conference on Advanced Information
Networking and Applications (AINA), 2018, pp. 636-643.
2 Ullah, Zia, Muqaddas Naz, Adia Khalid, Shoaron Wang, Aisha Fatima and
Nadeem Javaid, “Survey of Pre-processing Techniques for Mining Big Data
in Smart Grid ”, In 13th International Conference on Complex, Intelligent,
and Software Intensive System (CISIS-2019).
3 Latif, Urva, Nadeem Javaid, Syed Shahab Zarin, Muqaddas Naz, Asma Ja-
mal, and Abdul Mateen, “Cost Optimization in Home Energy Management
System using Genetic Algorithm, Bat Algorithm and Hybrid Bat Genetic
Algorithm ” , in 32nd International Conference on Advanced Information
4 Muhammad Hassan Rahim, Nadeem Javaid, Sahar Rahim, Muqaddas Naz,

Mariam Akbar, and Farhana Javed, “Weighted Cuckoo Search based Load
Balanced Cloud for Green Smart Grids ”, in 12th International Conference
on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS),
2018, pp. 252-264.
5 Fatima, Itrat, Nadeem Javaid, Abdul Wahid, Zunaira Nadeem, Muqaddas

Naz, and Zahoor Ali Khan, “Stochastic Power Management in Microgrid
with Efficient Energy Storage ”, in 6th International Conference on Emerg-
ing Internet, Data and Web Technologies (EIDWT), 2018, pp. 202-213.
x
TABLE OF CONTENTS
Dedication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Journal publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Conference proceedings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
List of figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
List of tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
List of abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.1 Thesis contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.2 Thesis organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Conclusion of the chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Related work and problem statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Related work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.1 Digital content protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.2 Blockchain in cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1.3 Blockchain in IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1.4 Blockchain for privacy preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1.5 Access control using blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2 Motivation and Problem statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

xi
3 Proposed system model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.0.1 Data sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.0.1.1 SSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.0.2 Data retrieval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.0.2.1 Data review system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.0.2.2 Detection of fake reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.0.2.3 Data distribution to customers . . . . . . . . . . . . . . . . . . . . . . . 28
3.0.2.4 Dispute handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.0.3 Smart contract design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.0.3.1 IPFS storage contract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.0.3.2 Data recipient contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.0.3.3 Review system contract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4 Simulation results and discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.1 Implementation details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.1.1 Simulation setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.1.1.0.1 Visual Studio Code . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.1.1.0.2 Ganache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.1.1.0.3 Metamask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.1.2 Simulation results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5 Conclusion and future work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
5.1 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.1.1 Future studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
xii
Journal publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Conference proceedings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
xiii
LIST OF FIGURES
3.1 Data sharing on IPFS by owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.2 Data request by recipient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.3 Fake review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4 Incentive for user registering reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.5 Sequence diagram for data sharing scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.6 Sequence diagram for dispute handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.1 Gas consumption for owner side contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

4.2 Money deposit from recipient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.3 Gas consumption for recipient side contract . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.4 Gas consumption for review system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.5 Computational time for number of shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.6 Computational time for different encryption schemes . . . . . . . . . . . . . . . . . 41
4.7 Change of amount of gas consumed with different input lengths of
transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.8 Change of mining time with different input lengths of transactions . 42
xiv
LIST OF TABLES
2.1 Summarized related work.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.1 Cont. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1 Cont. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1 Smart contract cost test (IPFS storage: gas price=2 Gwei), 1 ether=150
USD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.2 Smart contract cost test (Proof of delivery: gas price=2 Gwei), 1
ether=150 USD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.3 Smart contract cost test (Review system: gas price=2 Gwei), 1
ether=150 USD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
xv
List of abbreviations
ABE-UR Attribute based encryption user revocation

AES Advanced encryption standard
CBDM Controllable blockchain data management
EOA Externally owned account
IoT Internet of things
IPFS Interplanetary file system
POD Proof of delivery
PKI Public key infrastructure
RFID Radio frequency identification
RSA Rivest, Shamir and Adil
SSS Shamir secret sharing
TTP Trusted third party
TPS Technology based processing system
xvi
Chapter 1
Introduction
1
CHAPTER 1. 1.1. INTRODUCTION
1.1 Introduction
In the past decade, technological advancements have been made by research con-
sortiums to adapt data sharing approaches. In such a way, research based activities
can improve through collaboration and intelligent decisions. Data sharing is the
fundamental step to gain maximum benefit from research innovations. However, it
is very crucial to know the three W’s for sharing purpose, such as; what, when and
how. These questions need to be very much clear before initiating data sharing
process. There is still some scope to work on, how the data set owner should be
given incentives or reward. This research provides secure sharing and selling of
data by leveraging the benefits of blockchain [1].
Blockchain; a distributed ledger is a new trend in the world of information technol-
ogy. A lot of financial and non financial applications have made use of blockchain.
The consensus mechanism is considered as the most fundamental and significant
invention as declared by one of the specialists of silicon valley. The current paper
currency relies on third party, which means that there is a threat to security, trust
and privacy. The significant feature of blockchain is trust, which can be achieved
by eliminating third party. A peer to peer currency; bit coin is introduced by
Satoshi Nakamoto in 2008 [2]. This allows the payment to be send directly from
one party to another. A paper by Satoshi was later come up with the implemen-
tation protocol of genesis block with 50 coins. Now a days, blockchain is used
in every domain, like; cloud, internet of things (IoT), data trading, information
security, health care and many more because of its striking features [3].
The major underlying problem in research data sharing is the fear of researchers
regarding misuse and misinterpretation of data. This is because data sharing
approaches are still immature in context of trust, which is slowly going to be es-
tablished among research community. To tackle this issue, various solutions are
proposed, for example, protection of identities of every individual and controlled
access to the data rather than making all the data open access. Still these solution
cannot provide trust, immutability to digital data and traceability regarding data
usage.
Cloud servers store the excessive amount of data, which is a centralized authority.
There are various type of risks associated with a central authority, such as; single
point failure. To avoid such failure, third parties are involved to provide data back-
ups. To eliminate third party for developing a trust based model, a blockchain is
introduced to provide trust and transparency. Decentralized storage is a solution
which allows storage of data independently on multiple nodes of the network in the
2 Thesis by: Muqaddas Naz

CHAPTER 1. 1.1. INTRODUCTION
form of distributed ledger. The problem is the storage and processing limitation
of network nodes. For this purpose, interplanetary file system (IPFS) is adapted,
which is peer to peer architecture [5]. There is no risk of single point of failure. It
is similar to web3, but with different features. It performs content addressing and
works in a similar way as bit torrent. Availability of data is ensured by storing it
on a decentralized platform; IPFS.
In existing platforms, data owners do not have a complete control over the ac-
cess and use of data. In most of the cases, owner itself is not involved in the
sharing of data. For example, owner is the passive entity, while escrow is solely
responsible for data distribution and payment settlements. At the end, owner gets
some percentage of royalty. Without blockchain, it is very difficult to ensure the
transparency of funds. It means that fair share of money cannot be guaranteed.
In this scenario, blockchain can provide trust and transparency among the nodes
of network for the fair distribution of received payment from requestor of data.
On the other hand, quality and integrity of data cannot be compromised when
a customer is paying ethers to get the content. To tackle these issues, a single
solution is proposed in response to multiple problems. In the proposed scenario,
owner itself is dealing with the sharing of digital data by eliminating any third
party. Data owner can set access rules, so that data is not released to unauthorized
party. Whenever, a requestor demands the data from owner, the owner sends a
request to IPFS server to provide the requested content. When user registers for
data request, it gets authenticated through digital signatures. Only after that, the
request proceeds, otherwise, transaction would be terminated by blockchain.
Data security is achieved by integrating encryption scheme to the hashes of up-
loaded data on IPFS. Later on, these hashes are encrypted by owner using shamir
secret sharing [6] scheme, which divides the hash into n number of encrypted
shares. The encrypted shares are stored in smart contract. The customer sends
request to access the data, which gets authenticated through digital signatures.
After downloading the data using decrypted shares, the customer is supposed to
register reviews about data on review system. To encourage customers for review
registration, an incentive is declared, which is the refund of 10% of actual money
deposited by customer.

CHAPTER 1. 1.2. CONCLUSION OF THE CHAPTER
1.1.1 Thesis contributions
In our proposed work, successful and secure data trading is performed between
data owner and requestor. For this purpose, a blockchain based secure data sharing
mechanism is proposed by eliminating third party. In existing systems, data owner
was not actively participating for selling the data, hence, lacks transparency. The
sole purpose of this thesis is to provide a secure, transparent and cost effective
platform that involves data owner as an actively participating entity. Worker
nodes are introduced in the system to perform decryption tasks on behalf of owner
and requestor, because of computational constraints of network devices. Proposed
system model is discussed in Chapter 3. Following are the main contributions of
this thesis:
• Successful trading of digital assets by ensuring quality delivery to requestors,
• IPFS storage, user’s request and review system smart contracts are deployed
over Ethereum network,
• cost savings by eliminating third party using blockchain,
• user authentication through RSA digital signatures,
• access control is achieved by adding access rules to owner’s smart contract ,
• data security by applying encryption schemes to IPFS hashes,
• gas consumption analysis for contract’s deployment.
1.1.2 Thesis organization
The rest of this thesis is organized as follows: Chapter 2 is the related work and
problem statement. Proposed system model is presented in Chapter 3. Simulation
results and discussions are described in Chapter 4. Finally, the thesis is concluded
along with future work in Chapter 5.
1.2 Conclusion of the chapter
In this chapter, we have discussed the general introduction related to blockchain,

data sharing and how to achieve security and trust through blockchain for data
sharing. Furthermore, different challenges are discussed, such as centralization, un-

trusted trust party and security issue that were being faced in existing systems . In
addition, the existing literature regarding aforementioned challenges are discussed
in Chapter 2.

