Accountable Data Control and Governance using Blockchains
Thus far, web computing has mainly evolved around logically centralized models for the management of identity, data, and computing. Centralization requires trust in a service provider, but the continuously reported incidents of surveillance and privacy breaches have shown that this trust can be broken.
Recent advances in distributed technologies bring promise for enabling trustless systems where web users own and control their personal data. Bitcoin, for instance, has proved that it is possible to achieve a fully decentralized system for ﬁnancial transactions that is both functional and reliable; whereas, multiple research eﬀorts on Decentralized Online Social Networks (DOSNs) have shown that it is possible to provide basic Online Social Network (OSN) functionality in a completely decentralized manner.
However, most conceptions of DOSNs are still unable to account for the workloads and interaction patterns observed in current OSNs. One of the main issues hampering the wide adoption of DOSNs is related to the provision of seamless granting/revocation of ﬁne grained access rights forbothindividualsandarbitrarygroups.Inthe current literature, this is mostly addressed using encryption based techniques only. Cryptographic solutions might guarantee security, but come with high computational costs and introduce both usability and scalability challenges regarding the management (e.g., generation, distribution, revocation) of encryption keys in decentralized environments. This is especially pronounced with ﬁne grained, massive, and frequent data changes and sharing patterns. For example, if Bob wants to revoke Alice’s access to one of the photos he already granted to her in the DOSN, an excessively costly management of concerned keys is required, effectively rendering such solution unscalable for DOSNs. Moreover, since replication of data in DOSNs is still required for availability purposes, decentralization by itself might not be eradicating privacy concerns at once. For example, the study in have discussed how replication peers might act as micro points of central surveillance.
With that regard, this proposed project’s goal is to develop decentralized public ledger (dpl) based solutions for data control and governance in DOSNs, that: 1) provide foundations for a scalable ﬁne-grain data management framework for DOSNs, and 2) offer an auditable backbone through which privacy breaches are recorded for future deterrence.
- Sarunas Girdzijauskas (KTH ICT)