A Secure and Privacy-Friendly Logging Scheme
Andreas Aßmuth, Robert Duncan, Simon Liebl, Matthias Söllner
TL;DR
The paper tackles the challenge of creating secure, privacy-preserving audit trails that are resilient to tampering and compliant with GDPR. It combines an encrypted, append-only immutable storage system with Shamir's threshold secret sharing to protect decryption keys, requiring coordinated collaboration across organizational groups for access. Specifically, it partitions the private key among groups (e.g., employer, workers' council, law enforcement) and employs a $ (k,n) $ threshold to reconstruct each group’s portion, with the overall decryption requiring an AND across groups; logs are encrypted using a public-key scheme and stored immutably, while access is tightly controlled. The work outlines adaptable configurations (e.g., $j$-out-of-$m$ group access, per-group $k_g$ and $n_g$) and envisions a path to a proof-of-concept, emphasizing GDPR compliance, privacy, and scalable, multi-site deployment.
Abstract
Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding in this worthy aim. Regulation, such as the European Union General Data Protection Regulation, has brought a strong incentive for companies to achieve success in this area due to the punitive level of fines that can now be levied in the event of a successful breach by an attacker. We seek to resolve this issue through the use of an encrypted audit trail process that saves encrypted records to a true immutable database, which can ensure audit trail records are permanently retained in encrypted form, with no possibility of the records being compromised. This ensures compliance with the General Data Protection Regulation can be achieved.