Chapter 2
Related work and problem statement
6
CHAPTER 2. 2.1. RELATED WORK
2.1 Related work
In recent era, blockchain such as; Ethereum [7], bitcoin [8] and Zcash [9] are
considered as hot and fundamental technologies of cryptocurrency. As a result,
researchers and industrialists are paying more attention to establish a trust based
model in a decentralized manner. In this section, few studies regarding blockchain
are presented.
2.1.1 Digital content protection
In order to preserve privacy for traceable encryption in blockchain, Axin et al.

in [10] proposed a system in which authenticity and non-repudiation of digital
content is guaranteed. The problem tackled by authors is the secret key of user,
which is shared with other entities does not hold the specific information of user.
In case, if the shared key is corrupted or abused, it makes difficult to analyze the
source of secret key. Moreover, leak of confidential information in access control
is a bottleneck for existing systems. Hence, authors have integrated the privacy
protection algorithm such as; attribute based encryption to secure the secret keys.
However, decryption mechanism does not show improved efficiency.
Management of digital data rights is a fundamental requirement to achieve pro-

tection of digital data. Existing techniques for data rights lack transparency,
decentralization and trust. In response to above mentioned problems, Zehao et al.
in [11] proposed blockchain based decentralized solution. Information regarding
the use of digital content such as; transaction and license information is trans-
parent to everyone. Smart contract is designed for the automatic assignment of
license. In this mechanism, owner can set the prices for selling the license to other
customers. However, peers of the network have to possess high computational
power to perform key acquisition.
Zhaofeng et al. in [12] focus on digital rights management using blockchain to

avoid the use of sensitive digital content for illegal purposes. For such concerns, a
solution is proposed which is called as DRMchain. This solution ensures the usage
of digital content in a right way by authenticated users. Two separate blockchains
are designed, one is to store the original content with its cipher summary, and the
other one is to store the cipher summary of protected digital content. DRMchain
provides the traceability record of violation and high level trusted protection.
From the proposed solution, protection of digital content, secure authorization of
user, and use of multi signatures for usage control is achieved. However, use of
Ethereum coin could be new research direction for protection of digital content.
Data sharing is a crucial step to gain maximum benefit from the strengths of re-
search. A lot of data sharing mechanisms are proposed and discussed in literature.
There is no sufficient work available that focuses on the incentive mechanism to
promote data sharing. To cover these limitations, authors in [13] conducted a re-
view on medical and health data to uncover the incentive mechanisms with the pre-
and post- results after empirical analysis. According to survey, a single incentive
is tested for medical and health data to analyse rate of data sharing. Hence, it is
concluded that more incentive based researches need to be performed to encourage
data sharing.
2.1.2 Blockchain in cloud
Efforts are being by researchers to deploy blockchain on a broader domain due to

its striking features. A blockchain provides secure, reliable and trust worthy data
sharing environment. It records any unauthorized access to data, hence provide
traceability. However, its distributed nature weakens the controlling capability
of networks. Moreover, immutable nature of blockchain can induce the threat
of majority attack on network. To solve these issues, authors in [14] proposed
data management system which is controllable in blockchain, named as CBDM,
specifically designed for deployment in cloud infrastructures. Trust is achieved by
introducing trust authority in a system which has a higher level of authority to
control the network. In future, a similar prototype can be designed for real time
setup.
In current digital era, size of data is increasing every day with a significant amount.
This brings a storage and issue among user’s terminals. The solution to this
could be leveraging these storage limited nodes with cloud services. However, this
solution comes with a cost of compromised trust and security, as it is difficult
to rely on third party. In consideration to above mentioned problems, a secure
distributed storage architecture is proposed by authors in [15] in which data is
divided into multiple encrypted chunks, and randomly stored on peer to peer
nodes of network which voluntarily offer storage services. A genetic algorithm is
applied for placement of file blocks among multiple users. However, a decentralized
storage platforms, such as; filecoin, storj and swarm is not considered.

Cloud servers provide services like sharing of resources. Integrating blockchain

based cryptocurrency decentralization requires high computation power. In order
to tackle this issue, authors in [16] work on the efficient allocation of resources in
cloud servers, such that privacy can also be ensured by making use of blockchain.
Multi-level access is granted to users through multi-secret mechanism. This scheme
requires no third party which means trust can be achieved. A message is divided
into multiple secret and divided independently among multiple users depending
upon the level of access. Based upon this mechanism, a decentralized e-voting is
designed, where each role is assigned to each sub level access structure.
Existing schemes for management of data rights lack fine level of access control.
To introduce such fine control in cloud computing, authors in [17] propose a novel
encryption method by making use of attribute based encryption with secure key
management. Users which satisfy the attributes in access control policies can
get the encrypted content, and can decrypt it with secret key for its personal
use. Experimental results show that proposed solution is effective for security,
authentication and reliable than existing schemes.
Improving search results while storing encrypted data over cloud is an important
issue to consider. This ensures the privacy of sensitive information when dealing
with un-trusted third party in the form of cloud storage. This issue is tackled
by authors in [18] by introducing attribute based encryption with user revocation
(ABE-UR). Index based search strategies are employed for data outsourcing. Fine
grained access control is achieved by ABE and proxy re-encryption. To verify
the accuracy of search results, a verification scheme is designed. Furthermore,
performance evaluation shoes the robustness of designed system. However, com-
putational complexity can further be improved.
Clouds are centralized servers, provide services for data storage and sharing be-
tween different stakeholder. In this work, [19], sharing of medical data of patients
between hospital management is secured using blockchain. End to end delivery
of medical data needs to be encrypted to handle any misuse by third party. A
blockchain based data sharing platform is designed for multiple services providers
on cloud. Smart contracts have been written to automate secure sharing and dis-
tribution by employing access control strategies by data owners. This scheme also
provides transparency and traceability. Performance of proposed scheme is ana-
lyzed by making a fair comparison with the existing schemes. However, there is
still a scope to improve security and fine grained access control through attribute
based encryption.

2.1.3 Blockchain in IoT
Internet of Things (IoT) plays a vital role in automating our daily lives. Electronic
devices connect to each other through internet tend to share and exchange data to
be interconnected. Considering the privacy and security concerns, a mechanism
should be adapted so that data integrity and authentication of digital devices can
be ensured. Authors in [20] proposed a blockchain based decentralized scenario,
named as bubble of trust. In the proposed scheme, devices are first authenticated
before initiating a data sharing process so that any malicious activity can be
avoided within the network. A robust identity management and authentication
ensures the trust among devices. However, proposed approach suffers from certain
limitations such as, it is not adaptable to real time setup, requires an initialization
phase and evolution of rate for crypto-currencies is not discussed.
Existing data sharing schemes for IoT using blockchain has some loopholes such as;
security risks, high maintenance cost and supervision of big data coming from IoT
network. To tackle the above mentioned challenges, authors in [21] proposed secure
fabric based data transmission mechanism. Data is transferred between to different
trading center by incorporating secret based mechanism, known as Shamir’s secret
sharing (SSS) algorithm. Storage of data is designed as the dynamic linked based
storage along with data consensus protocol. However, this mechanism is only
proposed for small scale applications and authenticity of power data security is
neglected.
2.1.4 Blockchain for privacy preservation
Auditing and accounting is considered as significant field which may can make use
of blockchain technology. Authors in [22] have proposed transaction based process-
ing system (TPS) using blockchain. A framework is developed for accounting using
the methodologies such as, zero proof of knowledge and homomorphic encryption
so that it can be deployed in real time TPS. This could ultimately prevent from
fraud and privacy violation. The system is evaluated by a fair comparison between
traditional relational databases and proposed TPS. Results show that blockchain
proved to be computational effective solution as compared to existing approaches,
yet efforts need to be made to make blockchain a cost effective solution to solve
the highlighted issues.

Privacy of patient’s data is important in health records system. Revealing patient’s

personal information could damage the privacy regarding its health condition. For
this purpose, blockchain based health record system is proposed by authors in
[23]. When a patient’s data is uploaded to server, it does not require modification.
Considering this benefit, blockchain is implemented which is tamper proof and
keeps data immutable. An encryption scheme is proposed in which owners control
the visibility of data and access control policies can help in achieving fine grained
control. However, using proof of concept consensus could improve the efficiency
of system and makes the implemented system suitable for real time deployment.
Privacy preservation in deep learning is indeed a new direction to consider. The

training and testing data needs to be preserved. Federating learning is a new
concept in the field of machine learning, where multiple parties are tend to up-
load values of local gradient, and in return, server gives the updated parameters
by making use of gradient’s values. Considering the trust issues in a centralized
authority which is acting as a third party, a privacy mechanism needs to be in-
troduced due to the fact that malicious and unauthorized entity in a server can
violate the confidentiality and privacy. To address the above mentioned challenges,
authors in [24] designed an incentive mechanism. It helps to eliminate the mali-
cious threats from participating entities i.e. server and users. A proposed scheme
is named as DeepChain which encourages the entities to share gradients for pa-
rameters update and in return, it preserves the privacy and confidentiality using
win-win exchange approach. However, security factors should be properly defined
for future purpose.
Public key infrastructure (PKI) is a conventional approach, that comes with cer-
tain flaws. There is much scope for the improvement of PKI. Blockchain provides
a solution to deal with some of its limitations by eliminating third party, single
point of failure and transparency in security certificates. Blockchain introduces
distributed ledgers with PKI. Authors in [25] explored scenarios in which PKI is
suitable for contexts except linking identity with public key. In this work, PKI
is designed that considers privacy as a main concern by proposing a solution to
various problems encountered in conventional PKI. However, the proposed design
could only fit to particular use cases.
Agniva et al. in [26] highlights the issue of privacy preservation for the user who
requests for content from providers. When a user shares its information with
the provider, it is stored as personal information of user. This work proposes
a blockchain mechanism through a user can track, trace, and view the details

that how its personal information is being used and shared among providers. An
automated framework with smart contracts contains access control policies and
auditing strategies. The proposed system is implemented and tested on a linkshare
platform. This approach is suitable for big data, so that use of big data can be
tracked among multiple stakeholder. The proposed system could be extended to
business to business and business to customer scope by making use of existing
privacy policies.
Distributed infrastructures is a common trend in the current information technol-

ogy era. For this reason, security threats and privacy preservation are challenging
issues. In such scenarios, thirds parties are to be trusted for collection and shar-
ing of personal data. Nesrine et al. in [27] proposed a blockchain based privacy
preservation and auditing mechanism to tackle aforementioned challenges. Data
owner can control the access rights, hence can preserve privacy by auditing the
sharing of data among multiple stakeholder. A consortium blockchain is used
for implementing the proposed scenario. However, scalability of system is not
discussed.
Concept of smart grid has been in the market for quiet some time. The main
purpose is two way communication between consumer and electricity distribution
side, i.e., utility. The main problem to cater is the privacy and security concerns
of user’s consumption behavior. To secure the consumer’s information, authors in
[28] proposed blockchain based decentralized energy trading system, where secu-
rity of transactions is ensured by eliminating third party. Proof of concept with
multi-signatures, streams and encrypted messages, and peer to peer negotiation
on electricity prices. Evaluation of performance and security is measure through
defined criteria. In this scenario, an incentive mechanism is not considered to
motivate consumers for sharing their data.
2.1.5 Access control using blockchain
Storage is a critical issue in blockchain especially when large amount of data needs
to be stored on network nodes. Storage capacity of terminal nodes is limited, hence
does not allow to store very large size data. This problem gives birth to multiple
issues, such as; computational power and high cost od processing the large amount
of data. Considering the aforementioned challenges, Mathis et al. in [29] proposed
a decentralized storage mechanism by using IPFS and access control policies. Files
are stored in the form of chunks on each node. However, a file cannot be accessed

until unless proper permissions are assigned to users. This is a good approach for
preserving the privacy in personal and confidential data. The proposed schemes
suffers a delay while accessing files from server due to blockchain interaction.
Access control and securing sensitive data is the fundamental need of recent era.
Blockchain is an emerging technology which provides solution to multiple prob-
lems, i.e. security, privacy, access control, trust, traceability and many more. In
this perspective, this research work [30] presents a blockchain based solution for
securing the patient’s data in medical health records. An access control rules
are defined to restrict the access of data, so that privacy of patients can be pre-
served. A secure interoperability of among heterogenous blockchains is achieved
by exploiting the use of smart contracts. A set of smart contracts are designed
to achieve multiple purposes. However, certain measures need to be adapted to
increase adaptability and robustness.
Access control reflects the system’s security by restricting the access of data to
specific set of people. It is important while dealing with the sensitive data such
as patient’s health condition and medical record. Existing systems lack the access
control policies to ensure data integrity and privacy. For this purpose, authors
in [31] proposed a consortium blockchain with distributed ledger. Each opera-
tion performed by smart contract is stored as a transaction record in blockchain.
Proof of concept is designed to validate the performance of system as compared
to existing approaches. The proposed solution ultimately achieves integrity, scal-
ability and authenticity. However, privacy of patient’s personal information is not
considered.
Online data that is stored on a third party centralized server is vulnerable to

attacks. For this purpose, Masayuki et al. in [32] proposed secure online storage
without involving central server. Data of users can not be attacked by malicious
party. Each user’s information is divided in to parts using secret sharing algorithm.
These chunks are stored on distributed nodes of network. The actual data is
converted to metadata by hiding its main features. A user can locate the nodes of
network by restoring the actual data. The proposed scheme is reliable because of
the fact that with changing of peer nodes, a user can still detect the target data.
Moreover, a malicious node can be detected by other nodes of the network using
majority rule consensus. However, security evaluation of system is not done in
quantitative manner.
Medical health record of patients are completely controlled by hospital’s manage-

ment. Secure sharing of medical record is a need so that patients can consult
regarding their health from multiple hospitals. The proposed system by Rui et
al. [33] provides secure, immutable, and accurate data to patients. In this work,
blockchain based secure attribute based scheme is employed in which patients
attest their medical data to declare no disclosure of information to un-trusted
parties. Proposed system is compared with existing such schemes to validate the
performance. However, a single tone predicate is required for its enriched repre-
sentation.
A blockchain based trusted traceability system is designed by Xiwei et al. in

[34] by eliminating third party. A central data base is replaced by blockchain in
originChain; a proposed design by authors. This system enables the automatic
tamper proof logs to aid regulatory compliance for imported products traceability.
For example, it contains the information regarding the shipment of product from
one place to another. Efficiently managing the huge amount of data related to
thousands of products is another feature of proposed system. The quantitative
and qualitative analysis is performed which shows that quality of originChain is
highly influenced by smart contracts and their structural design.
Global markets have evolved by introducing radio frequency identification (RFID)

tags in selling of product. Authentication of products can be guaranteed using such
tags, still the integrity of these tags cannot be ensured in chains for post supply.
In work [35], authors have proposed a blockchain based management system for
product ownership. Risks for counterfeit can be avoided by integrating proof of
possession in the proposed scenario. The buyer can verify the authentication and
genuineness of product through modified RFID tags and can reject the purchase.
The proposed system is implemented on Ethereum, and cost analysis is performed
in terms of consumed currency, i.e., dollars. However, product review system needs
to be integrated so that customers can check the ratings of products before placing
an order.
Proof of delivery (POD) mechanism ensures the safe and successful delivery of as-
sets from one point to other. The main problem lies in establishing a trust based
delivery mechanism. Current protocols lacks features such as; trust, transparency,
security and traceability. Authors in [36] proposed trust worthy POD mechanism
using blockchain by eliminating third party to achieve trust between buyer and
seller. The proposed mechanism uses Ethereum network for implementation pur-
pose. Incentive mechanisms are announced for the participating entities for the
successful delivery of assets.

In cloud storage, large number of files are stored which ultimately reduces the
search accuracy and efficiency. The searchable schemes are embedded in cloud in
a private manner. Moreover, no matter what, the cloud returns results to query,
whether results are accurate or not. To avoid inconvenience for the user, a system
is proposed in [37] to store data in a decentralized fashion on public chain. When
the data increases in size, the search problem becomes dominant because of lack
of any effective mechanism. An effective blockchain based searchable mechanism
is introduced that returns accurate results from public chain. Two different use
cases are defined. First the encrypted data is being stored on public chain, and
secondly search is being performed on stored data. As the transaction performed in
blockchain cannot be reversed, so proposed scheme is not yet available for dynamic
data.
Authors in [38] proposed a solution for two main problems: one is the collection
of data using mobile terminals with limited resources such as; energy and sensing
range. The other problem is achieving the security while sharing the collected data.
To solve these issues, authors proposed a combined solution by using reinforcement
learning to collect high quality data. Afterwards, blockchain is implemented on
Ethereum platform to ensure security and reliability for data sharing. Mobile
terminals are not considered for communication services, which is the limitation
of proposed scenario.
Collection and sharing of large amount of data has gained attention of researchers
due to need of efficient trading and utilization of data. Considering this scenario,
there are multiple challenges that are creating hindrance for the successful trad-
ing of data. At first, data requestor needs to be sure of availability of required
content. Secondly, privacy concerns of data owner, who reveals its personal infor-
mation to the consumer of data. The last is the fair payment of content to data
owner. Authors in [39] proposed blockchain based trading of data with fair share
to owner. Ring signature and double authentication protocols are used to ensure
the availability of data.
The related work is summarized in Table. 2.1. Furthermore, the techniques,

contributions and limitations of existing literature are also discussed.

Table 2.1: Summarized related work.
Techniques Contributions Limitations

Attribute based encryp- Protection of digital Decryption mechanism did
tion [10] content not show improved efficiency
Blockchain based de- Management of digital High computational power is
centralized solution [11] data rights required by peers to perform
key acquisition.
DRMchain [12] Digital rights manage- Use of Ethereum coin is not
ment using blockchain considered
Blockchain based data A review on medical More incentive mechanisms
sharing[13] and health data are required to encourage data
owners
Controllable blockchain Secure data sharing Solution is not suitable for
data management real time setup
CBDM[14]
Genetic algorithm[15] Distributed storage ar- Did not consider use of decen-
chitecture tralized storage platforms
Multi-level access Efficient allocation Increased the delay
through multi-secret of resources in cloud
mechanism [16] servers
Attribute based encryp- Fine level of access con- Attribute indexes are not de-
tion [17] trol fined
Attribute based encryp- Fine grained access con- Computational complexity is
tion with user revoca- trol high
tion (ABE-UR)[18]
Blockchain based data Secure sharing of pa- Patients’ attributes are not
sharing platform[19] tient’s data among hos- considered
pital management
Bubble of trust [20] A robust identity man- Evolution of rate for crypto-
agement and authenti- currencies is not discussed
cation among IoT de-
vices
Fabric based data trans- Secure data sharing Suitable for small scale ap-
mission mechanism[21] among IoT devices plications and authenticity of
power data security is ne-
glected.
Transaction based pro- Auditing and account- Proposed solution is not cost
cessing system (TPS) ing of data effective
[22]
Blockchain based health Fine grained access con- Efficiency of system can be
record system [23] trol to preserve pa- improved using proof of con-
tient’s privacy cept

Table 2.1: Cont.
Techniques Contribution Limitations

DeepChain with incen- Privacy preservation in Security parameters are not
tive mechanism [24] deep learning properly defined
Public key infrastruc- Privacy preservation Proposed design could only fit
ture (PKI) [25] to particular use cases.
Automated frame- Privacy preservation of B2B and B2C scope is missing
work with smart user’s personal data
contracts[26]
Consortium blockchain Privacy and auditing Scalability of system is not
[27] mechanism discussed
Proof of concept Decentralized energy Incentive mechanism is not
with multi-signatures, trading system considered
streams and encrypted
messages[28]
Decentralized storage Access control over data Proposed system suffers delay
mechanism using IPFS
[29]
Blockchain based access Securing patient’s Measures need to be adapted
control [30] data in medical health to increase adaptability and
records robustness.
Consortium blockchain Access control policies Privacy of patient’s personal
with distributed ledger information is not considered.
[31]
Shamir secret sharing Secure online storage Security evaluation is not
algorithm[32] done in quantitative manner
Blockchain based secure No disclosure of pa- A single tone predicate is re-
attribute based scheme tients’ data to un- quired for enriched represen-
[33] trusted parties tation
OriginChain [34] Automatic tamper Gas consumption analysis for
proof logs to aid reg- smart contracts is not per-
ulatory compliance formed
for imported products
traceability
Proof of possession[35] Management system for Review for each product could
product ownership improve the system’s scope
POD [36] Successful shipment of Frond end interface is not pro-
physical assets vided

