A Framework for Privacy-aware and Secure Decentralized Data Storage

Blockchain technology gained popularity thanks to its decentralized and transparent features. However, it suffers from a lack of privacy as it stores data publicly and has difficulty to handle data updates due to its main feature known as immutability. In this paper, we propose a decentralized data storage and access framework that combines blockchain technology with Distributed Hash Table (DHT), a role-based access control model, and multiple encryption mechanisms. Our framework stores metadata and DHT keys on the blockchain, while encrypted data is managed on the DHT, which enables data owners to control their data. It allows authorized actors to store and read their data in a decentralized storage system. We design REST APIs to ensure interoperability over the Web. Concerning data updates, we propose a pointer system that allows data owners to access their update history, which solves the issue of data updates while preserving the benefits of using the blockchain. We illustrate our solution with a wood supply chain use case and propose a traceability algorithm that allows the actors of the wood supply chain to trace the data and verify product origin. Our framework design allows authorized users to access the data and protects data against linking, eavesdropping, spoofing, and modification attacks. Moreover, we provide a proof-of-concept implementation, security and privacy analysis, and evaluation for time consumption and scalability. The experimental results demonstrate the feasibility, security, privacy, and scalability of the proposed solution.