On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems

Abstract: We investigate a mechanism for secure remote logging to improve privacy guarantees in dynamic systems. Using an extended threat model for privacy, we first describe outer and inner privacy: outer privacy denotes the traditional attacker model for privacy where identity management systems control the collection of personal, observable information; inner privacy denotes the threat posed by an attacker who attempts to get hold of private log data by tampering with a device. While privacy-enhancing technologies sh… Show more

“…Global Log + TTP Global Log + P2P Completeness ---Confidentiality MAC [2,7,14,15], FssAgg [10], PKI [7,10] MAC [1,6,11,12], PKI [20], unlinkability [6,11,12] MAC [15], PKI [16], compound identities [15,21] Correctness ---Immutability cipher chains [2], hash chains [7,15] hash chains [7,15] network of peers [16,19] blockchain [21] Integrity forward integrity [2,7,10,14,15] MAC security proof [2] forward integrity [1,6,11,12] forward integrity [15] Interoperability Performance: When it comes to the processing of the event data, various optimisations such as parallel processing and/or indexing should be used to improve processing efficiency. Scalability: Given the volume of events and policies that will need to be handled, the scalability of event data processing is a major consideration.…”

“…Accorsi [1] demonstrate how MAC-based secure logging mechanisms can be tailored so that they can be used by resource restricted devices that may need to log data remotely. Wouters et al [20] highlight the fact that data often flows between different processes, and as such events cannot be considered in isolation, thus giving rise to the need to store a trail of events.…”

“…As a first step towards realising this goal, in this position paper, we examine the suitability of existing logging and transparency mechanisms as the basis for developing such a system. There exists a variety of logging mechanisms that either represent events in local logs [2,7,10,14,15], in global logs entrusted to one or more third parties [1,6,11,12], or distribute event logging across a number of peers [16,19,21]. Ideally it should be possible to use some of these logging mechanisms together with access/usage policies in order to automatically verify compliance of existing business processes with the GDPR.…”

Transparent Personal Data Processing: The Road Ahead

“…Global Log + TTP Global Log + P2P Completeness ---Confidentiality MAC [2,7,14,15], FssAgg [10], PKI [7,10] MAC [1,6,11,12], PKI [20], unlinkability [6,11,12] MAC [15], PKI [16], compound identities [15,21] Correctness ---Immutability cipher chains [2], hash chains [7,15] hash chains [7,15] network of peers [16,19] blockchain [21] Integrity forward integrity [2,7,10,14,15] MAC security proof [2] forward integrity [1,6,11,12] forward integrity [15] Interoperability Performance: When it comes to the processing of the event data, various optimisations such as parallel processing and/or indexing should be used to improve processing efficiency. Scalability: Given the volume of events and policies that will need to be handled, the scalability of event data processing is a major consideration.…”

“…Accorsi [1] demonstrate how MAC-based secure logging mechanisms can be tailored so that they can be used by resource restricted devices that may need to log data remotely. Wouters et al [20] highlight the fact that data often flows between different processes, and as such events cannot be considered in isolation, thus giving rise to the need to store a trail of events.…”

“…As a first step towards realising this goal, in this position paper, we examine the suitability of existing logging and transparency mechanisms as the basis for developing such a system. There exists a variety of logging mechanisms that either represent events in local logs [2,7,10,14,15], in global logs entrusted to one or more third parties [1,6,11,12], or distribute event logging across a number of peers [16,19,21]. Ideally it should be possible to use some of these logging mechanisms together with access/usage policies in order to automatically verify compliance of existing business processes with the GDPR.…”

Transparent Personal Data Processing: The Road Ahead

“…Accorsi [3,5,4] elaborates on the threat model and extends the scope to pervasive computing systems. Holt [9] introduces public-key primitives in his scheme and suggests message aggregation, i.e., authenticating a set of entries instead of each entry individually, to optimise the performance of his implementation.…”

Secure and Privacy-Friendly Logging for eGovernment Services

“…While the former are well-studied [17], for the latter unclarity prevails. Two questions are of foremost relevance here: (1) how legal requirements translate into security requirements common to system engineers and (2) which and how security requirements are satisfied by the existing secure logging protocols prescribing such cryptographic operations.…”

Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer?