One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.
A Decentralized Data Sharing Framework based on a Key-Redistribution method
Zichichi M.
Co-first
;Ferretti S.Co-last
;Schifanella C.Co-last
2023-01-01
Abstract
One of the problems of cloud-based data services is the trust involved in its management, since service managers can easily access the data on their servers. The problem is exacerbated in decentralized data services, where managers and operators are pseudo-anonymous by default, to the point where these systems are not compliant with data protection regulations such as GDPR. These problems have historically been dealt with data encryption, but this inhibits data sharing. To enable data-sharing for a encrypted decentralized file storage, we propose Key-Redistribution Proxy Re-Encryption (KeRePRE). KeRePRE is a decentralized and encrypted data-service where managers in the form of authorization servers are part of a threshold proxy re-encryption scheme. In particular, to solve the problem of malicious nodes, we extend the work in Umbral with a system based on a key-redistribution mechanism to add and remove managers in a decentralized and trustless way, and we provide a proof of concept implementation. Data access control is based on an access control list stored on a DLT which can be read-only accessed by the authorization servers.File | Dimensione | Formato | |
---|---|---|---|
DLT_2023_paper_5.pdf
Accesso aperto
Tipo di file:
POSTPRINT (VERSIONE FINALE DELL’AUTORE)
Dimensione
1.28 MB
Formato
Adobe PDF
|
1.28 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.