Abstract
Content compliance validation provides a formal and secure procedure for applications (like emails or social networks) to determine how an intended action can be carried out. By conducting the validation against predefined policies, only compliant content is allowed to be delivered. Unfortunately, current solutions suffer from multiple issues such as intensive server-side overheads, intransparency and centralization.
To address these drawbacks, we propose DeCCV, the first decentralized content compliance validation protocol for real-world applications. In our work, the application requires to transparently declare its validation policies (\({{\textbf {Policy}}^\textsf {Cont}_\textsf {VAL}}\)) on the blockchain. Meanwhile, we outsource the resource-intensive validations to multiple decentralized off-chain validation nodes, which verify user’s content locally and issue the proofs (signatures) accordingly. Therefore, the burden of server-end workloads is minimized to merely signature-based verification. Moreover, a dedicated incentive mechanism is proposed to motivate high accountability of validation participants. DeCCV is platform-friendly that can be compatible with most real-world applications. We fully implement DeCCV for Gmail, Twitter and Dropbox to show its versatility.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Every public key is registered and stored on \({{\textbf {Contr}}_\textsf {App}}\) at initialization.
- 3.
\({{\textbf {Proof}}_\textsf {Dispute}}\) includes one single signature of disputer.
References
Vulnerability in TLS 1.2 (2014). https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566
Youtube loophole (2017). https://www.bbc.com/news/technology-38652906
Detoxify (2020). https://github.com/unitaryai/detoxify
Machine learning based tools (2020). https://bit.ly/31fsn6K
Nsfw content detection (2020). https://github.com/GantMan/nsfw_model
Tellor network (2020). https://tellor.io/
Uniswap (2020). https://uniswap.org/
Virus detection tools (2020). https://bit.ly/3EYIrJl
Chainlink (2021). https://chain.link/
Clamav (2021). https://www.clamav.net/
Gmail rules (2021). https://support.google.com/a/answer/2364580?hl=en
Google YouTube validation process (2021). https://bit.ly/3Eya77E
How YouTube validates your video (2021). https://bit.ly/3CE6DPp
The node-localstorage package (2021). https://www.npmjs.com/package/node-localstorage
Solidity language (2021). https://docs.soliditylang.org/en/v0.4.24/
Truffle testnet (2021). https://www.trufflesuite.com/
Twitter (2021). https://twitter.com/home
Twitter’s non-compliance (2021). https://bit.ly/3kLUhP3
Web3.js library (2021). https://web3js.readthedocs.io/en/v1.5.2/
Aes-gcm-256 (2022). https://en.wikipedia.org/wiki/Galois/Counter_Mode
Binance smart chain (2022). https://docs.binance.org/
Dropbox (2022). https://www.dropbox.com/
Ecdh key exchange (2022). https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman
Ethereum (2022). https://ethereum.org/en/
Google detects email malware (2022). https://support.google.com/a/answer/9157861?hl=en
Polkadot (2022). https://polkadot.network/
Polygon (2022). https://polygon.technology/
Reference (2022). https://bit.ly/3NWMrPc
Baron, J., Defrawy, K.E., Lampkins, J., Ostrovsky, R.: Communication-optimal proactive secret sharing for dynamic groups. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 23–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_2
Bowers, K.D., Juels, A., et al.: HAIL: a high-availability and integrity layer for cloud storage. In: ACM Conference on Computer and Communications Security (2009)
Buterin, V.: Ethereum: a next-generation smart contract and decentralized application platform (2013)
Cheng, R., Zhang, F., Kos, J., He, W., Hynes, N., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contracts. In: IEEE European Symposium on Security and Privacy (2019)
Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: ACM Conference on Computer and Communications Security (2017)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint (2016)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2 (2008)
Haakegaard, R., Lang, J.: The elliptic curve Diffie-Hellman (ECDH) (2015). https://koclab.cs.ucsb.edu/teaching/ecc/project/2015Projects/Haakegaard+Lang.pdf
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27
Kumaresan, R., Bentov, I.: Amortizing secure computation with penalties. In: ACM Conference on Computer and Communications Security (2016)
Liu, B., Sun, S., Szalachowski, P.: SMACS: smart contract access control service. In: IEEE/IFIP Conference on Dependable Systems and Networks (2020)
Maram, S.K.D., et al.: CHURP: dynamic-committee proactive secret sharing. In: ACM Conference on Computer and Communications Security (2019)
Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: ACM Symposium on Principles of Distributed Computing (1991)
Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.3 (2018)
Schultz, D.A., Liskov, B., Liskov, M.: Mobile proactive secret sharing. In: ACM Symposium on Principles of Distributed Computing (2008)
Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: a performance study. Cryptology ePrint Archive (2020)
Zyskind, G., Nathan, O., et al.: Decentralizing privacy: using blockchain to protect personal data. In: IEEE Security and Privacy Workshops (2015)
Acknowledgment
We thank the anonymous reviewers for their valuable comments. This work is supported by the Ministry of Education, Singapore, under the MOE AcRF Tier 2 grant (MOE2018-T2-1-111).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Detailed Interactions of DeCCV
The detailed interactions among system participants are shown in Fig. 3. The numbered procedures correspond with the high-level interactions (described in Fig. 1). Note that the transmitted data objects between protocol actors are encrypted over a secure channel. Meanwhile, the incentive interfaces, including penalties, disputes and payouts etc., are not depicted in Fig. 3 as these actions can be triggered whenever any misbehavior is detected.
