Design and Analysis Methods for Privacy Technologies (Ontwerp- en analysemethodes van privacytechnologieën)

As advances in technology increase data processing and storage capabilities, the collection of massive amounts of electronic data raises new challenging privacy concerns. Hence, it is essential that system designers consider privacy requirements and have appropriate tools to analyze the privacy properties offered by new designs. Nevertheless, the privacy community has not yet developed a general methodology that allows engineers to embed privacy-preserving mechanisms in their designs, and test their efficacy. Instead, privacy-preserving solutions are designed and analyzed in an ad hoc manner, and hence it is difficult to compare and combine them in real-world solutions.In this thesis we investigate whether general methodologies for the design and analysis of privacy-preserving systems can be developed. Our goal is to lay down the foundations for a privacy engineering discipline that provides system designers with tools to build robust privacy-preserving systems.We first present a general method to quantify information leaks in any privacy-preserving design that can be modeled probabilistically. This method allows the designer to evaluate the degree of privacy protection provided by the system. Using anonymous communication systems as case study we find that Bayesian inference and the associated Markov Chain Monte Carlo sampling techniques form an appropriate framework to evaluate the resistance of these systems to traffic analysis. The Bayesian approach provides the analyst with a neat procedure to follow, starting with the definition of a probabilistic model that is inverted and sampled to estimate quantities of interest. Further, the analysis methodology is not limited to specific quantities such as ``who is the most likely receiver of Alice's message?,'' but can be used to answer arbitrary questions about the entities in the system. Finally, our methodology ensures that systematic biases in information analysis are avoided and provides accurate error estimates.In the second part of this thesis we tackle the design of privacy-preserving systems, using pay-as-you-drive applications as case study. We propose two pay-as-you-drive architectures that preserve privacy by processing personal data locally to the users, and only communicating billing information to the provider. Local processing enhances privacy, but may be detrimental to other security properties such as service integrity (e.g., the provider has access to less data when verifying the correctness of the bill). We design a protocol that, using advanced cryptographic primitives, allows users to prove to the service provider that they have correctly performed the computation, while revealing the minimum amount of location data. Finally, our designs are validated from a security, performance and legal perspective, to ensure that they are ready for deployment.Based on the lessons learned while designing privacy-preserving schemes for pay-as-you-drive applications, we identify the basic steps to be performed when designing new privacy-preserving solutions that minimize the disclosure of personal data while fulfilling other essential security requirements. We argue that, first of all, the designer must explicitly identify the basic functionality of the system, and the minimum set of data that needs to be revealed to service providers. Then, multi-lateral security requirements have to be addressed and protective measures are established to safeguard the interest of all entities in the system while enabling users to disclose a minimum amount of personal information. Even though in this thesis we use pay-as-you-drive applications as a central case study, the general applicability of these steps has been tested in the design of a privacy-preserving e-petition system, in which user's privacy is guaranteed by hiding their identity from the provider while revealing their preferences.nrpages: 189+17status: publishe