CHAPTER 2. 2.2. MOTIVATION AND PROBLEM STATEMENT
Table 2.1: Cont.
Techniques Contribution Limitations

Effective blockchain Accurate search results Not yet suitable for dynamic
based searchable mech- from public chain data
anism [37]
Blockchain based rein- Securely sharing of data Mobile terminals are not con-
forcement learning [38] with limited resources sidered for communication
services
Ring signature and dou- Privacy and availability High time complexity
ble authentication proof data
tocols [39]
2.2 Motivation and Problem statement
A blockchain based data sharing framework is proposed by authors in [40]. A

framework contributes for the version control of the documents so that the changes
can be tracked easily. Multiple users can collaborate on a blockchain platform to
negotiate on document changes. Hence, multiple versions of documents can be
stored in a network without the involvement of third party. Moreover, a decen-
tralized storage; IPFS is used to store the data. Ethereum smart contracts are
used to develop an interaction among multiple entities such as; owners and users
of the document.
Data privacy and confidentiality is ensured by authors in [41]. ABE along with key
policy are the important techniques to secure digital content. In this work, inner
product encryption and re-encryption techniques are applied where decryption is
only possible if private key has an inner product with value zero. A specific set of
attributes are specified by the owner of data to grant access, hence achieves fine
grained access control.
Authors in [42] proposed a decentralized storage system with digital content pro-
tection. A secret key is distributed to the user by the owner of the data. While
releasing the secret key, owner defines the access policy to have a control over the
usage of sensitive information. Attribute encryption scheme is adapted by authors
to accomplish their goal.
From the existing literature discussed above, we have gained motivation to work
on the digital data sharing using blockchain. Most of the researcher have worked

on similar domain, yet there is much scope to enhance and modify the existing
work to contribute for the benefit of research community.
Blockchain is one of the leading technologies in the current decade. It brings
a solution for challenges like traceability, transparency, trust and accountability.
Authors in [43] proposed a mechanism to ensure digital data rights management.
Blockchain is used to store the permanent record of agreements between data
owner and user. A user requests the data from the owner by making an agreement
according to terms and conditions stored in the blockchain. The proposed solution
achieves transparency, traceability and fine grained granularity over research data
by using blockchain. Each entity (owner and user) has been assigned a unique
Ethereum address to perform transactions. However, decentralized platform to
store author’s file is not taken under consideration. This leads to a storage prob-
lem [44] because network nodes have memory limitation and blockchain can only
store the record of transaction and logs, not a complete file. Moreover, protection
of digital content hashes using encryption are not considered. A trusted relation
between buyer and seller is not build in this research, hence, authenticity of owner
and data is not guaranteed for a user to initiate a trading process.
A frame work for fair share of author’s royalty is proposed by authors in [45]. On-
line publishing and distribution of digital content is ensured by using blockchain
to add transparency and trust in the model. Owner of the data shares its con-
tent with the publisher’s server. The server distributes the content to the users
according to received request. When the user successfully receives the file, the par-
ticipating entities get their fair share according to defined criteria. A publisher’s
server is a centralized server, which stores digital content of the owner. Instead
of centralized server, the authors of this work did not consider the decentralized
storage. This issue is tackled by authors of [46]. Moreover, access control for the
academics research data, protection of digital content through encryption scheme
and owner’s reputation system are not considered for this scenario.
Authors in [46] proposed a proof of delivery protocol using smart contracts and
blockchain. Digital content provider and file server are responsible entities to
deliver the content to customer. After successful download of content by the cus-
tomer, the participating entities (owner and file server) are given incentives as a
reward. To solve downloading disputes between customer and file server, arbi-
trator acts as an unbiased agent to resolve the conflicts. The limitation of this
research work is that encryption of digital content to avoid leakage of data to be
sold by owner, access rights over data and a review system for owner’s authenticity
and quality of data are not considered.
From the literature above, it is concluded that, most of the researchers have worked

on digital data trading with and without blockchain. Yet there are certain limi-
tations that need to be catered for further enhancements in existing systems. In
this thesis, decentralized storage; IPFS, Ethereum and encryption mechanism are
used for secure and trusted consolidated platform for sharing of digital data be-
tween buyer and seller. The problem of storage is catered by introducing IPFS
[47], which stores data and return hashes to the owner or seller. To achieve data
security, owner encrypts the hashes to avoid risk of data leakage which is to be
sold. So that data on IPFS can only be accessed by verified customers, who belong
to research community and submits the required deposit for digital content. In
this way, owner can run its business with reasonable profit. Moreover, owner’s
reputation based system is designed to ensure quality of data motivated by [48].
A user or buyer can first check the reviews of seller and its data before submitting
the deposit for content. However, in [48], buyer incentives are not declared to
motivate the customer for registering their feedback. Through rating or reviews,
future customer can easily judge the quality and authenticity of data.
Online review system is a guarantee for customers regarding the quality of any
particular product. The review or reputation system is also applicable to digital
content. For example, a movie or season downloading web sites ask from the users
for their reviews or experience after downloading the content. At the end, user
submits the reviews in any format, either stars or textual form. These reviews help
the upcoming users to checks the quality of content. But the underlying problem
in online review system that needs to be considered is the registration of fake
reviews. Authors in work [48] presented an idea of reputation system, but they
did not consider the registration of fake reviews. In most of the cases, users do
not realize the importance of reviews and hence, they do not provide their honest
opinion regarding the product. In other case, most of the customers are being
paid by owner to register good reviews, no matter, what is the quality of content.
Buying and selling of digital content using blockchain can guarantee security, trust
and decentralization. When a customer buys any content from owner, a single time
payment is made in form of virtual currency. For example, in case of any digital
book related to academia, a customer pays the amount of digital book and can
download it for its use from IPFS. Now, the problem here is, what if the content
of book are later modified by owner. More likely, the owner release their books
with minor changes after certain amount of time, as different editions of the book.
Now, the owner already paid the amount. So a document version control system
needs to be adapted for old customers, so that they get notified whenever a new
version of that book comes in market. Document version control is not tackled by
authors in work [43].

In online trading of data, disputes may occur between seller and buyer. There
needs to be some unbiased entity that can resolve the downloading disputes, for ex-
ample, if customer claims that the data downloaded from the server is incomplete.
Then a customer cannot be trusted, because he may utter the false statement
just for the sake of refund. In order to confirm or verify the claims of customer,
an unbiased entity needs to be introduced into the system which authors did not
tackle in [43] . The main contributions of this thesis is given below:
• Identity management Users are first authenticated using RSA signatures

before giving them access to data.
• Security of digital assets: Adding encryption to the data hashes ensures the
security and avoids data leakage.
• Authenticity of owner : Seller can trust the owner by checking the reviews
about owner and its data.
• Quality of data: Rating or reviews depicts the quality of data, hence, by

checking the reviews, buyer will only get high quality data.
• Management of fake reviews: Fake reviews are being identified using Watson
analyzer.
• Dispute handling: Arbitrator is introduced to resolve downloading disputes.
• User incentive: By giving incentives, sellers are being motivated to give feed
back on used data to aid future customers
In this chapter, detailed state-of-the-art is discussed related to applications of

blockchain in multiple domains, i.e., cloud computing, IoT, access control and pri-
vacy preservation, digital content protection through blockchain and many more.
Limitations of existing work is highlighted and also briefly stated in Table. 2.1.
Moreover, problem statement is given which describes the idea to work on the
highlighted limitations from existing work. The proposed system model to tackle
the highlighted challenges is given in Chapter 3.

Chapter 3
Proposed system model
22
CHAPTER 3.
The proposed system model is motivated from [45], [47] and [48]. The system
model has the following entities:
Owner : It may be a person or organization which owns the data to be shared
among customers. It can also control the query and access of data by filtering out
the requestors.
Customer : Request for buying the data from the system. After getting the desired
content, the customer downloads the file from IPFS server by reconstructing the
hash and register his reviews about data on review system.
Workers: It is the passive entity of system, provides decryption services on behalf
of customer. Authenticate the new customers through signatures and query the
smart contract for requested data by customers.
Arbitrator : A trusted entity; responsible for solving disputes between buyer and
seller regarding the downloading of requested content. Based on the decision of
arbitrator, a customer may be refunded the deposited amount.
1. Put the file in

IPFS Smart contract
successful download from
2. IPFS returns a file

Owner gets profit after
hash
requestor
3. Query the smart contract for the public key of worker

Owner
Share 1 E1
Share 2
QmVm….r581Vz .
. E2
. 5. Store the encrypted
shares on blockchain
Share n E3
4. Split the file into n shares and randomly choose keys for
encryption
Figure 3.1: Data sharing on IPFS by owner
3.0.1 Data sharing
At first, owner initiates the digital data sharing by generating the meta data of
original file. Meta data would include the information such as; name of file, type,
description, and size. Once the meta file is ready, it is uploaded to the IPFS along

CHAPTER 3.
Review system for user
Web UI with HTML
User registering User can modify User can search

review review review
1. User first check the

rating of data before
requesting for particular
2. Submit a request to all workers 3.Verify the identity of recipient
data
for a particular file, attaching the
recipient signature
Smart contract Worker
5. Query the smart 6. Tries to decrypt

contract for file shares the content with its
Recipient
own private key
4. Submit deposit for digital content
7. If success, return the decrypted share, else refund the

deposited amount
Figure 3.2: Data request by recipient
with complete file of data.The snippet of file uploading to IPFS is given below:
//upload the plain file meta

ipfs.files.add(buf, function (err, meta_result) {
if(err) {
console.log(err);
return res.sendStatus(500);
}
console.log(meta_result);
res.json({ "meta_hash": meta_result[0].hash, "file_hash":
fileMeta.hash, "address": recipient_addr, "email": recipient_email
});
});
});