B Secure Communication Handshake Performance
DeCCV purses a confidentiality-preserving tunnel, and we utilize the latest version of TLS in our experiments. As discussed in Sect. 2.2, a full handshake process is divided into key exchange phase and authentication phase. In our experiment, the time consumption of these two procedures is 487ms and 671ms, respectively. Note that TLS is not the only design choice in practical for achieving transport protection. In Appendix C.1, we will discuss the considerations towards more design choices of communication protection.
C Discussions
In this section, we provide the discussions with respect to transport protection, a future direction toward a more fine-grained economic reward mechanism, and the generalizability of our protocol.
The interactions of DeCCV.
1.1 C.1 Secure Communication Design Choices
In DeCCV, we adopt TLS protocol as a channel protection method among system parties. In practice, the feasible approaches are not limited to it. For instance, a dynamic secret sharing scheme [29, 30, 37, 40, 41, 43] is regarded as an alternative that DeCCV can employ a recently proposed secret sharing scheme [40] for communication encryption. Concretely, with dynamical secret sharing, \({{\textbf {App}}}\) can first generate a key pair (\({pk_{\textsf {Apps}}}\), \({sk_{\textsf {Apps}}}\)), hardcode \({pk_{\textsf {Apps}}}\) into the blockchain for an arbitrary user to encrypt his content, and distribute the associated \({sk_{\textsf {Apps}}}\) to the key management committee members (i.e., a dedicated group of committee members to withhold the key). Once receiving an encrypted content from a user, each \({{\textbf {Node}}_\textsf {VAL}}\) will contact key management committees, then recover the \({sk_{\textsf {Apps}}}\), and decrypt the content for validation. We emphasize that secret sharing is seen as an alternative approach for transport protection. In particular, the proposed incentive mechanism could also applied to those key management members. In terms of performance, TLS is more resource-efficient when the number of key management members is beyond four. Moreover, since \({{\textbf {Node}}_\textsf {VAL}}\) and key management committees involve massive communications, TLS is deemed a more secure approach. We will keep track on the emergence of more effective transport protection schemes.
1.2 C.2 Towards A Fine-Grained Reward Design
Recall Sect. 5.2, with the increase in the number of registration, \({{\textbf {Node}}_\textsf {VAL}}\) would compete against each other to provide better validation services. Currently, we set the amount of rewards for each honest behavior as a fixed value. One possible improvement is making such the mechanism more fine-grained. For instance, as the computation consumption should vary in the size of user’s contents and the complexity of App’s policies, we could link the amount of reward to the size of requested content and the workloads of policy validations. More interestingly, \({{\textbf {App}}}\) and \({{\textbf {Node}}_\textsf {VAL}}\) could transparentize their reward fees and service commissions, respectively, which would create a better service market. We will leave such the design direction as future work.
1.3 C.3 Generalizability
In Appendix C.1, different techniques for transport protection are able to be switched in our system based on the security and performance considerations. In addition, we stress that DeCCV is platform-agnostic with regards to blockchains and real-world applications. Although \({{\textbf {Contr}}_\textsf {App}}\) is deployed on Ethereum platform in our experiments, the policy declaration and incentive design can be easily implemented on other blockchains that have similar smart contract capabilities [21, 26, 27]. Meanwhile, any real-world application which requires regulating the delivered contents can take advantage of DeCCV to filter out non-compliant contents. All an \({{\textbf {App}}}\) owner needs to do is policy declaration and smart contract deployment. We expect to see the possibility of collaboration with more real-world companies.
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Liu, B., Zhou, J. (2022). Liberate Your Servers: A Decentralized Content Compliance Validation Protocol. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-10684-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10683-5
Online ISBN: 978-3-031-10684-2
eBook Packages: Computer ScienceComputer Science (R0)
