2,935 research outputs found
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes
Cryptographic primitives are essential for constructing privacy-preserving
communication mechanisms. There are situations in which two parties that do not
know each other need to exchange sensitive information on the Internet. Trust
management mechanisms make use of digital credentials and certificates in order
to establish trust among these strangers. We address the problem of choosing
which credentials are exchanged. During this process, each party should learn
no information about the preferences of the other party other than strictly
required for trust establishment. We present a method to reach an agreement on
the credentials to be exchanged that preserves the privacy of the parties. Our
method is based on secure two-party computation protocols for set intersection.
Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM
International Workshop on Data Privacy Management (DPM 2013
Recommended from our members
User Collusion Avoidance Scheme for Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption
Decentralized attribute-based encryption (ABE) is a variant of multi-authority based ABE whereby any attribute authority (AA) can independently join and leave the system without collaborating with the existing AAs. In this paper, we propose a user collusion avoidance scheme which preserves the user's privacy when they interact with multiple authorities to obtain decryption credentials. The proposed scheme mitigates the well-known user collusion security vulnerability found in previous schemes. We show that our scheme relies on the standard complexity assumption (decisional bilienar Deffie-Hellman assumption). This is contrast to previous schemes which relies on non-standard assumption (q-decisional Diffie-Hellman inversion)
User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption
Decentralized attribute-based encryption (ABE) is a variant of multi-authority based ABE whereby any attribute authority (AA) can independently join and leave the system without collaborating with the existing AAs. In this paper, we propose a user collusion avoidance scheme which preserves the user's privacy when they interact with multiple authorities to obtain decryption credentials. The proposed scheme mitigates the well-known user collusion security vulnerability found in previous schemes. We show that our scheme relies on the standard complexity assumption (decisional bilienar Deffie-Hellman assumption). This is contrast to previous schemes which relies on non-standard assumption (q-decisional Diffie-Hellman inversion)
Privacy Enhanced Access Control by Means of Policy Blinding
Traditional techniques of enforcing an access control policy\ud
rely on an honest reference monitor to enforce the policy. However, for\ud
applications where the resources are sensitive, the access control policy\ud
might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it\ud
processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably\ud
has a psychiatric problem. The patient would consider this sensitive in-\ud
formation, and she might prefer the honest-but-curious reference monitor\ud
to remain oblivious of her mental problem.\ud
We present a high level framework for querying and enforcing a role\ud
based access control policy that identifies where sensitive information\ud
might be disclosed. We then propose a construction which enforces a\ud
role based access control policy cryptographically, in such a way that the\ud
reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove\ud
the security of our scheme showing that it works in theory, but that it\ud
has a practical drawback. However, the practical drawback is common\ud
to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that\ud
there is an underlying fundamental problem that cannot be solved. We\ud
also show why attribute based encryption techniques do not not solve the\ud
problem of enforcing policy by an honest but curious reference monitor
- …