Modern technologies of decentralized databases, authentication, and authorization methods⋆ Petro Petriv1,†, Ivan Opirskyy1,*,† and Nataliia Mazur2,† 1 Lviv Polytechnic National University, 79013 Lviv, Ukraine 2 Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudryavska str., 04053 Kyiv, Ukraine Abstract With the development of decentralized technologies and the increasing volume of data generated and processed, there is a challenge to ensure effective and secure information management, especially in the context of distributed systems. Traditional centralized databases increasingly demonstrate limitations in terms of scalability and fault tolerance. The paper proposes a comprehensive analysis of modern blockchain-based decentralized database technologies and examines the authentication and authorization methods used in them. The study covers seven leading systems: BigchainDB, GUN, OrbitDB, Bluzelle, Fluree, and Ties.DB, and Hyperledger Fabric. The problem statement includes current challenges in the field of decentralized data storage, such as ensuring a high level of security, scalability, and compliance with regulatory requirements. An important component of the paper is the analysis of recent research and publications, focused on the development of consensus algorithms, improvement of cryptographic methods, and integration of smart contracts into decentralized databases. Each system is examined in terms of its architecture, consensus mechanisms, and approaches to data management. The main objective of the study is to systematize and comparatively analyze existing decentralized database technologies, assess their efficiency and security, and identify promising directions for further development. Special attention is paid to security methods, particularly the use of public key cryptography, smart contracts, and distributed access control. Keywords data protection, blockchain, government registries, transparency, data security, confidentiality, smart contracts, audit, personal data, mathematical model, trust 1 1. Introduction of data protection, transparency of operations through public access to transaction history, and resistance to The development of information technologies over the past censorship due to the distributed nature of the system [4]. decades has led to exponential growth in the volume of data In their comprehensive study, Dinh et al. (2018) [4] further generated, stored, and processed. Traditional centralized analyze these systems from a data processing perspective, database management systems, which have long dominated highlighting the unique challenges and opportunities that the industry, are increasingly facing limitations in terms of scalability, security, and fault tolerance. In this context, arise when implementing blockchain technology in decentralized databases (DDBs) based on blockchain database management. These characteristics make DDBs technology have emerged as a promising solution that particularly attractive for a wide range of applications, from promises to overcome these limitations [1]. financial systems and electronic voting to supply chain The concept of decentralized systems is not new. It dates management and medical data storage. back to the early days of computer networks and distributed However, along with the advantages, decentralized systems development. However, the emergence of databases also bring new challenges, especially in the area blockchain technology in 2008, presented in the work of of user authentication and authorization. Traditional access Satoshi Nakamoto [2], gave impetus to the development of control methods developed for centralized systems [4] often a new generation of decentralized data storage and prove ineffective or impractical in the context of DDBs. The processing systems. As Zheng et al. (2017) [3] point out, absence of a central governing body requires new blockchain offers an innovative approach to ensuring data approaches to user identification, data access management, integrity and immutability in a distributed environment and ensuring information confidentiality. without the need for a trusted third party. The importance of reliable authentication and Blockchain-based decentralized databases offer several authorization methods in decentralized systems cannot be unique advantages compared to traditional systems. They overstated. They are fundamental to ensuring data security, provide enhanced security through cryptographic methods access control, and maintaining user trust in the system. In CPITS-II 2024: Workshop on Cybersecurity Providing in Information 0009-0000-7426-3696 (P. Petriv); and Telecommunication Systems II, October 26, 2024, Kyiv, Ukraine 0000-0002-8461-8996 (I. Opirskyy); ∗ Corresponding author. 0000-0001-7671-8287 (N. Mazur) † These authors contributed equally. © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). petro.p.petriv@lpnu.ua (P. Petriv); iopirsky@gmail.com (I. Opirskyy); n.mazur@kubg.edu.ua (N. Mazur) CEUR Workshop ceur-ws.org ISSN 1613-0073 60 Proceedings an environment where cyber attacks are becoming Yevseiev et al. [8] presented a comprehensive analysis of increasingly sophisticated and regulatory requirements for security models for socio-cyber-physical systems, which is data protection are becoming more stringent (for example, particularly relevant in the context of developing GDPR in Europe) [5], the development of effective decentralized databases and their integration with IoT and authentication and authorization mechanisms becomes a other modern technologies. Balatska et al. [9] explored the critical task for the widespread adoption of decentralized concept of applying blockchain in the context of Single databases. Sign-On (SSO) technology, opening new perspectives for In recent years, several innovative approaches to improving the security and convenience of authentication solving these problems have emerged. They range from the in decentralized systems. Poberezhnyk et al. [10] proposed use of complex cryptographic protocols and smart contracts a concept for a learning management system based on to the implementation of decentralized identity blockchain technology, demonstrating the potential of management systems (DID) [6]. Each of these approaches decentralized databases in the educational sphere. has its advantages and limitations, and the choice of a The purpose of the paper. The purpose of this paper specific solution often depends on the specific requirements is to conduct a comprehensive analysis of modern of the particular application. decentralized database technologies and the Problem formulation. Despite significant progress in authentication/authorization methods used in them. The the development of decentralized databases, several research is focused on: unresolved issues remain, especially in the context of authentication and authorization. The key challenges are:  Systematization and comparative analysis of architectures and functionalities of leading DDB  Ensuring a high level of security without excessively systems, such as BigchainDB, GUN, OrbitDB, complicating the user experience. Bluzelle, Fluree, and Ties.DB, and Hyperledger Fabric.  