A framework for privacy-aware and secure decentralized data storage

IF 1.2 4区 计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS
S. Aslam, M. Mrissa
{"title":"A framework for privacy-aware and secure decentralized data storage","authors":"S. Aslam, M. Mrissa","doi":"10.2298/csis220110007a","DOIUrl":null,"url":null,"abstract":"Blockchain technology gained popularity thanks to its decentralized and transparent features. However, it suffers from a lack of privacy as it stores data publicly and has difficulty to handle data updates due to its main feature known as immutability. In this paper, we propose a decentralized data storage and access framework that combines blockchain technology with Distributed Hash Table (DHT), a role-based access control model, and multiple encryption mechanisms. Our framework stores metadata and DHT keys on the blockchain, while encrypted data is managed on the DHT, which enables data owners to control their data. It allows authorized actors to store and read their data in a decentralized storage system. We design REST APIs to ensure interoperability over the Web. Concerning data updates, we propose a pointer system that allows data owners to access their update history, which solves the issue of data updates while preserving the benefits of using the blockchain. We illustrate our solution with a wood supply chain use case and propose a traceability algorithm that allows the actors of the wood supply chain to trace the data and verify product origin. Our framework design allows authorized users to access the data and protects data against linking, eavesdropping, spoofing, and modification attacks. Moreover, we provide a proof of-concept implementation, security and privacy analysis, and evaluation for time consumption and scalability. The experimental results demonstrate the feasibility, security, privacy, and scalability of the proposed solution.","PeriodicalId":50636,"journal":{"name":"Computer Science and Information Systems","volume":"1 1","pages":"1235-1261"},"PeriodicalIF":1.2000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science and Information Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.2298/csis220110007a","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Blockchain technology gained popularity thanks to its decentralized and transparent features. However, it suffers from a lack of privacy as it stores data publicly and has difficulty to handle data updates due to its main feature known as immutability. In this paper, we propose a decentralized data storage and access framework that combines blockchain technology with Distributed Hash Table (DHT), a role-based access control model, and multiple encryption mechanisms. Our framework stores metadata and DHT keys on the blockchain, while encrypted data is managed on the DHT, which enables data owners to control their data. It allows authorized actors to store and read their data in a decentralized storage system. We design REST APIs to ensure interoperability over the Web. Concerning data updates, we propose a pointer system that allows data owners to access their update history, which solves the issue of data updates while preserving the benefits of using the blockchain. We illustrate our solution with a wood supply chain use case and propose a traceability algorithm that allows the actors of the wood supply chain to trace the data and verify product origin. Our framework design allows authorized users to access the data and protects data against linking, eavesdropping, spoofing, and modification attacks. Moreover, we provide a proof of-concept implementation, security and privacy analysis, and evaluation for time consumption and scalability. The experimental results demonstrate the feasibility, security, privacy, and scalability of the proposed solution.
一个隐私意识和安全的分散数据存储框架
区块链技术因其去中心化和透明的特点而受到欢迎。然而,它缺乏隐私性,因为它公开存储数据,并且由于其主要特性称为不变性而难以处理数据更新。在本文中,我们提出了一个分散的数据存储和访问框架,该框架将区块链技术与分布式哈希表(DHT)、基于角色的访问控制模型和多种加密机制相结合。我们的框架将元数据和DHT密钥存储在区块链上,而加密数据则在DHT上进行管理,这使得数据所有者能够控制他们的数据。它允许授权的参与者在分散的存储系统中存储和读取他们的数据。我们设计REST api以确保Web上的互操作性。关于数据更新,我们提出了一个指针系统,允许数据所有者访问他们的更新历史,这解决了数据更新的问题,同时保留了使用区块链的好处。我们用木材供应链用例说明了我们的解决方案,并提出了一种可追溯算法,该算法允许木材供应链的参与者跟踪数据并验证产品来源。我们的框架设计允许授权用户访问数据,并保护数据免受链接、窃听、欺骗和修改攻击。此外,我们还提供了概念验证实现、安全和隐私分析以及对时间消耗和可扩展性的评估。实验结果证明了该方案的可行性、安全性、保密性和可扩展性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computer Science and Information Systems
Computer Science and Information Systems COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING
CiteScore
2.30
自引率
21.40%
发文量
76
审稿时长
7.5 months
期刊介绍: About the journal Home page Contact information Aims and scope Indexing information Editorial policies ComSIS consortium Journal boards Managing board For authors Information for contributors Paper submission Article submission through OJS Copyright transfer form Download section For readers Forthcoming articles Current issue Archive Subscription For reviewers View and review submissions News Journal''s Facebook page Call for special issue New issue notification Aims and scope Computer Science and Information Systems (ComSIS) is an international refereed journal, published in Serbia. The objective of ComSIS is to communicate important research and development results in the areas of computer science, software engineering, and information systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信