A Decentralized Identity-Based Blockchain Solution for Privacy-Preserving Licensing of Individual-Controlled Data to Prevent Unauthorized Secondary Data Usage

Ledger ◽

10.5195/ledger.2021.239 ◽

2021 ◽

Vol 6 ◽

Author(s):

Meng Kang ◽

Victoria Lemieux

Keyword(s):

Data Storage ◽

Identity Management ◽

Homomorphic Encryption ◽

Personal Data ◽

Secondary Data ◽

Usage Control ◽

Secondary Use ◽

Data Usage ◽

Novel Approach ◽

Trusted Data

This paper presents a design for a blockchain solution aimed at the prevention of unauthorized secondary use of data. This solution brings together advances from the fields of identity management, confidential computing, and advanced data usage control. In the area of identity management, the solution is aligned with emerging decentralized identity standards: decentralized identifiers (DIDs), DID communication and verifiable credentials (VCs). In respect to confidential computing, the Cheon-Kim-Kim-Song (CKKS) fully homomorphic encryption (FHE) scheme is incorporated with the system to protect the privacy of the individual’s data and prevent unauthorized secondary use when being shared with potential users. In the area of advanced data usage control, the solution leverages the PRIV-DRM solution architecture to derive a novel approach to licensing of data usage to prevent unauthorized secondary usage of data held by individuals. Specifically, our design covers necessary roles in the data-sharing ecosystem: the issuer of personal data, the individual holder of the personal data (i.e., the data subject), a trusted data storage manager, a trusted license distributor, and the data consumer. The proof-of-concept implementation utilizes the decentralized identity framework being developed by the Hyperledger Indy/Aries project. A genomic data licensing use case is evaluated, which shows the feasibility and scalability of the solution.

Download Full-text

Secondary Data Usage in Direct-to-Consumer Genetic Testing: To What Extent Are Customers Aware and Concerned?

Public Health Genomics ◽

10.1159/000512660 ◽

2021 ◽

pp. 1-8

Author(s):

Janessa Mladucky ◽

Bonnie Baty ◽

Jeffrey Botkin ◽

Rebecca Anderson

Keyword(s):

Genetic Testing ◽

Secondary Data ◽

Structured Interviews ◽

Customer Data ◽

Secondary Use ◽

Data Usage ◽

Direct To Consumer ◽

New Information ◽

Opt Out ◽

Potential Risks

Introduction: Customer data from direct-to-consumer genetic testing (DTC GT) are often used for secondary purposes beyond providing the customer with test results. Objective: The goals of this study were to determine customer knowledge of secondary uses of data, to understand their perception of risks associated with these uses, and to determine the extent of customer concerns about privacy. Methods: Twenty DTC GT customers were interviewed about their experiences. The semi-structured interviews were transcribed, coded, and analyzed for common themes. Results: Most participants were aware of some secondary uses of data. All participants felt that data usage for research was acceptable, but acceptability for non-research purposes varied across participants. The majority of participants were aware of the existence of a privacy policy, but few read the majority of the privacy statement. When previously unconsidered uses of data were discussed, some participants expressed concern over privacy protections for their data. Conclusion: When exposed to new information on secondary uses of data, customers express concerns and a desire to improve consent with transparency, more opt-out options, improved readability, and more information on future uses and potential risks from direct-to-consumer companies. Effective ways to improve readership about the secondary use, risk of use, and protection of customer data should be investigated and the findings implemented by DTC companies to protect public trust in these practices.

Download Full-text

Secure Mobile Multi Cloud Architecture for Authentication and Data Storage

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch057 ◽

2019 ◽

pp. 1108-1123

Author(s):

Karim Zkik ◽

Ghizlane Orhanou ◽

Said El Hajji

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Mobile Networks ◽

Mobile Cloud Computing ◽

Homomorphic Encryption ◽

Personal Data ◽

Mobile Technologies ◽

Mobile Users ◽

Mobile Cloud ◽

Multi Cloud

The use of Cloud Computing in the mobile networks offer more advantages and possibilities to the mobile users such as storing, downloading and making calculation on data on demand and its offer more resources to these users such as the storage resources and calculation power. So, Mobile Cloud Computing allows users to fully utilize mobile technologies to store, to download, share and retrieve their personal data anywhere and anytime. As many recent researches show, the main problem of fully expansion and use of mobile cloud computing is security, and it's because the increasing flows and data circulation through internet that many security problems emerged and sparked the interest of the attackers. To face all this security problems, we propose in this paper an authentication and confidentiality scheme based on homomorphic encryption, and also a recovery mechanism to secure access for mobile users to the remote multi cloud servers. We also provide an implementation of our framework to demonstrate its robustness and efficiently, and a security analysis.

