Blockchain based general data protection regulation compliant data breach detection systemopen access
- Authors
- Ansar, Kainat; Ahmed, Mansoor; Malik, Saif Ur Rehman; Helfert, Markus; Kim, Jungsuk
- Issue Date
- Mar-2024
- Publisher
- PEERJ INC
- Keywords
- Data breach detection; General data protection regulation compliance; Blockchain; Smart contract
- Citation
- PEERJ COMPUTER SCIENCE, v.10
- Journal Title
- PEERJ COMPUTER SCIENCE
- Volume
- 10
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/91050
- DOI
- 10.7717/peerj-cs.1882
- ISSN
- 2376-5992
2376-5992
- Abstract
- Context. Data breaches caused by insiders are on the rise, both in terms of frequency and financial impact on organizations. Insider threat originates from within the targeted organization and users with authorized access to an organization's network, applications, or databases commit insider attacks. Motivation. Insider attacks are difficult to detect because an attacker with administrator capabilities can change logs and login records to destroy the evidence of the attack. Moreover, when such a harmful insider attack goes undetected for months, it can do a lot of damage. Such data breaches may significantly impact the affected data owner's life. Developing a system for rapidly detecting data breaches is still critical and challenging. General Data Protection Regulation (GDPR) has defined the procedures and policies to mitigate the problems of data protection. Therefore, under the GDPR implementation, the data controller must notify the data protection authority when a data breach has occurred. Problem Statement. Existing data breach detection mechanisms rely on a reliable third party. Because of the presence of a third party, such systems are not trustworthy, transparent, secure, immutable, and GDPR-compliant. Contributions. To overcome these issues, this study proposed a GDPR-compliant data breach detection system by leveraging the benefits of blockchain technology. Smart contracts are written in Solidity and deployed on a local Ethereum test network to implement the solution. The proposed system can generate alert notifications against every data breach. Results. We tested and deployed our proposed system, and the findings indicate that it can accomplish the insider threat mitigation objective. Furthermore, the GDPR compliance analysis of our system was also evaluated to make sure that it complies with the GDPR principles (such as right to be forgotten, access control, conditions for consent, and breach notifications). The conducted analysis has confirmed that the proposed system offers capabilities to comply with the GDPR from an application standpoint.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/91050)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.