Personal Data Access Control Through Distributed Authorization

TL;DR

This paper proposes a blockchain-based personal data access control system using smart contracts and distributed authorization schemes, comparing secret sharing and proxy re-encryption for efficiency.

Contribution

It introduces a novel architecture combining blockchain smart contracts with distributed authorization methods for personal data control.

Findings

Threshold Proxy Re-Encryption is faster than Secret Sharing in various scenarios.

The system ensures immutability, traceability, and verifiability of data references.

Distributed authorization enhances trustworthiness of data access control.

Abstract

This paper presents an architecture of a Personal Information Management System, in which individuals can define the access to their personal data by means of smart contracts. These smart contracts, running on the Ethereum blockchain, implement access control lists and grant immutability, traceability and verifiability of the references to personal data, which is stored itself in a (possibly distributed) file system. A distributed authorization mechanism is devised, where trust from multiple network nodes is necessary to grant the access to the data. To this aim, two possible alternatives are described: a Secret Sharing scheme and Threshold Proxy Re-Encryption scheme. The performance of these alternatives is experimentally compared in terms of execution time. Threshold Proxy Re-Encryption appears to be faster in different scenarios, in particular when increasing message size, number of nodes and the threshold value, i.e. number of nodes needed to grant the data disclosure.