Towards Contractual Agreements for Revocation of Online Data

Schnitzler, Theodor; Dürmuth, Markus; Pöpper, Christina

doi:10.1007/978-3-030-22312-0_26

Cited by 4 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another proposal is to manage the keys within a blockchain [54,10,52] instead of a trusted third party. For Steichen et al [54], the blockchain was used to store the access control list.…”

Section: Related Workmentioning

confidence: 99%

“…In distributed storage solutions, common solutions rely on a distributed consensus [34] and generally use a blockchain, but it is sometimes not enough for a single node to make the decision to deliver the piece of data to a user. In this case, Schnitzler et al [52] proposed an incentive to the nodes to revoke the access and delete the pieces of data when needed, but it does not guarantee that Byzantine faults are avoided.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Mutida: A Rights Management Protocol for Distributed Storage Systems Without Fully Trusted Nodes

Confais¹,

Rostirolla²,

Parrein

et al. 2022

Transactions on Large-Scale Data- And Knowledge-Centered Systems LII

View full text Add to dashboard Cite

Several distributed storage solutions that do not rely on a central server have been proposed over the last few years. Most of them are deployed on public networks on the internet. However, these solutions often do not provide a mechanism for access rights to enable the users to control who can access a specific file or piece of data. In this article, we propose Mutida (from the Latin word "Aditum" meaning "access"), a protocol that allows the owner of a file to delegate access rights to another user. This access right can then be delegated to a computing node to process the piece of data. The mechanism relies on the encryption of the data, public key/value pair storage to register the access control list and on a function executed locally by the nodes to compute the decryption key. After presenting the mechanism, its advantages and limitations, we show that the proposed mechanism has similar functionalities to Wave, an authorization framework with transitive delegation. However, Wave does not require fully trusted nodes. We implement our approach in a Java software program and evaluate it on the Grid'5000 testbed. We compare our approach to an approach based on a protocol relying on Shamir key reconstruction, which provides similar features.is that there are no servers that we can rely on to be in charge of the protocol for rights management. Additionally, anonymity is a key point since peers are communicating directly and additional layers need to be in place to guarantee it. [19]. In this paper, we propose Mutida (from the Latin word "Aditum" meaning "access" and written from right to left), a protocol that focuses on enabling users to manage access rights in a network of the second category.In this paper, we consider the files stored on the Interplanetary File System [11] (IPFS), which is a storage solution that relies on a BitTorrent-like [35] protocol to exchange the files between the nodes and on a Kademlia [39] Distributed Hash Table (DHT) to locate the different pieces of data in the network. The essential characteristic of IPFS is that files are immutable and cannot be modified once they are written.Using a DHT forwards all location requests through different nodes. Therefore, any connected node is involved in the routing of requests and can determine the identifiers of popular files [26]. Additionally, since the storage solution does not manage any permission and because IPFS does not provide any encryption mechanism to protect user privacy [47], every user can access all the files stored in it if the content identifier (CID) is known.The consequence of this is that any node in the IPFS network can observe the DHT requests and access the corresponding files. This illustrates and justifies the need to manage access permissions in such a network. With Mutida, all users will still be able to find the files in the network, but only the permitted users will be able to decrypt the content.Because of the use of Merkle trees [40] and the use of a root hash as a file identifier, users of IPFS do not need to tru...

show abstract

“…Another proposal is to manage the keys within a blockchain [54,10,52] instead of a trusted third party. For Steichen et al [54], the blockchain was used to store the access control list.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Mutida: A Rights Management Protocol for Distributed Storage Systems Without Fully Trusted Nodes

Confais¹,

Rostirolla²,

Parrein

et al. 2022

Transactions on Large-Scale Data- And Knowledge-Centered Systems LII

View full text Add to dashboard Cite

show abstract

“…For example, one interface element is to establish an expiration date for information [29], [30], [61]. Users can customize, at the point of disclosure, when their information will be revoked or destroyed [32], [33]. Alternatively, service providers can set a standard expiration date.…”

Section: Finding I: Time As Duration -Age Of Information Technologymentioning

confidence: 99%

Review of Research on Privacy Decision Making from a Time Perspective

Jiang¹,

Järvenpää²

2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Managing privacy is a process in which people continuously negotiate the boundaries of their personal space. Time is embedded in and influences this continuous negotiation. Digital technologies increasingly incorporate temporal elements, such as allowing users to define the expiration date of social network postings. Yet, researchers have not systematically examined the effects of temporal elements in privacy decision making. In this paper, we review how existing information privacy research has related to time in terms of three dimensions: duration, timing, and past, present, and future modalities. Our findings suggest that 1) duration has a negative influence on information disclosure; 2) timing, in the form of personal and external events, influences how people make privacy decisions; and 3) sensemaking that involves prior experience and planning for the future affect privacy decisions. We discuss how privacy decision making frameworks need to be adjusted to account for a time perspective. Information privacy is defined as individuals' ability to control data about themselves [3]. Scholarly work has examined the relationship between privacy concerns and other constructs, and developed the Antecedent-Privacy Concern-Outcome (APCO) model

show abstract

Disjunctive Multi-Level Digital Forgetting Scheme

Darwish,

Smaragdakis

2024

Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing

View full text Add to dashboard Cite

Towards Contractual Agreements for Revocation of Online Data

Cited by 4 publications

References 19 publications

Mutida: A Rights Management Protocol for Distributed Storage Systems Without Fully Trusted Nodes

Mutida: A Rights Management Protocol for Distributed Storage Systems Without Fully Trusted Nodes

Review of Research on Privacy Decision Making from a Time Perspective

Disjunctive Multi-Level Digital Forgetting Scheme

Contact Info

Product

Resources

About