Off-Chain Personal Data Protection Scheme Based on Blockchain

doi:10.19678/j.issn.1000-3428.0057024

Abstract

Abstract: Most personal data protection schemes combined with block chain share the address of user's personal data to the Third Party(TP) service when authorizing them.Even if the user revokes the access right to the TP service,they still have the address of personal data.To avoid user data leakage,this paper proposes an anonymous address management scheme based on blockchain by using off-chain storage.The Resource Service(RS) is used to process the encrypted address of personal data,and the TP service is restricted to obtain the encrypted ciphertext of the user's personal data address.After modifying the access rights of the designated TP service,users can achieve fine-grained access control by modifying the access policy of the smart contract. On this basis,the personal data management system is designed by using the Ethereum platform,and the smart contract is written in Solidity to realize the protection of personal data.The general scheme can be realized on different blockchain platforms.Its effectiveness and security are also demonstrated by the results of calling the deployed contract and the 50 and 500 times of performance tests.

Key words: blockchain, personal data, Third Party(TP) service, off-chain storage, encrypted address

摘要： 现有结合区块链保护个人数据的方案在授权第三方服务时多将用户的个人数据地址分享给第三方服务，在用户撤销对第三方服务的访问权限后，第三方服务仍然拥有个人数据地址。为避免用户数据泄露，通过采用链下存储的方式，提出一种基于区块链的匿名地址管理方案。利用资源服务处理个人数据的加密地址，并限制第三方服务只能获得用户个人数据地址的加密密文，使用户在修改对指定第三方服务的访问权限后，能够通过更改智能合约的访问策略实现细粒度访问控制。在此基础上，利用以太坊平台设计个人数据管理系统，使用Solidity语言编写智能合约，从而实现对个人数据的保护。该方案具有通用性，可由不同的区块链平台实现，合约部署后的调用结果以及对合约进行50次和500次的性能测试结果验证了其有效性和安全性。

关键词: 区块链, 个人数据, 第三方服务, 链下存储, 加密地址

CLC Number:

TP309

JI Lusheng, ZHANG Guiling, YANG Jiarun. Off-Chain Personal Data Protection Scheme Based on Blockchain[J]. Computer Engineering, 2021, 47(2): 176-181,187.

纪露生, 张桂玲, 杨佳润. 基于区块链的链下个人数据保护方案[J]. 计算机工程, 2021, 47(2): 176-181,187.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0057024

http://www.ecice06.com/EN/Y2021/V47/I2/176

Figures/Tables 8

References 20

[1]	ZHANG Liang,LIU Baixiang,ZHANG Ruyi,et al.Overview of blockchain technology[J].Computer Engineering,2019,45(5):1-12.(in Chinese)张亮,刘百祥,张如意,等.区块链技术综述[J].计算机工程,2019,45(5):1-12.
[2]	AZARIA A,EKBLAW A,VIEIRA T,et al.MedRec:using blockchain for medical data access and permission management[C]//Proceedings of the 2nd International Conference on Open and Big Data.Washington D.C.,USA:IEEE Press,2016:25-30.
[3]	LIANG X,ZHAO J,SHETTY S,et al.Integrating blockchain for data sharing and collaboration in mobile healthcare applications[C]//Proceedings of the 28th Annual International Symposium on Personal,Indoor,and Mobile Radio Communications.Washington D.C.,USA:IEEE Press,2017:1-5.
[4]	HARDJONO T.A federated authorization framework for distributed personal data and digital identity[EB/OL].(2019-06-09)[2019-12-10].https://arxiv.org/pdf/1906.03552.pdf.
[5]	ZYSKIND G,NATHAN O.Decentralizing privacy:using blockchain to protect personal data[C]//Proceedings of IEEE Security and Privacy Workshops.Washington D.C.,USA:IEEE Press,2015:180-184.
[6]	JANEČEK V.Ownership of personal data in the Internet of things[J].Computer Law & Security Review,2018,34(5):1039-1052.
[7]	MALGIERI G.Property and (intellectual) ownership of consumers' information:a new taxonomy for personal data[J].Privacy in Germany-PinG,2016(4):1-17.
[8]	XIAO Yang,ZHANG Ning,LOU Wenjing,et al.PrivacyGuard:enforcing private data usage control with blockchain and attested off-chain contract execution[EB/OL].(2019-04-15)[2019-12-10].https://arxiv.org/pdf/1904.07275.pdf.
[9]	ALESSI M,CAMILLO A,GIANGRECO E,et al.Make users own their data:a decentralized personal data store prototype based on Ethereum and IPFS[C]//Proceedings of the 3rd International Conference on Smart and Sustainable Technologies.Washington D.C.,USA:IEEE Press,2018:1-97.
[10]	MONTJOYE Y A,SHMUELI E,WANG S S,et al.openPDS:protecting the privacy of metadata through safeanswers[J].PloS One,2014,9(7):1-9.
[11]	NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2019-12-10].https://bitcoin.org/en/bitcoin-paper.
[12]	YUAN Yong,NI Xiaochun,ZENG Shuai,et al.Blockchain consensus algorithms:the state of the art and future trends[J].Acta Automatica Sinica,2018,44(11):93-104.(in Chinese)袁勇,倪晓春,曾帅,等.区块链共识算法的发展现状与展望[J].自动化学报,2018,44(11):93-104.
[13]	CLACK C D,BAKSHI V A,BRAINE L.Smart contract templates:foundations,design landscape and research directions[EB/OL].(2017-03-15)[2019-12-10].https://arxiv.org/pdf/1608.00771.pdf.
[14]	WOOD G.Ethereum:a secure decentralised generalised transaction ledger[EB/OL].[2019-12-10].http://gavwood.com/Paper.pdf.
[15]	CACHIN C.Architecture of the hyperledger blockchain fabric[C]//Proceedings of Workshop on Distributed Cryptocurrencies and Consensus Ledgers.Chicago,USA:[s.n.],2016:1-5.
[16]	EBERHARDT J,HEISS J.Off-chaining models and approaches to off-chain computations[C]//Proceedings of the 2nd Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers.Washington D.C.,USA:IEEE Press,2018:7-12.
[17]	TRUONG N B,SUN K,GUO Y.Blockchain-based personal data management:from fiction to solution[C]//Proceedings of the 18th International Symposium on Network Computing and Applications.Washington D.C.,USA:IEEE Press,2019:1-8.
[18]	TRUONG N B,SUN K,LEE G M,et al.GDPR-compliant personal data management:a blockchain-based solution[J].IEEE Transactions on Information Forensics and Security,2019,15:1746-1761.
[19]	BENET J.IPFS-content addressed,versioned,P2P file system[EB/OL].(2014-07-14)[2019-12-10].https://arxiv.org/pdf/1407.3561.pdf.
[20]	Hyperledger Performance and Scale Working Group.Hyperledger blockchain performance metrics[EB/OL].[2019-12-10].https://www.hyperledger.org/wp-content/uploads/2018/10/HL_Whitepaper_Metrics_PDF_V1.01.pdf.

Please choose a citation manager

Content to export