A blockchain security model for personal data sharing

Abstract

The rapid growth of cloud computing has created significant risks of data misuse, breaches, and identity theft, as service providers have frequently acted as sole custodians of user data without adequate transparency or enforceable consent mechanisms. High-profile incidents involving organisations such as Yahoo, Adobe, and JP Morgan illustrated the limitations of centralised trust models. Although regulations such as the European Union's General Data Protection Regulation (GDPR) imposed stricter controls on personal data processing, they also exposed tensions between confidentiality through encryption and broader requirements of accountability, auditability, and user rights. The aim of this study was to design and formally validate a Blockchain-Based Security Model (BSM) that enables secure, privacy-preserving, and regulation-aligned personal data sharing in decentralised environments. The model integrated a permissioned blockchain platform (Hyperledger Fabric) with Chaincode-as-a-Service (CCaaS), Intel SGX secure enclaves, InterPlanetary File System (IPFS) off-chain storage, and optional Zero-Knowledge Proofs (ZKPs). Methodologically, the study followed a Design Science Research approach grounded in a pragmatic research paradigm. The BSM was developed and evaluated through a combination of systematic literature review, architectural design, simulation-based performance benchmarking, and formal security verification. In line with standard Design Science Research theory, the artifact was justified using relevant kernel theories from cryptography, decentralised systems Design Theory (ISDT) to clarify constructs, design principles, and evaluation criteria. Formal validation was conducted using ProVerif under the Dolev-Yao adversary model, confirming that the BSM satisfied confidentiality, integrity, authentication, authorisation, and auditability requirements. Performance evaluations demonstrated sub-second access-control enforcement, verifiable deletion, and audit accuracy of 99.98%, while maintaining scalability and modularity. The results showed that the BSM effectively reconciled privacy with transparency, providing a compliance-ready framework aligned with GDPR, HIPAA, and regional data protection regulations. The study contributed a formally verified security architecture, a hybrid on-chain/off-chain storage strategy, a consent management mechanism, and deployment blueprints applicable to healthcare, finance, and government services, establishing a robust foundation for privacy-preserving digital ecosystems.