Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.981

GDPR Compliant Blockchain Based Access Control(GCBAC)  

Lim, Joon Ho (Korea University)
Chun, Ji Young (Ewha Womans University)
Noh, Geontae (Seoul Cyber University)
Jeong, Ik Rae (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 981-997 More about this Journal
Abstract
Blockchain technology can provide a high level security based on a decentralized distributed ledger and consensus-based structure. In order to increase the utilization of blockchain technology, it is necessary to find a way to use it in fields that require personal data processing such as health care and e-commerce. To achieve this goal, the blockchain based system should be able to comply with data privacy regulations represented by European Union(EU)'s GDPR(General Data Protection Regulation). However, because of the properties of the blockchain like the immutability and decentralized recorded data, it is difficult to technically implement the requirements of the existing privacy regulations on the blockchain. In this paper, we propose a multi-chain based access control system that can guarantee the rights of the personal data subject required by GDPR by utilizing Chameleon Hash and Attribute Based Encryption (ABE). Finally, we will show through security analysis that our system can handle personal data while maintaining confidentiality and integrity.
Keywords
Blockchain; GDPR; Access Control; ABE(Attribute Based Encryption); Chameleon Hash; Smart Contract;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Wirth Christian and Michael Kolain. "Privacy by blockchain design: a blockchain-enabled GDPR-compliant approach for handling personal data," Proceedings of 1st ERCIM Blockchain Workshop 2018. European Society for Socially Embedded Technologies (EUSSET), May. 2018
2 Choi, Yong-hyuk and Hun-yeong Kwon. "A Study on Legal Issues between the Application of Blockchain Technology and Deletion and the Third Party Supply of Personal Information," Journal of the Korea Institute of Information Security & Cryptology 28.6, pp.1607-1621, June. 2018   DOI
3 Jiguo Li, Wei Yao, Jinguang Han, Yichen Zhang, and Jian Shen. "User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage," IEEE Systems Journal 12.2, pp.1767-1777, March. 2017   DOI
4 Sejin Han, Suntae Kim, and Sooyoung Park. "A GDPR based Approach to Enhancing Blockchain Privacy," The Journal of The Institute of Internet, Broadcasting and Communication 19.5, pp.33-38, October. 2019
5 Kondapally Ashritha, Sindhu M and Lakshmy KV. "Redactable Blockchain using Enhanced Chameleon Hash Function," 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS). IEEE, June. 2019
6 Satoshi Nakamoto. "Bitcoin: A Peer-to-Peer Electronic Cash System," https://bitcoin.org/bitcoin.pdf/, 2008
7 GDPR.EU, "What-is-gdpr" https://gdpr.eu/what-is-gdpr/, 2020
8 BBC, "Google hit with £44m GDPR fine over ads" https://www.bbc.com/news/technology-46944696, 2019
9 BBC, "British Airways faces record £183m fine for data breach" https://www.bbc.com/news/av/embed/p06kjsw5/48905907, 2019
10 Nguyen Binh Truong and Gyu Myoung Lee. "Gdpr-Compliant Personal Data Management: A Blockchain-Based Solution," IEEE Transactions on Information Forensics and Security 15, pp.1746-1761, October. 2019   DOI
11 Giuseppe Ateniese, Bernardo Magri, Daniele Venturi and Ewerton R.Andrade. "Redactable Blockchain- or-Rewriting History in Bitcoin and Friends," 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 111-126, April. 2017
12 Gavin Wood. "Ethereum: A secure decentralised generalised transaction ledger," Ethereum project yellow paper 151. pp.1-32, November. 2017
13 Christian Cachin. "Architecture of the hyperledger blockchain fabric," Workshop on distributed cryptocurrencies and consensus ledgers, Vol. 310, no.4, July. 2016
14 Guangsheng Yu, Xuan Zha, Xu Wang, Wei Ni, Ping Yu, J.Andrew Zhang, Ren Ping Liu and Y.Jay Guo. "Enabling Attribute Revocation for Fine-Grained Access Control in Blockchain-IoT Systems," IEEE Transactions on Engineering Management, pp.1-18, January. 2020
15 Oscar Novo. "Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT," IEEE Internet of Things Journal Vol.5, No.2, pp.1184-1195, April. 2018   DOI
16 Hardt, Dick. "Rfc 6749: The oauth 2.0 authorization framework," Internet Engineering Task Force (IETF) 10 : 2070-1721, 2012
17 Jones, Michael, and Dick Hardt. "RFC 6750-The OAuth 2.0 Authorization Framework: Bearer Token Usage," Internet Engineering Task Force (IETF), 2012
18 John Bethencourt, Amit Sahai, and Brent Waters. "Ciphertext-Policy Attribute-Based Encryption," SP'07, IEEE symposium on security and privacy, pp.321-334, May. 2007
19 Ke Huang, Xiaosong Zhang, Yi Mu, Fatemeh Rezaeibagha, Xiaojiang Du and Nadra Guizani. "Achieving Intelligent Trust-Layer for Internet-of-Things via Self-Redactable Blockchain," IEEE Transactions on Industrial Informatics, Vol.16, NO.4, pp.2677-2686, April. 2019   DOI
20 Aurelie Bayle, Mirko Koscina and David Manset. "When Blockchain Meets the Right to be Forgotten: Technology Versus Law in the Healthcare Industry," 2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI), pp.788-792, December. 2018
21 Pradip Kumar Sharma and Jong Hyuk Park. "Blockchain based hybrid network architecture for the smart city," Future Generation Computer Systems 86, pp.650-655, April. 2018   DOI
22 Daniel Fett, Ralf Küsters and Guido Schmitz. "A comprehensive formal security analysis of OAuth 2.0," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp.1204-1215, October. 2016
23 Giuseppe Ateniese and Breno de Medeiros. "On the Key Exposure Problem in Chameleon Hashes," International Conference on Security in Communication Networks, Springer, Berlin, Heidelberg, pp.165-179, 2004
24 Parth Thakkar, Senthil Nathan, and Balaji Viswanathan. "Performance benchmarking and optimizing hyperledger fabric blockchain platform," 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems(MASCOTS), pp.264-276, September. 2018
25 Miguel Castro and Barbara Liskov. "Practical Byzantine Fault Tolerance and Proactive Recovery," ACM Transactions on Computer Systems (TOCS), Vol.20, No.4, pp.398-461, November. 2002   DOI