Developing scalable solutions capable of handling a  Evaluation of the effectiveness and security of large number of users and transactions. various authentication and authorization methods in  Addressing data privacy issues in the context of the a decentralized environment. transparent nature of blockchain systems.  Identification of key problems and limitations of  Ensuring compliance with regulatory requirements, existing approaches to ensuring security in DDBs. especially in the field of personal data protection.  Determination of promising directions for further  Integration with existing systems and infrastructures. research and development in the field of DDB security. These issues create an urgent need for a comprehensive analysis of existing decentralized database technologies and The results of this study aim to provide developers, the authentication/authorization methods used in them. researchers, and organizations with valuable information Recent research and publications analysis. for decision-making regarding the selection and Research in the field of decentralized databases and implementation of decentralized data management systems, authentication/authorization methods is actively as well as to outline ways to improve security methods in developing. Dinh et al. conducted a comprehensive review these systems. of blockchain database systems [4], analyzing their This work is particularly relevant in the context of architectures and consensus mechanisms. This work laid growing interest in decentralized technologies across the foundation for understanding the basic principles of various sectors, from finance and healthcare to public DDB functioning. administration and the Internet of Things. Understanding Wang et al. focused on the issues of scalability and the strengths and weaknesses of different approaches to performance of DDBs [4], proposing new algorithms for authentication and authorization in decentralized systems is optimizing transaction processing. Their research critical for developing secure, efficient, and scalable emphasizes the importance of efficient data processing in solutions capable of meeting the needs of the modern digital distributed systems. world. In the area of security and privacy, Zhang et al. proposed an innovative approach to ensuring data 2. Overview of decentralized confidentiality [7] in blockchain systems using database technologies homomorphic encryption. This work opens up new possibilities for protecting sensitive data in a decentralized Decentralized databases (DDBs) represent a new generation environment. of data storage and processing systems that combine the Li et al. developed a new smart contract-based identity principles of distributed systems with blockchain management method [4] for blockchain systems, technology. Unlike traditional centralized databases, DDBs demonstrating the potential for integrating complex distribute data across multiple nodes, ensuring high fault authorization logic directly into the blockchain. tolerance, transparency, and protection against Xu et al. proposed a distributed authentication scheme unauthorized changes. for the Internet of Things (IoT) based on blockchain, In this section, we will conduct a detailed analysis of highlighting the importance of adapting authentication seven leading decentralized database technologies: methods to the specific needs of different application BigchainDB, GUN, OrbitDB, Bluzelle, Fluree, and Ties.DB, domains. and Hyperledger Fabric. Each of these systems offers a 61 unique approach to solving key problems of decentralized provides resistance to Byzantine failures, enhancing system data storage, in particular: reliability. Scalability and performance. Performance evaluation of 1. Architecture and data model: We will examine BigchainDB showed that the system is capable of processing how each system structures and organizes data, thousands of transactions per second, bringing it close to including the use of blockchain, graph models, or the performance of traditional databases. Scalability is other approaches. achieved through horizontal scaling of network nodes. 2. Consensus mechanisms: We will analyze the However, as the number of nodes increases, the complexity methods used to achieve agreement between of achieving consensus may grow. network nodes regarding the state of data. According to research by McConaghy et al. (2016), 3. Scalability and performance: We will assess each BigchainDB demonstrates the ability to process up to 1 system’s ability to handle large volumes of data million records per second using a cluster of 32 nodes. This and transactions. significantly exceeds the performance of traditional 4. Identification and authorization methods: Special blockchain systems such as Bitcoin (7 transactions per attention will be paid to mechanisms that ensure second) or Ethereum (15 transactions per second). secure user identification and control of data Identification and authorization method. BigchainDB access. This includes: uses public key cryptography for user identification. Each user has a pair of keys: public (for identification) and private  Cryptographic methods used for identity creation (for signing transactions). Authorization is based on the and verification. concept of “Proof of Asset Ownership”. Transactions are  Key and certificate management systems. signed with the owner’s private key, ensuring action  Access control mechanisms at the data and authorization. This approach provides a high level of transaction levels. security but may create challenges in managing a large  Implementation of smart contracts for automating number of keys in corporate environments. access rules. Integration and compatibility. BigchainDB provides an API for integration with other systems, facilitating its 5. Integration and compatibility: We will consider implementation into existing infrastructures. However, full how easily each system can be integrated with compatibility with traditional SQL databases is limited due existing technologies and standards. to its specific data model. 6. Privacy and confidentiality: We will analyze the Privacy and confidentiality. BigchainDB ensures methods used to protect sensitive data in a transaction transparency, which can be an advantage for distributed environment. some use cases but creates challenges for maintaining the confidentiality of sensitive data. The system offers limited This comprehensive review will allow us not only to built-in data encryption mechanisms at the transaction understand the technical features of each system but also to level. assess their suitability for various use cases, from financial In summary, BigchainDB offers a unique combination applications to supply chain management systems and the of high performance of traditional databases with the IoT. security and immutability of blockchain. However, the Furthermore, we will pay attention to the challenges balance between transparency and confidentiality remains and limitations faced by each technology, which will help a challenge for widespread implementation in scenarios identify directions for further research and development in requiring a high level of data privacy. the field of decentralized databases. 