Using Blockchain to Protect Personal Data

Abstract

Data sharing has become a sore point in information technology for decades, considering the technological advancements that have contributed to increased data generation and collection, by utilizing numerous applications and services. It has become a double-edged sword since they have taken advantage of the massive amount of individual personal data for their own profit. Consequently, several concerns have arisen related to centralized architectures security and privacy infringements. This thesis showcases efforts made for data sharing and privacy based on the emerging technology blockchain, which backs system transparency, data confidentiality, integrity, and security. This thesis aims to make three novel contributions to preserve data-sharing privacy. In a service-oriented

architecture we propose a privacy-preserving platform called “SDGChain” by employing a service- dependency graph-based permissioned blockchain to control a set of service interactions and data

exchanged by granting data owner sovereignty through access permission rules. Blockchain smart contracts are deployed to allow control over confidential data exchanged between services and present a global view of system interactions. SDGchain demonstrates the robustness of the prototype using blockchain as a trusted third party, in addition to the effect of adopting off-chain storage on system scalability from the results since keeping only light data. The research is extended to cover composite services privacy where PrsChain, a privacy preservation framework is proposed for service composition using a permissioned blockchain in the context of service-oriented architecture. The scheme is designed to solve the issue of sensitive data sharing disclosure among service providers, eliminates trust in third parties, and fosters a trustworthy blockchain for generating plan composition and managing the execution process, where the substantial features that blockchain is leveraged upon are authentication, tamper-proof, integrity, immutability, and trustless environment. We present the framework architecture and discuss different aspects of evaluating and implementing smart contracts during composition execution. In addition, the intermediate results are stored in the IPFS, which is encrypted to create a robust data access mechanism only for legal participants from the blockchain system. The thesis develops a privacy-preserving framework for federated learning combined with blockchain technology. The proposed design, named FLBCshard, performs decentralized federated learning tasks securely using IPFS and non-fungible token-based data sharing as proof of ownership. The prototype trades off between blockchain scalability and privacy by utilizing a dynamic sharding technique and, therefore, a hierarchical architecture to alleviate overhead communication and double check reliability methods are proposed to mitigate privacy and security threats. The main objective of the design is to maintain participant and global model data privacy with high accuracy and to prevent poisoning attacks and even model ownership theft.