DiSAuth: A DNS-based secure authorization framework for protecting data decoupled from applications

Abstract

Nowadays, centralized applications are called for returning data ownership to owners, due to their frequent data breaches. Decoupling data from applications is a popular way to give back owners’ control over data. To control data only accessed by authorized parties, authorization is critical. When faced with the new and complex relationships between applications and data, traditional authorizations cannot meet ownership and usage protection needs, and security requirements. This paper proposes DiSAuth, a secure authorization framework based on Domain Name System (DNS) and blockchain, to provide tamper-resistant, verifiable, and privacy-preserving authorization to protect data which are decoupled from applications. Our novel tree-based data structure for authorization is backward compatible with DNS, which brings high utility. Besides, our design of a hybrid encryption schema and anonymous identities provides privacy-preserving authorization. To our knowledge, DiSAuth is the first authorization framework that utilizes a robust Internet infrastructure DNS as the basis and proposes a new Internet authorization protocol for protecting data decoupled from applications. Our evaluation demonstrates the utility of DiSAuth and shows the superior efficiency of DiSAuth in authorization verification. Compared to traditional blockchain-based solutions, our combination of DNS and blockchain achieves higher efficiency while ensuring security; especially, the read time is $\sim$3 orders of magnitude better.