Architecture for privacy-preserving brokerage of analytics using Multi Party Computation, Self Sovereign Identity and Blockchain

In our increasingly digitized world, the value of data is clear and proved, and many solutions and businesses have been developed to harness it. In particular, personal data (such as health-related data) is highly valuable, but it is also sensitive and could harm the owners if misused. In this context, data marketplaces could enhance the circulation of data and enable new businesses and solutions. However, in the case of personal data, marketplaces would necessarily have to comply with existing regulations, and they would also need to make users privacy protection a priority. In particular, privacy protection has been only partially accomplished by existing datamarkets, as they themselves can gather information about the individuals connected with the datasets they handle. In this thesis is presented an architecture proposal for KRAKEN, a new datamarket that provides privacy guarantees at every step in the data exchange and analytics pipeline. This is accomplished through the use of multi-party computation, blockchain and self-sovereign identity technologies. In addition to that, the thesis presents also a privacy analysis of the entire system. The analysis indicated that KRAKEN is safe from possible data disclosures to the buyers. On the other hand, some potential threats regarding the disclosure of data to the datamarket itself were identified, although posing a low-priority risk, given their rare chance of occurrence. Moreover the author of this thesis elaborated remarks on the decentralisation of the architecture and possible improvements to increase the security. These improvements are accompanied by the solutions identified in the paper that proposes the adoption of a trust measure for the MPC nodes. The work on the paper and the thesis contributed to the personal growth of the author, specifically improving his knowledge of cryptography by learning new schemes such as group signatures, zero knowledge proof of knowledge and multi-party computation. He improved his skills in writing academic papers and in working in a team of researchers leading a research area

A Privacy-Preserving, Accountable and Spam-Resilient Geo-Marketplace

Mobile devices with rich features can record videos, traffic parameters or air quality readings along user trajectories. Although such data may be valuable, users are seldom rewarded for collecting them. Emerging digital marketplaces allow owners to advertise their data to interested buyers. We focus on geo-marketplaces, where buyers search data based on geo-tags. Such marketplaces present significant challenges. First, if owners upload data with revealed geo-tags, they expose themselves to serious privacy risks. Second, owners must be accountable for advertised data, and must not be allowed to subsequently alter geo-tags. Third, such a system may be vulnerable to intensive spam activities, where dishonest owners flood the system with fake advertisements. We propose a geo-marketplace that addresses all these concerns. We employ searchable encryption, digital commitments, and blockchain to protect the location privacy of owners while at the same time incorporating accountability and spam-resilience mechanisms. We implement a prototype with two alternative designs that obtain distinct trade-offs between trust assumptions and performance. Our experiments on real location data show that one can achieve the above design goals with practical performance and reasonable financial overhead.Comment: SIGSPATIAL'19, 10 page

Trading Real-World Assets on Blockchain - An Application of Trust-Free Transaction Systems in the Market for Lemons

Since its introduction in 2008, blockchain technology has outgrown its use in cryptocurrencies and is now preparing to revolutionize a multitude of commercial applications including value and supply chains, business models, and market structures. This work follows design science research to guide the implementation of a blockchain-based proof-of-concept prototype that enables the automated transaction of real-world assets, such as cars, and provides a valid, transparent, and immutable record of vehicle history to market participants, authorities, and other third parties. The contribution of this study to existing research is threefold: First, it introduces a built-in mechanism to reduce transaction risk resulting from the irreversibility of transactions in blockchain-based systems. Second, it replaces a trust-based, centralized, and bureaucratic register with a tamper-free and autonomous transactional database system that comprises a secure registration and transaction process. Third, it proposes a novel approach to mitigate adverse selection effects in lemon markets by providing a reliable, transparent, and complete record of each marketable asset’s history. In total, the findings in this article illustrate the potential of blockchain-based systems but also highlight technological shortcomings and challenges for commercial applications, such as scalability or privacy issues