Data Protection with Ethereum Blockchain

Detalhes bibliográficos
Autor(a) principal: Teles, Duarte Paulo Gonçalves Cabral
Data de Publicação: 2018
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.22/13944
Resumo: Blockchain technology has been one of the most promising technologies of the past decade, with Ethereum and Bitcoin being the two most popular Blockchains today. Both do not provide data protection and privacy by default. The former allows for Decentralized Applications (DApps) to be built, with zero chance of downtime or censorship and is the main focus of this dissertation. The European Union approved a law in 2016, the General Data Protection Regulation (GDPR), with severe penalties being enforced since May 25th, 2018. It is considered a massive step toward protecting user data. Not only does it affect companies with offices in the EU, but also organizations throughout the world that have users from EU territories. Further, it stipulates key obligations for organizations handling user data, in addition to introducing new rights to individuals, such as the right to erasure. This represents a major challenge towards achieving GDPR compliance in DApps, as Blockchains such as Ethereum, are immutable by design. This dissertation’s work attempts to comply with the GDPR and its conflicting right to erasure, by developing an Ethereum proof-of-concept DApp: DFiles, which also aims to provide some form of data privacy and protection. It also allows its users to upload encrypted files in addition to their download and decryption. It was developed using an Agile methodology in an iterative approach with mainly decentralized technologies, such as the Interplanetary File System (IPFS) and Ethereum smart contracts, with a centralized component for user authentication, while adhering to Blockchain Software Engineering. Due to the GDPR’s complexity, some parts were selected, namely the rights to erasure, data portability, access and rectification. DFiles GDPR compliance was then evaluated with a statistical analysis on user encrypted and unencrypted uploaded files in the DApp, with its elapsed upload times and Ethereum transaction costs measured for files separated into four categories: small (1KB-1MB), medium (1MB-20MB), large (20MB-200MB) and extra-large (200MB-2GB). However, due to hardware limitations, this statistical analysis could only be performed for files up to 14.2MB. It concluded that transaction costs for unencrypted files are slightly higher, although this increase is not significant. As for elapsed upload times, it found that the elapsed upload time in encrypted files was overall significantly higher. Data from files larger than 14.2MB was still recorded which determined that the last two elapsed upload times for unencrypted files up to 800MB, are less than the last two upload elapsed times for encrypted ones up to 14.2MB. In conclusion, encrypting files to comply with the General Data Protection Regulation’s right to erasure is a valuable option only for small to medium files up to 14.2MB. From there, without considering hardware encryption limitations, upload times tend to grow exponentially. Ethereum and the IPFS must advance to allow better privacy techniques. Recently, there have been major new improvements to Ethereum and its smart contracts; the world of DApp development is always changing at a fast rate. In the future, Ethereum might evolve to a newer version which may bring new and enhanced privacy controls which may allow its complete GDPR compliance.
id RCAP_74f5bd3041c0edfc1568e619d6af035a
oai_identifier_str oai:recipp.ipp.pt:10400.22/13944
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Data Protection with Ethereum BlockchainEthereum BlockchainGeneral European Data Protection RegulationSmart contractsData privacy and protectionDecentralized applicationsBlockchain software engineeringInterplanetary File SystemSistemas ComputacionaisBlockchain technology has been one of the most promising technologies of the past decade, with Ethereum and Bitcoin being the two most popular Blockchains today. Both do not provide data protection and privacy by default. The former allows for Decentralized Applications (DApps) to be built, with zero chance of downtime or censorship and is the main focus of this dissertation. The European Union approved a law in 2016, the General Data Protection Regulation (GDPR), with severe penalties being enforced since May 25th, 2018. It is considered a massive step toward protecting user data. Not only does it affect companies with offices in the EU, but also organizations throughout the world that have users from EU territories. Further, it stipulates key obligations for organizations handling user data, in addition to introducing new rights to individuals, such as the right to erasure. This represents a major challenge towards achieving GDPR compliance in DApps, as Blockchains such as Ethereum, are immutable by design. This dissertation’s work attempts to comply with the GDPR and its conflicting right to erasure, by developing an Ethereum proof-of-concept DApp: DFiles, which also aims to provide some form of data privacy and protection. It also allows its users to upload encrypted files in addition to their download and decryption. It was developed using an Agile methodology in an iterative approach with mainly decentralized technologies, such as the Interplanetary File System (IPFS) and Ethereum smart contracts, with a centralized component for user authentication, while adhering to Blockchain Software Engineering. Due to the GDPR’s complexity, some parts were selected, namely the rights to erasure, data portability, access and rectification. DFiles GDPR compliance was then evaluated with a statistical analysis on user encrypted and unencrypted uploaded files in the DApp, with its elapsed upload times and Ethereum transaction costs measured for files separated into four categories: small (1KB-1MB), medium (1MB-20MB), large (20MB-200MB) and extra-large (200MB-2GB). However, due to hardware limitations, this statistical analysis could only be performed for files up to 14.2MB. It concluded that transaction costs for unencrypted files are slightly higher, although this increase is not significant. As for elapsed upload times, it found that the elapsed upload time in encrypted files was overall significantly higher. Data from files larger than 14.2MB was still recorded which determined that the last two elapsed upload times for unencrypted files up to 800MB, are less than the last two upload elapsed times for encrypted ones up to 14.2MB. In conclusion, encrypting files to comply with the General Data Protection Regulation’s right to erasure is a valuable option only for small to medium files up to 14.2MB. From there, without considering hardware encryption limitations, upload times tend to grow exponentially. Ethereum and the IPFS must advance to allow better privacy techniques. Recently, there have been major new improvements to Ethereum and its smart contracts; the world of DApp development is always changing at a fast rate. In the future, Ethereum might evolve to a newer version which may bring new and enhanced privacy controls which may allow its complete GDPR compliance.A tecnologia de Blockchain tem sido uma das mais promisoras da última década, com Ethereum e Bitcoin como as duas Blockchains mais conhecidas atualmente, em que ambas têm o problema de não fornecer, por defeito, a proteção de dados e a sua consequente privacidade. O Ethereum, o principal foco desta dissertação, permite desenvolver Aplicações Descentralizadas (DApps) com a impossibilidade de estarem offline ou serem alvos de censura. A União Europeia (EU) aprovou o Regulamento Geral sobre a Proteção de Dados (RGPD) em 2016, com penalizações apenas a serem aplicadas no dia 25 de Maio de 2018. Este regulamento é considerado um passo gigante para proteger a informação e os dados dos utilizadores, visto que este não afeta apenas organizações com escritórios na EU, mas também empresas no mundo todo que tenham clientes em territórios da União Europeia. Além disto, o regulamento estipula novas obrigações para organizações que manuseiam dados dos seus utilizadores, além de introduzir novos direitos para os mesmos, como o direito de apagamento dos dados. Este direito representa um desafio enorme para conseguir cumprir estritamente com o RGPD nas DApps, visto que as Blockchains como o Ethereum são, no seu design, imutáveis. O trabalho desenvolvido nesta dissertação tenta cumprir com o RGPD e o seu direito problemático ao apagamento dos, ao desenvolver uma prova de conceito, uma DApp em Ethereum: DFiles, em que esta visa fornecer alguma maneira de proteger os dados dos seus utilizadores e também a sua privacidade. Além disto, também permite que os seus utilizadores submetam ficheiros encriptados além de os conseguirem desencriptar quando o seu download é efetuado. Foi também desenvolvida com uma metodologia Agile, com uma abordagem por iterações usando na maioria tecnologias descentralizadas, como por exemplo o Interplanetary File System (IPFS) e os contratos inteligentes do Ethereum, contando também com uma componente centralizada para efeitos de autenticação de utilizadores, ao mesmo tempo que adere à Engenharia de Desenvolvimento de Software para Blockchain (BOSE). Devido à complexidade do RGPD, apenas alguns dos seus aspetos foram selecionados para a sua implementação no DFiles como os direitos de apagamento dos dados, portabilidade, acesso e retificação. O cumprimento do RGPD na DFiles DApp foi avaliado com recurso a uma análise estatística nos ficheiros encriptados e não encriptados submetidos pelos seus utilizadores, em que foram medidos o tempo gasto no seu upload e o custo total de transação em Ethereum, em ficheiros de quatro categorias diferentes: pequenos (1KB-1MB), médios (1MB-20MB), grandes (20MB-200MB) e muito grandes (200MB-2GB). No entanto, por limitações de hardware, esta análise estatística apenas foi feita para ficheiros até 14.2MB de tamanho. Pode ser concluído que os custos de transação para ficheiros não encriptados são ligeiramente superiores, apesar deste aumento não ser significativo. Além disto, esta análise também concluiu que o tempo gasto nos ficheiros encriptados é substancialmente maior. Os dados dos ficheiros com tamanho superior a 14.2MB foram também registados. Ao compararmos os últimos dois registos dos ficheiros desencriptados, até 800MB de tamanho, concluímos que o seu tempo gasto é inferior aos útlimos dois registos para ficheiros encriptados até 14.2MB de tamanho. Finalmente, pode-se concluir que encriptar ficheiros para cumprir com o direito ao apagamento de dados do RGPD é uma possível abordagem apenas para ficheiros pequenos e médios até 14.2MB de tamanho. A partir desta fase, e sem considerar limitações de hardware, os tempos gastos para upload de ficheiros encriptados tendem a aumentar exponencialmente. Assim sendo, o Ethereum e o IPFS têm obrigatoriamente que melhorar a sua tecnologia num futuro próximo para permitir novas e melhores técnicas de privacidade dos dados. Recentemente, têm existido melhoramentos significativos no Ethereum e os seus contratos inteligentes que fazem com que o mundo do desenvolvimento de DApps se faça a um ritmo muito elevado. No futuro, o Ethereum poderá evoluir numa nova versão que poderá também trazer novos melhoramentos e controlos de privacidade que poderão permitir o cumprimento na totalidade do RGPD.Azevedo, Isabel de Fátima SilvaRepositório Científico do Instituto Politécnico do PortoTeles, Duarte Paulo Gonçalves Cabral2019-06-11T11:37:12Z20182018-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.22/13944TID:202166171enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-03-13T12:56:22Zoai:recipp.ipp.pt:10400.22/13944Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:33:48.183633Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Data Protection with Ethereum Blockchain
title Data Protection with Ethereum Blockchain
spellingShingle Data Protection with Ethereum Blockchain
Teles, Duarte Paulo Gonçalves Cabral
Ethereum Blockchain
General European Data Protection Regulation
Smart contracts
Data privacy and protection
Decentralized applications
Blockchain software engineering
Interplanetary File System
Sistemas Computacionais
title_short Data Protection with Ethereum Blockchain
title_full Data Protection with Ethereum Blockchain
title_fullStr Data Protection with Ethereum Blockchain
title_full_unstemmed Data Protection with Ethereum Blockchain
title_sort Data Protection with Ethereum Blockchain
author Teles, Duarte Paulo Gonçalves Cabral
author_facet Teles, Duarte Paulo Gonçalves Cabral
author_role author
dc.contributor.none.fl_str_mv Azevedo, Isabel de Fátima Silva
Repositório Científico do Instituto Politécnico do Porto
dc.contributor.author.fl_str_mv Teles, Duarte Paulo Gonçalves Cabral
dc.subject.por.fl_str_mv Ethereum Blockchain
General European Data Protection Regulation
Smart contracts
Data privacy and protection
Decentralized applications
Blockchain software engineering
Interplanetary File System
Sistemas Computacionais
topic Ethereum Blockchain
General European Data Protection Regulation
Smart contracts
Data privacy and protection
Decentralized applications
Blockchain software engineering
Interplanetary File System
Sistemas Computacionais
description Blockchain technology has been one of the most promising technologies of the past decade, with Ethereum and Bitcoin being the two most popular Blockchains today. Both do not provide data protection and privacy by default. The former allows for Decentralized Applications (DApps) to be built, with zero chance of downtime or censorship and is the main focus of this dissertation. The European Union approved a law in 2016, the General Data Protection Regulation (GDPR), with severe penalties being enforced since May 25th, 2018. It is considered a massive step toward protecting user data. Not only does it affect companies with offices in the EU, but also organizations throughout the world that have users from EU territories. Further, it stipulates key obligations for organizations handling user data, in addition to introducing new rights to individuals, such as the right to erasure. This represents a major challenge towards achieving GDPR compliance in DApps, as Blockchains such as Ethereum, are immutable by design. This dissertation’s work attempts to comply with the GDPR and its conflicting right to erasure, by developing an Ethereum proof-of-concept DApp: DFiles, which also aims to provide some form of data privacy and protection. It also allows its users to upload encrypted files in addition to their download and decryption. It was developed using an Agile methodology in an iterative approach with mainly decentralized technologies, such as the Interplanetary File System (IPFS) and Ethereum smart contracts, with a centralized component for user authentication, while adhering to Blockchain Software Engineering. Due to the GDPR’s complexity, some parts were selected, namely the rights to erasure, data portability, access and rectification. DFiles GDPR compliance was then evaluated with a statistical analysis on user encrypted and unencrypted uploaded files in the DApp, with its elapsed upload times and Ethereum transaction costs measured for files separated into four categories: small (1KB-1MB), medium (1MB-20MB), large (20MB-200MB) and extra-large (200MB-2GB). However, due to hardware limitations, this statistical analysis could only be performed for files up to 14.2MB. It concluded that transaction costs for unencrypted files are slightly higher, although this increase is not significant. As for elapsed upload times, it found that the elapsed upload time in encrypted files was overall significantly higher. Data from files larger than 14.2MB was still recorded which determined that the last two elapsed upload times for unencrypted files up to 800MB, are less than the last two upload elapsed times for encrypted ones up to 14.2MB. In conclusion, encrypting files to comply with the General Data Protection Regulation’s right to erasure is a valuable option only for small to medium files up to 14.2MB. From there, without considering hardware encryption limitations, upload times tend to grow exponentially. Ethereum and the IPFS must advance to allow better privacy techniques. Recently, there have been major new improvements to Ethereum and its smart contracts; the world of DApp development is always changing at a fast rate. In the future, Ethereum might evolve to a newer version which may bring new and enhanced privacy controls which may allow its complete GDPR compliance.
publishDate 2018
dc.date.none.fl_str_mv 2018
2018-01-01T00:00:00Z
2019-06-11T11:37:12Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.22/13944
TID:202166171
url http://hdl.handle.net/10400.22/13944
identifier_str_mv TID:202166171
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799131430309068800

Registros relacionados