Blindly enforcing access control policies on encrypted data using zero-knowledge

: Access control for privacy-focussed, peer-to-peer online social media applications

Student thesis: Master's Thesis


Since the Snowden reveals, it has come to light that privacy is not to be taken for granted.Even more recently, it has also become clear that the data gathered by mass surveillanceconducted by social network applications are being used for voter manipulation andpolarisation of its userbase. As an answer to this, Glycos, a fully distributed peer-to-peer network for social networking applications was developed, with a focus on easyconfigurability. To extend Glycos, we design a protocol to enforce write permissions inzero-knowledge, on the basis of a policy system embedded in an ontology structure.We apply the ideas of an existing ontology structure with built-in policies and trans-late them to zero-knowledge. In order to do this, we design a reasoner component inzero-knowledge that can enforce these policies without leaking data or metadata aboutthe information needed to enforce these policies. Potential improvements to this rea-soner are discussed, with their potential drawbacks in security or performance. We alsodesign zero-knowledge components which allow uploaders in the network to prove thatthe uploaded data is of a file type approved by the network.By combining these two components, alongside a decryption and authentication com-ponent, we design an example protocol for writing a post to a wall on a social network.This protocol does not reveal to a third party (especially the node storing the data)that the data to be uploaded is a post, whom the post belongs to, whose and whichwall the post is posted to and who can read the data, while in the meantime ensuringthat the post is of a type that is allowed by the network and that the uploader does infact know the plaintext data and has its decryption key. In short, the protocol allowsposting anything legal (according to the policy rules), without revealing anything elsebut its legality.
Date of Award2020
Original languageEnglish
SupervisorKris Steenhaut (Promotor), An Braeken (Co-promotor) & Ruben De Smet (Advisor)

Cite this