Abstract
Transparency of data processing is often a requirement for compliance to legislation and/or business requirements. Furthermore, it has recognised as a key privacy principle, for example in the European Data Protection Directive. At the same time, transparency of the data processing should be limited to the users involved in order to minimise the leakage of sensitive business information and privacy of the employees (if any) performing the data processing.
We propose a cryptographic logging solution, making the resulting log data publicly accessible, that can be used by data subjects to gain insight in the data processing that takes place on their personal data, without disclosing any information about data processing on other users’ data. Our proposed solution can handle arbitrary distributed processes, dynamically continuing the logging from one data processor to the next. Committing to the logged data is irrevocable, and will result in log data that can be verified by the data subject, the data processor and a third party with respect to integrity. Moreover, our solution allows data processors to offload storage and interaction with users to dedicated log servers. Finally, we show that our scheme is applicable in practice, providing performance results for a prototype implementation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We use the technical terminology of data processor and user, as opposed to the EU Data Protection Directive in which a more formal/legal terminology (data controller, data subject) is used.
- 2.
Schemes that do not support deletion detection are subject to so-called truncation attacks, for which the adversary can delete one or more consecutive entries at the end of a log.
References
Bournez, Carine; and Ardagna, Claudio A.: Policy Requirements and State of the Art. Came- nisch, Fischer-Hubner and Rannenberg: Privacy and Identity Management for Life, ISBN 9783-642-20316-9, Springer, 2011, p. 295-312.
ECRYPT II: Yearly Report on Algorithms and Keysizes (2012). D.SPA.20 Rev. 1.0, ICT-2007- 216676 ECRYPT II, 2012.
Hedbom, Hans; Pulls, Tobias; Hjartquist, Peter; and Laven, Andreas: Adding Secure Transparency Logging to the PRIME Core. Bezzi, Duquenoy, Fischer-Hubner, Hansen and Zhang: Privacy and Identity Management for Life, ISBN 978-3-642-14281-9, Springer, 2010, p. 299-314
Ko, Ryan K.L.; Jagadpramana, Peter; Mowbray, Miranda; Pearson, Siani; Kirchberg, Markus; Liang, Qianhui; and Leek, Bu-Sung: TrustCloud: A Framework for Accountability and Trust in Cloud Computing. In: Proceedings of EuroPKI 2011. Camenisch and Costas: LNCS 6711, Springer, 2011, p. 584-588.
Pulls, Tobias; Wouters, Karel; Vliegen, Jo; and Grahn, Christian: Distributed Privacy-Preserving Log Trails. Karlstad University Studies 2012:24, 2012.
Roberts, John: No one is perfect: The limits of transparency and an ethic for ’intelligent’ accountability. Accounting, Organizations and Society 34(8), 2009.
Sackmann, Stefan; Struker, Jens; and Accorsi, Rafael: Personalization in Privacy-Aware Highly Dynamic Systems. Communications of the ACM 49(9), ACM, 2006, p. 32-38.
Schneier, Bruce; and Kelsey, John: Personalization Cryptographic Support for Secure Logs on Untrusted Machines. In: USENIX Security Symposium. USENIX, 1998, p. 53-62.
United Nations Department of Economic and Social Affairs: UN e-Government Survey 2012. E-Government for the People. ISBN 978-92-1-055353-7, 2012.
Wouters, Karel; Simoens, Koen; Lathouwers, Danny; Preneel, Bart: Secure and Privacy-Friendly Logging for eGovernment Services. In: ARES. IEEE Computer Society, 2008, p. 1091-1096.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Peeters, R., Pulls, T., Wouters, K. (2013). Enhancing Transparency with Distributed Privacy-Preserving Logging. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_6
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)