Browse > Article
http://dx.doi.org/10.30693/SMJ.2022.11.10.76

Delegated Provision of Personal Information and Storage of Provided Information on a Blockchain Ensuring Data Confidentiality  

Jun-Cheol, Park ( )
Publication Information
Smart Media Journal / v.11, no.10, 2022 , pp. 76-88 More about this Journal
Abstract
Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.
Keywords
personal information; server database; smartphone; blockchain; security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Grubbs, T. Ristenpart, and V. Shmatikov, "Why your encrypted database is not secure," Proc. 16th workshop Hot Topics Operating Syst., pp. 162-168, May, 2017.
2 M.-S. Lacharite, B. Minaud, and K. G. Paterson, "Improved reconstruction attacks on encrypted data using range query leakage," Proc. IEEE Symp. Security and Privacy, pp. 297-314, 2018.
3 N. Singh and P. Tiwari,(2022). "SQL Injection Attacks, Detection Techniques on Web Application Databases," Rising Threats in Expert Applications and Solutions, Lecture Notes in Networks and Systems, Vol 434, PP.387-394, 2022.
4 P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov, "Breaking web applications built on top of encrypted data," Proc. ACM SIGSAC Conf. Comput. Commun. Security, pp. 1353-1364, Oct. 2016.
5 F. B. Durak, T. M. DuBuisson, and D. Cash, "What else is revealed by order-preserving encryption?," Proc. ACM SIGSAC Conf. Comput. Commun. Security, pp. 1155-1166, Oct. 2016.
6 Microsoft, "Always Encrypted (Database Engine)," http://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server2017. (accessed Oct., 18, 2022).
7 G. D. Samaraweera, J. M. Chang, "Security and Privacy Implications on Database Systems in Big Data Era: A Survey," IEEE Tr. on Knowledge and Data Engineering, Vol. 33, No. 1, pp. 239-258, Jan. 2021.   DOI
8 C. Priebe, K. Vaswani, and M. Costa, "EnclaveDB: A Secure Database using SGX," Proc. IEEE Symp. Security and Privacy, pp. 264-278, San Francisco, CA, USA, May, 2018.
9 O. Avellaneda, A. Bachmann, A. Barbir, J. Brenan, P. Dingle, K. H. Duffy, E. Maler, D. Reed, and M. Sporny, "Decentralized Identity: Where Did It Come From and Where Is It Going?," IEEE Communications Standards Magazine, Vol. 3, No. 4, pp. 10-13, Dec. 2019.
10 P. Markert, D. V. Bailey, M. Golla, M. Durmuth, A. J. Aviv, "This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs," Proc. IEEE Symp. Security and Privacy, pp. 286-303, San Francisco, CA, USA, May, 2020.
11 S. Garg and N. Baliyan, "Comparative analysis of Android and iOS from security viewpoint," Computer Science Review, Vol. 40, pp. 1-13, May, 2021.
12 J. F. Brown, S. Hossain, and L. Lancor, "Quad Swipe Pattern: A New Point-of-Entry Security Measure for Smartphone Users," IEEE Access, Vol. 9, pp. 160622-160634, Dec. 2021.   DOI
13 S. F. Verkijika, "Understanding smartphone security behaviors : an extension of the protection motivation theory with anticipated regret," Computers & Security, Vol. 77, pp. 860-870, Aug. 2018.   DOI