Blockchain based general data protection regulation compliant data breach detection system-Reference-Cited by-同舟云学术

Blockchain based general data protection regulation compliant data breach detection system

Published:2024-03-15 Issue: Volume:10 Page:e1882
ISSN:2376-5992
Container-title:PeerJ Computer Science
language:en
Short-container-title:

Author:

Ansar Kainat¹,Ahmed Mansoor²,Malik Saif Ur Rehman³,Helfert Markus²,Kim Jungsuk⁴⁵

Affiliation:

1. Department of Computer Science, COMSATS University Islamabad, Islamabad, Pakistan

2. ADAPT Centre, Innovation Value Institute, Maynooth University, Maynooth, Ireland

3. Information Security Institute, Cybernetica AS, Tallinn, Estonia

4. Cellico Company R&D Lab, Seungnam-si, Gyeonggi-do, Republic of South Korea

5. Department of Biomedical Engineering, Gachon University, Incheon, Republic of South Korea

Abstract

Context Data breaches caused by insiders are on the rise, both in terms of frequency and financial impact on organizations. Insider threat originates from within the targeted organization and users with authorized access to an organization’s network, applications, or databases commit insider attacks. Motivation Insider attacks are difficult to detect because an attacker with administrator capabilities can change logs and login records to destroy the evidence of the attack. Moreover, when such a harmful insider attack goes undetected for months, it can do a lot of damage. Such data breaches may significantly impact the affected data owner’s life. Developing a system for rapidly detecting data breaches is still critical and challenging. General Data Protection Regulation (GDPR) has defined the procedures and policies to mitigate the problems of data protection. Therefore, under the GDPR implementation, the data controller must notify the data protection authority when a data breach has occurred. Problem Statement Existing data breach detection mechanisms rely on a reliable third party. Because of the presence of a third party, such systems are not trustworthy, transparent, secure, immutable, and GDPR-compliant. Contributions To overcome these issues, this study proposed a GDPR-compliant data breach detection system by leveraging the benefits of blockchain technology. Smart contracts are written in Solidity and deployed on a local Ethereum test network to implement the solution. The proposed system can generate alert notifications against every data breach. Results We tested and deployed our proposed system, and the findings indicate that it can accomplish the insider threat mitigation objective. Furthermore, the GDPR compliance analysis of our system was also evaluated to make sure that it complies with the GDPR principles (such as right to be forgotten, access control, conditions for consent, and breach notifications). The conducted analysis has confirmed that the proposed system offers capabilities to comply with the GDPR from an application standpoint.

Funder

National Research Foundation of Korea

The Energy and the Korea Institute of Industrial Technology Evaluation and Management (KEIT), in 2023

Publisher

PeerJ

Link

https://peerj.com/articles/cs-1882.pdf

Reference44 articles.

1. A semantic rule based digital fraud detection;Ahmed;PeerJ Computer Science,2021

2. An insider data leakage detection using one-hot encoding, synthetic minority oversampling and machine learning techniques;Al-Shehari;Entropy,2021

3. A blockchain-based secure data storage and trading model for wireless sensor networks;Ali,2020

4. A survey on data breach challenges in cloud computing security: issues and threats;Barona,2017

5. Data leakage detection algorithm based on task sequences and probabilities;Cesar;Knowledge-Based Systems,2017