Protecting Personal Data using Smart Contracts

Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized Online Social Networks (OSNs). Online Social Networks are based on centralized architecture (e.g., Facebook, Twitter, or Google+), while DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the OSN requires efficient solutions for protecting the privacy of users, and to evaluate the trust between users. Blockchain represents a disruptive technology which has been applied to several fields, among these also to Social Networks. In this paper, we propose a manageable, user-driven and auditable access control framework for DOSNs using blockchain technology. In the proposed approach, the blockchain is used as a support for the definition of privacy policies. The resource owner uses the public key of the subject to define flexible role-based access control policies, while the private key associated with the subject's Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We evaluate our solution by exploiting the Rinkeby Ethereum testnet to deploy the smart contract, and to evaluate its performance. Experimental results show the feasibility of the proposed scheme in achieving auditable and user-driven access control via smart contract deployed on the Blockchain.