Affiliation:
1. Department of Electrical Engineering and Computer Science, Cleveland State University, Cleveland, OH 44115, USA
2. Applied Research Center, Florida International University, Miami, FL 33174, USA
Abstract
In this paper, we present a secure datastore based on an Ethereum smart contract. Our research is guided by three research questions. First, we will explore to what extend a smart-contract-based datastore should resemble a traditional database system. Second, we will investigate how to store the data in a smart-contract-based datastore for maximum flexibility while minimizing the gas consumption. Third, we seek answers regarding whether or not a smart-contract-based datastore should incorporate complex processing such as data encryption and data analytic algorithms. The proposed smart-contract-based datastore aims to strike a good balance between several constraints: (1) smart contracts are publicly visible, which may create a confidentiality concern for the data stored in the datastore; (2) unlike traditional database systems, the Ethereum smart contract programming language (i.e., Solidity) offers very limited data structures for data management; (3) all operations that mutate the blockchain state would incur financial costs and the developers for smart contracts must make sure sufficient gas is provisioned for every smart contract call, and ideally, the gas consumption should be minimized. Our investigation shows that although it is essential for a smart-contract-based datastore to offer some basic data query functionality, it is impractical to offer query flexibility that resembles that of a traditional database system. Furthermore, we propose that data should be structured as tag-value pairs, where the tag serves as a non-unique key that describes the nature of the value. We also conclude that complex processing should not be allowed in the smart contract due to the financial burden and security concerns. The tag-based secure datastore designed this way also defines its applicative perimeter, i.e., only applications that align with our strategy would find the proposed datastore a good fit. Those that would rather incur higher financial cost for more data query flexibility and/or less user burden on data pre- and post-processing would find the proposed database too restrictive.
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference47 articles.
1. Denning, D.E.R. (1982). Cryptography and Data Security, Addison-Wesley Reading.
2. Data security and privacy protection for cloud storage: A survey;Yang;IEEE Access,2020
3. A survey and comparison of relational and non-relational database;Jatana;Int. J. Eng. Res. Technol.,2012
4. Imran, S., and Hyder, I. (2009, January 13–14). Security issues in databases. Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering, Sanya, China.
5. Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., and Abramov, J. (2011, January 16–18). Security issues in nosql databases. Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China.
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献