On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems

We investigate a mechanism for secure remote logging to improve privacy guarantees in dynamic systems. Considering an extended threat model for privacy, we first describe outer and inner privacy: outer privacy expresses the traditional attacker model for privacy where identity management systems control the collection of personal, observable information; inner privacy denotes the threat posed by an attacker who attempts to get hold of private log data by tampering with a device. While privacy enhancing technologies should take outer and inner privacy into account, there is to our knowledge no approach for inner privacy, in particular for dynamic systems. To this end, we develop protocols to address inner privacy based on secure logging. Our approach accounts for the capacity limitations of resource-poor devices in dynamic systems, as it allows for the remote storage of log data, while fulfilling its security guarantees. Further, our approach can be smoothly integrated into identity management systems to combine outer and inner of privacy.