One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.

A Decentralized Data Sharing Framework based on a Key-Redistribution method

Zichichi M.
Co-first
;
Ferretti S.
Co-last
;
Schifanella C.
Co-last
2023-01-01

Abstract

One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.
2023
Inglese
contributo
1 - Conferenza
5th Distributed Ledger Technology Workshop, DLT 2023
Bologna, Italy
May 25-26, 2023.
CEUR Workshop Proceedings
Comitato scientifico
CEUR-WS
Aachen
GERMANIA
3460
1
17
17
https://ceur-ws.org/Vol-3460/papers/DLT_2023_paper_5.pdf
Data Sharing; Decentralized File System; GDPR; Proxy re-encryption; Threshold scheme
SPAGNA
1 – prodotto con file in versione Open Access (allegherò il file al passo 6 - Carica)
4
info:eu-repo/semantics/conferenceObject
04-CONTRIBUTO IN ATTI DI CONVEGNO::04A-Conference paper in volume
Barbara F.; Zichichi M.; Ferretti S.; Schifanella C.
273
open
File in questo prodotto:
File Dimensione Formato  
DLT_2023_paper_5.pdf

Accesso aperto

Tipo di file: POSTPRINT (VERSIONE FINALE DELL’AUTORE)
Dimensione 1.28 MB
Formato Adobe PDF
1.28 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2318/1950651
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact