Velas Products: Access Management

Nowadays, most digital data is concentrated within centralized services such as Google, Amazon or Microsoft. The ability to manage data and privacy is on the service side, increasing the risk of data abuse, information leakage and denial of service, notwithstanding the advanced system of resource access management.

Segmentation, replication and distribution of user files to multiple nodes in the network is one of the approaches of a decentralized storage platform. The system will continue to work even if some of its components do not work properly, like in the well-known BitTorrent protocol — no single point of failure.

Contrasting with centralized services, decentralized services have more flexible geolocation of data storage nodes, including the linking of a users’ geographical location, raising the data transportation to an absolutely new level.

On top of that, increasing the level of redundancy due to additional replication, respectively, growing the number of nodes involved, achieving the maximum fault tolerance of the service and data availability.

As a next stage, we see an opportunity in the development of decentralized storage services to extend the functionality by implementing a data access management system.

All information is public, and anyone can access the information in systems like Bitcoin. Zcash and Monero are the first cryptocurrencies bringing the concept of anonymity of sending transactions to the protocol without resorting to centralized services.

The core access settings:

  • Public — the file is open and available to all network users
  • Private — only the file owner has access to the file.
  • Access to the file to a specific user — file will be available to a specific user, even if it’s encrypted and stored in public.
  • Link access — only the owner of the link should have access to the file in case it has a public link.

Decision

Using a combination of three different types of encryption (SymmetricAsymmetricZero-knowledge Proofs), users will be provided the technical ability to manage access to files:

  • Asymmetric encryption is used to store all symmetric keys from files.
  • All files are encrypted with symmetric encryption.
  • Zero-knowledge Proofs is used to prove a storing file.

The process of file sharing:

  • The user locally encrypts the file with a randomly generated symmetric key and sends it to IPFS
  • A symmetrical key is added to the local register, encrypted with an asymmetrical key and sent to IPFS.

User A decided to share the file with user B:

  • User B sends his public key to User A
  • User A encrypts the symmetric key with Public Key of User B and sends it back.

Only User B can decrypt the symmetric key with his private key, that corresponds to the public key.

  • User B adds the symmetric key to his register, which is encrypted with an asymmetric key and sent to IPFS.
  • The owner of IPFS provides proof of storing the file in the blockchain

We will achieve not just an alternative to centralized systems, but a decentralized service itself, implementing this solution with the main features of fault tolerance, speed and data security. Access control and privacy will always be on the user side.


Share

By About

Leave a Reply

Your email address will not be published. Required fields are marked *