Blockchain based general data protection regulation compliant data breach detection system

Kainat Ansar; Mansoor Ahmed; Saif Ur Rehman Malik; Markus Helfert; Jungsuk Kim

doi:10.7717/peerj-cs.1882

PeerJ Computer Science (Mar 2024)

Blockchain based general data protection regulation compliant data breach detection system

Kainat Ansar,
Mansoor Ahmed,
Saif Ur Rehman Malik,
Markus Helfert,
Jungsuk Kim

Affiliations

Kainat Ansar: Department of Computer Science, COMSATS University Islamabad, Islamabad, Pakistan
Mansoor Ahmed: ADAPT Centre, Innovation Value Institute, Maynooth University, Maynooth, Ireland
Saif Ur Rehman Malik: Information Security Institute, Cybernetica AS, Tallinn, Estonia
Markus Helfert: ADAPT Centre, Innovation Value Institute, Maynooth University, Maynooth, Ireland
Jungsuk Kim: Cellico Company R&D Lab, Seungnam-si, Gyeonggi-do, Republic of South Korea

DOI: https://doi.org/10.7717/peerj-cs.1882
Journal volume & issue: Vol. 10
p. e1882

Abstract

Read online Read online

Context Data breaches caused by insiders are on the rise, both in terms of frequency and financial impact on organizations. Insider threat originates from within the targeted organization and users with authorized access to an organization’s network, applications, or databases commit insider attacks. Motivation Insider attacks are difficult to detect because an attacker with administrator capabilities can change logs and login records to destroy the evidence of the attack. Moreover, when such a harmful insider attack goes undetected for months, it can do a lot of damage. Such data breaches may significantly impact the affected data owner’s life. Developing a system for rapidly detecting data breaches is still critical and challenging. General Data Protection Regulation (GDPR) has defined the procedures and policies to mitigate the problems of data protection. Therefore, under the GDPR implementation, the data controller must notify the data protection authority when a data breach has occurred. Problem Statement Existing data breach detection mechanisms rely on a reliable third party. Because of the presence of a third party, such systems are not trustworthy, transparent, secure, immutable, and GDPR-compliant. Contributions To overcome these issues, this study proposed a GDPR-compliant data breach detection system by leveraging the benefits of blockchain technology. Smart contracts are written in Solidity and deployed on a local Ethereum test network to implement the solution. The proposed system can generate alert notifications against every data breach. Results We tested and deployed our proposed system, and the findings indicate that it can accomplish the insider threat mitigation objective. Furthermore, the GDPR compliance analysis of our system was also evaluated to make sure that it complies with the GDPR principles (such as right to be forgotten, access control, conditions for consent, and breach notifications). The conducted analysis has confirmed that the proposed system offers capabilities to comply with the GDPR from an application standpoint.

Published in PeerJ Computer Science

ISSN: 2376-5992 (Online)
Publisher: PeerJ Inc.
Country of publisher: United States
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://peerj.com/computer-science/

About the journal

Abstract

Keywords