Private, secure, and censorship resistant document sharing : for individuals and groups based on distributed ledger technology

Abstract: The scandal around Facebook and Cambridge Analytica in 2017 showed drastically that new concepts to share andstore information need to be developed in order to minimize the huge potential for abuse resulting from centralized information stored at trusted third parties. This thesis analysed to what degree current document exchange systems (e.g. Dropbox) comply with the information security services confidentiality, integrity, privacy, anonymity, authenticity of authors, non-repudiation, and accountability; with the result that all analysed systems lack support for privacy and anonymity. Mainly due to their centralized design, missing (meta)data encryption, and regulations of jurisdictions in which they operate. Based on that analysis a decentralized concept for document sharing in a peer-to-peer fashion utilising client-side encryption, the separation of data and metadata, metadata masking through Tor hidden services, and distributed ledger technology for directory service provision, was developed. The concept was proven through prototype implementation of a document exchange software called docShare and its information security services were compared with former analysed exchange technologies. The analysis showed that docShare has a better information security service provision but is still leaking identity information in form of IPad dresses when interacting with the distributed ledger Ethereum. Mainly because Ethereum doesn’t support traffic anonymization through Tor.