5,094 research outputs found
Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective
Rapid advances in human genomics are enabling researchers to gain a better
understanding of the role of the genome in our health and well-being,
stimulating hope for more effective and cost efficient healthcare. However,
this also prompts a number of security and privacy concerns stemming from the
distinctive characteristics of genomic data. To address them, a new research
community has emerged and produced a large number of publications and
initiatives.
In this paper, we rely on a structured methodology to contextualize and
provide a critical analysis of the current knowledge on privacy-enhancing
technologies used for testing, storing, and sharing genomic data, using a
representative sample of the work published in the past decade. We identify and
discuss limitations, technical challenges, and issues faced by the community,
focusing in particular on those that are inherently tied to the nature of the
problem and are harder for the community alone to address. Finally, we report
on the importance and difficulty of the identified challenges based on an
online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies
(PoPETs), Vol. 2019, Issue
Record-Linkage from a Technical Point of View
TRecord linkage is used for preparing sampling frames, deduplication of lists and combining information on the same object from two different databases. If the identifiers of the same objects in two different databases have error free unique common identifiers like personal identification numbers (PID), record linkage is a simple file merge operation. If the identifiers contains errors, record linkage is a challenging task. In many applications, the files have widely different numbers of observations, for example a few thousand records of a sample survey and a few million records of an administrative database of social security numbers. Available software, privacy issues and future research topics are discussed.Record-Linkage, Data-mining, Privacy preserving protocols
Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes
Cryptographic primitives are essential for constructing privacy-preserving
communication mechanisms. There are situations in which two parties that do not
know each other need to exchange sensitive information on the Internet. Trust
management mechanisms make use of digital credentials and certificates in order
to establish trust among these strangers. We address the problem of choosing
which credentials are exchanged. During this process, each party should learn
no information about the preferences of the other party other than strictly
required for trust establishment. We present a method to reach an agreement on
the credentials to be exchanged that preserves the privacy of the parties. Our
method is based on secure two-party computation protocols for set intersection.
Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM
International Workshop on Data Privacy Management (DPM 2013
Safe Data Sharing and Data Dissemination on Smart Devices
The erosion of trust put in traditional database servers, the growing
interest for different forms of data dissemination and the concern for
protecting children from suspicious Internet content are different factors that
lead to move the access control from servers to clients. Several encryption
schemes can be used to serve this purpose but all suffer from a static way of
sharing data. In a precedent paper, we devised smarter client-based access
control managers exploiting hardware security elements on client devices. The
goal pursued is being able to evaluate dynamic and personalized access control
rules on a ciphered XML input document, with the benefit of dissociating access
rights from encryption. In this demonstration, we validate our solution using a
real smart card platform and explain how we deal with the constraints usually
met on hardware security elements (small memory and low throughput). Finally,
we illustrate the generality of the approach and the easiness of its deployment
through two different applications: a collaborative application and a parental
control application on video streams
Teaching self-sovereign identity
For service providers, secure and reliable identification of users is essential to provide its services. From a user perspective, traditional identifiers are currently solved by centralized entities who have the capacity to control not only the creation of the identifier, but also the withdrawal. Moreover, in most cases more personal information is being provided than needs to be demonstrated. A blockchain-based Self-Sovereign Identity (SSI) provides a secure and reliable identification method for service providers, gives the user self-control of the identifier, and enables a way to provide just the essential information that is needed to get the service. This paper aims to make two practical documents; the first one being an introductory practice to get started with this topic and the second one that consists of developing a simple SSI login system for web services offered to university students.Para los proveedores de servicios, la identificación segura y confiable de los usuarios es fundamental para prestar sus servicios. Desde la perspectiva del usuario, los identificadores tradicionales actualmente son proporcionados por entidades centralizadas que tienen la capacidad de controlar, no solo la creación del identificador, sino también la retirada. Además, en la mayorÃa de los casos se proporciona más información personal de la que se necesita demostrar. Una Auto-Identidad Soberana basada en blockchain proporciona un método de identificación seguro y fiable para los proveedores de servicios, le da al usuario el autocontrol del identificador y permite una forma de proporcionar sólo la información esencial que se necesita para obtener el servicio. Este trabajo tiene como objetivo realizar dos documentos prácticos, siendo el primero una práctica introductoria para iniciarse en este tema y el segundo que consiste en desarrollar un sistema de inicio de sesión de Auto-Identidad Soberana simple para servicios web ofrecidos a estudiantes universitarios.Per als proveïdors de serveis, la identificació segura i fiable dels usuaris és fonamental per prestar els seus serveis. Des de la perspectiva de l'usuari, els identificadors tradicionals són proporcionats actualment per entitats centralitzades que tenen la capacitat de controlar, no només la creació de l'identificador, sinó també la retirada. A més, en la majoria dels casos es proporciona més informació personal de la que cal demostrar. Una identitat autosobirana basada en blockchain proporciona un mètode d'identificació segur i fiable per als proveïdors de serveis, dóna a l'usuari l'autocontrol de l'identificador i permet una manera de proporcionar només la informació essencial que es necessita per obtenir el servei. Aquest treball té com a objectiu fer dos documents prà ctics, sent el primer una prà ctica introductòria per iniciar-se en aquest tema i el segon que consisteix a desenvolupar un sistema d'inici de sessió d'identitat autosobirana simple per a serveis web oferts a estudiants universitaris
Self-sovereign identity decentralized identifiers, claims and credentials using non decentralized ledger technology
Dissertação de mestrado integrado em Engenharia InformáticaCurrent identity management systems rely on centralized databases to store user’s personal data, which poses
a great risks for data security, as these infrastructure create a critical point of failure for the whole system. Beside
that service providers have to bear huge maintenance costs and comply with strict data protection regulations.