2.2. GUN 2.1. BigchainDB GUN is an open-source decentralized graph database that BigchainDB is a decentralized database that combines the provides real-time data replication and supports an offline- properties of traditional databases with blockchain first architecture. According to Nadal (2018) [12], the creator characteristics, providing high throughput and low latency of GUN, this system was designed to be a decentralized [11]. alternative to traditional databases, offering features such as Architecture and data model. BigchainDB uses a real-time synchronization, offline-first capabilities, and transaction-based data model, where each transaction graph-based data modeling. contains metadata, digital assets, and ownership transfer Architecture and data model. GUN uses a graph data information. The system organizes data into “blocks” that model where each node can have connections with other are linked in a chain, forming a blockchain. This hybrid nodes. This model provides flexibility in representing architecture allows BigchainDB to retain the advantages of complex relationships between data. GUN’s architecture is both traditional databases and blockchain systems. based on the peer-to-peer principle, where each node can Consensus mechanism. BigchainDB uses the Tendermint act as both client and server simultaneously. This allows the consensus algorithm [11], which ensures rapid agreement system to operate even with partial network connection between network nodes. This mechanism allows the system loss. to achieve transaction finality within seconds, significantly Consensus mechanism. GUN uses a Conflict-free faster than traditional blockchain systems. Tendermint also Replicated Data Type (CRDT) mechanism [12] to achieve consensus. This approach allows the system to effectively 62 resolve conflicts during simultaneous data updates by Scalability and performance. Evaluation has shown that different nodes, ensuring eventual consistency. CRDT OrbitDB can scale effectively thanks to its use of IPFS. enables GUN to maintain high data availability even under However, performance may vary depending on the size of unstable network conditions. the IPFS network and the type of operations. The system is Scalability and performance. Performance evaluation of particularly effective for applications requiring high data GUN has shown that the system is capable of processing a availability and resilience to network failures. large number of read and write operations in real time. Identification and authorization method. OrbitDB uses Scalability is achieved through a decentralized architecture IPFS identifiers for unique user identification. The system where each node can independently process requests. supports distributed access control, where each database However, as the number of connections between data has its own set of access rights. Elliptic curve cryptography- increases, there may be delays in processing complex based signatures are used to verify user actions. This queries. approach provides flexible access control but may Identification and authorization method. GUN uses a key complicate management in large organizations. pair-based identification system known as SEA (Security, Integration and compatibility. OrbitDB provides a Encryption, Authorization). It supports decentralized JavaScript API, facilitating integration with web authentication without the need for a centralized server. applications. However, support for other programming Users create and manage their keys locally. The concept of languages is limited, which may create challenges when a “trust graph” is implemented for access management integrating with diverse systems. between nodes. This approach provides a high level of Privacy and confidentiality. OrbitDB provides a basic privacy and control for users but may create difficulties in level of privacy through access control but lacks built-in implementing centralized security policies in corporate data encryption mechanisms. This may require additional environments. measures to ensure the confidentiality of sensitive Integration and compatibility. GUN provides an API for information. JavaScript, which facilitates integration with web OrbitDB stands out for its integration with IPFS, making applications and Node.js projects. However, support for it attractive for decentralized web applications. However, other programming languages is limited, which may limited built-in encryption mechanisms and dependence on complicate integration into some existing systems. the JavaScript ecosystem may restrict its application in Privacy and confidentiality. GUN ensures a high level of some scenarios. privacy through local key storage and the ability to encrypt data on the client side. However, full decentralization may 2.4. Bluzelle create challenges for implementing complex access control Bluzelle is a decentralized database that uses a ‘swarm’ and audit schemes in corporate environments. model for data storage and management, providing high GUN stands out for its ability to provide high data scalability and reliability. According to the Bluzelle availability and offline operation, making it attractive for Networks whitepaper (2017) [14], Bluzelle was specifically distributed and mobile applications. However, limited designed as a decentralized database service for support for programming languages and the complexity of decentralized applications (dApps). The whitepaper implementing centralized security policies may limit its emphasizes Bluzelle’s unique ‘swarm’ architecture, which application in some corporate scenarios. enables the network to dynamically scale and self-heal, providing robust data storage solutions for blockchain- 2.3. OrbitDB based applications and other decentralized systems. OrbitDB is a distributed database built on the InterPlanetary Architecture and data model. Bluzelle uses a distributed File System (IPFS), providing decentralized data storage and architecture where data is distributed among many nodes in synchronization. Haad and Nævdal (2019) [13], the creators a ‘swarm’. This ensures high availability and fault tolerance. of OrbitDB, describe it as a peer-to-peer database The system implements a NoSQL data model, allowing specifically designed for the decentralized web. They flexible storage and retrieval of data with various structures. emphasize its ability to operate without centralized servers, Consensus mechanism. The system uses its consensus making it particularly suitable for decentralized algorithm based on the concept of ‘Proof of Stake’ [14], applications (dApps) and distributed systems that require which enables rapid agreement between nodes. This robust data management capabilities. mechanism allows Bluzelle to achieve high throughput Architecture and data model. OrbitDB uses IPFS for data while maintaining the decentralized nature of the system. storage, ensuring high scalability and resistance to Scalability and performance. Evaluation has shown that censorship. The system supports various types of data Bluzelle’s architecture allows for efficient scaling, and stores, including key-value stores, event logs, and document processing of a large number of parallel queries. The system databases. This flexible architecture allows OrbitDB to uses dynamic sharding for load distribution, which adapt to diverse usage scenarios. maintains high performance as data volume increases. Consensus mechanism. OrbitDB uses a Conflict-free Identification and authorization method. Bluzelle uses Replicated Data Type (CRDT) based consensus mechanism cryptographic tokens for access control and employs smart [13], which effectively resolves conflicts during contracts to manage access rights. The system supports simultaneous data updates by different nodes. This multi-level authorization for different types of operations. approach ensures eventual data consistency without the This approach provides flexible access control but may need for complex consensus algorithms. 