Blockchain-based data governance for privacy-preserving in multi-stakeholder settings

  • Rodrigo Dutra Garcia USP
  • Jó Ueyama USP

Resumo


In multi-stakeholder systems such as healthcare, the Internet of Things, and supply chain management, data is often generated and shared. As a result, data owners aim to maintain control and privacy over their data, while data consumers need reliable methods to verify the data’s origins and creators. These conflicting interests require data governance systems to ensure data provenance, privacy protection, consent management, and selective disclosure. To address these challenges, this research proposed a decentralized data governance system that utilizes blockchain technology, proxy re-encryption (PRE), and Boneh, Boyen, and Shacham (BBS) signatures. The proposed system enables data owners to control, selectively share, and track their data through privacy protection, consent management, and selective disclosure mechanisms. It also allows data consumers to understand the data’s lineage through a blockchain-based provenance mechanism. The research focused on analyzing electronic prescription use cases that contain sensitive data and involve multiple stakeholders, such as patients, doctors, and pharmacists. The research was structured as a collection of published articles organized in the following sequence: problem formulation and developing smart contracts, implementing privacy and consent management through PRE, and applying BBS signatures for selective data sharing. The proof-of-concept implementation and evaluations were conducted using CosmWasm, Hyperledger Besu, Ethereum, pyUmbral PRE, and BBS signatures. The evaluations show that the proposed decentralized system is platform-agnostic, scalable, and capable of providing higher transparency, privacy, and trust, all with minimal overhead.

Referências

Garcia, R. and Ueyama, J. (2024). Blockchain-based data governance for privacy-preserving in multi-stakeholder settings. In Anais Estendidos do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 161–168, Porto Alegre, RS, Brasil. SBC.

Garcia, R. D. (2023). Blockchain-based data governance for privacy-preserving in multi-stakeholder settings. PhD thesis, Universidade de São Paulo. Agência de Bibliotecas e Coleções Digitais.

Garcia, R. D., Ramachandran, G., and Ueyama, J. (2022a). Exploiting smart contracts in PBFT-based blockchains: A case study in medical prescription system. Computer Networks, page 109003.

Garcia, R. D., Ramachandran, G. S., Jurdak, R., and Ueyama, J. (2022b). A Blockchain-based Data Governance with Privacy and Provenance: a case study for e-Prescription. 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 00:1–5.

Garcia, R. D., Ramachandran, G. S., Jurdak, R., and Ueyama, J. (2022c). Blockchain-aided and Privacy-preserving Data Governance in Multi-stakeholder Applications. IEEE Transactions on Network and Service Management, PP(99):1–1.

Garcia, R. D., Zutião, G. A., Ramachandran, G., and Ueyama, J. (2021). Towards a decentralized e-prescription system using smart contracts. 2021 IEEE 34th International Symposium on Computer-Based Medical Systems (CBMS), 00:556–561.

Hewa, T., Ylianttila, M., and Liyanage, M. (2021). Survey on blockchain based smart contracts: Applications, opportunities and challenges. Journal of Network and Computer Applications, 177:102857.

Hörandner, F., Ramacher, S., and Roth, S. (2020). Selective end-to-end data-sharing in the cloud. Journal of Banking and Financial Technology, 4(1):139–157.

Kakarlapudi, P. V. and Mahmoud, Q. H. (2021). A systematic review of blockchain for consent management. Healthcare, 9(2).

Mukta, R., young Paik, H., Lu, Q., and Kanhere, S. S. (2022). A survey of data minimisation techniques in blockchain-based healthcare. Computer Networks, 205:108766.

Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system.

Peng, L., Feng, W., Yan, Z., Li, Y., Zhou, X., and Shimizu, S. (2021). Privacy preservation in permissionless blockchain: A survey. Digital Communications and Networks, 7(3):295–307.

Qahtan, S., Yatim, K., Zulzalil, H., Osman, M. H., Zaidan, A., and Alsattar, H. (2023). Review of healthcare industry 4.0 application-based blockchain in terms of security and privacy development attributes: Comprehensive taxonomy, open issues and challenges and recommended solution. Journal of Network and Computer Applications, 209:103529.

Szabo, N. (1997). Formalizing and securing relationships on public networks. First monday.

Vejdani, M., Varmaghani, M., Meraji, M., Jamali, J., Hooshmand, E., and Vafaee-Najar, A. (2022). Electronic prescription system requirements: a scoping review. BMC Medical Informatics and Decision Making, 22(1):1–13.

Wazid, M., Das, A. K., Mohd, N., and Park, Y. (2022). Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions. IEEE Access, 10:129429–129442.

Yamamoto, D., Suga, Y., and Sako, K. (2022). Formalising linked-data based verifiable credentials for selective disclosure. In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 52–65.

Yin, R., Yan, Z., Liang, X., Xie, H., and Wan, Z. (2023). A survey on privacy preservation techniques for blockchain interoperability. Journal of Systems Architecture, 140:102892.
Publicado
16/09/2024
GARCIA, Rodrigo Dutra; UEYAMA, Jó. Blockchain-based data governance for privacy-preserving in multi-stakeholder settings. In: CONCURSO DE TESES E DISSERTAÇÕES - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2024 . p. 33-40. DOI: https://doi.org/10.5753/sbseg_estendido.2024.241368.

Artigos mais lidos do(s) mesmo(s) autor(es)