Towards Personal Data Sharing Autonomy:A Task-driven Data Capsule Sharing System

TL;DR

This paper proposes a novel task-driven data capsule system that enhances personal data sharing autonomy by enabling data owners to fully control, securely share, and revoke access to their data with strong security guarantees.

Contribution

It introduces a tamper-resistant data capsule paradigm and a task-driven sharing mechanism that supports selective sharing, immediate permission revocation, and resists collusion and EDoS attacks.

Findings

Proves the scheme's correctness, soundness, and security.

Demonstrates improved practicality over existing schemes.

Provides security and performance analysis confirming advantages.

Abstract

Personal data custodian services enable data owners to share their data with data consumers in a convenient manner, anytime and anywhere. However, with data hosted in these services being beyond the control of the data owners, it raises significant concerns about privacy in personal data sharing. Many schemes have been proposed to realize fine-grained access control and privacy protection in data sharing. However, they fail to protect the rights of data owners to their data under the law, since their designs focus on the management of system administrators rather than enhancing the data owners' privacy. In this paper, we introduce a novel task-driven personal data sharing system based on the data capsule paradigm realizing personal data sharing autonomy. It enables data owners in our system to fully control their data, and share it autonomously. Specifically, we present a tamper-resistant data capsule encapsulation method, where the data capsule is the minimal unit for independent and secure personal data storage and sharing. Additionally, to realize selective sharing and informed-consent based authorization, we propose a task-driven data sharing mechanism that is resistant to collusion and EDoS attacks. Furthermore, by updating parts of the data capsules, the permissions granted to data consumers can be immediately revoked. Finally, we conduct a security and performance analysis, proving that our scheme is correct, sound, and secure, as well as revealing more advantageous features in practicality, compared with the state-of-the-art schemes.