CRIS Current Research Information System

This paper presents an architecture of a Personal Information Management System, in which individuals can define the access to their personal data by means of smart contracts. These smart contracts, running on the Ethereum blockchain, implement access control lists and grant immutability, traceability and verifiability of the references to personal data, which is stored itself in a (possibly distributed) file system. A distributed authorization mechanism is devised, where trust from multiple network nodes is necessary to grant the access to the data. To this aim, two possible alternatives are described: a Secret Sharing scheme and Threshold Proxy Re-Encryption scheme. The performance of these alternatives is experimentally compared in terms of execution time. Threshold Proxy Re-Encryption appears to be faster in different scenarios, in particular when increasing message size, number of nodes and the threshold value, i.e.~number of nodes needed to grant the data disclosure.

Zichichi Mirko, F.S. (2020). Personal Data Access Control Through Distributed Authorization. IEEE Institute of Electrical and Electronics Engineers Inc. [10.1109/NCA51143.2020.9306721].

Personal Data Access Control Through Distributed Authorization

Zichichi Mirko
;Ferretti Stefano;D'Angelo Gabriele;
2020

Abstract

This paper presents an architecture of a Personal Information Management System, in which individuals can define the access to their personal data by means of smart contracts. These smart contracts, running on the Ethereum blockchain, implement access control lists and grant immutability, traceability and verifiability of the references to personal data, which is stored itself in a (possibly distributed) file system. A distributed authorization mechanism is devised, where trust from multiple network nodes is necessary to grant the access to the data. To this aim, two possible alternatives are described: a Secret Sharing scheme and Threshold Proxy Re-Encryption scheme. The performance of these alternatives is experimentally compared in terms of execution time. Threshold Proxy Re-Encryption appears to be faster in different scenarios, in particular when increasing message size, number of nodes and the threshold value, i.e.~number of nodes needed to grant the data disclosure.
2020
2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)
1
4
Zichichi Mirko, F.S. (2020). Personal Data Access Control Through Distributed Authorization. IEEE Institute of Electrical and Electronics Engineers Inc. [10.1109/NCA51143.2020.9306721].
Zichichi Mirko, Ferretti Stefano, D'Angelo Gabriele, Victor Rodríguez-Doncel
4.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
unibo.pdf

Open Access dal 06/07/2021

Tipo: Postprint
Licenza: Licenza per accesso libero gratuito
Dimensione 721.33 kB
Formato Adobe PDF
Visualizza/Apri
721.33 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/783620
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 2
social impact