Henri Cattoire Jul 18th, 2025
Today, the number of Web applications continues to grow rapidly, and many of them handle sensitive personal data. Developers of these applications can either build their own infrastructure for storing and sharing data or rely on existing cloud platforms, with the latter currently being the more popular approach. Understandably, this has raised many concerns about data privacy and security.
Solid is a framework designed to address this issue by separating applications from the personal data they use through the introduction of PODs. PODs are decentralized datastores where user data is stored and accessed by multiple applications. Users can choose to host their PODs themselves or through a POD provider. POD providers are services that host your POD for you, similar to a cloud provider. Notably, the current Solid protocol implicitly trusts POD providers with all the data they store. This, however, poses a significant challenge for applications that are unwilling to entrust POD providers with their users' data, such as Electronic Health Record (EHR) systems.
The thesis I wrote to obtain a Master's degree in Cybersecurity presents an extension to the existing Solid protocol, along with a proof-of-concept application, to demonstrate how the current protocol can be enhanced to provide stronger privacy guarantees. The extension shifts the trust model of the POD providers from honest to semi-honest, i.e. they follow the protocol but may be curious about the data they store. To enable this shift and ultimately achieve end-to-end encryption (E2EE), attribute-based encryption (ABE) is used. Encryption refers to the process of transforming plaintext into ciphertext using a cryptographic algorithm and an encryption key, ensuring that only parties with the corresponding decryption key can reconstruct the original plaintext. ABE is an asymmetric encryption method that enables fine-grained access control of encrypted data using authorization policies. The source code and full thesis text is available on GitHub.