A Blockchain-based Approach for Secure, Transparent and Accountable Personal Data Sharing

Abstract

Data sharing is the key motivation behind today’s communications. Cross-organisation data sharing has become a must in modern systems. These systems mostly rely on trusted third parties to transfer, store and even protect personal data. However, the increased reliance on trusted third parties and the sophistication of cyber attacks expose users to several privacy and security threats. In addition, new regulations, like the General Data Protection Regulation (GDPR), extend the scope of personal data, require more transparency on data collection and processing and impose legal liabilities on organisations affected by data breaches. This work proposes SeTA a secure, transparent and accountable data sharing framework that relies on two novel technologies: blockchain and Intel’s Software Guard Extensions (SGX). The framework allows data providers to enforce their attribute-based access control policies via encryption. Access control policies along with the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The transparency and immutability inherited from the blockchain participate in enhancing the evaluation process of the policies conditions against user’s identity attributes . To prove the security of our blockchain-based data sharing protocol, we analyse the protocol using the ProVerif verification tool. We integrate our data sharing protocol with an accountable decryption approach by exploiting SGX. The approach allows generating a tamper-resistant log containing information about each data decryption occurrence. The log works as a proof of data access and can be used for auditability and accountability purposes.