CHAPTER 3.
Customer
1. Submit reviews
2. ML to filter 3. Generate token

Review fake reviews for valid reviews
Token
filtration Generator
4. Store only valid
reviews in blockchain
Blockchain
Figure 3.3: Fake review
5. Refund 10% of actual amount

deposited by user as an incentive
Smart contract
1. Deposit full
3. Register reviews amount
2. Get the shares decrypted

by workers 4. Notification
Smart contract get
Review system notified about the
review registration
by particular user
Figure 3.4: Incentive for user registering reviews
});
Once the file is uploaded to IPFS, hashes of that data is generated by IPFS and
return bak to the owner. In our proposed scenario, workers nodes are generated
and their public-private key pair is stored in smart contracts. When the owner gets
the hash by IPFS, it searches in the smart contract for verified worker nodes, who
are responsible for providing decryption services to customers. Only that worker
can provide the services, who is selected by owner. When the owner receives the
hash, SSS algorithm is used to split the IPFS hash of file into k number of shares.
In response to these shares, owner decides the n number of random keys to be used
for encryption. Once all the shares are encrypted, they get stored in the blockchain
CHAPTER 3.
Smart Review
Owner Worker
Worker Customer IPFS
contract system
Upload file
Return IPFS hash
Query the smart contract for verified workers
Store the encryted share
Serch and register reviews

Submit
content
request
Verify
requestor
Deposit data price
Search the encrypted shares
Download file from IPFS
Register review about data
Get incentive
Figure 3.5: Sequence diagram for data sharing scenario
along with other important information such as; authorized recipient for the file.
Data security is ensured by encrypting the hashes. The reason behind this is that,
hash itself is not secure. It just represents a unique finger print for some data.
If any unauthorized customer, who has not submitted deposit for digital content
gets access to hash, then the complete file of data from IPFS can be fetched. In
such a way, owner would be in complete loss of business. In the proposed scenario,
only those customers are able to decrypt the hash, who have deposited the fund
and authorized by worker nodes. The overall flow of file uploading on IPFS by
owner is shown in Figure. 3.1.
3.0.1.1 SSS
Consider a secret S which is to be divided in to n number of pieces so that each

piece of data can be represented as S1 , . . . , Sn .

CHAPTER 3.
1. Combination of k or greater number of Si makes easy to compute original file

2. In other case, if there is k-1 or less number of Si then it would be difficult to
reconstruct the actual data, hence S becomes undetermined. It is known to be
(k, n) threshold scheme, where k=n means that all the involved entities need to
reconstruct the actual secret S [6]. In our case, split size and number of shares are
taken as 5 and 3 respectively. When shares are generated using SSS, these shares
are encrypted and stored into smart contract. These shares can only be decrypted
by verified workers whose public key is searched by owner while uploading the file
to IPFS.
3.0.2 Data retrieval
A detailed system model for customer requesting the digital content is shown
in Figure. 3.2. A customer first checks the existing review of data by previous
customers, so that quality of data can be properly verified before depositing the
ethers. The details of review system are going to be discussed in subsection 3.0.2.1.
3.0.2.1 Data review system
For data trading between owner and customer, a reputation system is available to
review the data being traded. It is to be noted that review, rating and reputation
are being used alternatively in this work. First of all, review system provides the
ratings or scores provided by customers who already have used the data. Based
upon these reviews, new buyers can check the quality, reliability, and integrity of
data. The immutability of reviews is ensured by using blockchain because data is
tamper proof in blockchain. After checking the ratings, the new customer decides,
whether the data is worth buying or not. After that, a request is submitted to
workers for particular data based upon the reviews. Once, the customer is satis-
fied from the reviews, a request is submitted to workers to access desired digital
content. For this purpose, a smart contract is deployed with functions; set reviews,
get reviews and get ratings. When a customer gets the data, he/she can submit
its own reviews using the set reviews function. These reviews are being stored in
blockchain as a result of each transaction carried out while submitting the review.
Isreviewexist function allows the new customers to check that, is there any avail-
able review for particular data? If not, then the integrity and authenticity of data
cannot be guaranteed at user’s end.

CHAPTER 3.
3.0.2.2 Detection of fake reviews
To detect fake online reviews, a system is presented in Figure. 3.3. At first step,
a customer submits the review to the detection app, known as Watson analyzer.
The tool first filters out the fake reviews based upon the emotional state. The
emotion can be analyzed by the way review is written. This task is performed
using artificial intelligence techniques. After that, these reviews are cross checked
by the company or owner of the product. The cross checking of reviews by owner
is important because most of the time, market competitors register the negative
reviews about the product to degrade the market value. The owner can reject or
accept the reviews after verification. In case, if reviews get rejected by filtration
tool and company, then the rejection reasons are delivered to customers to ensure
transparency. The accepted reviews are stored in blockchain and cannot be altered
because of immutability. Different cases of fake reviews registration is given as:
• Vote Manipulation:
A situation where owner asks their friends or employees to post fake reviews
regarding the quality of product
• Vote Buying:
When companies hire special employees to post reviews using fake emails
and user names by paying them handsome amount of money
• Vote on wrong thing:

This category has nothing to do with fake reviews, but most of the times,
customers do not actually give review on the product they are suppose to
register review on. For example, if customer has booked a room in a hotel
and did not like the beach closer to the hotel. Then the customer is most
likely to give negative reviews.
3.0.2.3 Data distribution to customers
Whenever a customer acquires a data, it sends a request to all the workers. A

request is accompanied by the digital signatures of customers. New requestor is
firstly identified by workers using RSA signatures. RSA is asymmetric system,
where public and private key pairs are generated, where private is secure one and
public is shared among others.

CHAPTER 3.
//RSA key pair generation

key0.generateKeyPair(2048, 65537);\\
fs.writeFileSync("privateKey_0.pem",
key0.exportKey(’pkcs8-private-pem’));
fs.writeFileSync("publicKey_0.pem", key0.exportKey(’pkcs8-public-pem’));
console.log("0 - RSA Key Pairs saved.");
After the identity of recipient is verified by worker, the recipient is supposed to

submit the ether as a price of digital content. Once the payment is done, the
workers proceed to search the encrypted shares in smart contract as requested. If
recipient is unauthorized or identity is not confirmed as a valid requestor, then
the smart contract terminates the transaction and workers ignore the received re-
quest. On the way around, workers retrieve n encrypted shares from blockchain
and decrypt them using their private keys. The important thing to notice here
that worker can only decrypt the shares on behalf of recipient if their public keys
are selected by owner while sharing the content on IPFS. After decryption, the
recipient is able to get the original IPFS file hash by reconstructing it. Once the
data has been downloaded by customer, data rating is expected to be registered
from that customer. Data rating depicts the quality of data and authenticity of
owner. The future customers can easily verify the quality by looking at the reviews
of particular data.
To ensure that the customer keeps on receiving the updated version of digital
content, a smart contract with subscription function is deployed. This function
allows the customer to subscribe the services of owner. Whenever owner of the
data modifies the existing content or releases the new editions of file, all the old
customers get notified about the release of new version. The advantage of version
control is the existing customers who already have bought the content from same
owner and paid the amount n form of digital currency, they do not have to pay
the full amount again. Either they pay some percentage of actual price or no price
at all. In this way, customers get the updated content without paying the full
amount again. These subscription services help the existing customers to get the
latest edition of documents.
To motivate the customer for their authentic feedback registration, an incentive
mechanism is introduced. There is an offer for customers that 10% of actual money
deposited is refunded to them who submit valid reviews. When the smart con-
tract gets notified about the review registration by particular customer, then the
reviews are validated as shown in Figure. 3.3. The smart contracts refunds the

CHAPTER 3.
10% of actual amount submitted if the review is not fake. If there is fake review
registration, no amount is refunded to customer. In a similar way, new customer
can search the reviews of data from the review based system. The reviews are be-
ing stored in blockchain and can be fetched upon customer request. The incentive
assigned to customer is shown in Figure. 3.4. The sequence diagram for all the
participating entities in the network and their interaction is shown in Figure. 3.5.
3.0.2.4 Dispute handling
When a customer downloads the digital content from IPFS server using hashes,
there could be a possibility that customer may get faulty or incomplete data. Data
is stored on IPFS nodes, so it may get altered while being stored on network nodes.
In Figure. 3.6, which is motivated from [46], three different cases are discussed,
where arbitrator solves the disputes for customers. Arbitrator acts as an unbiased
entity. The decisions like payment settlement or refund to the customer is merely
dependent on the decision of arbitrator.
• Case 1 : In this scenario, customer submits the price for digital content, get
access to the hashes and get the digital data on IPFS. These is no dispute in
this case, customer successfully downloads the accurate and complete data
from the server. The scenario for satisfied customer is shown in green box
in Figure. 3.6.
• Case 2 : After downloading the file from server, customer gets to know that
data is either incomplete or faulty. To verify the claim of customer, arbitrator
decrypts the same hash and access the data from IPFS. When data is cross
checked by arbitrator, it find the data complete and accurate. As a result,
it is concluded that customer’s claim is wrong and there is no refund policy
in this case.
• Case 3 : When arbitrator tries to download the file from server, and same
error occurs as highlighted by customer. Then a refund is done to customer
through smart contract by paying back the full deposited amount. In case,
the arbitrator makes decision, that customer’s claim is right, and there is
some fault or error, while downloading the file from IPFS.

CHAPTER 3.
Smart
Customer IPFS Arbitrator
contract
Download file Satisfied

Successful download customer
Unsuccessful download
Tries to get the
same file from Customer is
server wrong
Customer mistake
Payment settlement
Unsuccessful download Tries to get the

same file from Customer is
server right, refund
done
Customer is right
Refund Done
Figure 3.6: Sequence diagram for dispute handling
3.0.3 Smart contract design
Three special variables are mainly used in this paper:

msg.sender : Message or transaction of the sender (current call). A contract
address associated with the content creator, whenever a contract is deployed.
msg.value: Number of wei associated with the message, it is the cost$ when the
number of wei are fixed. One ether equals to 1018 wei.
tx.origin: Accounts that calls the smart contract.
3.0.3.1 IPFS storage contract
This contract provides the following primary functions:

addFile: Owner or creator of the contract can execute this function. Event is
triggered when a new file is uploaded to IPFS server, which returns IPFS hash
to owner and it gets stored in the smart contract. The uploaded content is only
requested by valid requestor except those which are blacklisted by the owner.