63 require additional effort to integrate with existing various types of applications. The system also supports identification systems. standard data formats, simplifying information exchange Integration and compatibility. Bluzelle provides APIs for with other systems. various programming languages, facilitating integration Privacy and confidentiality. Fluree offers flexible access with different types of applications. The system also control mechanisms, but full data confidentiality can be supports standard data exchange protocols, simplifying challenging due to the transparency of the blockchain. The interaction with existing infrastructures. system allows configuring different levels of data visibility Privacy and confidentiality. Bluzelle offers basic data for different users. encryption mechanisms, but full confidentiality can be Fluree stands out for its ability to combine semantic challenging in a distributed environment. The system queries with blockchain security, making it attractive for allows for configuring privacy levels for different types of applications that require complex data processing and high data. levels of auditing. However, balancing blockchain Bluzelle stands out for its ability to provide high transparency with confidentiality requirements can be scalability and reliability thanks to its ‘swarm’ architecture. challenging in some use cases. However, implementing complex access control schemes and ensuring full data confidentiality may require 2.6. Ties.DB additional efforts when deploying in corporate Ties.DB is an open-source decentralized SQL-like database environments. that provides flexibility in querying and data indexing. According to the Ties.Network whitepaper (2017) [16], 2.5. Fluree Ties.DB was designed as a distributed database solution that Fluree is a semantic graph database on blockchain that combines the familiarity of SQL with the benefits of supports smart contracts and provides high query decentralization. The whitepaper emphasizes Ties.DB’s performance. Platz and Hilger (2019) [15], the creators of unique approach to decentralized data management, Fluree, describe it as a practical decentralized database that includes support for complex SQL-like queries, a tokenized combines the benefits of blockchain technology with the economic model for incentivizing network participants, and flexibility of semantic graph databases. They emphasize a flexible architecture that allows for custom Fluree’s unique approach to data management, which implementation of consensus mechanisms. These features, includes time-travel queries, blockchain-grade security, and as described by Ties.Network, make Ties.DB particularly the ability to run complex analytical queries directly on suitable for decentralized applications that require blockchain data. This design, according to the authors, sophisticated data querying capabilities while maintaining makes Fluree particularly suitable for enterprise the benefits of blockchain-based data integrity and applications that require both the immutability of distribution. blockchain and the advanced querying capabilities of Architecture and data model. Ties.DB uses a distributed traditional databases. architecture with support for SQL-like queries. The system Architecture and data model. Fluree uses a semantic provides a relational data model in a decentralized graph data model, allowing the creation of complex environment. This architecture allows combining a familiar relationships between data. The system integrates SQL interface with the advantages of decentralized systems. blockchain to ensure the immutability and transparency of Consensus mechanism. Ties.DB uses a Proof of Stake- transactions. This hybrid architecture enables Fluree to based consensus mechanism [16] for validating transactions combine the advantages of graph databases and blockchain. and data changes. This ensures efficient agreement between Consensus mechanism. Fluree uses its consensus network nodes while maintaining the decentralized nature mechanism [15], which combines elements of Proof of Stake of the system. and Byzantine fault tolerance. This allows the system to Scalability and performance. Evaluation has shown that achieve rapid consensus while maintaining a high level of Ties.DB provides good scalability thanks to its distributed security and decentralization. architecture. The system is optimized for fast execution of Scalability and performance. Evaluation has shown that complex queries. The use of indexing and caching allows Fluree provides high query performance thanks to its maintaining high performance when working with large optimized graph data structure. Scalability is achieved volumes of data. through the ability to create private subnets. The system Identification and authorization method. Ties.DB uses also supports parallel query processing, which increases cryptographic keys for user identification. The system overall performance. supports a tokenized model for access management and Identification and authorization method. Fluree uses service payments. Data owners can set flexible access rules digital signatures based on elliptic curve cryptography for for their tables and records. This approach provides high identification. The system supports complex authorization flexibility but may require additional efforts to integrate rules at the data level through smart functions, allowing with existing identification systems. access rules to be defined at the level of individual Integration and compatibility. Ties.DB provides an SQL- predicates. This provides high flexibility in configuring like interface, facilitating integration with existing systems access rights but may require careful planning during and applications. This allows developers to use familiar implementation. tools and methods for working with data in a decentralized Integration and compatibility. Fluree provides a RESTful environment. API and GraphQL interface, facilitating integration with 64 Privacy and confidentiality. Ties.DB offers basic mechanisms access and the storing of sensitive information visible only for ensuring data privacy, but full confidentiality can be to authorized participants. Additionally, the platform challenging in a decentralized environment. The system supports the use of Zero-Knowledge Proofs for additional allows configuring access rights at the level of individual privacy protection. tables and records. Hyperledger