ABSTRACT
The popularity of social media platforms, Internet of Things (IoT) devices, and the myriad smartphone applications have created opportunities for companies and organizations to collect individuals' personal data and monetize its sharing at a high rate. A standout example was the Facebook--Cambridge Analytica data-sharing arrangement (2018), which allowed Cambridge Analytica to harvest millions of Facebook users' personal data without their consent for political advertisement. In response to such overreach and privacy violations, the European Union introduced the General Data Protection Regulation (GDPR), which mandates data collectors to protect individuals' data privacy and provide the user more control over their personal data. Motivated by this growing interest in personal privacy, we analyze GDPR articles in the context of Named Data Networking (NDN). The context of interest is NDN as the network architecture in a service provider and we investigate GDPR-pertinent NDN features, including naming, caching, forwarding plane, and its built-in trust, for GDPR compliance and present insights on how such compliance can be built, when lacking. We also present experimental results showing compliance overheads and conclude by identifying potential future work.
- Alexander Afanasyev, Priya Mahadevan, Ilya Moiseenko, Ersin Uzun, and Lixia Zhang. 2013. Interest flooding attack and countermeasures in Named Data Networking. In 2013 IFIP Networking Conference. IEEE, 1–9.Google Scholar
- Ahmad Bashir and Christo Wilson. 2018. Diffusion of User Tracking Data in the Online Advertising Ecosystem. Proceedings on Privacy Enhancing Technologies 2018 (10 2018), 85–103. Google ScholarCross Ref
- Mark Baugher, Bruce Davie, Ashok Narayanan, and Dave Oran. 2012. Self-verifying names for read-only named data. In 2012 Proceedings IEEE INFOCOM Workshops. IEEE, Orlando, Florida, 274–279.Google ScholarCross Ref
- Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and Ersin Uzun. 2013. Privacy in content-oriented networking: Threats and countermeasures. ACM SIGCOMM Computer Communication Review 43, 3 (2013), 25–33.Google Scholar
- Cloudflare. 2020. Cloudflare Data Processing Addendum. https://www.cloudflare.com/cloudflare_customer_DPAv3.pdf Retrieved May, 2021 fromGoogle Scholar
- Cloudflare. 2021. Cloudflare and GDPR compliance. https://www.cloudflare.com/privacy-and-compliance/gdpr/ Retrieved May, 2021 fromGoogle Scholar
- CPRA. 2019. California Privacy Rights Act (CPRA). https://oag.ca.gov/system/files/initiatives/pdfs/19-0021A1%20%28Consumer%20Privacy%20-%20Version%203%29_1.pdf Retrieved May, 2021 fromGoogle Scholar
- David Derler, Kai Samelin, Daniel Slamanig, and Christoph Striecks. 2019. Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based. In 26th Annual Network and Distributed System Security Symposium, NDSS.Google Scholar
- Steven DiBenedetto, Paolo Gasti, Gene Tsudik, and Ersin Uzun. 2012. ANDaNA: Anonymous Named Data Networking Application. In Annual Network & Distributed System Security Symposium (NDSS).Google Scholar
- Charles Duhigg. 2012. How companies learn your secrets. The New York Times 16, 2 (2012), 1–16.Google Scholar
- GDPR. 2016. Complete guide to GDPR compliance. https://gdpr.eu/ Retrieved May, 2020 fromGoogle Scholar
- AKM Mahmudul Hoque, Syed Obaid Amin, Adam Alyyan, Beichuan Zhang, Lixia Zhang, and Lan Wang. 2013. NLSR: named-data link state routing protocol. In Proceedings of the 3rd ACM SIGCOMM workshop on Information-centric networking. 15–20.Google ScholarDigital Library
- Maria Karampela, Sofia Ouhbi, and Minna Isomursu. 2019. Exploring users’ willingness to share their health and personal data under the prism of the new GDPR: implications in healthcare. In 2019 41st Annual International Conference of the Ieee Engineering in Medicine and Biology Society (embc). IEEE, 6509–6512.Google Scholar
- Dohyung Kim, Sunwook Nam, Jun Bi, and Ikjun Yeom. 2015. Efficient content verification in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 109–116.Google ScholarDigital Library
- Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack, and Engin Kirda. 2012. Privacy risks in named data networking: What is the cost of performance? ACM SIGCOMM Computer Communication Review 42, 5 (2012), 54–57.Google ScholarDigital Library
- Jun Li, Hao Wu, Bin Liu, and Jianyuan Lu. 2012. Effective caching schemes for minimizing inter-ISP traffic in named data networking. In 2012 IEEE 18th International Conference on Parallel and Distributed Systems. IEEE, 580–587.Google ScholarDigital Library
