Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Data Privacy Management

International Workshop on Cryptocurrencies and Blockchain Technology

DPM 2018, CBT 2018: Data Privacy Management, Cryptocurrencies and Blockchain Technology pp 345–353Cite as

PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11025))

Abstract

In the upcoming evolution of the Internet of Things (IoT), it is anticipated that billions of devices will be connected to the Internet. Many of these devices are capable of collecting information from individual users and their physical surroundings. They are also capable of taking smart actions, which are usually from a backend cloud server in the IoT system. While IoT promises a more connected and smarter world, this pervasive large-scale data collection, storage, sharing, and analysis raise many privacy concerns.

In the current IoT ecosystem, IoT service providers have full control of the collected user data. While the original intended use of such data is primarily for smart IoT system and device control, the data is often used for other purposes not explicitly consented to by the users. We propose a novel user privacy protection framework, PrivacyGuard, that aims to empower users with full privacy control of their data. PrivacyGuard framework seamlessly integrates two new technologies, blockchain and trusted execution environment (TEE). By encoding data access policy and usage as smart contracts, PrivacyGuard can allow data owners to control who can have what access to their data, and be able to maintain a trustworthy record of their data usage. Using remote attestation and TEE, PrivacyGuard ensures that data is only used for the intended purposes approved by the data owner. Our approach represents a significant departure from traditional privacy protections which often rely on cryptography and pure software-based secure computation techniques. Addressing the fundamental problem of data usage control, PrivacyGuard will become the cornerstone for free market of private information.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Cisco visual networking index: Global mobile data traffic forecast update, 2016–2021 white paper. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.html

  2. National privacy research strategy. https://www.nitrd.gov/PUBS/NationalPrivacyResearchStrategy.pdf

  3. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)

    Google Scholar 

  4. Sahai, A.: Ciphertext-policy attribute-based encryption. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 321–334 (2007)

    Google Scholar 

  5. Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 121–130. ACM, New York (2009)

    Google Scholar 

  6. Desmedt, Y., Shaghaghi, A.: Function-Based Access Control (FBAC): from access control matrix to access control tensor. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, pp. 89–92. ACM, New York (2016)

    Google Scholar 

  7. Bates, A., Mood, B., Valafar, M., Butler, K.: Towards secure provenance-based access control in cloud environments. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 277–284. ACM, New York (2013)

    Google Scholar 

  8. Bacis, E., di Vimercati, S.D.C., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Mix&Slice: efficient access revocation in the cloud. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 217–228. ACM, New York (2016)

    Google Scholar 

  9. Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 735–737. ACM, New York (2010)

    Google Scholar 

  10. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010, San Diego, CA, USA, March 2010

    Google Scholar 

  11. di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. (TODS) 35(2), 12 (2010)

    Article  Google Scholar 

  12. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  13. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1) (2007)

    Google Scholar 

  14. Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  15. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: IEEE 23rd International Conference on Data Engineering, 2007, ICDE 2007, pp. 106–115. IEEE (2007)

    Google Scholar 

  16. Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  17. Zyskind, G., Nathan, O., Pentland, A.: Decentralizing privacy: using blockchain to protect personal data. In: Security and Privacy Workshops (SPW). IEEE (2015)

    Google Scholar 

  18. Zyskind, G., Nathan, O., Pentland, A.: Enigma: decentralized computation platform with guaranteed privacy. arXiv preprint arXiv:1506.03471 (2015)

  19. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  20. Ethereum: Blockchain app platform. https://www.ethereum.org/

  21. Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)

    Google Scholar 

  22. Divya, M., Biradar, N.B.: IOTA-next generation block chain. Int. J. Eng. Comput. Sci. 7(04), 23823–23826 (2018)

    Article  Google Scholar 

Download references

Acknowledgment

This work was supported in part by US National Science Foundation under grants CNS-1446478 and CNS-1443889.

Author information

Authors and Affiliations

  1. Virginia Polytechnic Institute and State University, Blacksburg, USA

    Ning Zhang, Wenjing Lou & Y. Thomas Hou

  2. Guangzhou University, Guangzhou, China

    Jin Li

Authors
  1. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenjing Lou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Y. Thomas Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ning Zhang .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Enginyeria de la Informacio I de les Com, Universitat Autonoma de Barcelona, Bellaterra, Spain

    Jordi Herrera-Joancomartí

  3. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  4. Universidad de Málaga, Málaga, Spain

    Ruben Rios

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, N., Li, J., Lou, W., Hou, Y.T. (2018). PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham. https://doi.org/10.1007/978-3-030-00305-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00305-0_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00304-3

  • Online ISBN: 978-3-030-00305-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation