Privacy Enhancing Technologies: A Review

Organisations handle employees', customers' and third parties' Personally Identifiable Information (PII) in a number of ways and for a variety of reasons; when doing this, it is important that privacy is taken into account. Privacy Enhancing Tech- nologies (PETs) provide a mechanism that helps with this, and can be used in conjunc- tion with higher level policy definition, human processes, training, etc. In this paper we conduct a brief survey of Privacy Enhancing Technologies (PETs) in recent years and show how these may help address different types of privacy harm to employees, customers and, more generally, to the data subjects (Institute, 2009).

[1]  David Chaum,et al.  Showing Credentials Without Identification: SIgnatures Transferred Between Unconditionally Unlinkable Pseudonyms , 1985, EUROCRYPT.

[2]  David Lindley,et al.  The Probability Approach to the Treatment of Uncertainty in Artificial Intelligence and Expert Systems , 1987 .

[3]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[6]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[7]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[8]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[9]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[10]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[11]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[12]  M. Mont,et al.  A distributed service, adaptive to trust assessment, based on peer-to-peer e-records replication and storage , 2001, Proceedings Eighth IEEE Workshop on Future Trends of Distributed Computing Systems. FTDCS 2001.

[13]  David M. Kristol,et al.  HTTP Cookies: Standards, privacy, and politics , 2001, TOIT.

[14]  Amir Herzberg,et al.  Relying Party Credentials Framework , 2001, Electron. Commer. Res..

[15]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[16]  Private Authentication , 2002, Privacy Enhancing Technologies.

[17]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[18]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[19]  Benny Pinkas,et al.  Cryptographic techniques for privacy-preserving data mining , 2002, SKDD.

[20]  Brian Neil Levine,et al.  Hordes: a Multicast-Based Protocol for Anonymity , 2002, J. Comput. Secur..

[21]  Ulrich Flegel Pseudonymizing Unix Log Files , 2002, InfraSec.

[22]  Marianne Winslett,et al.  Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[23]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[24]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[25]  Stefan A. Brands,et al.  A Technical Overview of Digital Credentials , 2002 .

[26]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[27]  Robert Tappan Morris,et al.  Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer , 2002, IPTPS.

[28]  Adil Alsaid,et al.  Detecting Web Bugs with Bugnosis: Privacy Advocacy through Education , 2002, Privacy Enhancing Technologies.

[29]  S. Dodds Privacy and Endogenous Monitoring Choice When Private Information is a Public Good , 2002 .

[30]  Mikko Tarkiainen,et al.  Privacy Enhancing Service Architectures , 2002, Privacy Enhancing Technologies.

[31]  Thomas Demuth,et al.  A Passive Attack on the Privacy of Web Users Using Standard Log Information , 2002, Privacy Enhancing Technologies.

[32]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[33]  H. Varian,et al.  Conditioning Prices on Purchase History , 2005 .

[34]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[35]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[36]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[37]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[38]  Stefanos Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[39]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[40]  Kun Liu,et al.  Privacy Sensitive Distributed Data Mining from Multi-party Data , 2003, ISI.

[41]  Bart Preneel,et al.  APES - Anonymity and Privacy in Electronic Services , 2003, Datenschutz und Datensicherheit.

[42]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[43]  Alfred Kobsa,et al.  A Component Architecture for Dynamically Managing Privacy Constraints in Personalized Web-Based Systems , 2003, Privacy Enhancing Technologies.

[44]  T. Muris,et al.  The Federal Trade Commission and the Future Development of U.S. Consumer Protection Policy , 2004 .

[45]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[46]  Curtis R. Taylor Consumer Privacy and the Market for Customer Information , 2004 .

[47]  Rebecca N. Wright,et al.  Experimental Analysis of Privacy-Preserving Statistics Computation , 2004, Secure Data Management.

[48]  Curtis R. Taylor Privacy and Information Acquisition in Competitive Markets , 2004 .

[49]  Gildas Avoine,et al.  Privacy Issues in RFID Banknote Protection Schemes , 2004, CARDIS.

[50]  Yunghsiang Sam Han,et al.  Privacy-Preserving Multivariate Statistical Analysis: Linear Regression and Classification , 2004, SDM.

[51]  Dino Pedreschi,et al.  Blocking anonymity threats raised by frequent itemset mining , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[52]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[53]  Marco Casassa Mont,et al.  Handling privacy obligations in enterprises: important aspects and technical approaches , 2005, Comput. Syst. Sci. Eng..

[54]  C. Andersson,et al.  Trust in PRIME , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[55]  Siani Pearson,et al.  An Adaptive Privacy Management System for Data Repositories , 2005, TrustBus.

[56]  Ting Yu,et al.  Determining user privacy preferences by asking the right questions: an automated approach , 2005, WPES '05.

[57]  Siani Pearson,et al.  Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy , 2005, iTrust.

