CISPA
Browse

File(s) not publicly available

GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures

conference contribution
posted on 2023-11-29, 18:12 authored by Miroslaw Kutylowski, Jakub Lemiesz, Marta Slowik, Marcin Slowik, Kamil Kluczniak, Maciej Gebala
Creating a distributed reputation system compliant with the GDPR Regulation faces a number of problems. Each record should be protected regarding its integrity and origin, while the record’s author should remain anonymous, as long as there is no justified legal reason to reveal his real identity. Thereby, the standard digital signatures cannot be applied to secure the records. In this paper we propose a Privacy Aware Distributed Reputation Evaluation system, where each subject of evaluation holds its recommendation record. By application of a novel technique of domain signatures we are able to guarantee that (a) integrity of each entry is strongly protected; in particular, the evaluation subject cannot modify it, (b) the author of each entry is anonymous, however all entries of the same author on the same subject appear under the same pseudonym (so the Sybil attacks are repelled), (c) the entries corresponding to the same author but for different evaluation subjects are unlinkable, (d) only registered users can create valid entries, (e) the real identity of the author of an entry can be revealed by relevant authorities by running a multi-party protocol, (f) for each entry one can create a pseudorandom key in a deterministic way. The first five features correspond directly to the requirements of the GDPR Regulation. In particular, they guard against profiling the users based on the entries created by them. In order to facilitate practical applications we propose to maintain a pseudorandom sample of all entries concerning a given evaluation subject. We show how to guarantee that the sample is fairly chosen despite the fact that the sample is kept by the evaluation subject. We present a few strategies enabling to mimic some important probability distributions for choosing the sample.

History

Preferred Citation

Miroslaw Kutylowski, Jakub Lemiesz, Marta Slowik, Marcin Slowik, Kamil Kluczniak and Maciej Gebala. GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures. In: Information Security Practice and Experience Conference (ISPEC). 2019.

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

Information Security Practice and Experience Conference (ISPEC)

Legacy Posted Date

2020-06-18

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3109, title = "GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures", author = "Kutylowski, Miroslaw and Lemiesz, Jakub and Slowik, Marta and Slowik, Marcin and Kluczniak, Kamil and Gebala, Maciej", booktitle="{Information Security Practice and Experience Conference (ISPEC)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC