One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.

Barbara F., Zichichi M., Ferretti S., Schifanella C. (2023). A Decentralized Data Sharing Framework based on a Key-Redistribution method. CEUR-WS.

A Decentralized Data Sharing Framework based on a Key-Redistribution method

Zichichi M.;Ferretti S.;
2023

Abstract

One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.
2023
CEUR Workshop Proceedings
1
17
Barbara F., Zichichi M., Ferretti S., Schifanella C. (2023). A Decentralized Data Sharing Framework based on a Key-Redistribution method. CEUR-WS.
Barbara F.; Zichichi M.; Ferretti S.; Schifanella C.
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/994195
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact