Blockchain-enabled Data Governance for Privacy-Preserved Sharing of Confidential Data

TL;DR

This paper presents a blockchain-based data governance system that combines attribute-based encryption and decentralized storage to enhance privacy, prevent unauthorized access, and ensure data integrity in cloud environments.

Contribution

It introduces a multi-authority ABE scheme integrated with blockchain and IPFS, addressing privacy leakage, illegal authorization, and key disclosure issues in data sharing.

Findings

Enhanced privacy protection through identity and policy hiding.

Resilience against single points of failure via decentralized storage.

Ability to detect illegal authorization activities on-chain.

Abstract

In a traditional cloud storage system, users benefit from the convenience it provides but also take the risk of certain security and privacy issues. To ensure confidentiality while maintaining data sharing capabilities, the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme can be used to achieve fine-grained access control in cloud services. However, existing approaches are impaired by three critical concerns: illegal authorization, key disclosure, and privacy leakage. To address these, we propose a blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent privacy leakage and credential misuse. First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy, which also protects data sharing against corrupt authorities. Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions. Furthermore, the encrypted data is stored in a decentralized storage system such as IPFS, which does not rely on any centralized service provider and is, therefore, resilient against single-point failures. Third, illegal authorization activity can be readily identified through the logged on-chain data. Besides the system design, we also provide security proofs to demonstrate the robustness of the proposed system.