Access Management of User and Cyber-Physical Device in DBaaS according to Indian IT Laws using Blockchain

Abstract

Computing on the cloud has changed the working of mankind in every manner, from storing to fetching every information on the cloud. To protect data on the cloud various access procedures and policies are used such as authentication and authorization. Authentication means the intended user is access data on the cloud and authorization means the user is accessing only that data for which he is allowed. The intended user now also includes Cyber-Physical Devices. Cyber-Physical Devices share data between them, fetch data from cloud. Cloud data is managed by employees of cloud Companies. Persons sitting on the cloud managing companies data is always doubtful as so many insider attacks have happened in the past affecting the company Image in the market. Data Related to Cyber-Physical Space may come under Insider attack. Companies managing user data are also liable to protect user data from any type of attack under various sections of the Indian IT act. Work in this paper has proposed blockchain as a possible solution to track the activities of employees managing cloud. Employee authentication and authorization are managed through the blockchain server. User authentication related data is stored in blockchain. Authorization rules are written in any Role/Attribute-based access language. These authorization rules stores the data related to user requests allowed access to data in blockchain. Proposed work will help cloud companies to have better control over their employee’s activities, thus help in preventing insider attack on User and Cyber-Physical Devices.