GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures
conference contribution
posted on 2023-11-29, 18:12authored byMiroslaw Kutylowski, Jakub Lemiesz, Marta Slowik, Marcin Slowik, Kamil Kluczniak, Maciej Gebala
Creating a distributed reputation system compliant with the GDPR Regulation faces a number of problems. Each record should be protected regarding its integrity and origin, while the record’s author should remain anonymous, as long as there is no justified legal reason to reveal his real identity. Thereby, the standard digital signatures cannot be applied to secure the records.
In this paper we propose a Privacy Aware Distributed Reputation Evaluation system, where each subject of evaluation holds its recommendation record. By application of a novel technique of domain signatures we are able to guarantee that (a) integrity of each entry is strongly protected; in particular, the evaluation subject cannot modify it, (b) the author of each entry is anonymous, however all entries of the same author on the same subject appear under the same pseudonym (so the Sybil attacks are repelled), (c) the entries corresponding to the same author but for different evaluation subjects are unlinkable, (d) only registered users can create valid entries, (e) the real identity of the author of an entry can be revealed by relevant authorities by running a multi-party protocol, (f) for each entry one can create a pseudorandom key in a deterministic way.
The first five features correspond directly to the requirements of the GDPR Regulation. In particular, they guard against profiling the users based on the entries created by them.
In order to facilitate practical applications we propose to maintain a pseudorandom sample of all entries concerning a given evaluation subject. We show how to guarantee that the sample is fairly chosen despite the fact that the sample is kept by the evaluation subject. We present a few strategies enabling to mimic some important probability distributions for choosing the sample.
History
Preferred Citation
Miroslaw Kutylowski, Jakub Lemiesz, Marta Slowik, Marcin Slowik, Kamil Kluczniak and Maciej Gebala. GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures. In: Information Security Practice and Experience Conference (ISPEC). 2019.
Primary Research Area
Algorithmic Foundations and Cryptography
Name of Conference
Information Security Practice and Experience Conference (ISPEC)
Legacy Posted Date
2020-06-18
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3109,
title = "GDPR-Compliant Reputation System Based on Self-certifying Domain Signatures",
author = "Kutylowski, Miroslaw and Lemiesz, Jakub and Slowik, Marta and Slowik, Marcin and Kluczniak, Kamil and Gebala, Maciej",
booktitle="{Information Security Practice and Experience Conference (ISPEC)}",
year="2019",
}