- Dominique Machuletz and Rainer Böhme. 2019. Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR. CoRR abs/1908.10048 (2019). [arxiv]1908.10048 http://arxiv.org/abs/1908.10048Google Scholar
- Giulia Mauri, Mario Gerla, Federico Bruno, Matteo Cesana, and Giacomo Verticale. 2016. Optimal content prefetching in NDN vehicle-to-infrastructure scenario. IEEE Transactions on Vehicular Technology 66, 3 (2016), 2513–2525.Google Scholar
- Travis Mick, Reza Tourani, and Satyajayant Misra. 2016. Muncc: Multi-hop neighborhood collaborative caching in information centric networks. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 93–101.Google ScholarDigital Library
- Travis Mick, Reza Tourani, and Satyajayant Misra. 2017. LASeR: Lightweight authentication and secured routing for NDN IoT in smart cities. IEEE Internet of Things Journal 5, 2 (2017), 755–764.Google Scholar
- Lokke Moerel and Corien Prins. 2016a. Privacy for the homo digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and the internet of things. Available at SSRN 2784123 (2016).Google Scholar
- Lokke Moerel and Corien Prins. 2016b. Privacy for the homo digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and the internet of things. Available at SSRN 2784123 (2016).Google Scholar
- NetBrain. 2018. GDPR Compliance: 6 Steps to Get your IT Network Ready for GDPR. https://www.netbraintech.com/blog/gdpr-compliance-6-steps-to-get-your-it-network-ready-for-gdpr/ Retrieved May, 2021 fromGoogle Scholar
- Gaurav Panwar, Reza Tourani, Travis Mick, Abderrahmen Mtibaa, and Satyajayant Misra. 2017a. DICE: Dynamic multi-RAT selection in the ICN-enabled wireless edge. In Proceedings of the Workshop on Mobility in the Evolving Internet Architecture. 31–36.Google ScholarDigital Library
- Gaurav Panwar, Reza Tourani, Satyajayant Misra, and Abderrahmen Mtibaa. 2017b. Request aggregation: the good, the bad, and the ugly. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 198–199.Google ScholarDigital Library
- Gaurav Panwar, Roopa Vishwanathan, and Satyajayant Misra. 2021. ReTRACe: Revocable and Traceable Blockchain Rewrites using Attribute-based Cryptosystems. Cryptology ePrint Archive, Report 2021/568. https://eprint.iacr.org/2021/568.Google Scholar
- Hyundo Park, Indra Widjaja, and Heejo Lee. 2012. Detection of cache pollution attacks using randomness checks. In 2012 IEEE International Conference on Communications (ICC). IEEE, 1096–1100.Google ScholarCross Ref
- Sanjeev Kaushik Ramani, Reza Tourani, George Torres, Satyajayant Misra, and Alexander Afanasyev. 2019. NDN-ABS: Attribute-Based Signature Scheme for Named Data Networking. In Proceedings of the 6th ACM Conference on Information-Centric Networking. 123–133.Google ScholarDigital Library
- Thomas Reuters. 2020. Technical and Organisational Measures. https://uk.practicallaw.thomsonreuters.com/w-014-8211?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 Retrieved June,2020 fromGoogle Scholar
- Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies 2018 (06 2018), 63–83. Google ScholarCross Ref
- Aashaka Shah, Vinay Banakar, Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram. 2019. Analyzing the Impact of {GDPR} on Storage Systems. In 11th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 19).Google Scholar
- Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram. 2019. The Seven Sins of Personal-Data Processing Systems under GDPR. In 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19). USENIX Association, Renton, WA. https://www.usenix.org/conference/hotcloud19/presentation/shastriGoogle Scholar
- Junxiao Shi, Teng Liang, Hao Wu, Bin Liu, and Beichuan Zhang. 2016. Ndn-nic: Name-based filtering on network interface card. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 40–49.Google ScholarDigital Library
- Reza Tourani, Satyajayant Misra, Joerg Kliewer, Scott Ortegel, and Travis Mick. 2015. Catch me if you can: A practical framework to evade censorship in information-centric networks. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 167–176.Google ScholarDigital Library
- Reza Tourani, Satyajayant Misra, and Travis Mick. 2016. Application-specific secure gathering of consumer preferences and feedback in ICNs. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 65–70.Google ScholarDigital Library
- Reza Tourani, Satyajayant Misra, Travis Mick, and Gaurav Panwar. 2017. Security, privacy, and access control in information-centric networking: A survey. IEEE communications surveys & tutorials 20, 1 (2017), 566–600.Google Scholar
- Reza Tourani, Ray Stubbs, and Satyajayant Misra. 2018. TACTIC: Tag-based access control framework for the information-centric wireless edge networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE, 456–466.Google ScholarCross Ref
