Some methods for blindfolded record linkage

BACKGROUND: The linkage of records which refer to the same entity in separate data collections is a common requirement in public health and biomedical research. Traditionally, record linkage techniques have required that all the identifying data in which links are sought be revealed to at least one party, often a third party. This necessarily invades personal privacy and requires complete trust in the intentions of that party and their ability to maintain security and confidentiality. Dusserre, Quantin, Bouzelat and colleagues have demonstrated that it is possible to use secure one-way hash transformations to carry out follow-up epidemiological studies without any party having to reveal identifying information about any of the subjects – a technique which we refer to as "blindfolded record linkage". A limitation of their method is that only exact comparisons of values are possible, although phonetic encoding of names and other strings can be used to allow for some types of typographical variation and data errors. METHODS: A method is described which permits the calculation of a general similarity measure, the n-gram score, without having to reveal the data being compared, albeit at some cost in computation and data communication. This method can be combined with public key cryptography and automatic estimation of linkage model parameters to create an overall system for blindfolded record linkage. RESULTS: The system described offers good protection against misdeeds or security failures by any one party, but remains vulnerable to collusion between or simultaneous compromise of two or more parties involved in the linkage operation. In order to reduce the likelihood of this, the use of last-minute allocation of tasks to substitutable servers is proposed. Proof-of-concept computer programmes written in the Python programming language are provided to illustrate the similarity comparison protocol. CONCLUSION: Although the protocols described in this paper are not unconditionally secure, they do suggest the feasibility, with the aid of modern cryptographic techniques and high speed communication networks, of a general purpose probabilistic record linkage system which permits record linkage studies to be carried out with negligible risk of invasion of personal privacy

Dilution: A Novel Approach In Preserving Privacy

Protection of privacy is a very personal matter and therefore a sensitive issue. Often protection or prevention of exchange of information is crucial to preserve privacy. With information technology on the rise, exchange of information got boosted and preserving privacy turned to a very challenging issue. Commonly, privacy is often understood as non-disclosure of information. Modern media, particularly the Internet, and development of Web 2.0 within the Internet, pose new challenges to the intention of not disclosing certain information for quite a while already. Still, we observe that state of the art is classifying personal information into very few categories - often only two: visible to friends only and visible to everybody. This does not mirror physical life and the behavior in communication between two individuals. In this work we move away from privacy by secrecy towards privacy by dilution. Adding enough data to some information under consideration will make it hard to distinguish and hence reveal the information being protected. Dilution is applicable for any kind of data: while in case of plain text additional text can be inserted into the existing text, dilution of pictures and videos is adding additional files of the same type. Furthermore, we enable presentation of different partial identities to different requesters, e.g., a visitor of a web site. Beside a survey that allowed us to derive a basic model here, we elaborated our concepts into two directions. These can be distinguished by their transparency, i.e., the required user-interaction. We introduce active and passive dilution respectively. Means to efficiently monitor an online reputation, as well as assessments and use case studies regarding robustness, have been conducted. Conclusively, we will see that the dilution methodology is a promising approach pointing to a novel direction in privacy enhancing technologies. All tools and frameworks presented in this work and contributed by us have been implemented as fully working proof-of-concepts

Cryptographic Approaches To Security and Privacy Issues In Pervasive Computing

Technological innovation has enabled tiny devices to participate in pervasive com- puting. Such devices are particularly vulnerable to security and privacy threats, because of their limited computing resources and relatively weak physical security. We investigate possible cryptographic solutions to security and privacy problems arising in two kinds of emerging pervasive computing networks: Personal Area Net- works (PANs) and the EPCglobal Network. A number of key management schemes have been proposed for use in PANs, but these schemes only support key management within a PAN. However, as people are increasingly equipped with multiple wireless devices, PANs are likely to be intercon- nected to share information or services. We introduce a term, iPANs, to name such interconnected PANs. We define system models and design goals for key manage- ment in iPANs, and propose a novel security initialisation scheme for use in iPANs. The proposed scheme achieves desirable security and efficiency properties by making use of the unique characteristics of PANs. The EPCglobal Network is designed to give efficiency and cost savings in and beyond the supply chain using Radio Frequency Identification (RFID) technology; however, privacy threats affecting such networks are particularly serious. We construct a formal privacy model for RFID systems accurately reflecting adversarial threats and power. We then give brief privacy analysis for the existing privacy-enhanced RFID schemes which have received wide attention in the literature. We then construct a secure refresh-based RFID system based on re-encryption techniques, and prove its privacy using the defined privacy model. Finally, we show that the proposed scheme can greatly enhance the security and privacy of EPC tags, making the maximum use of given tag functionalities as specified in the standards