CHAPTER 3.
//Add file
function addFile(bytes32 id, bool isVisible) public {
require(!blacklist[msg.sender] && FileMap[id].timestamp == 0);
.
.
.
emit confirmFileIndexID( FileList.length-1, id);
}
deleteFile: This function is only executed when owner desires to delete specific file
from the server. When file deletion is required, index and address arguments are
passed to this function.
// File deletion
function deleteFile(uint index, bytes32 id, address[] memory addr)
public {
.
.
.
FileList[index] = 0;
emit confirmFileDeletion( index, id);
}
setRecipient When a data is requested by user, it is searched and mapped to the

request. If the desired data found, then a list of recipient is maintained by smart
contract to assign the digital content.
//Search content
function setRecipients(bytes32 id, bytes32[] memory newShares) public {
.
.
.
for (uint j = 0; j < addr.length; j++) {
FileMap[id].recipients[ addr[j] ] = value;
}
}

CHAPTER 3.
3.0.3.2 Data recipient contract
This contract is specifically designed for data recipient. Whenever a recipient

needs to buy a digital content, he/she has to deposit some ether after getting
identity verification from workers.
// Deposit money
function DepositEtherToBuycontent() public payable {
.
.
.
emit DepositMoneyDone(msg.sender, "Money Deposited , Customer Waiting
for decrypted share"); //trigger event
}
Customer download result: This function verifies that the file is successfully down-
loaded from IPFS against decrypted hash. It ensures that hash was decrypted
successfully and correctly. After downloading the file from IPFS, the customer
returns true to the bool function.
File server results: After the successful download confirmation from the customer,
file server also confirms that the customer was able to download the requested data
from the system. Confirmation from customer and file server is recorded to elimi-
nate any conflict between server and customer. In case, file server returns true to
the successful downloading of file and customer claims that no file was download
or data is unavailable on the server, a third unbiased entity is introduced to re-
solve the conflicts by authors in [46]. The third party; arbitrator downloads the
file using the same token provided to customer. If it gets successful, it means that
the claim of customer is false, and no refund is given to customer, other wise, the
deposited fund is given back to customer in case of incorrect data
3.0.3.3 Review system contract
The smart contract of review system has mainly four functions.

Set review : This function allows the customer to upload the reviews regarding
the used data from particular owner. The size of reviews vary depending upon the
description added by customer. Hence it shows different values of gas consumption
for different customers. A review interface is provided to customers containing

fields, such as, meta data of file against which reviews need to be submitted,
comments and rating of data. After that, a submit button is clicked to store the
reviews in blockchain.
Get review : This function in smart contract allows new users to search for the
reviews of available data. A new customer can search the submitted reviews by
using the same query words against which prior customers have submitted the
review. These reviews include the description about the quality of product. Once
a new customer is satisfied from the comments and reviews, it can process further
to buy the data from owner.
Get rating: The customers need to rate the product from 1 to 5, starting from
lowest to highest ranking. A review from 3.5 to 4 is considered as satisfactory
while 5 shows the highest ranked product among the customers. The rating of
any product is fetched from the blockchain as per customer’s request.
Is review exist: It is possible that for any product or data, a review may not
exist. So a customer first need to check the availability of review. In case, there
is no available review for a file, the system returns no results. So a customer
cannot rely on the quality of that product. For this purpose, an incentive for the
customers is introduced, so that they are encouraged to register their review for
every downloaded file from IPFS.
In this chapter, we have discussed the proposed system model. Owner and re-
questor modules are described separately. Moreover, smart contracts design is
discussed along with their functions. In Chapter 4, simulation results are dis-
cussed with implementation details.

Chapter 4
Simulation results and discussions
35
CHAPTER 4. 4.1. IMPLEMENTATION DETAILS
4.1 Implementation details
In this section, implementation details are provided. The proposed system is a

private network of Ethereum blockchain. Ethereum is distributed platform which
is an open source, makes efficient use of solidity. A programmable language that
allows to write smart contracts (scripting language).
4.1.1 Simulation setup
The specifications for implementation setup are: intel(R) core(TM) m3-7Y30

CPU@1.61GHz, 8GB RAM, 64 bit operating system and X64-based processor.
The programming language is solidity to write smart contract. Front end web
GUI is developed using Bootstrap 4.0 and Javascript for user interactive forms.
The primary tools used to develop this system is given below:
4.1.1.0.1 Visual Studio Code A lightweight cross platform code editor de-
signed by Microsoft for multiple operating systems. It allows powerful debugging
with a variety of tools, highlighted syntax, intelligently completion of code, build
in Git control and code refactoring [49].
4.1.1.0.2 Ganache A blockchain based emulator used to execute several tests

and commands. It controls the blockhain operation by inspecting the states of
system. Formerly, its name was Test RPC, which was later renamed to ganache.
It provides information such as; Visual MNEMONIC (key phrase for ganache
accounts) and account addresses [50].
4.1.1.0.3 Metamask It is a browser extension that allows a connectivity to

distributed web.Instead of running the full Ethereum node, it run Ethereum de-
centralized applications in browser [51].
4.1.2 Simulation results
To run the corresponding smart contracts, the gas price is adjusted to 2Gwei.
1Gwei is equivalent to 109 wei, which is about 10−9 ethers. The cost measured for
smart contracts are given in Table. 4.1 and 4.2.

Table. 4.1 refers to the gas consumption values for multiple functions executed
in smart contract. After one time deployment of IPFS storage smart contract,
the transaction and execution gas is recorded as 1808235 and 1338219 respec-
tively, which are noticed to be unchanged after multiple transactions. Here the
transaction cost is the amount of gas required to send data on blockchain net-
work and execution cost is the computational fee required to execute the function.
The actual cost is measured as $0.55 USD for the contract creation. When an
owner uploads a file to server, addFile function performs the operation costing
$0.016 USD as the actual cost. Similarly, when any file is deleted from the sys-
tem, deleteFile function is provoked. As a result, ConfirmFileDeletion event is
triggered. The actual cost for the execution of this function is recorded as $0.0088
USD. Recipient list maintains the record of authorized requestor who are validated
by workers. Whenever a new requestor gets authenticated, it becomes a part of
this list and setRecepient function is executed. Execution of this function costs
$0.0091 USD. Requestors which are not authorized and authenticated by workers
are stored in blacklist for future reference. So that, whenever, any person tries
to send a data request to owner, its request will be immediately discarded by the
system. As a result, setBlacklist function is executed which has a recorded cost of
$0.0043 USD. Gas consumption for all above functions is given in Figure. 4.1.
For data recipient contract, Table. 4.2 includes the gas consumption values for
the functions that are executed in this contract. For the contract creation, the
amount of transaction and execution gas consumed is 1723531 and 1277355 re-
spectively and the actual cost is $0.52 USD. When the file is requested from the
worker, the identity of requestor is first verified. After successful verification, the
user is allowed to deposit the price of digital content which is requested from the
server. In response to this action, CustomerPayment operation is performed with
the cost of $0.021 USD. The transaction and execution gas consumed for this oper-
ation is recorded as 70190 and 47510. Smart contract is tested with two requestor
with Ethereum addresses as 0x4b0897b0513fdc7c541b6d9d7e929c4e5364d2db and
0x583031d1113ad414f02576bd6afabfb302140225. Figure. 4.2 shows that ethers
equivalent to the price of digital content are deducted from these two Ethereum
accounts. The other two functions of this contract are DownloadResults and con-
firmFileserverResults. Once the file is downloaded from the server, the download
results are later verified by the recipient; whether the downloaded file is the re-
quested one or not. The actual cost for these functions are $0.0092 USD and
$0.016 USD respectively. The gas consumption graph for this contract is given in
Figure. 4.3.

To add a review system in data sharing scenario, separate smart contract is de-
ployed. A user needs to enter the account, which become the identity of the user
to view reviews about the data. To register new reviews, a ’Register’ button must
be clicked by user to fill out the fields like; Metadata, comments and ratings. In a
same way, reviews can be searched by new user by clicking the search button and
adding the query.
The review system smart contract is deployed on Ethereum platform. To deploy
any contract, specific amount of gas is required. The maximum limit of gas is pre
decided by creator, which is 3000000. Two types of gas consumed is observed;
transaction gas and execution gas. Transaction gas is the amount of gas required
to deploy the smart contract on blockchain. While the execution cost is the gas
required to execute logical operations in each function. In Figure. 4.4, the highest
gas is consumed by Add file function, as uploading review file on the system re-
quires time and cost. The amount of gas varies depending upon the size of file to
be uploaded on the review system. The rest of the operations, such as, get review,
get rating, is review exist show the minimum cost, as it does not require some
additional uploading. These functions just search the already existing review and
their rating from the system .Execution cost depends upon the number of lines of
codes and the logical operation being performed within the function. Ethereum
yellow paper [52] is referred to check the gas consumed for different types of oper-
ations.
Table 4.1: Smart contract cost test (IPFS storage: gas price=2 Gwei), 1
ether=150 USD
Functions Transaction gas Execution gas Actual cost(ether)
Contract creation 1808235 1338219 0.00361647

Add file 67512 53948 0.000107896
Delete file 29206 19034 0.000058412
Set receipient 34098 30231 0.000060462
Set blacklist 31290 14203 0.000028402

70000
Transaction Cost
Execution Cost
60000
Gas Consumption (gas)

50000
40000
30000
20000
10000
0
Add file Delete file Set recipient Set blacklist
Functions
Figure 4.1: Gas consumption for owner side contract
Figure 4.2: Money deposit from recipient
Table 4.2: Smart contract cost test (Proof of delivery: gas price=2 Gwei), 1
ether=150 USD

Customer payment 70190 47510 0.00014038
Download results 30373 30412 0.000060746
Confirm file server results 54428 76930 0.000108856
Figure. 4.5 represents the average computation time of CPU against the number of
shares generated in SSS. It is evident from the graph that as the number of shares
increases, the average CPU time increases exponentially. In this scheme, when
k = n, the shares are generated with polynomial whose degree increase with every
additional k in the system. The highest computation time is recorded as 0.66 ms

80000
Transaction Cost
Execution Cost
70000

60000
50000
40000
30000
20000
10000
0
Customer payment Download results Confirm file server results
Functions
Figure 4.3: Gas consumption for recipient side contract
Transaction Cost
120000 Execution Cost
100000
80000
60000
40000
20000
0
Set review Get review Get rating Is review exist
Functions
Figure 4.4: Gas consumption for review system
when k is equal to 11 shares and 0.32 ms is the lowest computational time when
number k is 3. Higher the number of shares would increase the computational
complexity because greater the number of secrets, higher it takes the time to
encrypt each share. Less number of shares are encrypted in shorter amount of
time. In our case, number of shares are decided to be 3 with split size 5 for the
simplicity of scenario. In this case, the average computation time is least which is
0.32 ms.

0.60
0.55
Average CPU time (ms)

0.50
0.45
0.40
0.35
0.30
3 5 7 9 11
Number of shares
Figure 4.5: Computational time for number of shares
Encryption
Decryption
8
Computational time (ms)
0
AES128 AES256 SSS
Figure 4.6: Computational time for different encryption schemes
Table 4.3: Smart contract cost test (Review system: gas price=2 Gwei), 1
ether=150 USD

Set review 128705 103785 0.00025741
Get review 24476 3106 0.000048952
Get rating 23364 2936 0.000046728
Is review exist 23470 2589 0.00004694
SSS is used in our scenario to split and then encrypt the hashes of file uploaded to
IPFS. A comparison between two encryption schemes, i.e., advanced encryption
standard (AES) 128 and AES 256. The encryption computational time of both
schemes is recorded as 6.64 and 8.62 ms respectively, while the encryption time for
Figure 4.7: Change of amount of gas consumed with different input lengths
of transactions
Figure 4.8: Change of mining time with different input lengths of transactions
SSS is 0.37. The significance difference in the computational time of these schemes
is because of search space size. AES 128 offers 2128 combinations of keys, while AES
256 offer 2256 keys. The larger the combination of keys, greater the computational
time as shown in Figure. 4.6. In contrast, SSS is showing least computational
time because there are no combination of keys. It works as a polynomial function
of (k, n) combination which means the only the defined number of splits are to be
encrypted. That is why the computational time of SSS is least as compared to
other scheme. In Figure. 4.7, different values of gas consumption is shown. Each
value varies depending upon the length of review added by user. The gas consumed
changes as the length of input string changes. Multiple gas consumption bars are
shown in Figure. 4.7. The x axis shows the independent variable, whereas, y axis
represent dependent variable which is gas consumption. Each bar shows higher
value of gas consumed than the previous one. It means that the string length is
increased from bar 1 to bar 4. Greater the length on input string, higher the gas
consumed [48].
Similarly Figure. 4.8 shows a relationship between input string length and mining

time of transactions. Mining time varies according to length of string entered

by user as it is a dependent variable. However, it is temporary and may not
necessarily increase with greater string length. It also does not depend upon the
lines of codes in a system. The condition of network or the choice of miners is the
major factor that influence the mining time of transaction. Sometimes, for greater
input length, the mining time may not remain same due to performance of miners.
Table. 4.3 shows the functions of reviews system with transaction and execution
gas along with actual cost in terms of ethers [48].
The detailed discussion of simulation results is given in this chapter. Implemen-

tation details are given and simulation results are discussed along with gas con-
sumption analysis. In Chapter 5, thesis is concluded along with future directions.

Chapter 5
Conclusion and future work
44
CHAPTER 5. 5.1. CONCLUSION
5.1 Conclusion
In this thesis, a blockchain based secure data sharing and delivery of digital assets
framework is presented. The main aim of this proposed scenario is to provide data
authenticity and quality of data to customer as well as a stable business platform
for owner. A decentralized storage; IPFS provides the solution for bloating prob-
lem at owner’s end. Data hashes returned by IPFS are encrypted using SSS, so
that a customer who have not deposited digital content price, cannot access the
data. In this way, owner is satisfied from any type of hash leakage to unauthorized
customer. Data authenticity is ensured by adding a review based system, where
customers can record their comments and rating about the data. In this way, new
customers can judge the quality of data, hence money can be saved at customer’s
end. Different smart contracts are designed for various purposes; such as, owner
smart contract for uploading the file on IPFS and encrypting the hashes. The
other smart contract is for user side. A user can access the file hashes from smart
contact after authentication from worker nodes. Finally, review system smart con-
tract can help new and old customers to search and register reviews. Simulation
results are performed for gas consumption and cost analysis of these smart con-
tracts. Each function consumes different gas value depending upon the logics and
complexity of operations being performed in each function. Moreover, computa-
tional complexity of other encryption schemes are compared with the one used in
this thesis. Results have shown that the encryption scheme used in this thesis for
encrypting the shares has least computational time.
5.1.1 Future studies
In future, our focus will be on the trading and monetization of data generated by
IoT devices using blockchain.

Chapter 6
References
46
References
[1] Shrestha, A.K. and Vassileva, J., 2018, June. Blockchain-Based Research Data
Sharing Framework for Incentivizing the Data Owners. In International Con-
ference on Blockchain (pp. 259-266). Springer, Cham.
[2] Nakamoto, S., 2008. Bitcoin: A peer-to-peer electronic cash system.[Online].

Available: https://bitco.in/pdf/bitcoin.pdf
[3] Crosby, M., Pattanayak, P., Verma, S. and Kalyanaraman, V., 2016.
Blockchain technology: Beyond bitcoin. Applied Innovation, 2(6-10), p.71.
[4]
[5] Benet, J., 2014. Ipfs-content addressed, versioned, p2p file system. arXiv
preprint arXiv:1407.3561.
[6] Shamir, A., 1979. How to share a secret. Communications of the ACM, 22(11),
pp.612-613.
[7] Wood, G., 2014. Ethereum: A secure decentralised generalised transaction

ledger. Ethereum project yellow paper, 151, pp.1-32.
[8] Nakamoto, S., 2008. Bitcoin: A peer-to-peer electronic cash system.[Online].

Available: https://bitco.in/pdf/bitcoin.pdf
[9] Hopwood, D., Bowe, S., Hornby, T. and Wilcox, N., 2016. Zcash protocol
specification. Tech. rep. 2016–1.10. Zerocoin Electric Coin Company, Tech.
Rep.
[10] Wu, A., Zhang, Y., Zheng, X., Guo, R., Zhao, Q. and Zheng, D.,
2019. Efficient and privacy-preserving traceable attribute-based encryption in
blockchain. Annals of Telecommunications, pp.1-11.
[11] Zhang, Z. and Zhao, L., 2018, June. A Design of Digital Rights Management
Mechanism Based on Blockchain Technology. In International Conference on
Blockchain (pp. 32-46). Springer, Cham.
[12] Ma, Z., Jiang, M., Gao, H. and Wang, Z., 2018. Blockchain for digital rights
management. Future Generation Computer Systems, 89, pp.746-764.
47
CHAPTER 6. REFERENCES
[13] Rowhani-Farid, A., Allen, M. and Barnett, A.G., 2017. What incentives in-
crease data sharing in health and medical research? A systematic review.
Research integrity and peer review, 2(1), p.4.
[14] Zhu, L., Wu, Y., Gai, K. and Choo, K.K.R., 2019. Controllable and trustwor-
thy blockchain-based cloud data management. Future Generation Computer
Systems, 91, pp.527-535.
[15] Li, J., Wu, J. and Chen, L., 2018. Block-secure: Blockchain based scheme for
secure P2P cloud storage. Information Sciences, 465, pp.219-231.
[16] Li, J., Wang, X., Huang, Z., Wang, L. and Xiang, Y., 2019. Multi-level multi-
secret sharing scheme for decentralized e-voting in cloud computing. Journal
of Parallel and Distributed Computing.
[17] Huang, Q., Ma, Z., Yang, Y., Niu, X. and Fu, J., 2014. Attribute based DRM
scheme with dynamic usage control in cloud computing. China Communica-
tions, 11(4), pp.50-63.
[18] Sun, W., Yu, S., Lou, W., Hou, Y.T. and Li, H., 2016. Protecting your right:
Verifiable attribute-based keyword search with fine-grained owner-enforced
search authorization in the cloud. IEEE Transactions on Parallel and Dis-
tributed Systems, 27(4), pp.1187-1198.
[19] Xia, Q.I., Sifah, E.B., Asamoah, K.O., Gao, J., Du, X. and Guizani, M., 2017.
MeDShare: Trust-less medical data sharing among cloud service providers via
blockchain. IEEE Access, 5, pp.14757-14767.
[20] Hammi, M.T., Hammi, B., Bellot, P. and Serhrouchni, A., 2018. Bubbles of
Trust: A decentralized blockchain-based authentication system for IoT. Com-
puters and Security, 78, pp.126-142.
[21] Liang, W., Tang, M., Long, J., Peng, X., Xu, J. and Li, K.C., 2019. A Secure
Fabric Blockchain-based Data Transmission Technique for Industrial Internet-
of-Things. IEEE Transactions on Industrial Informatics.
[22] Wang, Y. and Kogan, A., 2018. Designing confidentiality-preserving

Blockchain-based transaction processing systems. International Journal of Ac-
counting Information Systems, 30, pp.1-18.
[23] Chen, L., Lee, W.K., Chang, C.C., Choo, K.K.R. and Zhang, N., 2019.
Blockchain based searchable encryption for electronic health record sharing.
Future Generation Computer Systems, 95, pp.420-429.
[24] Weng, J., Weng, J., Zhang, J., Li, M., Zhang, Y. and Luo, W., 2018.
Deepchain: Auditable and privacy-preserving deep learning with blockchain-
based incentive. Cryptology ePrint Archive, Report 2018/679.
[25] Axon, L., 2015. Privacy-awareness in Blockchain-based PKI.

