Electronic safes for process oriented eGovernment
Today high available, scalable storage is very common and cheap and many "document safes" or collaborative document sharing systems are available on the market. However the trust in server based infrastructures to store personal, sensitive data is limited. Major data breaches in public and private sector service providers suggest that there is a need for a more structural answer to these problems. Solutions to prevent data leaks often get complex and expensive on their own, so that public administrations tend to avoid the investment in security consulting and the necessary infrastructure. Even the operating of such complex infrastructures requires skilled and engaged personal which makes it expensive. To rely on organizational measures and the operating stuff means to be attackable to a certain degree. Last but not least today's eGovernment solutions depend heavily on the experienced end user that is capable to keep his personal computer clean from viruses and malware. This seems at least questionable, as it is challenging to keep up with the development of new anti-virus software. In this paper we propose a model for critical infrastructures that keep personal, sensitive data confidential for a long time without relying on trustworthy IT solution providers, loyal personal or secure networks. The proposed infrastructure can be used to store documents, e. g. the scan of a birth certificate as well as XML data, e. g. "place of residence" that can be used by the citizen in all kinds of application processes. The confidentiality of stored data, the unobservability of communication and the unlinkability of user transactions are targeted. We separate the aspects of secure storage and develop a concept of a trustworthy electronic Safe for data and documents. The Safe infrastructure requires multiple actors, the Safe Owner, that manages her private data within the Safe, the Storage Provider that stores small data blocks of content, the Safe Provider that stores some kind of directory information and the Safe User, that is getting insight into the Owner's Safe. The paper starts with the key requirements structured in use cases and their explanation. Afterwards we present essential parts of a prototypical implementation for all of the actors and describe the protocol between them for a chosen scenario.