Log pseudonymization: Privacy maintenance in practice

Varanda, Artur; Santos, Leonel; Costa, Rogério Luís de C.; Oliveira, Adail; Rabadão, Carlos

http://hdl.handle.net/10400.8/15236

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
Log pseudonymization Privacy maintenance in practice.pdf	Mobile phones, social media, and Internet of Things (IoT) devices are examples of day-to-day technologies that collect large amounts of data, including people's location, habits, and preferences. The first regulations on digital data collection and processing privacy were created decades ago, but such an increased amount of collected digital data and the risks associated with the illegal processing and exposure of personal information led to several new regulations, including the European General Data Protection Regulation. Recent regulations require that personal data controllers implement several technical and organizational measures to protect data privacy. Much attention was given to data gathering, storage, and processing at system and database levels. But at the system administration level, log files usually store data that can lead to the identification of an individual, which means they must be processed to guarantee personal data privacy. In this work, we deal with pseudonymization. We discuss log sources, formats and data, log management architectures, and the log processing pipeline, considering pseudonymization and security requirements. We describe an architecture for log pseudonymization during the ingestion phase and present its implementation using Elasticsearch, Logstash, and Kibana, providing conclusions and helpful insights on log pseudonymization for privacy protection.	2.09 MB	Adobe PDF	Download

Send Feedback

Authors

Varanda, Artur

Santos, Leonel

Costa, Rogério Luís de C.

Oliveira, Adail

Rabadão, Carlos

Abstract(s)

Mobile phones, social media, and Internet of Things (IoT) devices are examples of day-to-day technologies that collect large amounts of data, including people's location, habits, and preferences. The first regulations on digital data collection and processing privacy were created decades ago, but such an increased amount of collected digital data and the risks associated with the illegal processing and exposure of personal information led to several new regulations, including the European General Data Protection Regulation. Recent regulations require that personal data controllers implement several technical and organizational measures to protect data privacy. Much attention was given to data gathering, storage, and processing at system and database levels. But at the system administration level, log files usually store data that can lead to the identification of an individual, which means they must be processed to guarantee personal data privacy. In this work, we deal with pseudonymization. We discuss log sources, formats and data, log management architectures, and the log processing pipeline, considering pseudonymization and security requirements. We describe an architecture for log pseudonymization during the ingestion phase and present its implementation using Elasticsearch, Logstash, and Kibana, providing conclusions and helpful insights on log pseudonymization for privacy protection.

Keywords

Log pseudonymization Privacy Personal data GDPR ELK stack

URI

http://hdl.handle.net/10400.8/15236

Citation

Artur Varanda, Leonel Santos, Rogério Luís de C. Costa, Adail Oliveira, Carlos Rabadão, Log pseudonymization: Privacy maintenance in practice, Journal of Information Security and Applications, Volume 63, 2021, 103021, ISSN 2214-2126, https://doi.org/10.1016/j.jisa.2021.103021.