A Blockchain based and GDPR-compliant design of a system for digital education certificates
Blockchain technology supports building transparent and decentralized systems in which the executed transactions can be easily traceable. Suppose one such system is intended to manage and process personal data. In that case, complementary mechanisms are required that make it possible for the system...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Centro Latinoamericano de Estudios en Informática
2023-05-01
|
| Series: | CLEI Electronic Journal |
| Subjects: | |
| Online Access: | https://clei.org/cleiej/index.php/cleiej/article/view/552 |
| _version_ | 1797820131968024576 |
|---|---|
| author | Fernanda Molina Gustavo Betarte Carlos Luna |
| author_facet | Fernanda Molina Gustavo Betarte Carlos Luna |
| author_sort | Fernanda Molina |
| collection | DOAJ |
| description |
Blockchain technology supports building transparent and decentralized systems in which the executed transactions can be easily traceable. Suppose one such system is intended to manage and process personal data. In that case, complementary mechanisms are required that make it possible for the system to comply, for instance, with data protection regulations. This work studies the integration of off-chain capabilities in blockchain-based solutions. In particular, we have focused on mechanisms that support safely moving data or computational operations outside the core blockchain network.
We have carried out a thorough analysis of the European data protection regulation and discussed the weaknesses and strengths regarding the security and privacy requirements established by that regulation of solutions built using traditional blockchain technology.
As a direct consequence of this study, we have conceived, and present in this paper, a system architecture for the design of privacy-aware solutions that use that kind of technology and put forward a systematic approach for performing a security and privacy threat analysis of one such solution. We illustrate the use of the proposed methodological tools, presenting and discussing the high-level design and security and privacy assessment of a system that provides services to handle, store, and validate digital academic certificates.
|
| first_indexed | 2024-03-13T09:32:52Z |
| format | Article |
| id | doaj.art-dd7d6e35bcef42a1a68c92b3c2e53b01 |
| institution | Directory Open Access Journal |
| issn | 0717-5000 |
| language | English |
| last_indexed | 2024-03-13T09:32:52Z |
| publishDate | 2023-05-01 |
| publisher | Centro Latinoamericano de Estudios en Informática |
| record_format | Article |
| series | CLEI Electronic Journal |
| spelling | doaj.art-dd7d6e35bcef42a1a68c92b3c2e53b012023-05-25T20:38:08ZengCentro Latinoamericano de Estudios en InformáticaCLEI Electronic Journal0717-50002023-05-0126110.19153/cleiej.26.1.3A Blockchain based and GDPR-compliant design of a system for digital education certificatesFernanda Molina0Gustavo BetarteCarlos LunaMrs. Blockchain technology supports building transparent and decentralized systems in which the executed transactions can be easily traceable. Suppose one such system is intended to manage and process personal data. In that case, complementary mechanisms are required that make it possible for the system to comply, for instance, with data protection regulations. This work studies the integration of off-chain capabilities in blockchain-based solutions. In particular, we have focused on mechanisms that support safely moving data or computational operations outside the core blockchain network. We have carried out a thorough analysis of the European data protection regulation and discussed the weaknesses and strengths regarding the security and privacy requirements established by that regulation of solutions built using traditional blockchain technology. As a direct consequence of this study, we have conceived, and present in this paper, a system architecture for the design of privacy-aware solutions that use that kind of technology and put forward a systematic approach for performing a security and privacy threat analysis of one such solution. We illustrate the use of the proposed methodological tools, presenting and discussing the high-level design and security and privacy assessment of a system that provides services to handle, store, and validate digital academic certificates. https://clei.org/cleiej/index.php/cleiej/article/view/552Blockchain, Off-chain, GDPR, personal data protection laws, design principles, security and privacy, threat analysis |
| spellingShingle | Fernanda Molina Gustavo Betarte Carlos Luna A Blockchain based and GDPR-compliant design of a system for digital education certificates CLEI Electronic Journal Blockchain, Off-chain, GDPR, personal data protection laws, design principles, security and privacy, threat analysis |
| title | A Blockchain based and GDPR-compliant design of a system for digital education certificates |
| title_full | A Blockchain based and GDPR-compliant design of a system for digital education certificates |
| title_fullStr | A Blockchain based and GDPR-compliant design of a system for digital education certificates |
| title_full_unstemmed | A Blockchain based and GDPR-compliant design of a system for digital education certificates |
| title_short | A Blockchain based and GDPR-compliant design of a system for digital education certificates |
| title_sort | blockchain based and gdpr compliant design of a system for digital education certificates |
| topic | Blockchain, Off-chain, GDPR, personal data protection laws, design principles, security and privacy, threat analysis |
| url | https://clei.org/cleiej/index.php/cleiej/article/view/552 |
| work_keys_str_mv | AT fernandamolina ablockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates AT gustavobetarte ablockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates AT carlosluna ablockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates AT fernandamolina blockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates AT gustavobetarte blockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates AT carlosluna blockchainbasedandgdprcompliantdesignofasystemfordigitaleducationcertificates |