- CMS.Law GDPR Enforcement Tracker. 2020a. ETID-118. https://www.enforcementtracker.com/ETID-188 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020b. ETID-226. https://www.enforcementtracker.com/ETID-226 Retrieved October, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020c. ETID-326. https://www.enforcementtracker.com/ETID-326 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020d. ETID-34. https://www.enforcementtracker.com/ETID-34 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020e. ETID-344. https://www.enforcementtracker.com/ETID-344 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020f. ETID-36. https://www.enforcementtracker.com/ETID-36 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020g. ETID-422. https://www.enforcementtracker.com/ETID-422 Retrieved November, 2020 fromGoogle Scholar
- CMS.Law GDPR Enforcement Tracker. 2020h. ETID-74. https://www.enforcementtracker.com/ETID-74 Retrieved November, 2020 fromGoogle Scholar
- Nguyen Binh Truong, Kai Sun, Gyu Myoung Lee, and Yike Guo. 2019. GDPR-Compliant Personal Data Management: A Blockchain-based Solution. CoRR abs/1904.03038 (2019).Google Scholar
- Gene Tsudik, Ersin Uzun, and Christopher A Wood. 2016. Ac3n: Anonymous communication in content-centric networking. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). IEEE, 988–991.Google ScholarDigital Library
- Benjamin E Ujcich and William H Sanders. 2019. Data Protection Intents for Software-Defined Networking. In 2019 IEEE Conference on Network Softwarization (NetSoft). IEEE, 271–275.Google Scholar
- Sandra Wachter. 2018. Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer law & security review 34, 3 (2018), 436–449.Google ScholarCross Ref
- Yi Wang, Zhuyun Qi, Kai Lei, Bin Liu, and Chen Tian. 2017. Preventing" bad" content dispersal in named data networking. In Proceedings of the ACM Turing 50th Celebration Conference-China. 1–8.Google ScholarDigital Library
- Ben Wolford. 2020. How to conduct a Data Protection Impact Assessment (template included). Proton Technologies AG. https://gdpr.eu/data-protection-impact-assessment-template/ Retrieved June,2020 fromGoogle Scholar
- Mengjun Xie, Indra Widjaja, and Haining Wang. 2012. Enhancing cache robustness for content-centric networking. In 2012 Proceedings IEEE INFOCOM. IEEE, 2426–2434.Google Scholar
- Kaiping Xue, Peixuan He, Xiang Zhang, Qiudong Xia, David SL Wei, Hao Yue, and Feng Wu. 2019. A Secure, Efficient, and Accountable Edge-Based Access Control Framework for Information Centric Networks. IEEE/ACM Transactions on Networking 27, 3 (2019), 1220–1233.Google Scholar
- Yingdi Yu, Alexander Afanasyev, David Clark, KC Claffy, Van Jacobson, and Lixia Zhang. 2015. Schematizing trust in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 177–186.Google ScholarDigital Library
- Yingdi Yu, Alexander Afanasyev, Jan Seedorf, Zhiyi Zhang, and Lixia Zhang. 2017. NDN DeLorean: An authentication system for data archives in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 11–21.Google ScholarDigital Library
- Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, Patrick Crowley, Christos Papadopoulos, Lan Wang, Beichuan Zhang, et al. 2014. Named data networking. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 66–73.Google ScholarDigital Library
- Meng Zhang, Hongbin Luo, and Hongke Zhang. 2015. A survey of caching mechanisms in information-centric networking. IEEE Communications Surveys & Tutorials 17, 3 (2015), 1473–1499.Google ScholarDigital Library
- Zhiyi Zhang, Yingdi Yu, Alexander Afanasyev, Jeff Burke, and Lixia Zhang. 2017. NAC: Name-based access control in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 186–187.Google ScholarDigital Library
Index Terms
- Analyzing GDPR compliance of named data networking
Recommendations
The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular PapersThe General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o 2019: Proceedings of the 20th Annual International Conference on Digital Government ResearchTo enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...
On opening sensitive data sets in light of GDPR
ICEGOV '19: Proceedings of the 12th International Conference on Theory and Practice of Electronic GovernanceDisclosure of personal data is considered as one of the main threats for data opening. In this contribution we consider the data that are sensitive in GDPR terms (for example, criminal justice data within the Dutch justice domain) and discuss how they ...
Comments