Institute of Computing Technology, Chinese Academy IR
| DiSAuth: A DNS-based secure authorization framework for protecting data decoupled from applications | |
| Li, Ying1,2; Wei, Jiuqi1,2; Fei, Ziyu1,2; Fu, Yufan1,2; Lee, Xiaodong1 | |
| 2024-12-01 | |
| 发表期刊 | COMPUTER NETWORKS
 |
| ISSN | 1389-1286 |
| 卷号 | 254页码:18 |
| 摘要 | Nowadays, centralized applications are called for returning data ownership to owners, due to their frequent data breaches. Decoupling data from applications is a popular way to give back owners' control over data. To control data only accessed by authorized parties, authorization is critical. When faced with the new and complex relationships between applications and data, traditional authorizations cannot meet ownership and usage protection needs, and security requirements. This paper proposes DiSAuth, a secure authorization framework based on Domain Name System (DNS) and blockchain, to provide tamper-resistant, verifiable, and privacy-preserving authorization to protect data which are decoupled from applications. Our novel tree-based data structure for authorization is backward compatible with DNS, which brings high utility. Besides, our design of a hybrid encryption schema and anonymous identities provides privacy-preserving authorization. To our knowledge, DiSAuth is the first authorization framework that utilizes a robust Internet infrastructure DNS as the basis and proposes a new Internet authorization protocol for protecting data decoupled from applications. Our evaluation demonstrates the utility of DiSAuth and shows the superior efficiency of DiSAuth in authorization verification. Compared to traditional blockchain-based solutions, our combination of DNS and blockchain achieves higher efficiency while ensuring security; especially, the read time is similar to 3 orders of magnitude better. |
| 关键词 | Authorization Data security and privacy DNS Blockchain |
| DOI | 10.1016/j.comnet.2024.110774 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | Ministry of Industry and Information Technology of China[TC200A00S] ; Ministry of Industry and Information Technology of China[E051570] |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Engineering, Electrical & Electronic ; Telecommunications |
| WOS记录号 | WOS:001316262500001 |
| 出版者 | ELSEVIER |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/39590 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Li, Ying; Lee, Xiaodong |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Lab Infrastruct, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Ying,Wei, Jiuqi,Fei, Ziyu,et al. DiSAuth: A DNS-based secure authorization framework for protecting data decoupled from applications[J]. COMPUTER NETWORKS,2024,254:18. |
| APA | Li, Ying,Wei, Jiuqi,Fei, Ziyu,Fu, Yufan,&Lee, Xiaodong.(2024).DiSAuth: A DNS-based secure authorization framework for protecting data decoupled from applications.COMPUTER NETWORKS,254,18. |
| MLA | Li, Ying,et al."DiSAuth: A DNS-based secure authorization framework for protecting data decoupled from applications".COMPUTER NETWORKS 254(2024):18. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论