TUM Logo

Cryptographic Basis for Data Privacy

Cryptographic Basis for Data Privacy

Supervisor(s): Barbora Hrda, Mykolai Protsenko
Status: finished
Topic: Others
Author: Anastassiya Kutafina
Submission: 2020-02-17
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Cryptographic basis for data privacy in context of autonomous driving
Motivation and problem definition
A people’s desire for confidentiality is very natural, but sometimes there are also legal regulations forcing it. General Data Privacy Regulation (GDPR) is one of those forces and autonomous driving is one of many possible use cases.
A self-driving car accidentally records many pedestrians on its way. Their privacy would be violated if an unauthorized person gets access to these recordings, so it is sensitive data. A possible solution to this data privacy issue would be an immediate destruction of the data on completing its primary function. On the other hand, such a video recording could significantly decrease the court expenses in the event of a car accident. To achieve GDPR compliance, the recordings should be stored securely that no one could get access to them but the legal authorities. If the data is tampered with, it no longer considered as a valid evidence, so the integrity of the data is another primary goal along with its confidentiality. Thus said, there is a need for a technology that would guarantee secure storage taking note of the role modelling specifics.
Cryptography plays a major role in ensuring data integrity and confidentiality. The main issue is to choose from the various cryptographic schemes the right one, which suits the use case the most.
Objective of the thesis
The primary goal of this work is to assess multiple different cryptographic techniques, appropriate to a given use case concerned. Those cryptographic techniques include Secret Sharing, Attribute-based Encryption, Broadcast Encryption. Optionally, some more approaches will be investigated as well.
A secondary goal is to develop a system that achieves integrity and confidentiality in a given use case. Particularly, it is a case study on achieving General Data Protection Regulation compliance for video recordings done by the self-driving cars. As a Proof of Concept, a code base will be developed for a given camera hardware designed for autonomous driving. The application should encrypt video streams and, if possible, transmit the encrypted data to a cloud. The encrypted data is then stored in the secure place and decrypted only if there is a legal requirement to do so.
Some of the essential requirements for the solution derivate clearly from the use case. They are, including, but not limited to, reliability and ability for offline operation.
One of the main challenges this work is aiming to solve, is the (decryption) key management. Since no party should have a full control over the decryption key, this work addresses some possible approaches of dealing with this issue.
The underlying hypothesis is that one of the picked techniques not only achieves integrity and confidentiality of data, but also solves the decryption key management problem. Furthermore, this technique is provably realizable in practice.