Automated Penalization of Data Breaches using Crypto-augmented Smart Contracts

This work studies the problem of automatically penalizing intentional or unintentional data breach (APDB) by a receiver/custodian receiving confidential data from a sender. We solve this problem by augmenting a blockchain on-chain smart contract between the sender and receiver with an off-chain cryptographic protocol, such that any significant data breach from the receiver is penalized through a monetary loss. Towards achieving the goal, we develop a natural extension of oblivious transfer called doubly oblivious transfer (DOT) which, when combined with robust watermarking and a claim-or-refund blockchain contract provides the necessary framework to realize the APDB protocol in a provably secure manner. In our APDB protocol, a public data breach by the receiver leads to her Bitcoin (or other blockchain) private signing key getting revealed to the sender, which allows him to penalize the receiver by claiming the deposit from the claim-or-refund contract. Interestingly, the protocol also ensures that the malicious sender cannot steal the deposit, even as he knows the original document or releases it in any form. We implement our APDB protocol, develop the required smart contract for Bitcoin and observe our system to be efficient and easy to deploy in practice. We analyze our DOT-based design against partial adversarial leakages and observe it to be robust against even small leakages of data.

[1]  Wen-Nung Lie,et al.  Robust and high-quality time-domain audio watermarking based on low-frequency amplitude modification , 2006, IEEE Transactions on Multimedia.

[2]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[3]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[4]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[5]  Ramarathnam Venkatesan,et al.  A Graph Theoretic Approach to Software Watermarking , 2001, Information Hiding.

[6]  Jing Zhang,et al.  Robust Video Watermarking of H.264/AVC , 2007, IEEE Transactions on Circuits and Systems II: Express Briefs.

[7]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[8]  Stefan Katzenbeisser,et al.  A Computational Model for Watermark Robustness , 2006, Information Hiding.

[9]  Theo Härder,et al.  Database Caching - Towards a Cost Model for Populating Cache Groups , 2004, ADBIS.

[10]  Stefano Tubaro,et al.  A robust video watermarking technique in the spatial domain , 2002, International Symposium on VIPromCom Video/Image Processing and Multimedia Communications.

[11]  J. Camenisch,et al.  Proof systems for general statements about discrete logarithms , 1997 .

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Abhi Shelat,et al.  Secure Two-party Threshold ECDSA from ECDSA Assumptions , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[14]  Muttukrishnan Rajarajan,et al.  Assessing Data Breach Risk in Cloud Systems , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[15]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[16]  Carol M. Bast At What Price Silence: Are Confidentiality Agreements Enforceable? , 1999 .

[17]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[18]  Wael M. Badawy,et al.  A Tool for Robustness Evaluation of Image Watermarking Algorithms , 2008, SCSS.

[19]  David J. Wu,et al.  Watermarking Cryptographic Functionalities from Standard Lattice Assumptions , 2017, Journal of Cryptology.

[20]  Yousof Erfani,et al.  Robust audio watermarking using improved TS echo hiding , 2009, Digit. Signal Process..

[21]  Aniket Kate,et al.  Liar, Liar, Coins on Fire!: Penalizing Equivocation By Loss of Bitcoins , 2015, CCS.

[22]  Zhen Li,et al.  Blind and robust audio watermarking scheme based on SVD-DCT , 2011, Signal Process..

[23]  S. Bing Yao An attribute based model for database access cost analysis , 1977, TODS.

[24]  Travis Floyd,et al.  Mining hospital data breach records: Cyber threats to U.S. hospitals , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[25]  Vincenzo Iovino,et al.  "The Simplest Protocol for Oblivious Transfer" Revisited , 2017, IACR Cryptol. ePrint Arch..

[26]  Aggelos Kiayias,et al.  Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content , 2015, CCS.