This repository has been archived by the owner on Dec 19, 2024. It is now read-only.
SCP-7: Read Access Control #7
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
SCP-7: Read Access Control
Status: Draft
Authors:
Contents:
Read Access in OrbitDB Stores.
Currently OrbitDB's AccessControllers allow
for the control of
writeaccess to a data store, butnot the control of read access.
This is first of all due to the fact, that IPFS Objects
can be read by anyone,
which means, that we'll have to implement any kind
of read access control through encryption.
In this SCP, I propose the development of an Access control
mechanic, that will fulfill these criteria:
Read Access Controllers
Let's first define, how read access may be
granted from the point of view of an OrbitDB user.
I propose adding a
canRead(entry, identity)method to theAccessControllerclass,which is passed the plaintext entry and the identity of the machine, that is requesting
access to the entry.
If the method returns true, access may be granted to the identity for the entry.
But only to this identity and only for this entry!
With such an API, it is comparatively simple to implement even the most complicated
read permissions in JS.
But any user has to remember, that once anyone is given read access to some data,
this access may not be revoked and that they could possibly grant access to the data
to other identities or the public in whichever way they might choose.
Protocol for requesting and granting access to an entry.
In order to securely implement this API, a simple PubSub based protocol should be implemented.
canReadwhether or not the request should be granted.After this, both the requesting as well as the providing node have read access to the data, but nobody else
observing the PubSub channel has any information, except that the requesting node requested some data and the providing node provided said data. (Which might be a leak of information in some use cases, especially concerning meta data).
Diffie Hellman Key Exchange.
Sources: Computerphile video on this and theWikipedia Page.
The Diffie-Hellman key exchange is one of the first public key
cryptography systems proposed and has the goal of exchanging a
private key over a public medium, without leaking the private key to
anyone but the intended participants of the exchange.
It was implemented and tested for a long time (being proposed in 1976, one year earlier than RSA)
and is very computationally expensive to break, even for supercomputers.
After a key has been shared with Diffie-Hellman, it can be used to
seed a PRG or directly be used as a key for AES, Chacha or some other
symmetric cipher.
Modifications to the
ipfs-logBecause the encryption of some data
Dand the dataDaredifferent,
CID(D)andCID(E(D))are not the same.Thus, the
ipfs-loghas to be modified.Instead of storing an encrypted Object directly in the graph,
each node in the graph stores the CID of the Object in plaintext.
(Which is generated, but the object itself is not added to IPFS)
Then the encrypted objects refer to this object using links.
And after somebody receives a version of the
object, they can decrypt (Through the above described protocol),
they verify it with the CID stored in the
ipfs-lognode.Conclusion
It is theoretically possible to create
an OrbitDB Store, that has some read access control,
that fulfills all the criteria named above.
But it is complicated and requires reworking the
ipfs-logand creating a private store for the Diffie-Hellman one time keys.Implementing this would thus require:
ipfs-logto allow for objects, that only store the CIDs of the plaintext entry.The text was updated successfully, but these errors were encountered: