Fine-grained Data Access Control for Collaborative Process Execution on Blockchain

TL;DR

This paper introduces a blockchain-based system with fine-grained, attribute-based encryption and smart contracts to enhance confidentiality in multi-party business process automation, demonstrated through a supply-chain case study.

Contribution

It presents a novel architecture combining attribute-based encryption and smart contracts for fine-grained access control in blockchain-based process execution.

Findings

Robust architecture with low execution costs

Effective confidentiality for process data

Successful implementation in supply-chain management

Abstract

Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchains can provide support for the automation of such processes, even in conditions of partial trust among the participants. On-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data are stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilise Attribute-Based Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chain management. From the experiments, we find our architecture to be robust while still keeping execution costs reasonably low.