Paper 2020/700

Personal data exchange protocol: X

Vladimir Belsky, Ilia Gerasimov, Kirill Tsaregorodtsev, and Ivan Chizhov

Abstract

Personal data exchange and disclosure prevention are widespread problems in our digital world. There are a couple of information technologies embedded in the commercial and government processes. People need to exchange their personal information while using these technologies. And therefore, It is essential to make this exchange is secure. Despite many legal regulations, there are many cases of personal data breaches that lead to undesirable consequences. Reasons for personal data leakage may be adversary attack or data administration error. At the same time, creating complex service interaction and multilayer information security may lead to many inconveniences for the user. Personal data exchange protocol has the following tasks: participant’s data transfer, ensuring information security, providing participants with trust in each other and ensuring service availability. In this paper, we represent a personal data exchange protocol called X. The main idea is to provide personal data encryption on the user side and thus to prevent personal data disclosure and publication. This approach allows us to transfer personal data from user to service only in the form of an encrypted data packet - blob. Each blob can be validated and certified by a personal data inspector who had approved user’s information. It can be any government department or a commercial organization, for example, passport issuing authority, banks, etc. It implies that we can provide several key features for personal data exchange. A requesting service cannot publish the user personal data. It still can perform a validation protocol with an inspector to validate user data. We do not depend on service data administration infrastructure and do not complicate the inspector’s processes by adding additional information about the personal data request. The personal data package has a link between the personal data owner and a service request. Each blob is generated for a single request and has a time limit for a provided encrypted personal data. After this limit, the service can not use a received package. The user cannot provide invalid personal data or use the personal data of another person. We don’t restrict specified cryptographic algorithms usage The X protocol can be implemented with any encryption, digital signature, key generation algorithms which are secure in our adversary model. For protocol description, Russian standardized cryptographic protocols are used. The paper also contains several useful examples of how the X protocol can be implemented in real information systems.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. International Journal of Open Information Technologies ISSN: 2307-8162 vol. 8, no. 6, 2020
Keywords
Xpersonal dataVKO GOSTsymmetric cryptography
Contact author(s)
cryptolab @ kryptonite ru
History
2020-06-10: received
Short URL
https://ia.cr/2020/700
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/700,
      author = {Vladimir Belsky and Ilia Gerasimov and Kirill Tsaregorodtsev and Ivan Chizhov},
      title = {Personal data exchange protocol: X},
      howpublished = {Cryptology ePrint Archive, Paper 2020/700},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/700}},
      url = {https://eprint.iacr.org/2020/700}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.