Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems

TL;DR

This paper introduces CONFETTY, a blockchain architecture that balances confidentiality and transparency in process-aware information systems by combining smart contracts with attribute-based encryption, ensuring secure and verifiable interactions.

Contribution

It presents a novel architecture integrating attribute-based encryption with blockchain smart contracts to enhance confidentiality without sacrificing transparency in PAISs.

Findings

The proposed architecture effectively balances confidentiality and transparency.

Security analysis confirms robustness against identified threats.

Prototype evaluation demonstrates practical feasibility and acceptable performance.

Abstract

Blockchain enables novel, trustworthy Process-Aware Information Systems (PAISs) by enforcing the security, robustness, and traceability of operations. In particular, transparency ensures that all information exchanges are openly accessible, fostering trust within the system. Although this is a desirable property to enable notarization and auditing activities, it also represents a limitation for such cases where confidentiality is a requirement since interactions involve sensitive data. Current solutions rely on obfuscation techniques or private infrastructures, hindering the enforcement capabilities of smart contracts and the public verifiability of transactions. Against this background, we propose CONFETTY, an architecture for blockchain-based PAISs to preserve confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information. We assess the security of our solution through a systematic threat model analysis and evaluate its practical feasibility by gauging the performance of our implemented prototype in different scenarios from the literature.