Self-sovereign identity (SSI) is a new identity management paradigm that tries to answer some of these
problems by providing a decentralized user-centric identity management system that gives users full control of
their personal data. Some of its underlying concepts include Decentralized Identifiers (DIDs), Verifiable Claims
and Credentials. This approach does not rely on any central authority to enforce trust as it often uses Blockchain
or other Decentralized Ledger Technologies (DLT) as the trust anchor of the system, although other decentralized
network or databases could also be used for the same purpose.
This thesis focuses on finding alternative solutions to DLT, in the context of SSI. Despite being the most used
solution some DLTs are known to lack scalability and performance, and since a global identity management
system heavily relies on these two requirements it might not be the best solution to the problem.
This document provides an overview of the state of the art and main standards of SSI, and then focuses on
a non-DLT approach to SSI, referencing non-DLT implementations and alternative decentralized infrastructures
that can be used to replace DLTs in SSI. It highlights some of the limitations associated with using DLTs for
identity management and presents a SSI framework based on decentralized names systems and networks. This
framework couples all the main functionalities needed to create different SSI agents, which were showcased in
a proof of concept application.Actualmente os sistemas de gestão de identidade digital estão dependentes de bases de dados centralizadas
para o armazenamento de dados pessoais dos seus utilizadores. Isto representa um elevado risco de segurança,
uma vez que estas infra-estruturas representam um ponto crÃtico de falha para todo o sistema. Para além disso
os service providers têm que suportam elevados custos de manutenção para armazenar toda esta informaçao
e ainda são obrigados a cumprir as normas de protecção de dados existentes.
Self-sovereign identity (SSI) é um novo paradigma de identidade digital que tenta dar resposta a alguns destes
problemas, criando um sistema focado no utilizador e totalmente descentralizado que oferece aos utilizadores
total controlo sobre os seus dados pessoais. Alguns dos conceitos subjacentes incluem Decentalized Identifiers
(DIDs), Verifiable Credentials e Presentations. Esta abordagem não depende de qualquer autoridade central
para estabelecer confiança, dado que utiliza Blockchains ou outras Decentralized Ledger Technilogies (DLT)
como âncora de confiança do sistema. No entanto outras redes ou bases de dados descentralizadas podem
também ser utilizadas para alcançar o mesmo objectivo.
Esta tese concentra-se em encontrar soluções alternativas para a DLT no âmbito da SSI. Apesar de esta ser
a solução mais utilizada, sabe-se que algumas DLTs carecem de escalabilidade e desempenho. Sendo que um
sistema de identidade digital com abrangência global dependerá bastante destes dois requisitos, esta pode não
ser a melhor solução.
Este documento fornece uma visão geral do estado da arte e principais standards da SSI, focando-se de
seguida numa abordagem não DLT, que inclui uma breve referência a implementações não-DLT e tecnologias
alternativas que poderão ser utilizadas para substituir as DLTs na SSI. Alem disso aborda algumas das principais
limitações associadas ao uso de DLTs na gestão de identidades digitais e apresenta uma framework baseada
em name systems e redes descentralizadas. Esta framework inclui as principais funcionalidades necessárias
para implementar os diferentes agentes SSI, que foram demonstradas através de algumas aplicações proof of
concept
On the security of NoSQL cloud database services
Processing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS introduces new challenges such as confidentiality violation and information leakage in the presence of privileged malicious insiders and adds new dimension to the data security. We address the problem of building a secure DBaaS for a public cloud infrastructure where, the Cloud Service Provider (CSP) is not completely trusted by the data owner. We present a high level description of several architectures combining modern cryptographic primitives for achieving this goal. A novel searchable security scheme is proposed to leverage secure query processing in presence of a malicious cloud insider without disclosing sensitive information. A holistic database security scheme comprised of data confidentiality and information leakage prevention is proposed in this dissertation. The main contributions of our work are: (i) A searchable security scheme for non-relational databases of the cloud DBaaS; (ii) Leakage minimization in the untrusted cloud. The analysis of experiments that employ a set of established cryptographic techniques to protect databases and minimize information leakage, proves that the performance of the proposed solution is bounded by communication cost rather than by the cryptographic computational effort
- …