Blockchain-based data governance for privacy-preserving in multi-stakeholder settings
Resumo
In multi-stakeholder systems, such as healthcare, the Internet of Things, and supply chain management, there is frequent data generation, exchange, and sharing. As a result, data owners often desire control over their data and maintain privacy, while data consumers require methods to ascertain the origins and creators of the data. These conflicts of interest require developing data governance systems that guarantee data provenance, privacy protection, consent management, and selective disclosure. This research proposed a decentralized data governance system utilizing blockchain technology, proxy re-encryption (PRE), and Boneh, Boyen, and Shacham (BBS) signatures to address these challenges. The proposed system enables data owners to control, selectively share, and track their data through privacy-enhancing, consent management, and selective disclosure mechanisms while also allowing data consumers to understand the lineage of the data through a blockchain-based provenance mechanism. As a case study, the research examined and evaluated electronic prescriptions involving sensitive data and multiple stakeholders, including patients as data owners and doctors and pharmacists as data consumers. The research was structured as a collection of published articles organized in the following sequence: problem formulation and developing smart contracts, implementing privacy and consent management through PRE, and applying BBS signatures for selective data sharing. The proof-of-concept implementation and evaluations, conducted using CosmWasm, Hyperledger Besu, Ethereum, pyUmbral PRE, and BBS signatures, demonstrate that the proposed decentralized system is platform-agnostic, scalable, and capable of providing a higher level of transparency, privacy, and trust with minimal overhead.
Referências
Garcia, R. D., Ramachandran, G., and Ueyama, J. (2022a). Exploiting smart contracts in PBFT-based blockchains: A case study in medical prescription system. Computer Networks, page 109003.
Garcia, R. D., Ramachandran, G. S., Jurdak, R., and Ueyama, J. (2022b). A Blockchain-based Data Governance with Privacy and Provenance: a case study for e-Prescription. 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 00:1–5.
Garcia, R. D., Ramachandran, G. S., Jurdak, R., and Ueyama, J. (2022c). Blockchain-aided and Privacy-preserving Data Governance in Multi-stakeholder Applications. IEEE Transactions on Network and Service Management, PP(99):1–1.
Garcia, R. D., Zutião, G. A., Ramachandran, G., and Ueyama, J. (2021). Towards a decentralized e-prescription system using smart contracts. 2021 IEEE 34th International Symposium on Computer-Based Medical Systems (CBMS), 00:556–561.
Hewa, T., Ylianttila, M., and Liyanage, M. (2021). Survey on blockchain based smart contracts: Applications, opportunities and challenges. Journal of Network and Computer Applications, 177:102857.
Hörandner, F., Ramacher, S., and Roth, S. (2020). Selective end-to-end data-sharing in the cloud. Journal of Banking and Financial Technology, 4(1):139–157.
Kakarlapudi, P. V. and Mahmoud, Q. H. (2021). A systematic review of blockchain for consent management. Healthcare, 9(2).
Mukta, R., young Paik, H., Lu, Q., and Kanhere, S. S. (2022). A survey of data minimisation techniques in blockchain-based healthcare. Computer Networks, 205:108766.
Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system.
Peng, L., Feng, W., Yan, Z., Li, Y., Zhou, X., and Shimizu, S. (2021). Privacy preservation in permissionless blockchain: A survey. Digital Communications and Networks, 7(3):295–307.
Qahtan, S., Yatim, K., Zulzalil, H., Osman, M. H., Zaidan, A., and Alsattar, H. (2023). Review of healthcare industry 4.0 application-based blockchain in terms of security and privacy development attributes: Comprehensive taxonomy, open issues and challenges and recommended solution. Journal of Network and Computer Applications, 209:103529.
Szabo, N. (1997). Formalizing and securing relationships on public networks. First monday.
Vejdani, M., Varmaghani, M., Meraji, M., Jamali, J., Hooshmand, E., and Vafaee-Najar, A. (2022). Electronic prescription system requirements: a scoping review. BMC Medical Informatics and Decision Making, 22(1):1–13.
Wazid, M., Das, A. K., Mohd, N., and Park, Y. (2022). Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions. IEEE Access, 10:129429–129442.
Yamamoto, D., Suga, Y., and Sako, K. (2022). Formalising linked-data based verifiable credentials for selective disclosure. In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pages 52–65.
Yin, R., Yan, Z., Liang, X., Xie, H., and Wan, Z. (2023). A survey on privacy preservation techniques for blockchain interoperability. Journal of Systems Architecture, 140:102892.