Abstract:
The new EU General Data Protection Regulation comes into effect on 25 May 2018. The vast majority of financial institutions in the UK are woefully under-prepared to comply with this legislation. Current estimates suggest that UK banks could potentially suffer fines in the first year alone of over 5 Billion Euro. We argue how a simple encryption mechanism, in conjunction with the use of an immutable database, can provide an unbreakable system strong enough to resist attack whether using in-house systems or cloud applications, which are notoriously difficult to secure properly. The client can personalise security locally, where this encoder is in addition to any public security provided by the Cloud service. Adopting this strategy will make break-ins, side-channel attacks and any security issues such as backdoors in public encryption algorithms, redundant. Our proposed system uses the “one time pad”, which with modern technology can resolve opposition to one-time pad shortcomings from the 1960s. When this is used in conjunction with the immutable database, a full audit trail can be maintained, as well as a strong forensic footprint, both of which are often lacking where cloud is deployed. We will show how storage applications do not generate key distribution problems, a major problem normally associated with one-time pad encryption and normally cited as the main objection to this encryption paradigm. With this system total control is returned to the end user and should overcome most security problems.