{"title":"符合gdpr的区块链安全使用日志","authors":"Valentin Zieglmeier, Gabriel Loyola Daiqui","doi":"10.1145/3463274.3463349","DOIUrl":null,"url":null,"abstract":"The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no trusted third party is required. Yet, with data governed by privacy legislation such as the GDPR or CCPA, the core advantage of immutability becomes a liability. After a rightful request, an individual’s personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve this issue, we exploit a legal property of pseudonymized data: They are only regarded personal data if they can be associated with an individual’s identity. We make use of this fact by presenting P3, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. For each new block, a one-time transaction pseudonym is generated. The pseudonym generation algorithm guarantees unlinkability and enables proof of ownership. These properties enable GDPR-compliant use of blockchain, as data subjects can exercise their legal rights with regards to their personal data. The new-usage protocol ensures non-repudiation, and therefore accountability and liability. Most importantly, our approach does not require a trusted third party and is independent of the utilized blockchain software.","PeriodicalId":328024,"journal":{"name":"Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering","volume":"124 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"GDPR-Compliant Use of Blockchain for Secure Usage Logs\",\"authors\":\"Valentin Zieglmeier, Gabriel Loyola Daiqui\",\"doi\":\"10.1145/3463274.3463349\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no trusted third party is required. Yet, with data governed by privacy legislation such as the GDPR or CCPA, the core advantage of immutability becomes a liability. After a rightful request, an individual’s personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve this issue, we exploit a legal property of pseudonymized data: They are only regarded personal data if they can be associated with an individual’s identity. We make use of this fact by presenting P3, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. For each new block, a one-time transaction pseudonym is generated. The pseudonym generation algorithm guarantees unlinkability and enables proof of ownership. These properties enable GDPR-compliant use of blockchain, as data subjects can exercise their legal rights with regards to their personal data. The new-usage protocol ensures non-repudiation, and therefore accountability and liability. Most importantly, our approach does not require a trusted third party and is independent of the utilized blockchain software.\",\"PeriodicalId\":328024,\"journal\":{\"name\":\"Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering\",\"volume\":\"124 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-04-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3463274.3463349\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3463274.3463349","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
GDPR-Compliant Use of Blockchain for Secure Usage Logs
The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no trusted third party is required. Yet, with data governed by privacy legislation such as the GDPR or CCPA, the core advantage of immutability becomes a liability. After a rightful request, an individual’s personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve this issue, we exploit a legal property of pseudonymized data: They are only regarded personal data if they can be associated with an individual’s identity. We make use of this fact by presenting P3, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. For each new block, a one-time transaction pseudonym is generated. The pseudonym generation algorithm guarantees unlinkability and enables proof of ownership. These properties enable GDPR-compliant use of blockchain, as data subjects can exercise their legal rights with regards to their personal data. The new-usage protocol ensures non-repudiation, and therefore accountability and liability. Most importantly, our approach does not require a trusted third party and is independent of the utilized blockchain software.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
