How to prevent personal information from leaking? Here are 2 big data blockchain application cases

As social media networks continue to collect personal data, behaviors, and habits, users lose control of their privacy.

Although it can be beneficial to provide services such as recommendations based on personalization, users still cannot clearly know the purpose of collecting the data and collecting the data.

The user then has no control over how the data is processed, so the permissions cannot be revoked. Typically, most social media sites have a privacy settings page where users can restrict the collection of their personal information.

But users can't control and configure the user information that social media companies control. People are accustomed to the privacy agreement provided by the website in the form of overlord terms. However, collecting personal data is not limited to the inside of the website. Social media focuses on users' web browsing interests and their interactions with other web or mobile applications.

User-installed mobile apps are collecting more sensitive data such as contact lists and locations. When installing a mobile app, users only need to accept third-party access without detailed or partial acceptance options.

As we face the consequences of others becoming more aware of us, there are more and more concerns about data privacy.

In a recent study of a large number of high-profile data breaches, 74% of respondents said that it is “very important” for them to get control over their information, and 65% of respondents said For them, controlling the collection of information about them is “very important.” In the same study, more than 91% of adults agreed that consumers have lost control of the company's collection and use of personal information.

Case 1

Zyskind et al. propose a solution for data ownership, data transparency, auditability and fine-grained access control.

The solution is an access control management system that focuses primarily on the mobile platform and the user cannot revoke access to her private data. By installing a mobile app, you can grant permissions indefinitely, and if a user wants to revoke access, they must uninstall the app and stop using the service.

The goal of the new solution is to enable users to control and audit which data is stored and how to use them. As we mentioned, access should be revocable.

Therefore, the technical idea is to store the access policy for personal data on the blockchain, and then let the blockchain nodes moderately access the DHT (Distributed Hash Table) .

The solution consists of three entities: the user, the company providing the service, and the blockchain. When a user wants to grant or revoke access to their personal data, the blockchain will respond as a dispatcher.

Here, the blockchain supports two transaction types: transactions for access and transactions for data. These transaction types allow access control management, data storage, and data retrieval.

When a user installs a new application, a shared identity is created and sent to the blockchain along with the configured permissions, as the user wishes. All granted permissions are listed in the so-called policy. The shared key (the user's public key and the service's public key) and policy are sent through access transactions in the blockchain.

Bitcoin's blockchain uses a public key identity mechanism. All nodes in the system have a public key, also known as an address. By identifying the address, the user can use the pseudonym to remain anonymous.

In the proposed system, a new composite identity was introduced. A composite identity is a shared identity between a user and a service. The user is the owner of the key and the service is the visitor. The composite key consists of the signature key pairs of both parties, thus protecting the data from all other unauthorized parties in the system.

Sensitive user data is encrypted using a shared encryption key and sent along with the data transaction for storage. The blockchain sends the data to the out-of-chain key-value store (DHT) and retains only the hash value as a pointer to the data.

The value set on the DHT is encrypted by the composite key. Users and services know pointers to this value. DHT only performs the approved read and write functions. Both users and services can use a pointer to the data to query the data.

Each time a service accesses data, it checks its permissions based on the last accessed transaction. Users can revoke permissions at any time by initiating a new access transaction, or they can modify it. To do this, you can easily develop a web dashboard that shows the user's current permissions.

72

Figure 1 – Overview of the Decentralized Authority System

Opponents that control any number of DHT nodes will not compromise the privacy of sensitive data because they are encrypted.

If the opponent only gets one of the keys, the data is still safe. Since personal data is not stored centrally, we do not need the trust of a central agency.

In addition, instead of direct access, the system can use a secure multi-party computing MPC protocol. This would be a better approach, it would run the calculation directly on the network and get the final result, not the original data. All transactions requested by the service are traceable, so users can review the frequency of visits.

Case 2

Another study on blockchain-based user-controlled social media is Ushare. Ushare's vision is that users should have their own online status by tracking the posts they share and controlling the possibility of re-sharing.

Using P2P capabilities, Ushare created a decentralized content distribution network. In this case, the assets managed by the blockchain are data published by the user.

The Ushare solution consists of a user-shared hash table with encrypted content, a system that controls the maximum number of shares performed by user circle members, and a local personal certificate authority (PCA) that manages user circles and blockchains.

When a user shares some information with a circle, their PCA encrypts the data using the circle's public key. The encrypted data is stored in a distributed hash table.

The DHT has three columns that allow users to share the posts they see. Each time a user shares a post, the first column records the hash of the encrypted data for the post she saw and shared. The second column records the hash value of the encrypted data with the public key of the circle. The third column stores her encrypted data items.

The reason for using DHT in the second solution is the same – large data (such as documents, images and videos) needs to be stored in a decentralized manner. The blockchain only stores transactions about the user. It cannot store actual data because downloading full chain data to all nodes will incur computational load and time costs.

When a user creates a post, the identity is encrypted, the hash key of the encrypted data, and the token specifying the number of shares allowed to send the new transaction to the blockchain.

Next, the user sends a separate transaction to each member of her circle using the encrypted data hash key. If another user who receives the post wants to share it, she will send a new transaction using her identity and the data key encrypted with the new user's circle key.

Similarly, multiple new transactions will be sent to the next user who can preview the reshared transaction. The number of tokens decreases as the share increases.

All efforts to create these two blockchain solutions are due to the fact that third parties do not trust personal and sensitive data. When users create and publish data, they should also remain the primary owner of the data.

For monitoring by tracking user behavior and interests, users should at least understand this and have some benefits. A blockchain can be a filter that accesses private data permissions, or it can implement a whole decentralized social network.