NACDA: Naming-Based Access Control and Decentralized Authorization for Secure Many-to-Many Data Sharing

The rapid development of wearable technology has facilitated the collection and sharing of health data, allowing patients to benefit from caretakers and medical research. However, these personal health data often contain sensitive information and it is typically not known in advance with whom the information will be shared. Therefore, messages must be encrypted and shared while adhering to the decoupled communication model. This paper presents NACDA, a secure many-to-many data-sharing service on the Named Data Network (NDN). NACDA uses Identity-Based Encryption with Wildcard Key Derivation (WKD-IBE) to allow naming-based access control, enabling data subjects to share data securely and flexibly regardless of the data processor. In addition, NACDA supplements a decentralized authorization mechanism with blockchain to ensure data subjects’ data ownership and enforce access policies. We developed an NDN-based prototype and performed a security analysis to demonstrate NACDA’s feasibility.