A Secure and Privacy-Friendly Logging Scheme

TL;DR

This paper proposes an encrypted, immutable audit trail system that enhances security and privacy, ensuring compliance with GDPR by preventing record tampering and unauthorized access.

Contribution

It introduces a novel encrypted audit trail scheme using an immutable database to secure records against tampering and unauthorized access, addressing GDPR compliance.

Findings

Encrypted audit trail ensures data integrity and privacy.

Immutable database prevents record tampering.

Supports GDPR compliance requirements.

Abstract

Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding in this worthy aim. Regulation, such as the European Union General Data Protection Regulation, has brought a strong incentive for companies to achieve success in this area due to the punitive level of fines that can now be levied in the event of a successful breach by an attacker. We seek to resolve this issue through the use of an encrypted audit trail process that saves encrypted records to a true immutable database, which can ensure audit trail records are permanently retained in encrypted form, with no possibility of the records being compromised. This ensures compliance with the General Data Protection Regulation can be achieved.