Distributed privacy-preserving transparency logging
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
| Hi-index | 0.00 |
In the online world, service providers allow users to upload data to be stored or processed. In some cases, privacy will become an essential feature. Sensitive content can be the data provided to or the services used at the service provider. Logging of the actions of the service providers can therefore also generate privacy-sensitive content. However, to enhance transparency towards users, logging can be a very useful tool. In this paper, we build upon the concept of distributed privacy-preserving log trails. The trust in such a system lies in the storage of a vector in a certain register stored in software. With a piece of malicious software, a hacker or curious user could misuse this register to learn about a certain process or to learn for whom a service is performed, although the scheme ensures forward-unlinkability and forward-integrity. In this paper, we strengthen the conventional software approach by implementing the vector in external hardware. This hardens the scheme further, and reduces the level to which the log server has to be trusted, at the cost of additional but solvable security threats.