The University of Southampton
University of Southampton Institutional Repository

A blockchain-based approach for secure, transparent and accountable personal data sharing

A blockchain-based approach for secure, transparent and accountable personal data sharing
A blockchain-based approach for secure, transparent and accountable personal data sharing
Data sharing is the key motivation behind today’s communications. Cross-organisation data sharing has become a must in modern systems. These systems mostly rely on trusted third parties to transfer, store and even protect personal data. However, the increased reliance on trusted third parties and the sophistication of cyber attacks expose users to several privacy and security threats. In addition, new regulations, like the General Data Protection Regulation (GDPR), extend the scope of personal data, require more transparency on data collection and processing and impose legal liabilities on organisations affected by data breaches.

This work proposes SeTA a secure, transparent and accountable data sharing framework that relies on two novel technologies: blockchain and Intel’s Software Guard Extensions (SGX). The framework allows data providers to enforce their attribute-based access control policies via encryption. Access control policies along with the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The transparency and immutability inherited from the blockchain participate in enhancing the evaluation process of the policies conditions against user’s identity attributes . To prove the security of our blockchain-based data sharing protocol, we analyse the protocol using the ProVerif verification tool. We integrate our data sharing protocol with an accountable decryption approach by exploiting SGX. The approach allows generating a tamper-resistant log containing information about each data decryption occurrence. The log works as a proof of data access and can be used for auditability and accountability purposes.
University of Southampton
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e

Alansari, Shorouq (2020) A blockchain-based approach for secure, transparent and accountable personal data sharing. Doctoral Thesis, 218pp.

Record type: Thesis (Doctoral)

Abstract

Data sharing is the key motivation behind today’s communications. Cross-organisation data sharing has become a must in modern systems. These systems mostly rely on trusted third parties to transfer, store and even protect personal data. However, the increased reliance on trusted third parties and the sophistication of cyber attacks expose users to several privacy and security threats. In addition, new regulations, like the General Data Protection Regulation (GDPR), extend the scope of personal data, require more transparency on data collection and processing and impose legal liabilities on organisations affected by data breaches.

This work proposes SeTA a secure, transparent and accountable data sharing framework that relies on two novel technologies: blockchain and Intel’s Software Guard Extensions (SGX). The framework allows data providers to enforce their attribute-based access control policies via encryption. Access control policies along with the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The transparency and immutability inherited from the blockchain participate in enhancing the evaluation process of the policies conditions against user’s identity attributes . To prove the security of our blockchain-based data sharing protocol, we analyse the protocol using the ProVerif verification tool. We integrate our data sharing protocol with an accountable decryption approach by exploiting SGX. The approach allows generating a tamper-resistant log containing information about each data decryption occurrence. The log works as a proof of data access and can be used for auditability and accountability purposes.

Text
Final thesis
Available under License University of Southampton Thesis Licence.
Download (2MB)
Text
PDThesis form Alansari - SIGNED
Restricted to Repository staff only

More information

Published date: August 2020

Identifiers

Local EPrints ID: 447633
URI: http://eprints.soton.ac.uk/id/eprint/447633
PURE UUID: 8b5b81fe-5ad9-4619-8628-ca1bb1029fde
ORCID for Shorouq Alansari: ORCID iD orcid.org/0000-0003-0461-7019
ORCID for Federica Paci: ORCID iD orcid.org/0000-0003-3122-0236

Catalogue record

Date deposited: 17 Mar 2021 17:32
Last modified: 13 Dec 2021 03:14

Export record

Contributors

Author: Shorouq Alansari ORCID iD
Thesis advisor: Federica Paci ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×