Data management services present a challenge in terms of trust, as service managers can access the data on their servers easily. Decentralized data services and smart contracts can solve problems related to the presence of centralized trusted authorities, but in turn they can introduce other issues related to compliance with data protection and regulations (e.g., GDPR). Historically, encryption has been used to address some of these concerns, but it restricts data sharing. To facilitate encrypted decentralized file storage while enabling data sharing, we propose a Key-Redistribution Proxy Re-Encryption (KeRePRE) system. KeRePRE is a decentralized and encrypted data-service, where authorization servers are part of a threshold proxy re-encryption scheme. A key-redistribution mechanism (that extends the Um-bral scheme) allows for the addition and removal of managers in a decentralized and trustless manner. Additionally, we offer a proof of concept implementation, where data access control is based on an access control list, implemented as a smart contract in a DLT, and can be read-only accessed by the authorization servers.
Barbara F., Zichichi M., Ferretti S., Schifanella C. (2023). DLT-Based Personal Data Access Control with Key-Redistribution. Institute of Electrical and Electronics Engineers Inc. [10.1109/BCCA58897.2023.10338895].
DLT-Based Personal Data Access Control with Key-Redistribution
Zichichi M.;Ferretti S.;
2023
Abstract
Data management services present a challenge in terms of trust, as service managers can access the data on their servers easily. Decentralized data services and smart contracts can solve problems related to the presence of centralized trusted authorities, but in turn they can introduce other issues related to compliance with data protection and regulations (e.g., GDPR). Historically, encryption has been used to address some of these concerns, but it restricts data sharing. To facilitate encrypted decentralized file storage while enabling data sharing, we propose a Key-Redistribution Proxy Re-Encryption (KeRePRE) system. KeRePRE is a decentralized and encrypted data-service, where authorization servers are part of a threshold proxy re-encryption scheme. A key-redistribution mechanism (that extends the Um-bral scheme) allows for the addition and removal of managers in a decentralized and trustless manner. Additionally, we offer a proof of concept implementation, where data access control is based on an access control list, implemented as a smart contract in a DLT, and can be read-only accessed by the authorization servers.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
