As an attractive business model of cloud computing, outsourcing services usually involve online payment and security issues. The mutual distrust between users and outsourcing service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing payment solutions only consider a specific type of outsourcing service and rely on a trusted third-party to realize fairness. In this paper, in order to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or not, we introduce BCPay, a blockchain based fair payment framework for outsourcing services in cloud computing. We first present the system architecture, specifications and adversary model of BCPay, then describe in detail its design. Our security analysis indicates that BCPay achieves Soundness and what we call Robust Fairness, where the fairness is resilient to eavesdropping and malleability attacks. Furthermore, our performance evaluation shows that BCPay is very efficient in terms of the number of transactions and computation cost. As illustrative applications of BCPay, we further construct a blockchain-based provable data possession scheme in cloud computing and a blockchain-based outsourcing computation protocol in fog computing.
As a promising computing paradigm, cloud computing has many attractive benefits, such as flexibility, high efficiency and high availability. It can provide a diversity of outsourcing services including storage and computations . With the rapid development of cloud computing technologies, an increasing number of individuals and enterprises have uploaded their various data onto third-party cloud platforms either for ease of sharing or for cost savings. The cloud storage service of Dropbox currently has approximately 500 million registered users and 500 petabytes of user data . Users can also subscribe to flexible computation resources from cloud service providers such as Google and Amazon. In order to facilitate the operation of computation, storage and networking services between end users and cloud computing data centers, fog computing further extends cloud computing to the edge of the network . In fog computing, the outsourcing computation service is required because end users usually are resource-constrained. Obviously, outsourcing services play an important role in the development of cloud and fog computing. Although cloud computing allows users to customize outsourcing services, its unique aspects also raise various security and privacy concerns [29,32,34,35,41,49–51]. In cloud storage, for instance, users usually require assurance of data possession besides confidentiality of outsourced data. As for computation, users expect to get valid and correct computation results from the outsourcing service provider once the service fee is paid. Recently, great efforts have been made to realize provable data possession (PDP) [4,6] and verifiable outsourcing computation [13,15,25,33,42]. However, most of the existing schemes do not consider the payment issues in outsourcing services. Take PDP as an example. In a challenge proof of PDP, if the server is malicious, a user’s data may be lost without any compensation even if he/she has paid for the service. On the other hand, in the case of a malicious user, the server cannot earn the service fee from the user even if it enforces a valid and correct PDP service. Because of the distrust between the user and the server [18,24,37,47,48], the payment issues are sufficiently challenging for outsourcing services considering fairness. In order to simultaneously address the payment and security issues, most of the existing schemes adopt the (default) traditional payment mechanism and rely on a trusted third-party such as a bank. For example, the Google cloud platform provides a series of cloud services including computing and data storage, and the registration requires a bank account . In cloud computing, however, the traditional payment solution suffers several drawbacks. First, it is assumed that the bank is trusted by all the users and the server and it deals with all procedures in a fair manner. Second, the payment mechanism needs to be adapted to multiple banks used by different participants and has to be updated whenever they change, which will become a bottleneck of the payment system. Last but not least, users’ privacy associated with bank accounts may be violated.