My data, my control: A secure data sharing and access scheme over blockchain

With the fast growth of networked devices, the shared data volume keeps increasing over time, i.e., the Internet of Things (IoT) devices may generate zettabytes of data in the coming few years. According to the recent version of General Data Protection Regulation (GDPR), users have the right to fully control their personal data. Many web service providers also provide some options for users to control the data. However, it is still a challenge to investigate how they enforce these actions. There is a need to deploy additional measures to secure the data access. Focused on this challenge, in this work, we design a scheme that uses smart contract and blockchain to provide a secure data sharing and access environment. In our scheme, there are three major parties and each of them has its own key pair for encrypting and signing the data. We also develop four main smart contracts for different parties, and discuss what kinds of data should be immutable and placed on-chain. In the evaluation, we explore the performance of our scheme under different platforms such as Ethereum with EtHash, Ethereum with Clique, and Hyperledger. With the analysis of several potential attacks, our results indicate the viability and effectiveness of our scheme.