我們構建了一個框架，通過公有鏈技術–乙太坊來簡化資料分享的應用開發並改進我們的食品安全追蹤服務。當人們開始關心資料的存儲方式時，會浮現出一些問題，它們往往成為基於區塊鏈系統推廣的障礙。我們在本文中的工作是重新思考並實作系統，以滿足以下三個要求：
1. 資料隱私是我們正在促進的關鍵概念，也是擁有者的基本權利。當應用程式在公開環境上運行時，人們可以透明地驗證執行中產生的每個塊，並可以輕鬆訪問託管的資料。因此，我們引入了代理重加密技術，以在管理共用存儲上加密資料的對稱金鑰時提高金鑰分發的效率。
2. 區塊鏈服務需要增強持久資料的可用性。我們使用分散式檔案系統 IPFS（星際檔案系統）作為我們的資料後端，並提出了一種結合 IPFS 和區塊鏈帳本的基於文件的資料庫設計。
3. 存取控制是多租戶資料共用方案中的必要功能。我們的系統使用通用的智慧合約來執行資料所有者定義的策略，用戶可以靈活地控制基於 ACL 模型中每個資料集的許可權。
最後，我們通過一個管理應用程式演示了該系統，並以解耦的架構將其集成到一個現有食品安全追蹤服務中，這表明在考慮構建可信混合架構時，它可以適應許多開放資料服務。本文還在實驗部分以通過安全性測試工具的智能合約實作提供了一些可擴展性及效能的分析結果。

We design a framework to simplify sharing data and improve our food traceability system through Ethereum, a public chain technology. Some questions emerge when people are concerned about how the data is protected, and they often become obstacles to promoting blockchain-based systems. Our work in this paper is to rethink and implement a system to meet the three requirements below:
1. Privacy to sensitive data is the critical concept we are facilitating and the right to the data owner. In a public environment, people can transparently verify every block produced in the execution and easily access the data hosted in shared storage without authorization. Thus, we introduced a proxy re-encryption scheme to improve key distribution’s efficiency when managing symmetric keys to the encrypted data on the shared storage.
2. A blockchain service needs to enhance the availability of persistent data. We use IPFS (Interplanetary File System), a distributed file system, as our storage backend, and propose a file-based database design that combines IPFS and blockchain ledger.
3. Access control is the necessary functionality in a multiple tenants’ data-sharing scheme. Our system uses the generic smart contract to enforce the policies defined by the owner of the data, and users have the flexibility to control the permissions of each dataset in an ACL-based model.
At last, we demonstrate the system through an application for administration and integrate it into the existing food traceability system with a decoupled architecture that shows it can adapt to an open data service when considering building a trustful hybrid architecture. This paper also analyzes the benchmarks of scalability and performance of the implementation that passes the test of a smart contract analysis tool in the experiment.

List of Tables ………………………………………………………………..………..4
List of Figures ………………………………………………………………..……....5
Acknowledgements ………………………...…………………………………..……6
中文摘要 ………………………………………………………………………..……7
Abstract ………………………………………………………………………….…...8
Chapter 1 Introduction ………………….…………………..……………………..11
Chapter 2 Related Work ……………………………..………………………..…...17
2.1 Secure Access Scenario ………………………………………..…….……..17
2.2 Proxy Re-Encryption …………………………………………………….…20
2.3 Data-sharing based on PRE …………………………………………..….…21
Chapter 3 System Design and Implementation …………….….…………………24
3.1 Smart Contract Design ……………………………………………..…..…..25
3.2 User Registration ……………………………………………...…...…….…30
3.3 Data Encryption …………………………………………………..…….…..33
3.4 Resource Metadata ………………………………………..……...…….…..34
3.5 Key Management ………………………………….……..……...…………40
Chapter 4 Experiment and Analysis ………………….….………………………..46
Chapter 5 Case Studies …………………………….………………………..……. 48
5.1 Management System …….…………………………..…….………...….….48
5.2 Food Traceability System ………………………….……..…..……...…..…50
Chapter 6 Conclusion and Future Work ………….………………………………53
Appendix A ………………………………………………………...………..………54
A.1 Access Control ………………………………………..…….……..…...…..51
A.2 Dataset ………………………………………….…………..………...……55
A.3 Warehouse ………………………………….……………………..…….…57
A.4 Utilities …………………………………….………………...………….…58
Appendix B ……………………………………….………………..……………..…59
B.1 Mythril ………………………………………………………...…..……….59
References …………………………………………………………………….….…61

[1] EC—European Commission. (2017). Communication. Building a European data economy.
[2] Alizadeh, F., Jakobi, T., Boldt, J., & Stevens, G. (2019). GDPR-reality check on the right to access data: Claiming and investigating personally identifiable data from companies. In Proceedings of Mensch und Computer 2019 (pp. 811-814).
[3] Human, S., & Cech, F. (2021). A human-centric perspective on digital consenting: The case of GAFAM. In Human Centred Intelligent Systems (pp. 139-159). Springer, Singapore.
[4] Gelt, “The fundamental problem of the data economy nobody is talking about,” Hacker Noon, 18-Jul-2018. [Online]. Available: https://hackernoon.com/the-fundamental-problem-of-the-data-economy-nobody-is-talking-about-dfcaa31546c1.
[5] Jakobsson, M., & Juels, A. (1999). Proofs of work and bread pudding protocols. In Secure information networks (pp. 258-272). Springer, Boston, MA.
[6] Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, 21260.
[7] Wood, G. (2014). Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014), 1-32.
[8] Chen, Y., & Bellavitis, C. (2020). Blockchain disruption and decentralized finance: The rise of decentralized business models. Journal of Business Venturing Insights, 13, e00151.
[9] “Non-fungible token” Wikipedia, 14-Oct-2021. [Online]. Available: https://en.wikipedia.org/wiki/Non-fungible_token.
[10] Hyperledger.org, 2021. [Online]. Available: https://www.hyperledger.org/wp-content/uploads/2018/08/HL_Whitepaper_IntroductiontoHyperledger.pdf.
[11] Filecoin.io, 2021. [Online]. Available: https://filecoin.io/filecoin.pdf.
[12] Ethswarm.org, 2021. [Online]. Available: https://www.ethswarm.org/swarm-whitepaper.pdf.
[13] Turner, D. M. (2016). What is key management? a ciso perspective. Cryptomathic. Retrieved, 30.
[14] Wang, S., Zhang, Y., & Zhang, Y. (2018). A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. Ieee Access, 6, 38437-38450.
[15] Mambo, M., & Okamoto, E. (1997). Proxy cryptosystems: Delegation of the power to decrypt ciphertexts. IEICE transactions on fundamentals of electronics, Communications and computer sciences, 80(1), 54-63.
[16] Tian, F. (2017, June). A supply chain traceability system for food safety based on HACCP, blockchain & internet of things. In 2017 International conference on service systems and service management (pp. 1-6). IEEE.
[17] Lin, J., Shen, Z., Zhang, A., & Chai, Y. (2018, July). Blockchain and IoT based food traceability for smart agriculture. In Proceedings of the 3rd International Conference on Crowd Science and Engineering (pp. 1-6).
[18] Gupta, M., Abdelsalam, M., Khorsandroo, S., & Mittal, S. (2020). Security and privacy in smart farming: Challenges and opportunities. IEEE Access, 8, 34564-34584.
[19] Kumar, P., Lin, Y., Bai, G., Paverd, A., Dong, J. S., & Martin, A. (2019). Smart grid metering networks: A survey on security, privacy and open research issues. IEEE Communications Surveys & Tutorials, 21(3), 2886-2927.
[20] Braun, T., Fung, B. C., Iqbal, F., & Shah, B. (2018). Security and privacy challenges in smart cities. Sustainable cities and society, 39, 499-507.
[21] Feng, W., Yan, Z., Zhang, H., Zeng, K., Xiao, Y., & Hou, Y. T. (2017). A survey on security, privacy, and trust in mobile crowdsourcing. IEEE Internet of Things Journal, 5(4), 2971-2992.
[22] Sadeghi, A. R., Wachsmann, C., & Waidner, M. (2015, June). Security and privacy challenges in industrial internet of things. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC) (pp. 1-6). IEEE.
[23] Nuñez, D., Agudo, I., & Lopez, J. (2017). Proxy re-encryption: Analysis of constructions and its application to secure access delegation. Journal of Network and Computer Applications, 87, 193-209.
[24] Ateniese, G., Fu, K., Green, M., & Hohenberger, S. (2006). Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC), 9(1), 1-30.
[25] Blaze, M., Bleumer, G., & Strauss, M. (1998, May). Divertible protocols and atomic proxy cryptography. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 127-144). Springer, Berlin, Heidelberg.
[26] Liu, Q., Wang, G., & Wu, J. (2014). Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Information sciences, 258, 355-370.
[27] Liang, K., Au, M. H., Liu, J. K., Susilo, W., Wong, D. S., Yang, G., ... & Xie, Q. (2014). A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing. IEEE Transactions on Information Forensics and Security, 9(10), 1667-1680.
[28] Yang, Y., Zhu, H., Lu, H., Weng, J., Zhang, Y., & Choo, K. K. R. (2016). Cloud based data sharing with fine-grained proxy re-encryption. Pervasive and Mobile computing, 28, 122-134.
[29] Liang, K., Au, M. H., Liu, J. K., Susilo, W., Wong, D. S., Yang, G., ... & Yang, A. (2015). A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Generation Computer Systems, 52, 95-108.
[30] Xu, L., Wu, X., & Zhang, X. (2012, May). CL-PRE: a certificateless proxy re-encryption scheme for secure data sharing with public cloud. In Proceedings of the 7th ACM symposium on information, computer and communications security (pp. 87-88).
[31] Kim, S., & Lee, I. (2018). IoT device security based on proxy re-encryption. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1267-1273.
[32] Lin, H. Y., & Hung, Y. M. (2021). An Improved Proxy Re-Encryption Scheme for IoT-Based Data Outsourcing Services in Clouds. Sensors, 21(1), 67.
[33] Li, W., Jin, C., Kumari, S., Xiong, H., & Kumar, S. (2020). Proxy re‐encryption with equality test for secure data sharing in Internet of Things‐based healthcare systems. Transactions on Emerging Telecommunications Technologies, e3986.
[34] Fang, L., Zhang, H., Li, M., Ge, C., Liu, L., & Liu, Z. (2020). A secure and fine-grained scheme for data security in industrial IoT platforms for smart city. IEEE Internet of Things Journal, 7(9), 7982-7990.
[35] Manzoor, A., Liyanage, M., Braeke, A., Kanhere, S. S., & Ylianttila, M. (2019, May). Blockchain based proxy re-encryption scheme for secure IoT data sharing. In 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) (pp. 99-103). IEEE.
[36] Sharma, B., Halder, R., & Singh, J. (2020, January). Blockchain-based interoperable healthcare using zero-knowledge proofs and proxy re-encryption. In 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS) (pp. 1-6). IEEE.
[37] U. D. of Health and H. Services, “Summary of the hipaa security rule,” https://www.hhs.gov/hipaa/for-professionals/security/ laws-regulations/index.html, 2018. [Online]. Available: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations
[38] Ben-Sasson, E., Chiesa, A., Tromer, E., & Virza, M. (2014). Succinct non-interactive zero knowledge for a von Neumann architecture. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp. 781-796).
[39] Gao, Y., Chen, Y., Lin, H., & Rodrigues, J. J. (2020, July). Blockchain based secure IoT data sharing framework for SDN-enabled smart communities. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (pp. 514-519). IEEE.
[40] "whitepaper/whitepaper.pdf at master · nucypher/whitepaper", GitHub, 2021. [Online]. Available: https://github.com/nucypher/whitepaper/blob/master/whitepaper.pdf.
[41] Oceanprotocol.com, 2021. [Online]. Available: https://oceanprotocol.com/tech-whitepaper.pdf.
[42] Christian Reitwießner, Nick Johnson, Fabian Vogelsteller, Jordi Baylina, Konrad Feldmeier, William Entriken, "EIP-165: Standard Interface Detection," Ethereum Improvement Proposals, no. 165, January 2018. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-165.
[43] Dunphy, P., & Petitcolas, F. A. (2018). A first look at identity management schemes on the blockchain. IEEE security & privacy, 16(4), 20-29.
[44] Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International journal of information security, 1(1), 36-63.
[45] Jones, M., Bradley, J., & Sakimura, N. (2015). Rfc 7519: Json web token (jwt). IETF. May.
[46] Qin, Z., Xiong, H., Wu, S., & Batamuliza, J. (2016). A survey of proxy re-encryption for secure data sharing in cloud computing. IEEE Transactions on Services Computing.
[47] "Introduction", Nacl.cr.yp.to, 2021. [Online]. Available: https://nacl.cr.yp.to/.
[48] Borthakur, D. (2008). HDFS architecture guide. Hadoop apache project, 53(1-13), 2.
[49] J.Benet, IPFS - Content Addressed, Versioned, P2P File System, Jul. 2019, [online] Available: https://github.com/ipfs/papers/blob/master/ipfs-cap2pfs/ipfs-p2p-file-system.pdf.
[50] docs.soliditylang.org. 2021. Contracts — Solidity 0.4.21 documentation. [online] Available at: https://docs.soliditylang.org/en/v0.4.21/contracts.html#events
[51] Voigt, P., & Von dem Bussche, A. (2017). The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing, 10, 3152676.
[52] Google Cloud. 2021. Key rotation | Cloud KMS Documentation | Google Cloud. [online] Available at: https://cloud.google.com/kms/docs/key-rotation
[53] Docs.aws.amazon.com. 2021. Rotating AWS KMS keys - AWS Key Management Service. [online] Available at: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
[54] Docs.ipfs.io. 2021. Pin files. [online] Available at: https://docs.ipfs.io/how-to/pin-files/#three-kinds-of-pins
[55] "Documentation", Docs.ethers.io, 2021. [Online]. Available: https://docs.ethers.io/v5/.
[56] "OpenEthereum Documentation - Aura - Authority Round", Openethereum.github.io, 2021. [Online]. Available: https://openethereum.github.io/Aura.
[57] De Angelis, S., Aniello, L., Baldoni, R., Lombardi, F., Margheri, A., & Sassone, V. (2018). PBFT vs proof-of-authority: Applying the CAP theorem to permissioned blockchain.
[58] "smashing-smart-contracts/smashing-smart-contracts-1of1.pdf at master · b-mueller/smashing-smart-contracts", GitHub, 2021. [Online]. Available: https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf.
[59] "Proof-of-stake (PoS) | ethereum.org", ethereum.org, 2021. [Online]. Available: https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/.