DLT-Based Personal Data Access Control with Key-Redistribution
Abstract:
Data management services present a challenge in terms of trust, as
service managers can access the data on their servers easily.
Decentralized data services and smart contracts can solve problems
related to the presence of centralized trusted authorities, but in turn
they can introduce other issues related to compliance with data
protection and regulations (e.g., GDPR). Historically, encryption has
been used to address some of these concerns, but it restricts data
sharing. To facilitate encrypted decentralized file storage while
enabling data sharing, we propose a Key-Redistribution Proxy
Re-Encryption (KeRePRE) system. KeRePRE is a decentralized and encrypted
data-service, where authorization servers are part of a threshold proxy
re-encryption scheme. A key-redistribution mechanism (that extends the
Um-bral scheme) allows for the addition and removal of managers in a
decentralized and trustless manner. Additionally, we offer a proof of
concept implementation, where data access control is based on an access
control list, implemented as a smart contract in a DLT, and can be
read-only accessed by the authorization servers.
- Paper (PDF, 696KB)
@inproceedings{10338895,
author={Barbàra, Fadi and Zichichi, Mirko and Ferretti, Stefano and Schifanella, Claudio},
booktitle={2023 Fifth International Conference on Blockchain Computing and Applications (BCCA)},
title={DLT-Based Personal Data Access Control with Key-Redistribution},
year={2023},
doi={10.1109/BCCA58897.2023.10338895}}
Phases of the protocol
Data Sharing steps between DR and DR
Average response latency
