Advertisement

A GDPR-Compliant Approach to Real-Time Processing of Sensitive Data

  • Luigi Sgaglione
  • Giovanni Mazzeo
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 98)

Abstract

Cyber-attacks represent a serious threat to public authorities and their agencies are an attractive target for hackers. The public sector as a whole collects lots of data on its citizens, but that data is often kept on vulnerable systems. Especially for Local Public Administrations (LPAs), protection against cyber-attacks is an extremely relevant issue due to outdated technologies and budget constraints. Furthermore, the General Data Protection Regulation (GDPR) poses many constraints/limitations on the data usage when “special type of data” is processed. In this paper the approach of the EU project COMPACT (H2020) is presented and the solutions used to guarantee the data privacy during the real time monitoring performed by the COMPACT security tools are highlighted.

Keywords

Real time processing SIEM SOC Data privacy Homomorphic encryption 

Notes

Acknowledgments

This project has received funding from the European Union’s Horizon 2020 Framework Programme for Research and Innovation under grant agreements No 74071 (COMPACT)

References

  1. 1.
    Time to face up to cyber risk. http://www.publicfinance.co.uk/opinion/2016/03/time-face-cyber-risk. Accessed 09 Apr 2018
  2. 2.
    Coppolino, L., D’Antonio, S., Romano, L.: Exposing vulnerabilities in electric power grids: an experimental approach. Int. J. Crit. Infrastr. Prot. 7 (2014).  https://doi.org/10.1016/j.ijcip.2014.01.003
  3. 3.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures, pp. 10–21 (2013).  https://doi.org/10.1007/978-3-642-41485-5_2
  4. 4.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM platform: a dam case study, vol. 6894, pp. 199–212 (2011).  https://doi.org/10.1007/978-3-642-24270-0_15
  5. 5.
    D’Antonio, S., Coppolino, L., Elia, I., Formicola, V.: Security issues of a phasor data concentrator for smart grid infrastructure (2011).  https://doi.org/10.1145/1978582.1978584
  6. 6.
    Data Breach Investigations Report (DBIR). http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/. Accessed 09 Apr 2018
  7. 7.
    CCN-CERT, Threats and Risk Analysis in Industrial Control Systems (ICS), Report IA-04/16, Centro Criptologico Nacional, Madrid, 28 January 2016. (in Spanish). https://www.ccn-cert.cni.es/informes/informes-ccncert-publicos/1381-ccn-cert-ia-04-16-amenazas-y-analisis-de-riesgos-en-sistemas-de-control-industrial-ics/file.html. Accessed 09 Apr 2018
  8. 8.
    Data security incident trends. https://ico.org.uk/action-weve-taken/data-security-incident-trends/. Accessed 09 Apr 2018
  9. 9.
    Gajli, A.: Time to face up to cyber risk, Public Finance, 31 March 2016. http://www.publicfinance.co.uk/opinion/2016/03/time-face-cyber-risk. Accessed 09 Apr 2018
  10. 10.
    3 Basic cyber security threats to be aware of that people still get wrong. http://blog.scstechsolutions.co.uk/3-basic-cyber-security-threats/. Accessed 09 Apr 2018
  11. 11.
    Biggest cybersecurity threats in 2016. http://www.cnbc.com/2015/12/28/biggest-cybersecurity-threats-in-2016.html. Accessed 09 Apr 2018
  12. 12.
    Top 7 Cyberthreats to Watch Out for in 2015-2016. Kaspersky LabGoogle Scholar
  13. 13.
    Computer security and incident response teams network. https://www.enisa.europa.eu/topics/national-csirt-network
  14. 14.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Proceedings of CRYPTO 84 on Advances in Cryptology. Springer, New York, pp. 10–18 (1985). http://dl.acm.org/citation.cfm?id=19478.19480
  15. 15.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes, pp. 223–238. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-x_16
  16. 16.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM, New York (2009).  https://doi.org/10.1145/1536414.1536440, http://doi.acm.org/10.1145/1536414.1536440
  17. 17.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers, Cryptology ePrint Archive, Report 2009/616 (2009). http://eprint.iacr.org/2009/616
  18. 18.
    Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 113–124. ACM, New York (2011).  https://doi.org/10.1145/2046660.2046682, http://doi.acm.org/10.1145/2046660.2046682

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.University of Naples “Parthenope”NaplesItaly

Personalised recommendations