Cryptology ePrint Archive: Report 2020/700

Personal data exchange protocol: X

Vladimir Belsky and Ilia Gerasimov and Kirill Tsaregorodtsev and Ivan Chizhov

Abstract: Personal data exchange and disclosure prevention are widespread problems in our digital world. There are a couple of information technologies embedded in the commercial and government processes. People need to exchange their personal information while using these technologies. And therefore, It is essential to make this exchange is secure. Despite many legal regulations, there are many cases of personal data breaches that lead to undesirable consequences. Reasons for personal data leakage may be adversary attack or data administration error. At the same time, creating complex service interaction and multilayer information security may lead to many inconveniences for the user. Personal data exchange protocol has the following tasks: participantís data transfer, ensuring information security, providing participants with trust in each other and ensuring service availability. In this paper, we represent a personal data exchange protocol called X. The main idea is to provide personal data encryption on the user side and thus to prevent personal data disclosure and publication. This approach allows us to transfer personal data from user to service only in the form of an encrypted data packet - blob. Each blob can be validated and certified by a personal data inspector who had approved userís information. It can be any government department or a commercial organization, for example, passport issuing authority, banks, etc. It implies that we can provide several key features for personal data exchange. A requesting service cannot publish the user personal data. It still can perform a validation protocol with an inspector to validate user data. We do not depend on service data administration infrastructure and do not complicate the inspectorís processes by adding additional information about the personal data request. The personal data package has a link between the personal data owner and a service request. Each blob is generated for a single request and has a time limit for a provided encrypted personal data. After this limit, the service can not use a received package. The user cannot provide invalid personal data or use the personal data of another person. We donít restrict specified cryptographic algorithms usage The X protocol can be implemented with any encryption, digital signature, key generation algorithms which are secure in our adversary model. For protocol description, Russian standardized cryptographic protocols are used. The paper also contains several useful examples of how the X protocol can be implemented in real information systems.

Category / Keywords: cryptographic protocols / X, personal data, VKO GOST, symmetric cryptography

Original Publication (in the same form): International Journal of Open Information Technologies ISSN: 2307-8162 vol. 8, no. 6, 2020

Date: received 10 Jun 2020

Contact author: cryptolab at kryptonite ru

Available format(s): PDF | BibTeX Citation

Version: 20200610:172800 (All versions of this report)

Short URL: ia.cr/2020/700


[ Cryptology ePrint archive ]