Fabric stands out for its focus on enterprise Ties.DB stands out for its ability to provide an SQL-like needs, offering a high level of customization, performance, interface in a decentralized environment, making it and privacy. The platform is particularly suitable for attractive to organizations looking to transition to creating consortium blockchains where control over decentralized systems while maintaining familiar data- network participants and their rights is required. However, handling tools. However, ensuring full confidentiality and the complexity of setting up and managing such a system compliance with regulatory requirements may require may require significant resources and expertise. additional measures. Overall, Hyperledger Fabric offers a powerful solution for organizations seeking ways to implement blockchain 2.7. Hyperledger Fabric technologies while meeting corporate requirements for security, performance, and confidentiality. Its modular Hyperledger Fabric is a platform for creating private architecture and flexibility in configuration allow adapting blockchain networks with the ability to store data and the platform to a wide range of uses, from supply chain execute smart contracts, designed for enterprise use [17]. management to financial services and healthcare. Architecture and data model. Hyperledger Fabric uses a modular architecture that allows customization of various system components. The platform supports different data 3. Comparative analysis of models through the concept of ‘world state’. This flexible authentication and authorization architecture allows adapting the system to diverse business methods requirements. Consensus mechanism. Hyperledger Fabric offers a The analysis of seven leading decentralized database flexible approach to consensus [17], allowing the selection technologies revealed significant differences in approaches of different algorithms depending on the needs of a specific to authentication and authorization. These differences network. This can include algorithms based on Practical reflect the diversity of requirements and use cases for which Byzantine Fault Tolerance (PBFT) or Raft. Such flexibility these systems were developed. allows for optimizing network performance and security according to specific requirements. 3.1. Cryptographic methods Scalability and performance. Evaluation has shown that All the systems examined are based on public key Hyperledger Fabric provides high-performance thanks to an cryptography but implement it differently. BigchainDB and architecture that separates tasks between different types of Hyperledger Fabric use traditional approaches with digital nodes. Scalability is achieved through the ability to create signatures, providing a high level of security and separate channels for different groups of participants. The compatibility with existing standards. In contrast, GUN and system also supports parallel execution of transactions, OrbitDB introduce innovative approaches such as SEA which increases overall throughput. (Security, Encryption, Authorization) and IPFS identifiers Research by Androulaki et al. (2018) showed that respectively, allowing them to better adapt to the specific Hyperledger Fabric can achieve a throughput of over 3500 requirements of decentralized systems. transactions per second with a latency of less than a second Particular attention should be paid to Fluree’s approach, in a network of 100 nodes. The system demonstrates linear which uses smart functions to implement complex scaling as the number of nodes increases. authorization rules at the data level. This gives the system Identification and authorization method. Hyperledger unique flexibility in configuring access rights but may Fabric uses X.509 certificates to identify network complicate the security management process for less participants. The system supports a role-based membership experienced users. model (Membership Service Provider, MSP) and allows The analysis shows that the choice of cryptographic configuring complex authorization rules through the method significantly affects the balance between security, endorsement policies system. This approach provides a high flexibility, and ease of use of the system. Systems with more level of control and flexibility in access management, which traditional approaches tend to integrate more easily with is especially important for enterprise applications. existing infrastructures, while innovative solutions offer Integration and compatibility. Hyperledger Fabric new possibilities but may require additional staff training. provides SDKs for various programming languages, facilitating integration with enterprise systems. The 3.2. Key management platform also supports standard data exchange protocols and can be integrated with existing identity and access Key management approaches differ significantly between management systems. This makes Fabric particularly systems, reflecting various philosophies regarding the attractive to organizations looking to implement blockchain balance between security and usability. BigchainDB and technologies into their existing IT infrastructure. Ties.DB places the responsibility for key management on Privacy and confidentiality. Hyperledger Fabric offers users, which enhances security but can be challenging for advanced privacy features, including private channels and ordinary users. This approach may be optimal for systems private data. This allows the creation of subnets with limited where users have a high level of technical literacy. 65 GUN offers decentralized key management, which improves GUN and OrbitDB have more limited capabilities, focusing privacy but may complicate access recovery. This solution on access to nodes or databases as a whole. This may be is particularly interesting for applications where user acceptable for simple applications or systems where speed privacy is a top priority. and simplicity are priorities, but it may limit their use in Hyperledger Fabric uses centralized certification complex corporate environments. services (CA), which facilitates management in corporate The analysis shows that choosing a system with an environments but creates a single point of failure. This appropriate level of access control granularity is critical to approach reflects Fabric’s orientation towards enterprise balancing security and data management efficiency. applications, where decentralized identity management is Systems with more detailed access control typically require the norm. more resources for setup and management but provide more The analysis shows that the choice of key management opportunities for regulatory compliance and protection of approach should take into account the specifics of the target sensitive data. audience and use cases. Systems aimed at mass users may require simpler solutions, while enterprise applications may 3.4. Integration with existing prefer more controlled approaches. authentication systems The integration of decentralized databases with existing 3.3. Granularity of access control authentication systems is a critical aspect of their The level of access control granularity varies from system implementation in organizational structures. Analysis of the to system, affecting their suitability for different use cases. technologies examined revealed significant differences in Fluree and Hyperledger Fabric offer the most flexible their integration capabilities, which substantially affect mechanisms, allowing access rules to be defined at the level their suitability for various environments. of individual data fields. This makes them particularly For effective integration, an identity and data attractive for scenarios requiring fine-grained control over transformation model is proposed, which ensures a smooth data access, such as in the financial sector or healthcare. transition from traditional systems to decentralized BigchainDB and Bluzelle provide access control at the solutions. This model includes stages of input data transaction and asset level, which may be sufficient for normalization, generation and validation of decentralized many business applications but less flexible compared to the identifiers (DIDs), processing in a distributed ledger, and approach of Fluree and Fabric. generation of output tokens for existing systems. Figure 1: A model of identity and data transformation in decentralized databases 66 Hyperledger Fabric demonstrates the highest level of BigchainDB and Bluzelle allow pseudonymous use but store integration capabilities due to its support for standard all transactions, which may allow behavior analysis. This protocols such as LDAP, OAuth 2.0, and Active Directory. approach provides a balance between privacy and This allows effective interaction with existing corporate auditability, which can be useful for financial applications identity management systems, simplifying the process of or supply chain management systems. input data normalization and identity transformation. Hyperledger Fabric, oriented towards enterprise use, BigchainDB and Ties.DB, offering APIs for integration, has limited possibilities for anonymity but offers private occupies an intermediate position. While they provide some channel features for confidentiality. This reflects the flexibility, additional development may be needed to priority of regulatory compliance and the need for auditing achieve full compatibility. In the context of the proposed in corporate environments. model, this means creating specialized adapters for efficient The analysis shows that the choice of a system with an data processing and DID generation. appropriate level of anonymity and pseudonymity support GUN and OrbitDB have the most limited integration depends on the specific requirements for privacy and capabilities, creating significant challenges when transparency within a particular application. Systems with implementing them in existing infrastructures. These a high level of anonymity may be better for applications systems require the development of complex gateways or focused on protecting user privacy, while systems with intermediate services, which can negatively affect overall greater transparency may be more suitable for corporate efficiency and complicate scaling. and regulated environments. Bluzelle and Fluree occupy an intermediate position, offering a certain level of integration through APIs and 3.6. General conclusions of the comparative support for external services. This allows adapting them to analysis the proposed model with moderate effort. The comparative analysis of authentication and The effectiveness of integration significantly affects the authorization methods in the examined decentralized overall performance and scalability of the system. Using the databases reveals a significant diversity of approaches, each proposed mathematical model, integration efficiency (E) can with its advantages and limitations. be expressed as a function of throughput (T), DID validation Systems oriented towards enterprise use, such as speed (V), level of consensus between nodes (C), data Hyperledger Fabric, offer more traditional and integrated transformation delay (D), and network load (L): 𝑇∙𝑉∙𝐶 approaches to authentication and authorization, facilitating 𝐸= . their implementation into existing business processes. 𝐷∙𝐿 Additionally, the scalability coefficient (S) can be However, these systems may be less flexible in the context represented as: of decentralization and anonymity. 𝑁∙𝑃 On the other hand, systems like GUN and OrbitDB offer 𝑆= a high level of decentralization and anonymity but may 𝐼∙𝑅 where N is the number of nodes in the network, P is the create challenges when integrating with traditional query processing performance per node, I is the complexity corporate systems. of integrating a new node, and R is the resource BigchainDB, Bluzelle, Fluree, and Ties.DB occupy requirements per node. intermediate positions, offering various combinations of Systems with better integration capabilities, such as features that allow them to adapt to different usage Hyperledger Fabric, allow achieving higher E and S scenarios. indicators by reducing parameters D and I. The choice of an optimal system depends on the specific Thus, choosing a system with appropriate integration requirements of the project, including the necessary level of capabilities is a critical factor for the successful security, privacy, scalability, and integration with existing implementation of decentralized databases. Systems with systems. Organizations should carefully evaluate their developed integration capabilities provide a smoother needs and constraints before choosing a specific transition and reduce risks, especially in the context of large decentralized database technology. organizations with complex existing infrastructures. Authentication and authorization in decentralized systems present a particular challenge due to the absence of 3.5. Support for anonymity and a central governing body. Traditional methods that rely on pseudonymity centralized authentication servers cannot be directly applied in such an environment. Instead, decentralized Approaches to ensuring anonymity and pseudonymity databases must develop innovative approaches that ensure differ significantly among the systems examined, reflecting reliable user identification and access control while different priorities regarding privacy and transparency. maintaining the advantages of a distributed architecture. GUN and OrbitDB provide a high level of anonymity These tables demonstrate the diversity of approaches to due to their decentralized nature and the use of authentication and authorization in decentralized databases, pseudonyms. This makes them attractive for applications highlighting the strengths and limitations of each system. where user privacy is a top priority, such as in social networks or voting systems. 67 3.7. Comparative tables Table 1 Comparison of authentication methods System Authentication method Key management Anonymity support BigchainDB Public key cryptography User-managed Medium GUN SEA (Security, Encryption, Authorization) Decentralized High OrbitDB IPFS identifiers Decentralized High Bluzelle Cryptographic tokens User-managed Medium Fluree Digital signatures + smart functions User-managed Low Ties.DB Cryptographic keys User-managed Medium Hyperledger Fabric X.509 certificates Centralized (CA) Low Table 2 Comparison of authorization methods System Control Granularity Authorization Mechanism Integration with Existing Systems BigchainDB Transaction level Proof of Asset Ownership Medium GUN Node level Trust graph Low OrbitDB Database level Distributed access control Low Bluzelle Transaction level Smart contracts Medium Fluree Predicate level Smart functions High Ties.DB Table/record level Tokenized system Medium Hyperledger Fabric Channel/chain code level Endorsement policies High 4. Advancing decentralized database One of the most critical aspects of DDB development is improving their scalability. Research by Bano et al. (2019) technologies [18] demonstrates that existing consensus algorithms, Current research in the field of decentralized databases particularly Proof of Work, have significant limitations in (DDBs) reveals several key areas that require further terms of throughput as the number of nodes in the network improvement and development. Analysis of these areas not increases. This leads to a decrease in transaction processing only outlines the current limitations of the technology but speed and an increase in latency, which is especially critical also identifies promising ways to overcome them. for applications in the financial sector and real-time systems. Figure 2: Approaches to solving the problem of scalability in decentralized databases 68 To address the scalability problem, new approaches are ensures the continuity of security measures while adapting being developed, among which the concept of sharding is to emerging quantum threats. The authors also highlight the particularly noteworthy. Zamani et al. (2018) [19] propose a importance of standardizing post-quantum algorithms, method of dividing the network into subnets for parallel which is crucial for their widespread adoption in transaction processing, which significantly increases the decentralized systems [24]. This research provides valuable system’s throughput without compromising security. This insights for developing robust security strategies for approach opens up possibilities for creating high- decentralized databases in the face of advancing quantum performance DDBs capable of competing with centralized computing technologies. systems in terms of transaction processing speed. Research by Deineka et al. [25] on designing data Another important aspect of DDB development is classification and secure store policy according to SOC 2 improving data storage and processing methods. Sharma et Type II provides valuable insights into ensuring regulatory al. (2019) [20] point to the problem of significant database compliance and data security in decentralized systems. This size increase when using traditional approaches to data work is particularly relevant for DDBs that need to meet storage in blockchain. This complicates maintenance and stringent security and privacy standards. synchronization between nodes, especially for full nodes The development of decentralized identification that store the entire transaction history. This can result in a systems (DID) and the concept of self-sovereign identity, decrease in the network’s decentralization level due to a described by Allen (2016) [6], opens new perspectives for reduction in the number of participants capable of improving identity management in DDBs. These maintaining full nodes. approaches allow users to have full control over their Ensuring data confidentiality in a distributed identification data, which is an important step towards environment remains one of the key challenges for DDBs. enhancing privacy and security. Reid and Harrigan (2013) [21] demonstrated the possibility An important direction of development is ensuring of analyzing links between transactions even in systems cross-blockchain interaction. Projects such as Polkadot, considered anonymous, which can lead to user de- proposed by Wood (2016) [26], aim to create an anonymization. This problem is particularly relevant for infrastructure for effective communication between applications requiring a high level of privacy, such as in different blockchain systems. This can significantly expand healthcare or financial services. the capabilities and application areas of decentralized A promising direction for solving the confidentiality systems, creating a single global ecosystem. problem is the application of Zero-Knowledge Proofs (ZKP) Recent research has also explored the application of technology. Kosba et al. (2016) [7] demonstrate the potential decentralized database technologies in specific domains, of this technology for creating private smart contracts, demonstrating their versatility and potential for innovation. allowing transaction verification without disclosing their Balatska et al. [9] propose a concept for applying blockchain content. This opens up new possibilities for ensuring technology in the context of Single Sign-On (SSO) systems. privacy in decentralized systems while maintaining their Their work suggests that integrating blockchain with SSO main advantages. can enhance security and user authentication processes, An important aspect of DDB development is also potentially revolutionizing access management in ensuring compliance with regulatory requirements, decentralized environments. This approach could be particularly the General Data Protection Regulation (GDPR) particularly beneficial for DDBs that require robust and in the European Union. Finck (2019) [22] analyzes the secure authentication mechanisms. potential conflict between the right to be forgotten provided Furthermore, Poberezhnyk et al. [10] have developed a by GDPR and the immutability of data in blockchain. This concept for a learning management system based on problem requires the development of innovative technical blockchain technology. Their research illustrates how DDBs solutions that will allow modifying or deleting data without can be effectively utilized in educational settings, offering compromising blockchain integrity. improved data integrity, transparent record-keeping, and Given the development of quantum computing, the enhanced security for student information. This application development and implementation of quantum-resistant of blockchain in education demonstrates the potential of cryptography algorithms become particularly relevant. decentralized databases to transform traditional systems Bernstein and Lange (2017) [23] propose some post- across various sectors, providing new solutions to quantum cryptographic primitives that can ensure DDB longstanding challenges in data management and security. security even in the era of quantum computers. This is Martseniuk et al. [27] propose an automated conformity critical for ensuring the long-term viability and reliability of verification concept for cloud security, which can be decentralized systems. adapted for use in decentralized database environments to The development of quantum-resistant cryptography is enhance security measures and ensure compliance with crucial for the long-term security of decentralized various standards. databases. Horpenyuk et al. [24] argue that the Additionally, research by Yevseiev et al. (2023) [8] on implementation of post-quantum cryptographic algorithms