Secure and Privacy-Friendly Logging for eGovernment Services

This paper presents a scheme for building a logging trail for processes related to eGovernment services. A citizen can reconstruct the trail of such a process and verify its status if he is the subject of that process. Reconstruction is based on handovers, special types of log events that link data stored by multiple logging servers, which are not necessarily trusted. The scheme is privacy-friendly in the sense that only the authorised subject, i.e. the citizen, can link the different log entries related to one specific process. The scheme is also auditable; it allows logging servers to show that they behave according to a certain policy.