[58]  Stan Matwin,et al.  Privacy in Data Mining Using Formal Methods , 2005, TLCA.

[59]  Keke Chen,et al.  Privacy preserving data classification with rotation perturbation , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[60]  Kori Inkpen Quinn,et al.  Examining the content and privacy of web browsing incidental information , 2006, WWW '06.

[61]  Dan Boneh,et al.  Protecting browser state from web privacy attacks , 2006, WWW '06.

[62]  Martin Rost,et al.  Exploring the Feasibility of a Spatial User Interface Paradigm for Privacy-Enhancing Technoloqy , 2006 .

[63]  Alessandro Pavan,et al.  On the Optimality of Privacy in Sequential Contracting , 2006, J. Econ. Theory.

[64]  Marc Sebban,et al.  Sequence Mining Without Sequences: A New Way for Privacy Preserving , 2006, 2006 18th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'06).

[65]  Benjamin E. Hermalin,et al.  Privacy, property rights and efficiency: The economics of privacy as secrecy , 2006 .

[66]  Matthias Schunter,et al.  Privacy Injector - Automated Privacy Enforcement Through Aspects , 2006, Privacy Enhancing Technologies.

[67]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[68]  Marco Casassa Mont,et al.  A Customizable Reputation-based Privacy Assurance System using Active Feedback , 2006, 2006 Securecomm and Workshops.

[69]  Vitaly Shmatikov,et al.  How To Break Anonymity of the Netflix Prize Dataset , 2006, ArXiv.

[70]  Sabrina De Capitani di Vimercati,et al.  Enhancing User Privacy Through Data Handling Policies , 2006, DBSec.

[71]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[72]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[73]  Lorrie Faith Cranor,et al.  What's it to You? A Survey of Online Privacy Concerns and Risks , 2006 .

[74]  George Danezis,et al.  The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications , 2006, WEIS.

[75]  Torben Bach Pedersen,et al.  Privacy-Preserving Data Mining on Moving Object Trajectories , 2007, 2007 International Conference on Mobile Data Management.

[76]  Sushil Jajodia,et al.  Access control policies and languages , 2007, Int. J. Comput. Sci. Eng..

[77]  Philip S. Yu,et al.  Anonymizing Classification Data for Privacy Preservation , 2007, IEEE Transactions on Knowledge and Data Engineering.

[78]  Michael Waidner,et al.  Simplified Privacy Controls for Aggregated Services - Suspend and Resume of Personal Data , 2007, Privacy Enhancing Technologies.

[79]  Yang Yu,et al.  Query privacy in wireless sensor networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[80]  Siani Pearson,et al.  Privacy Assurance: Bridging the Gap Between Preference and Practice , 2007, TrustBus.

[81]  Stefan Katzenbeisser,et al.  NS2: Networked Searchable Store with Correctness , 2007, VLDB.

[82]  Reihaneh Safavi-Naini,et al.  Enforcing P3P Policies Using a Digital Rights Management System , 2007, Privacy Enhancing Technologies.

[83]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[84]  Lise Getoor,et al.  Preserving the Privacy of Sensitive Relationships in Graph Data , 2007, PinKDD.

[85]  Bart De Decker,et al.  Enhancing privacy in identity management systems , 2007, WPES '07.

[86]  Sean W. Smith,et al.  Blacklistable anonymous credentials: blocking misbehaving users without ttps , 2007, CCS '07.

[87]  Josep Domingo-Ferrer,et al.  A Three-Dimensional Conceptual Framework for Database Privacy , 2007, Secure Data Management.

[88]  Alfredo Cuzzocrea,et al.  A Robust Sampling-Based Framework for Privacy Preserving OLAP , 2008, DaWaK.

[89]  Florian Kerschbaum Building a privacy-preserving benchmarking enterprise system , 2008, Enterp. Inf. Syst..

[90]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[91]  Josep Domingo-Ferrer,et al.  Location privacy via unlinkability: an alternative to cloaking and perturbation , 2008, PAIS '08.

[92]  Barbara Carminati,et al.  Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[93]  Josep Domingo-Ferrer,et al.  Location Privacy in Location-Based Services: Beyond TTP-based Schemes , 2008, PiLBA.

[94]  Josep Domingo-Ferrer,et al.  Peer-to-Peer Private Information Retrieval , 2008, Privacy in Statistical Databases.

[95]  Sean W. Smith,et al.  PEREA: towards practical TTP-free revocation in anonymous authentication , 2008, CCS.

[96]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[97]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[98]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[99]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[100]  Rajneesh Sharma,et al.  Privacy Management for Global Organizations , 2009, DPM/SETOP.

[101]  Ninghui Li,et al.  End-User Privacy in Human–Computer Interaction , 2009 .

[102]  Peter C. Wayner,et al.  Translucent Databases 2Nd Edition: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy , 2009 .

[103]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[104]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[105]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.