ID-based user-centric data usage auditing scheme for distributed environments

Recent years have witnessed the trend of increasingly relying on remote and distributed infrastructures, mainly owned and managed by third parties. This increased the number of reported incidents of security breaches compromising users' personal data, where involved entities may massively collect and process massive amounts of such data. Toward these challenges, this paper combines hierarchical Identity Based Cryptographic (IBC) mechanisms with emerging blockchain technologies and introduces a blockchain-based data usage auditing architecture ensuring availability and accountability in a personal data-preserving fashion. The proposed approach relies on smart auditable contracts deployed in blockchain infrastructures. Thus, it offers transparent and controlled data access, sharing and processing, so that unauthorized entities cannot process data without data subjects' consent. Moreover, thanks to the usage of hierarchical ID-based encryption and signature schemes, the proposed solution protects and ensures the confidentiality of users' personal data shared with multiple data controllers and processors. It also provides auditing capacities with tamper-proof evidences for data usage compliance, supported by the intrinsic properties of the blockchain technology.