In these several years, the knowledge finding from big data keeps growing. Big companies or organization try to get an accurate prediction for their customer or targeted customer. The privacy of customer can be abused by the companies and also not get another benefit from the data that already provided to companies. In this thesis, we propose a private data buying-selling platform that not only secure but also can protect the user's identity. Utilizing ciphertext-policy attribute-based encryption for securing private data. Also uses a blockchain framework to create anonymity of user and securing transaction using a decentralized method. Moreover, our proposed platform is also proven to be secure and could withstand some well-known attacks.

In these several years, the knowledge finding from big data keeps growing. Big companies or organization try to get an accurate prediction for their customer or targeted customer. The privacy of customer can be abused by the companies and also not get another benefit from the data that already provided to companies. In this thesis, we propose a private data buying-selling platform that not only secure but also can protect the user's identity. Utilizing ciphertext-policy attribute-based encryption for securing private data. Also uses a blockchain framework to create anonymity of user and securing transaction using a decentralized method. Moreover, our proposed platform is also proven to be secure and could withstand some well-known attacks.

Recommendation Letter . . . . . . . . . . . . . . . . . . . . . . . . i
Approval Letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
List of Pseudocodes . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . .6
2.3 Attribute-based encryption . . . . . . . . . . . . . . . . 8
2.4 Private data sharing . . . . . . . . . . . . . . . . . . . . . . . 10
3 System Environment and Protocol Designs . . . 12
3.1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2 Architecture Design . . . . . . . . . . . . . . . . . . . . . . . 13
3.3 Access Tree Structure Design . . . . . . . . . . . . . . . 20
3.4 Transaction Data Structure Design . . . . . . . . . . 22
3.5 Protocol Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.5.1 Protocol Initialization . . . . . . . . . . . . . . . . . . . . . 25
3.5.2 Seller’s Master Key Generator Protocol . . 28
3.5.3 Data Uploading Protocol . . . . . . . . . . . . . . . . . . 29
3.5.4 Data Purchasing Protocol . . . . . . . . . . . . . . . . . 34
3.5.5 Data Downloading Protocol . . . . . . . . . . . . . . . 37
4 Prototype Design and Implementation . . . . . . . . 42
4.1 Prototype Design . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.1.1 Key Exchange Procedure . . . . . . . . . . . . . . . . . . 42
4.1.2 Attribute Based Encryption and Decryption Function 45
4.2 Prototype Implementation . . . . . . . . . . . . . . . . . . . 46
5 Security and Performance Analyses . . . . . . . . . . . . . 47
5.1 Informal Security Analysis . . . . . . . . . . . . . . . . . . . . 47
5.2 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . 50
5.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

[1] R. L. Rivest, “Cryptography,” in Handbook of Theoretical Computer Science (Vol. A), pp. 717–755, 1990.
[2] P. Mell and T. Grance, “On-demand self-service.,” Nist, vol. 15, pp. 10–15, 2009.
[3] A. S. Horvath and R. Agrawal, “Trust in cloud computing: A user’s perspective,” Conference Proceedings - IEEE SOUTHEASTCON, vol. 2015-June, no. June, pp. 1–8, 2015.
[4] S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system.” \url{https://bitcoin.org/bitcoin.pdf}.
[5] A. Back, “Hashcash - A Denial of Service Counter-Measure,”
[6] J. Chase, R. Kaewpuang, W. Yonggang, and D. Niyato, “Joint virtual machine and bandwidth allocation in software defined network (SDN) and cloud computing environments,” 2014 IEEE International Conference on Communications, ICC 2014, pp. 2969–2974, 2014.
[7] M. Lakshmi Neelima and M. Padma, “a Study on Cloud Storage,” International Journal of Computer Science and Mobile Computing, vol. 35, no. 5, pp. 966–971, 2014.
[8] A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption,” pp. 457–473, 2004.
[9] A. Shamir, “Identity-based cryptosystems and signature schemes,” In Proceedings of CRYPTO 84 on Advances in cryptology, pp. 47–53, 1985.
[10] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” p. 89, 2007.
[11] J. Bethencourt and B. Waters, “Ciphertext-Policy Attribute-Based Encryption,” 2007.
[12] F. Guo, Y. Mu, W. Susilo, D. S. Wong, and V. Varadharajan, “CP-ABE with constant-size keys for lightweight devices,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 5, pp. 763–771, 2014.
[13] X. Zheng, R. R. Mukkamala, R. Vatrapu, and J. Ordieres-Mere, “Blockchain-based personal health data sharing system using cloud storage,” 2018 IEEE 20th International Conference on e-Health Networking, Applications and Services, Healthcom 2018, 2018.
[14] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “MedRec: Using blockchain for medical data access and permission management,” Proceedings - 2016 2nd International Conference on Open and Big Data, OBD 2016, pp. 25–30, 2016.
[15] Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani, “MeDShare: Trust-Less Medical Data Sharing among Cloud Service Providers via Blockchain,” IEEE Access, vol. 5, pp. 14757–14767, 2017.
[16] J. L. Raisaro, J. Troncoso-Pastoriza, M. Misbach, J. Sa Sousa, S. Pradervand, E. Missiaglia, O. Michielin, B. Ford, and J. P. Hubaux, “MedCo: Enabling Secure and Privacy-Preserving Exploration of Distributed Clinical and Genomic Data,” IEEE/ACM Transactions on Computational Biology and Bioinformatics, vol. 5963, no. c, pp. 1–14, 2018.
[17] U.S. Department of Health & Human Services, “The health insurance portability and accountability act (hipaa).” https://www.hhs.gov/hipaa/index.html. [Online; accessed 25-July-2019].
[18] EU Parlament, “The EU General Data Protection Regulation (GDPR).” https://www.hhs.gov/hipaa/index.html. [Online; accessed 25-July-2019].