Enforcing Private Data Usage Control with Blockchain and Attested Off-chain Contract Execution
share
The abundance of rich varieties of data is enabling many transformative applications of big data analytics that have profound societal impacts. However, there are also increasing concerns regarding the improper use of individual users' private data. Many argue that the technology that customizes our experience in the cyber domain is threatening the fundamental civil right to privacy. In this paper, we propose PrivacyGuard, a system that leverages smart contract in blockchain and trusted execution environment to enable individuals' control over other parties' access and use of their private data. In our design, smart contracts are used to specify data usage policy (i.e. who can use what data under which conditions along with how the data can be used), while the distributed ledger is used to keep an irreversible and non-repudiable record of data usage. To address the contract execution efficiency problem, as well as to prevent exposing user data on the publicly viewable blockchain, we construct a novel off-chain contract execution engine which realizes trustworthy contract execution off-chain in an trusted execution environment (TEE). By running the contract program inside a hardware-assisted TEE, the proposed off-chain trustworthy contract execution improves system efficiency significantly, as its correctness does not rely on distributed consensus which essentially requires the contract program be executed on all miner nodes. In order to leverage TEE in off-chain execution, PrivacyGuard has to several technical challenges such as synchronous function completion and scalability mitigation in blockchain platform. We build and deploy a prototype of PrivacyGuard using Ethereum and Intel SGX, and our experiments demonstrate the feasibility to support data-intensive applications using data from a large number of users.
READ FULL TEXT