security models of socio-cyber-physical systems emphasizes is not just a future concern, but a present necessity. They the importance of integrating DDBs with other modern emphasize that the transition to post-quantum technologies. Balatska et al. (2024) [9] consider the concept cryptography should be gradual and well-planned, of blockchain application in the context of Single Sign-On involving the coexistence of classical and post-quantum (SSO) technology, opening new perspectives for improving algorithms during the transition period. This approach the security and convenience of authentication in 69 decentralized systems. Poberezhnyk et al. (2023) [10] [2] S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash demonstrate the potential of DDBs in the educational System (2008). sphere, proposing a concept of a learning management [3] Z. Zheng, et al., An Overview of Blockchain system based on blockchain technology. Technology: Architecture, Consensus, and Future In summary, it can be stated that decentralized database Trends, IEEE International Congress on Big Data technologies have significant potential for further (2017). doi: 10.1109/BigDataCongress.2017.85. development and improvement. Addressing current [4] T. T. A. Dinh, et al., Untangling Blockchain: A Data challenges in the areas of scalability, confidentiality, Processing View of Blockchain Systems, IEEE regulatory compliance, and security paves the way for Transactions on Knowledge and Data Engineering, creating a new generation of distributed systems capable of 30(7) 1366–1385 (2018). doi: 10.1109/TKDE.2017. meeting the growing needs of the modern digital world. 2781227. Further research and innovation in this field are critical for [5] Regulation (EU) 2016/679 (General Data Protection realizing the full potential of decentralized technologies and Regulation) (2016). their widespread implementation in various spheres of [6] C. Allen, The Path to Self-Sovereign Identity (2016). human activity. [7] A. Kosba, et al., Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart 5. Conclusions Contracts, IEEE Symposium on Security and Privacy (SP) (2016). doi: 10.1109/SP.2016.55. The research emphasizes that blockchain-based [8] S. Yevseiev, et al., Models of socio-cyber-physical decentralized databases, due to their distributed nature, can systems security: monograph, Technology Center solve problems associated with centralized data storage and (2023). doi: 10.15587/978-617-7319-72-5. management systems. This allows avoiding a single point of [9] V. Balatska, et al., Blockchain Application Concept in failure and contributes to a higher level of user information SSO Technology Context, in: Cybersecurity Providing protection. in Information and Telecommunication Systems, vol. The main aspect of the study lies in the careful 3654, (2024) 38–49. examination and comparison of the advantages of various [10] V. Poberezhnyk, V. Balatska, I. Opirskyy, Develop- DDB technologies, such as BigchainDB, GUN, OrbitDB, ment of the Learning Management System Concept Bluzelle, Fluree, and Ties.DB, and Hyperledger Fabric. The based on Blockchain Technology, in: Cybersecurity results show that these systems not only provide a high Providing in Information and Telecommunication level of security but also contribute to solving problems of Systems II, vol. 3550 (2023) 143–156. scalability, confidentiality, and access management. [11] T. McConaghy, et al., BigchainDB: A Scalable The technical aspects of implementing authentication Blockchain Database (2016). and authorization methods in DDBs are examined in detail, [12] M. Nadal, GUN Documentation (2018). including the use of public key cryptography, smart [13] H. Haad, J. Nævdal, OrbitDB—Peer-to-Peer Databases contracts, and distributed access control. This can for the Decentralized Web (2019). significantly increase the reliability of user identification [14] 7 Bluzelle Networks, Bluzelle: A Decentralized processes and access rights management. Database Service for dApps (2017). The results of the DDB technology analysis show that, [15] 8 B. Platz, A. Hilger, Fluree: A Practical Decentralized despite their advantages in ensuring data transparency and Database (2019). immutability, there are problems related to scalability and [16] Ties.Network, Ties.DB: Distributed Database (2017). compliance with regulatory requirements. The use of [17] E. Androulaki, et al., Hyperledger Fabric: A innovative approaches, such as sharding and Zero- Distributed Operating System for Permissioned Knowledge Proofs, can help solve these issues, providing an Blockchains, in: Proceedings of the 13th EuroSys efficient and confidential data processing mechanism. Conference, 30 (2018) 1–15. doi: 10.1145/3190508. Additionally, it is important to note that DDBs can 3190538. become a fundamental element in solving interoperability [18] S. Bano, et al., SoK: Consensus in the Age of problems that often arise in traditional database systems. Blockchains, in: Proceedings of the 1st ACM Their ability to provide a unified and reliable record of Conference on Advances in Financial Technologies information can contribute to creating global data (AFT) (2019) 183–198. doi: 10.1145/3318041.3355458. ecosystems without the risk of security breaches. [19] M. Zamani, et al., RapidChain: Scaling Blockchain via In the context of DDB development, it is important to Full Sharding, in: ACM SIGSAC Conference on consider collaboration between developers of different Computer and Communications Security (2018) 931– systems to ensure standardization and interaction between 948. doi: 10.1145/3243734.3243853. various platforms and protocols, especially in the field of [20] Sharma, et al., Blurring the Lines between Blockchains cross-blockchain interaction. and Database Systems: The Case of Hyperledger Fabric, in: Proceedings of the 2019 International References Conference on Management of Data (SIGMOD) (2019) [1] V. Zhebka, et al., Methodology for Choosing a 105–122 doi: 10.1145/3299869.3319883. Consensus Algorithm for Blockchain Technology, in: [21] F. Reid, M. Harrigan, An Analysis of Anonymity in Digital Economy Concepts and Technologies, vol. the Bitcoin System, Security and Privacy in Social 3665 (2024) 106–113. 70 Networks (2013) 197–223. doi: 10.1007/978-1-4614- 4139-7_10. [22] M. Finck, Blockchain and the General Data Protection Regulation: Can Distributed Ledgers be Squared with European Data Protection Law? (2019). [23] D. J. Bernstein, T. Lange, Post-Quantum Cryptography, NIST (2017). [24] A. Horpenyuk, I. Opirskyy, P. Vorobets, Analysis of Problems and Prospects of Implementation of Post- Quantum Cryptographic Algorithms, in: Classic, Quantum, and Post-Quantum Cryptography, vol. 3504 (2023) 39–49. [25] O. Deineka, et al., Designing Data Classification and Secure Store Policy According to SOC 2 Type II, in: Cybersecurity Providing in Information and Telecommunication Systems, vol. 3654 (2024) 398– 409. [26] G. Wood, Polkadot: Vision for a Heterogeneous Multi- Chain Framework (2016). [27] Y. Martseniuk, et al., Automated Conformity Verification Concept for Cloud Security, in: Cybersecurity Providing in Information and Telecommunication Systems, vol. 3654 (2024) 25–37. 71