DSpace Repository

Enhanced Security Approaches for Data Protection: Managing Consent, Data Breach, and Asset Inheritance

Show simple item record

dc.contributor.author Singh, Ram Govind
dc.date.accessioned 2024-09-03T06:45:36Z
dc.date.available 2024-09-03T06:45:36Z
dc.date.issued 2024-07
dc.identifier.citation 172p. en_US
dc.identifier.uri http://hdl.handle.net/10263/7463
dc.description This thesis is under the supervision of Dr.Sushmita Ruj and Dr. Sabyasachi Karati en_US
dc.description.abstract The journey of the Indian data protection framework started in 2018 with the introduction of the initial draft as ``Personal Data Protection Bill (PDPB-2018)''. Subsequently, a revised draft PDPB-2019 was introduced. This went through revisions as PDPB 2021 and Digital Personal Data Protection Bill (DPDPB-2022). Finally, it was passed as ``Digital Personal Data Protection Act'' (DPDPA, 2023). The framework emphasized on protected data processing while the user's privacy is honored. In this thesis, we look at the technical aspects in DPDPA and suggest ways to address the different clauses of the bill. We have analyzed four components: a) user's consent that states the nature and scope of consent-based data processing, b) right to access/right to nominate to assure the right to nominate someone as a nominee,c)data breach to enable appropriate technical measures to prevent and analyze data breach. d) storage/logging to preserve and evaluate various logs that strengthen security posture and incident response. Enhanced approaches have been explored under each obligation for stronger data management and processing aligning with the framework. In analysing user’s consent, we have described that encoding of requisite security and privacy properties will ascertain stronger consent processing. We formalize these properties as Proofs of Consent (PoC) and categorized them into three layers. The acquisition of a higher layer will minimize adversarial risks and ascertain greater transparency. Next, we have proposed a model Shielded Consent Manager (SCM) using blockchain and other cryptographic primitivesfor retrieval of consent to grant permissions to access android resources. Further, following the right to nominee obligations, we have proposed a model Digital Asset Inheritance Protocol (DAIP) using CertificateLess Encryption (CLE) and Identity Based System (IBS) to convey the user’s online persona efficiently to the descendent after his death. DAIP allows the nominee to successfully retrieve the asset after the user’s demise, even if a nominee is uninformed regarding the asset. Then, we have proposed the system model of a Data Breach Incident Assessor(DBIA) aiming for breach assessment. It helps inthe validation of a threat actor’s claim, understanding the root cause of a breach, analyze the scope of the compromise, and provide analysis according to the regulation. Finally, an End System URL Analyzer (ESUL) to analyze the URL based logs in end system is presented. The simulation and result analysis is done for each of the above approaches. We show that enhanced security approaches can help to realize the obligations in DPDPA, thus ensuring robust data management and processing. en_US
dc.language.iso en en_US
dc.publisher Indian Statistical Institute, Kolkata en_US
dc.relation.ispartofseries ISI Ph. D Thesis;TH
dc.subject Digital asset inheritance en_US
dc.subject Asset management en_US
dc.subject Consent processing en_US
dc.subject Data breach en_US
dc.title Enhanced Security Approaches for Data Protection: Managing Consent, Data Breach, and Asset Inheritance en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

  • Theses
    (ISI approved PhD theses)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account