DLT-Based Personal Data Access Control with Key-Redistribution

University of Turin, Italy The authors contributed equally

Abstract: Data management services present a challenge in terms of trust, as service managers can access the data on their servers easily. Decentralized data services and smart contracts can solve problems related to the presence of centralized trusted authorities, but in turn they can introduce other issues related to compliance with data protection and regulations (e.g., GDPR). Historically, encryption has been used to address some of these concerns, but it restricts data sharing. To facilitate encrypted decentralized file storage while enabling data sharing, we propose a Key-Redistribution Proxy Re-Encryption (KeRePRE) system. KeRePRE is a decentralized and encrypted data-service, where authorization servers are part of a threshold proxy re-encryption scheme. A key-redistribution mechanism (that extends the Um-bral scheme) allows for the addition and removal of managers in a decentralized and trustless manner. Additionally, we offer a proof of concept implementation, where data access control is based on an access control list, implemented as a smart contract in a DLT, and can be read-only accessed by the authorization servers.
If you find this work useful, please consider citing it:

    @inproceedings{10338895,
    author={Barbàra, Fadi and Zichichi, Mirko and Ferretti, Stefano and Schifanella, Claudio},
    booktitle={2023 Fifth International Conference on Blockchain Computing and Applications (BCCA)}, 
    title={DLT-Based Personal Data Access Control with Key-Redistribution}, 
    year={2023},
    doi={10.1109/BCCA58897.2023.10338895}}
  

Phases of the protocol
The image represents the Umbral work flow with our key redistribution extension (in red). Either DH or DR can trigger a key redistribution procedure. The nodes in the threshold proxy re-encryption operate the kFrag and cFrag redistribution.

Data Sharing steps between DR and DR

Data Sharing steps between the data holder DR and the data receiver DR

Average response latency

Average response latency when increasing the threshold t value and the number of Holders k for operations involving writing to the ISC blockchain.