Blockchain-enabled data governance for privacy-preserved sharing of confidential data

Abstract

In traditional cloud storage systems, users benefit from the convenience of data accessibility but face significant risks related to security. Ciphertext-policy attribute-based encryption (CP-ABE) schemes are employed to achieve fine-grained access control in cloud services to ensure confidentiality while maintaining data-sharing capabilities. However, existing approaches are impaired by two critical issues: illegal authorization and privacy leakage. Despite extensive discussions in the literature on interoperability, performance, scalability, and stability, the security of ABE-based cloud storage and data-sharing systems against adversaries—particularly those involving adaptively corrupt attribute authorities gaining unauthorized access to users’ data—has not been sufficiently explored. Notably, few existing works even address security in the presence of adversaries, raising concerns about the practicality of these systems in real-world scenarios where malicious behavior is a genuine threat. Another pressing issue is privacy leakage, where sensitive user information, such as medical histories in healthcare use cases, embedded within the access policies, may be exposed to all users. This problem is exacerbated in ABE schemes that integrate blockchain technology for enhanced decentralization and interoperability, as using a public ledger shared across multiple users can further compromise privacy. To address these, we propose an enhanced blockchain-based data governance system that employs blockchain technology and attribute-based encryption to prevent illegal authorization and privacy leakage. Our novel ABE encryption system supports multi-authority use cases while hiding access policy and ensuring identity privacy, which also protects data sharing against corrupt authorities. Utilizing the Advanced Encryption Standard (AES) for data encryption, our system is optimized for real-world efficiency. Notably, the encrypted data is stored in a decentralized storage system, like the InterPlanetary File System (IPFS), which does not rely on any centralized service provider and can, therefore, be leveraged to achieve resilience against single-point failures. With the integration of smart contracts and multi-authority attribute-based encryption, coupled with blockchain’s inherent transparency and traceability, our system realizes a balanced solution for fine-grained access control with preserved privacy, further fortifying against credential misuse. Besides the system design, we also present security proofs to demonstrate the robustness of the proposed system.