BBAD: Blockchain-based data assured deletion and access control system for IoT.

The massive data generated by the Internet of Things (IoT) is often outsourced to the cloud, leading to a separation between data ownership and management. Access control during the data's validity period and assured deletion once that period expires are both crucial for protecting privacy. While recent research has primarily focused on access control, assured deletion has received less attention. Existing assured deletion schemes can be classified into key-control based and cryptographic policy based methods, but to varying degrees, they have limitations such as requiring a trusted third party, high encryption overhead, lack of support for deletion verification and fine-grained access control. To address these limitations, we propose BBAD, a blockchain-based assured deletion scheme that leverages smart contracts for fine-grained access control, employs Shamir secret sharing and re-encryption for assured key deletion, and utilizes Merkle Hash Tree (MHT) for public deletion verification. Notably, BBAD eliminates the need for a trusted third party, exhibits low computational overhead, supports customizable deletion time limit, and enables offline verification of deletion for users. Our experimental comparison with two prominent alternatives, Secure Electronic-Document Self-Destructing with Identity-Based Timed-Release Encryption (ESITE) and Key-Policy Attribute-Based Encryption for Assured Deletion (AD-KP-ABE), demonstrates that BBAD reduces data processing time by over 46.5%, data deletion time by 98.4%, and deletion verification time by 99.0%. [ABSTRACT FROM AUTHOR]