[26] Banerjee, A. and Joshi, K.P., 2017, December. Link before you share: Manag-
ing privacy policies through blockchain. In 2017 IEEE International Conference
on Big Data (Big Data) (pp. 4438-4447). IEEE.
[27] Kaaniche, N. and Laurent, M., 2017, October. A blockchain-based data

usage auditing architecture with enhanced privacy and availability. In 2017
IEEE 16th International Symposium on Network Computing and Applications
(NCA) (pp. 1-5). IEEE.
[28] Aitzhan, N.Z. and Svetinovic, D., 2018. Security and privacy in decentralized
energy trading through multi-signatures, blockchain and anonymous messag-
ing streams. IEEE Transactions on Dependable and Secure Computing, 15(5),
pp.840-852.
[29] Steichen, M., Fiz Pontiveros, B., Norvill, R. and Shbair, W., 2018, July.
Blockchain-Based, Decentralized Access Control for IPFS. In The 2018 IEEE
International Conference on Blockchain (Blockchain-2018) (pp. 1499-1506).
IEEE.
[30] Gaby, G., Chandra, L., Enderson, T., 2017, November. Towards Secure Inter-
operability between Heterogeneous Blockchains using Smart Contracts. Future
Technologies Conference (FTC), pp.73-81.
[31] Dias, J.P., Reis, L., Ferreira, H.S. and Martins, Â., 2018. Blockchain for access
control in e-health scenarios. arXiv preprint arXiv:1805.12267.
[32] Fukumitsu, M., Hasegawa, S., Iwazaki, J., Sakai, M. and Takahashi, D., 2017,
March. A proposal of a secure P2P-type storage scheme by using the secret
sharing and the blockchain. In 2017 IEEE 31st International Conference on
Advanced Information Networking and Applications (AINA) (pp. 803-810).
IEEE.
[33] Guo, R., Shi, H., Zhao, Q. and Zheng, D., 2018. Secure attribute-based sig-
nature scheme with multiple authorities for blockchain in electronic health
records systems. IEEE Access, 6, pp.11676-11686.
[34] Xu, X., Lu, Q., Liu, Y., Zhu, L., Yao, H. and Vasilakos, A.V., 2019. Designing
blockchain-based applications a case study for imported product traceability.
Future Generation Computer Systems, 92, pp.399-406.
[35] Toyoda, K., Mathiopoulos, P.T., Sasase, I. and Ohtsuki, T., 2017. A novel
blockchain-based product ownership management system (POMS) for anti-
counterfeits in the post supply chain. IEEE Access, 5, pp.17465-17477.
[36] Hasan, H.R. and Salah, K., 2018. Blockchain-based proof of delivery of phys-
ical assets with single and multiple transporters. IEEE Access, 6, pp.46781-
46793.
[37] Li, H., Zhang, F., He, J. and Tian, H., 2017. A searchable symmetric encryp-
tion scheme using blockchain. arXiv preprint arXiv:1711.01030.

[38] Liu, C.H., Lin, Q. and Wen, S., 2018. Blockchain-enabled Data Collection and
Sharing for Industrial IoT with Deep Reinforcement Learning. IEEE Transac-
tions on Industrial Informatics.
[39] Zhao, Y., Yu, Y., Li, Y., Han, G. and Du, X., 2019. Machine learning based
privacy-preserving fair data trading in big data market. Information Sciences,
478, pp.449-460.
[40] Nizamuddin, N., Salah, K., Azad, M.A., Arshad, J. and Rehman, M.H., 2019.
Decentralized document version control using ethereum blockchain and IPFS.
Computers and Electrical Engineering, 76, pp.183-197.
[41] Agyekum, O., Opuni-Boachie, K., Xia, Q., Sifah, E.B., Gao, J., Xia, H., Du,
X. and Guizani, M., 2019. A Secured Proxy-Based Data Sharing Module in
IoT Environments Using Blockchain. Sensors, 19(5), p.1235.
[42] Wang, S., Zhang, Y. and Zhang, Y., 2018. A blockchain-based framework for
data sharing with fine-grained access control in decentralized storage systems.
IEEE Access, 6, pp.38437-38450.
[43] Panescu, A.T. and Manta, V., 2018. Smart Contracts for Research Data
Rights Management over the Ethereum Blockchain Network. Science and Tech-
nology Libraries, 37(3), pp.235-245.
[44] Dai, M., Zhang, S., Wang, H. and Jin, S., 2018. A low storage room re-
quirement framework for distributed ledger in blockchain. IEEE Access, 6,
pp.22970-22975.
[45] Nizamuddin, N., Hasan, H., Salah, K. and Iqbal, R., 2019. Blockchain-Based
Framework for Protecting Author Royalty of Digital Assets. Arabian Journal
for Science and Engineering, pp.1-18.
[46] Hasan, H.R. and Salah, K., 2018. Proof of delivery of digital assets using
blockchain and smart contracts. IEEE Access, 6, pp.65439-65448.
[47] Chen, Y., Li, H., Li, K. and Zhang, J., 2017, December. An improved P2P
file system scheme based on IPFS and Blockchain. In 2017 IEEE International
Conference on Big Data (Big Data) (pp. 2652-2657). IEEE.
[48] Park, J.S., Youn, T.Y., Kim, H.B., Rhee, K.H. and Shin, S.U., 2018. Smart
contract-based review system for an IoT data marketplace. Sensors, 18(10),
p.3577.
[49] Truffle Suite. Available online: https://truffleframework.com/tutorials/configuring-
visual-studio-code(accessed on 23 April 2019)
[50] Truffle Suite. Available online: https://truffleframework.com/docs/ganache/
overview(accessed on 23 April 2019)
[51] MetaMask. https://metamask.io/(accessed on 23 April 2019)
[52] Wood, G., 2014. Ethereum: A secure decentralised generalised transaction
ledger. Ethereum project yellow paper, 151, pp.1-32.
CHAPTER 6. JOURNAL PUBLICATIONS
Journal publications
1 Muqaddas Naz, Zafar Iqbal, Nadeem Javaid, Zahoor Ali Khan, Wadood
Abdul, Ahmad Almogren, and Atif Alamri. “Efficient Power Scheduling in
Smart Homes Using Hybrid Grey Wolf Differential Evolution Optimization
Technique with Real Time and Critical Peak Pricing Schemes.” Energies
2018, 11(2), 384, ISSN 1996-1073 (IF= 2.676, Q2).

CHAPTER 6. CONFERENCE PROCEEDINGS
Conference proceedings
1 Naz, Muqaddas, Nadeem Javaid, Urva Latif, Talha Naeem Qureshi, Aqdas
Naz, and Zahoor Ali Khan, “Efficient Power Scheduling in Smart Homes
using Meta Heuristic Hybrid Grey Wolf Differential Evolution Optimization
Technique ”, in 32nd International Conference on Advanced Information
2 Ullah, Zia, Muqaddas Naz, Adia Khalid, Shoaron Wang, Aisha Fatima and
Nadeem Javaid, “Survey of Pre-processing Techniques for Mining Big Data
in Smart Grid ”, In 13th International Conference on Complex, Intelligent,
and Software Intensive System (CISIS-2019).
3 Latif, Urva, Nadeem Javaid, Syed Shahab Zarin, Muqaddas Naz, Asma Ja-
mal, and Abdul Mateen, “Cost Optimization in Home Energy Management
System using Genetic Algorithm, Bat Algorithm and Hybrid Bat Genetic
Algorithm ” , in 32nd International Conference on Advanced Information
4 Muhammad Hassan Rahim, Nadeem Javaid, Sahar Rahim, Muqaddas Naz,

Mariam Akbar, and Farhana Javed, “Weighted Cuckoo Search based Load
Balanced Cloud for Green Smart Grids ”, in 12th International Conference
on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS),
2018, pp. 252-264.
5 Fatima, Itrat, Nadeem Javaid, Abdul Wahid, Zunaira Nadeem, Muqaddas

Naz, and Zahoor Ali Khan, “Stochastic Power Management in Microgrid
with Efficient Energy Storage ”, in 6th International Conference on Emerg-
ing Internet, Data and Web Technologies (EIDWT), 2018, pp. 202-213.

Muqaddas MS CS Thesis Final

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Muqaddas MS CS Thesis Final

Uploaded by

Copyright:

Available Formats

Research based Data Rights Management over

Ethereum using Blockchain

COMSATS University Islamabad, Islamabad - Pakistan

Research based Data Rights Management over

COMSATS University Islamabad

A Post Graduate Thesis submitted to the Department of Computer Science as

Name Registration Number

Dr. Nadeem Javaid,

Dr. Sohail Iqbal,

This thesis titled

Research based Data Rights Management over Ethereum using

has been approved

I Muqaddas Naz (Registration No. CIIT/FA17-RCS-025/ISB) hereby declare that

It is certified that Muqaddas Naz (Registration No. CIIT/FA17-RCS-025/ISB)

Dr. Nadeem Javaid,

Dr. Sohail Iqbal,

Dr. Majid Iqbal Khan,

Foremost, I am sincerely thankful to my supervisor Dr. Nadeem Javaid for his

Moreover, I am very much thankful to my special friends; Sundus, Zunaira, Itrat,

In a research community, data sharing is an essential step to gain maximum knowl-

4 Muhammad Hassan Rahim, Nadeem Javaid, Sahar Rahim, Muqaddas Naz,

5 Fatima, Itrat, Nadeem Javaid, Abdul Wahid, Zunaira Nadeem, Muqaddas

List of figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

List of abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

1.1.1 Thesis contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.1.2 Thesis organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Conclusion of the chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Related work and problem statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.1 Related work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 Digital content protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.2 Blockchain in cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.1.3 Blockchain in IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.1.4 Blockchain for privacy preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.1.5 Access control using blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.2 Motivation and Problem statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Proposed system model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.0.1 Data sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.0.2 Data retrieval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.0.2.1 Data review system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.0.2.2 Detection of fake reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.0.2.3 Data distribution to customers . . . . . . . . . . . . . . . . . . . . . . . 28

3.0.2.4 Dispute handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.0.3 Smart contract design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.0.3.1 IPFS storage contract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.0.3.2 Data recipient contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.0.3.3 Review system contract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.1 Conclusion of the chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4 Simulation results and discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

4.1 Implementation details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.1.1 Simulation setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.1.1.0.1 Visual Studio Code . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.1.2 Simulation results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.2 Conclusion of the chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5 Conclusion and future work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.1.1 Future studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.1 Data sharing on IPFS by owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1 Gas consumption for owner side contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

2.1 Summarized related work.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

ABE-UR Attribute based encryption user revocation

2 Thesis by: Muqaddas Naz

3 Thesis by: Muqaddas Naz

1.1.1 Thesis contributions