Exploring blockchain data sharing presents a new set of difficulties, but presents a new set of opportunities. Data Sharing on Blockchain is the concept of using blockchain properties to share data with other entities by the means of smart contracts and other appropriate tools when the data is hosted on a remote storage repos- itory. A mechanism as this allows the owner to keep track and himself control the permissions of users who can access data he owns, which uses identity and smart contracts to control and enforce the rules, which are unable to be interfered by third parties. This method creates an additional layer of security and privacy which is manageable by the owner of the data and the use of blockchain and smart contracts, instead solely by a cloud storage provider handling these aspects. Besides the smart contracts, blocks contain every transaction every made, this means any event regarding data can be easily inspected by authorized users: who accessed what data and when, and these logs can never be modified or deleted. It also allows to easily revoke any user access to data. [XSS+17, AEVL16, XSA+17]
10 CHAPTER 2. STATE OF THE ART
Smart contracts provide a way to enforce these interactions and ensure rules are not broken. These are essential to the development of a data sharing mechanism in order to automate the process of enabling data sharing and data access control, and ensure no third party interferes with the behaviour. These tools execute exactly as coded, without any possibility of downtime, fraud, censorship and third party interference. As long as the owner does not loose or leak the credentials, it makes it so only the owner has control over the access and sharing of the data and the smart contracts enforce the rules dictated by the owner. [AEVL16] Additionally, peers execute the same code, and there must be consensus over the results. So, the outcome is not dependent on a central authority, but on decentralized network of peers.
Private blockchains facilitate this capability, being able to be deployed anywhere. Hyperledger Fabric capa- bilities provides identity over anonymity to ensure every participant is known and registered in the network. Additionally, sharing of data only comes from registered, authorized users. [Hyp18, XSS+17]
2.6.1 Data Access Permissions
Permissions is a mechanism that keeps control over the access permissions of every user the owner of data has given, essentially being able to identify who of those users are and keeping a clear record who previously had access to what and who currently has permissions on what, for how long and what permissions. Using blockchain properties means the owner has increased control over these aspects and can have complete con- trol of who is he sharing with. The most important part is providing a clear record of every access given to any data, by any user. Providing a clear tamper proof record of the interaction on data.
2.6.2 Data Access Control
Data access control ensures data can only be accessed by authorized users in which the owner of data has given access to. Blockchain properties ensure access control firstly to only users registered in the network, and then to users with access without the need of a third party to determine if a user has access to any data or not, therefore it does not need the request the storage provider if a user has given access or not, the information is already stored in the blockchain at some point in time. Additionally, it also differentiates if a user that has permissions from a user that owns the data. This is done by attaching the identity of the user to the data.
Regarding current access control permissions and previously granted access control, the blockchain keeps track of every interaction made and every user that had and has access to any piece of data. This system does not rely on the storage provider to keep control of the permissions or access by external users, but uses the smart contracts to enforce this [XSA+17, AEVL16, XSS+17]. In theory and practical terms, a user only requires to setup
a share agreement between him and another party, and the smart contracts will handle all the business logic, from allowing access to the data to removing privileges solely based on the blockchain. This does not mean a cloud storage provider will not contribute with additional measures.
Smart contracts need also to grant access to data or not, based on the current state of user permissions stored in the blockchain. Since the smart contract acts without interference, and the blockchain is tamper proof, it can easily detect if an access request is valid or invalid.
2.6.3 Revocation of Privileges
Revocation of privileges is the action of stopping the access to any data by any user, either manually or by automatically due to conditions. For example data violations: Blockchain enables this procedure without the