Download Full-text

Blockchain-based Identity Management and Data Usage Control (Extended Abstract)

IFIP Advances in Information and Communication Technology - Privacy and Identity Management. The Smart Revolution ◽

10.1007/978-3-319-92925-5_15 ◽

2018 ◽

pp. 237-239

Author(s):

Ricardo Neisse ◽

Gary Steri ◽

Igor Nai Fovino

Keyword(s):

Identity Management ◽

Usage Control ◽

Data Usage

Download Full-text

Secure Mobile Multi Cloud Architecture for Authentication and Data Storage

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2017040105 ◽

2017 ◽

Vol 7 (2) ◽

pp. 62-76 ◽

Cited By ~ 15

Author(s):

Karim Zkik ◽

Ghizlane Orhanou ◽

Said El Hajji

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Mobile Networks ◽

Mobile Cloud Computing ◽

Homomorphic Encryption ◽

Personal Data ◽

Mobile Technologies ◽

Mobile Users ◽

Mobile Cloud ◽

Multi Cloud

Download Full-text

Integrity protection method for trusted data of IOT nodes based on transfer learning

Web Intelligence ◽

10.3233/web-210467 ◽

2021 ◽

pp. 1-11

Author(s):

Lin Tang

Keyword(s):

Transfer Learning ◽

Data Storage ◽

Learning Algorithm ◽

Homomorphic Encryption ◽

Mapping Function ◽

Data Encryption ◽

Complete Data ◽

Protection Method ◽

Integrity Protection ◽

Trusted Data

In order to overcome the problems of high data storage occupancy and long encryption time in traditional integrity protection methods for trusted data of IOT node, this paper proposes an integrity protection method for trusted data of IOT node based on transfer learning. Through the transfer learning algorithm, the data characteristics of the IOT node is obtained, the feature mapping function in the common characteristics of the node data is set to complete the classification of the complete data and incomplete data in the IOT nodes. The data of the IOT nodes is input into the data processing database to verify its security, eliminate the node data with low security, and integrate the security data and the complete data. On this basis, homomorphic encryption algorithm is used to encrypt the trusted data of IOT nodes, and embedded processor is added to the IOT to realize data integrity protection. The experimental results show that: after using the proposed method to protect the integrity of trusted data of IOT nodes, the data storage occupancy rate is only about 3.5%, the shortest time-consuming of trusted data encryption of IOT nodes is about 3 s, and the work efficiency is high.

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text

"I hereby leave my email to...": Data Usage Control and the Digital Estate

2013 IEEE Security and Privacy Workshops ◽

10.1109/spw.2013.28 ◽

2013 ◽

Cited By ~ 5

Author(s):

Stephan Micklitz ◽

Martin Ortlieb ◽

Jessica Staddon

Keyword(s):

Usage Control ◽

Data Usage

Download Full-text

Video Data Integrity Verification Method Based on Full Homomorphic Encryption in Cloud System

International Journal of Digital Multimedia Broadcasting ◽

10.1155/2018/7543875 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 1

Author(s):

Ruoshui Liu ◽

Jianghui Liu ◽

Jingjie Zhang ◽

Moli Zhang

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Homomorphic Encryption ◽

Data Integrity ◽

Video Data ◽

Verification Method ◽

Whole Process ◽

Integrity Checking ◽

Verification Methods ◽

Cloud Servers

Cloud computing is a new way of data storage, where users tend to upload video data to cloud servers without redundantly local copies. However, it keeps the data out of users' hands which would conventionally control and manage the data. Therefore, it becomes the key issue on how to ensure the integrity and reliability of the video data stored in the cloud for the provision of video streaming services to end users. This paper details the verification methods for the integrity of video data encrypted using the fully homomorphic crytosystems in the context of cloud computing. Specifically, we apply dynamic operation to video data stored in the cloud with the method of block tags, so that the integrity of the data can be successfully verified. The whole process is based on the analysis of present Remote Data Integrity Checking (RDIC) methods.

Download Full-text