Reconciling Information Exchange and Confidentiality, A Formal Approach

Het thema van de bescherming van persoonsgegevens is actueler dan ooit. Een paradoxale eigenschap van persoonsgegevens is dat zowel het geheim houden, als het uitwisselen ervan gedaan kan worden onder het argument van `veiligheid'. Het geheim houden van persoonsgegevens verhoogt veiligheid doordat deze gegevens niet misbruikt kunnen worden. Het uitwisselen van persoonsgegevens verhoogt veiligheid omdat het opsporingsdiensten helpt criminelen en terroristen te vangen. Zowel de argumenten voor het geheim houden van gegevens, als die voor het uitwisselen van gegevens zijn valide. Het probleem is helder: het uitwisselen van gegevens en het geheim houden van gegevens lijkt niet, of althans moeilijk, samen te kunnen gaan. Dit is niet alleen een probleem in de discussie tussen de voorvechters van privacy en de voorstanders van verregaande opsporingsbevoegdheden. Ook opsporingsdiensten zelf worstelen met het spanningsveld van uitwisseling versus geheimhouding: het is makkelijker een subject (bijvoorbeeld een verdachte) in de gaten te houden als hij of zij daar niet op beducht is. Wanneer het subject weet dat hij onderwerp van onderzoek is, kan hij of zij bijvoorbeeld mogelijk bezwarende bewijzen vernietigen. Hoe meer mensen binnen een opsporingsorganisatie weet hebben van een lopend onderzoek, hoe groter de kans is dat er gelekt wordt naar het subject. Aan de andere kant, hoe meer mensen binnen opsporingsdienst weet hebben van een lopend onderzoek, hoe meer mensen kunnen meehelpen met dat onderzoek. Het hoofddoel van dit proefschift is om te onderzoeken of het mogelijk is om oplossingen voor dit spanningsveld te vinden. De resultaten van het onderzoek zijn van fundamentele en praktische waarde. Aan de fundamentele kant laten we zien, dat een een aantal problemen uberhaupt oplosbaar is. Aan de praktische kant laten we zien dat deze oplossingen niet slechts theoretisch zijn, maar ook zonder al te veel problemen kunnen worden toegepast om bestaande, praktische problemen op te lossen. De oplossingen die gepresenteerd worden in dit proefschift bieden beleidsmakers de ruimte om de bescherming van privacy enerzijds, en het uitwisselen van persoonsgegevens voor terrorismebestrijding anderzijds, goed samen te laten gaan. In plaats van of/of, is er de mogelijkheid voor en/en, als de beleidsmakers het willen. Enige relativering is hierbij wel op zijn plaats. Niet *alle* problemen rondom privacy en uitwisseling van persoonsgegevens kunnen worden opgelost, slechts *enkele*. Er is echter geen enkele reden om te veronderstellen dat dit proefschrift de mogelijkheden om dit type problemen op te lossen, heeft uitgeput. Dit proefschift is slechts een begin: we laten zien dat het uberhaupt mogelijk is dit type problemen op te lossen; toekomstig onderzoek kan het palet van oplossingen verder uitbreiden.

[1]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[2]  E. F. CODD,et al.  A relational model of data for large shared data banks , 1970, CACM.

[3]  H. Feistel Cryptography and Computer Privacy , 1973 .

[4]  J.L. Smith,et al.  Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[5]  Gary L. Miller Riemann's Hypothesis and Tests for Primality , 1976, J. Comput. Syst. Sci..

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[9]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[12]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[13]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[14]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[15]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[16]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[17]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[18]  Bala Kalyanasundaram,et al.  The Probabilistic Communication Complexity of Set Intersection , 1992, SIAM J. Discret. Math..

[19]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[20]  Martin Tompa Zero Knowledge Interactive Proofs of Knowledge (A Digest) , 1988, TARK.

[21]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[22]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[23]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[24]  Joan Feigenbaum,et al.  Cryptographic Protection of Databases and Software , 1989, Distributed Computing And Cryptography.

[25]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[26]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[27]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[28]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[29]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 1989, 30th Annual Symposium on Foundations of Computer Science.

[30]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[31]  Michaël Quisquater,et al.  How to Explain Zero-Knowledge Protocols to Your Children , 1989, CRYPTO.

[32]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[33]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[35]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[36]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[37]  Gilles Brassard,et al.  Computationally Convincing Proofs of Knowledge , 1991, STACS.

[38]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[39]  Paul F. Syverson The value of semantics for the analysis of cryptographic protocols , 1991, Proceedings Computer Security Foundations Workshop IV.

[40]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[41]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[42]  Virgil D. Gligor,et al.  On belief evolution in authentication protocols , 1991, Proceedings Computer Security Foundations Workshop IV.

[43]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[44]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[45]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[46]  Ken Binmore,et al.  Fun and games : a text on game theory , 1992 .

[47]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[48]  Alexander A. Razborov,et al.  On the Distributional Complexity of Disjointness , 1992, Theor. Comput. Sci..

[49]  Gene Tsudik Message authentication with one-way hash functions , 1992, CCRV.

[50]  Paul C. van Oorschot,et al.  Extending cryptographic logics of belief to key agreement protocols , 1993, CCS '93.

[51]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[52]  Ross Anderson,et al.  The Classification of Hash Functions , 1993 .

[53]  Colin Boyd,et al.  On a Limitation of BAN Logic , 1994, EUROCRYPT.

[54]  Paul F. Syverson Adding time to a logic of authentication , 1993, CCS '93.

[55]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[56]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[57]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[58]  Volker Kessler,et al.  AUTLOG-an advanced logic of authentication , 1994, Proceedings The Computer Security Foundations Workshop VII.

[59]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[60]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[61]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[62]  Mihir Bellare,et al.  XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[63]  José L. Balcázar,et al.  Structural Complexity I , 1995, Texts in Theoretical Computer Science An EATCS Series.

[64]  Mihir Bellare,et al.  Incremental cryptography and application to virus protection , 1995, STOC '95.

[65]  Raymond Reiter,et al.  On Specifying Database Updates , 1995, J. Log. Program..

[66]  W. van der Hoek,et al.  Epistemic logic for AI and computer science , 1995, Cambridge tracts in theoretical computer science.

[67]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[68]  L Dusserre,et al.  A one way public key cryptosystem for the linkage of nominal files in epidemiological studies. , 1995, Medinfo. MEDINFO.

[69]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[70]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[71]  Peter Winkler,et al.  Comparing information without leaking it , 1996, CACM.

[72]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[73]  P. Syverson,et al.  A Unified Cryptographic Protocol Logic , 1996 .

[74]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[75]  Markus Jakobsson,et al.  Proving Without Knowing: On Oblivious, Agnostic and Blindolded Provers , 1996, CRYPTO.

[76]  Volker Kessler,et al.  Formal Semantics for Authentication Logics , 1996, ESORICS.

[77]  Martin L. Kersten,et al.  High Performance Support for OO Traversals in Monet , 1996, BNCOD.

[78]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[79]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[80]  Eyal Kushilevitz,et al.  Communication Complexity , 1997, Adv. Comput..

[81]  Bart Preneel,et al.  Cryptographic Primitives for Information Authentication - State of the Art , 1997, State of the Art in Applied Cryptography.

[82]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[83]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[84]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[85]  Catherine Quantin,et al.  How to ensure data security of an epidemiological follow-up: quality assessment of an anonymous record linkage procedure , 1998, Int. J. Medical Informatics.

[86]  L Dusserre,et al.  Automatic Record Hash Coding and Linkage for Epidemiological Follow-up Data Confidentiality , 1998, Methods of Information in Medicine.

[87]  Serge Vaudenay,et al.  The Black-Box Model for Cryptographic Primitives , 1998, Journal of Cryptology.

[88]  Nicola Guarino,et al.  Formal Ontology and Information Systems , 1998 .

[89]  Ran Canetti,et al.  Perfectly one-way probabilistic hashing , 1998 .

[90]  Applied Kid Cryptography or How To Convince Your Children You Are Not Cheating , 1999 .

[91]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[92]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[93]  Simon Singh,et al.  The Code Book , 1999 .

[94]  Paul Syvreson Towards a Strand Semantics for Authentication Logic , 1999, MFPS.

[95]  Pieter Retief Kasselman,et al.  Analysis and design of cryptographic hash functions , 1999 .

[96]  Diomidis Spinellis,et al.  Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification , 1999, Comput. Commun..

[97]  R. V. D. Pol Knowledge-based query formulation in information retrieval , 2000 .

[98]  F. Waas Principles of probabilistic query optimization , 2000 .

[99]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[100]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2000, Journal of Cryptology.

[101]  Rakesh Agrawal,et al.  Privacy-preserving data mining , 2000, SIGMOD 2000.

[102]  Catherine Quantin,et al.  Anonymous statistical methods versus cryptographic methods in epidemiology , 2000, Int. J. Medical Informatics.

[103]  Anthony H. Dekker C3PO: a tool for automatic sound cryptographic protocol analysis , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[104]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[105]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[106]  Luca Viganò,et al.  Towards an awareness-based semantics for security protocol analysis , 2001, Electron. Notes Theor. Comput. Sci..

[107]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[108]  Erhard Rahm,et al.  A survey of approaches to automatic schema matching , 2001, The VLDB Journal.

[109]  Erik P. de Vink,et al.  On BAN Logics for Industrial Security Protocols , 2001, CEEMAS.

[110]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[111]  Joshua D. Guttman Key Compromise, Strand Spaces, and the Authentication Tests , 2001, MFPS.

[112]  Jacques Traoré,et al.  A fair and efficient solution to the socialist millionaires' problem , 2001, Discret. Appl. Math..

[113]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[114]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[115]  Vitaly Shmatikov,et al.  Negotiated Privacy: (Extended Abstract) , 2002, ISSS.

[116]  Peter Boncz,et al.  UvA-DARE ( Digital Academic Repository ) Monet ; a next-Generation DBMS Kernel For Query-Intensive Applications , 2007 .

[117]  Joshua D. Guttman,et al.  Security protocol design via authentication tests , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[118]  Oded Goldreich,et al.  Zero-Knowledge twenty years after its invention , 2002, Electron. Colloquium Comput. Complex..

[119]  Pedro M. Domingos,et al.  Learning to map between ontologies on the semantic web , 2002, WWW '02.

[120]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[121]  Mads Dam,et al.  Logical Omniscience in the Semantics of BAN Logic , 2003 .

[122]  Junji Shikata,et al.  Equivalence between Semantic Security and Indistinguishability against Chosen Ciphertext Attacks , 2003, Public Key Cryptography.

[123]  Reind P. van de Riet,et al.  WorkFlow Analyzed for Security and Privacy in Using Databases , 2003, J. Comput. Secur..

[124]  Barteld Kooi Knowledge, chance, and change , 2003 .

[125]  Hans van Ditmarsch,et al.  The Russian Cards Problem , 2003 .

[126]  Helger Lipmaa,et al.  Verifiable Homomorphic Oblivious Transfer and Private Equality Test , 2003, ASIACRYPT.

[127]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[128]  Jan Broersen Modal Action Logics for Reasoning about Reactive Systems , 2003 .

[129]  Dusko Pavlovic,et al.  Secure Protocol Composition , 2003, MFPS.

[130]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[131]  P. Ravikumar and W. W. Cohen and S. E. Fienberg,et al.  A Secure Protocol for Computing String Distance Metrics , 2004 .

[132]  Martín Abadi,et al.  Private authentication , 2004, Theor. Comput. Sci..

[133]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[134]  Lifang Gu,et al.  Privacy-preserving data linkage protocols , 2004, WPES '04.

[135]  Peter Christen,et al.  Some methods for blindfolded record linkage , 2004, BMC Medical Informatics Decis. Mak..

[136]  D. Song,et al.  Private and threshold set-intersection , 2004 .

[137]  S. C. Kabel,et al.  Knowledge-rich indexing of learning objects , 2004 .

[138]  Dan Suciu,et al.  The Piazza peer data management system , 2004, IEEE Transactions on Knowledge and Data Engineering.

[139]  Chris van Aart,et al.  Organizational Principles for Multi-Agent Architectures , 2004 .

[140]  Einar Snekkenes,et al.  Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol , 2004, Journal of Cryptology.

[141]  Jules J Berman Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. , 2004, Archives of pathology & laboratory medicine.

[142]  Frank van Harmelen,et al.  A semantic web primer , 2004 .

[143]  Alexandre V. Evfimievski,et al.  Privacy preserving mining of association rules , 2002, Inf. Syst..

[144]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[145]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[146]  Alon Y. Halevy,et al.  Semantic Integration Research in the Database Community : A Brief Survey , 2005 .

[147]  Martín Abadi,et al.  Secure circuit evaluation , 1990, Journal of Cryptology.

[148]  Flavio D. Garcia,et al.  Off-Line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications , 2005, ACNS.

[149]  Taneli Mielikäinen,et al.  Private Itemset Support Counting , 2005, ICICS.

[150]  Michael Grüninger,et al.  Semantic Integration through Invariants , 2005, AI Mag..

[151]  Wouter Teepe Integrity and dissemination control in administrative applications through information designators , 2005, Comput. Syst. Sci. Eng..

[152]  Wouter Teepe New Protocols for Proving Knowledge of Arbitrary Secrets While not Giving Them Away , 2005 .

[153]  Aggelos Kiayias,et al.  Testing Disjointness of Private Datasets , 2005, Financial Cryptography.

[154]  Interactief internetgebruik in tijden van verkiezingskoorts - Een analyse van de gebruikers van "Wij kiezen partij voor u" in 2003 en 2004 , 2005 .

[155]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[156]  D. Heisenberg,et al.  Negotiating Privacy: The European Union, The United States, And Personal Data Protection , 2005 .

[157]  Een classificatie van Persoonlijke Partijprofielen - een analyse vanuit de kennistechnologie , 2005 .

[158]  Alan D. Attie,et al.  The Republican War on Science , 2005 .

[159]  Bpf Bart Jacobs Select before you Collect , 2005 .

[160]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[161]  Wetenschap kan conflict met Amerika oplossen , 2005 .

[162]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[163]  Wouter Teepe Proving Possession of Arbitrary Secrets While not Giving them Away: New Protocols and a Proof in GNY Logic , 2005, Synthese.

[164]  Thijs Westerveld,et al.  Using generative probabilistic models for multimedia retrieval , 2005, SIGF.

[165]  Aggelos Kiayias,et al.  Syntax-Driven Private Evaluation of Quantified Membership Queries , 2006, ACNS.

[166]  M. B. van Riemsdijk,et al.  Cognitive agent programming : A semantic approach , 2006 .

[167]  Laura Hollink,et al.  Semantic annotation for retrieval of visual resources , 2006 .

[168]  W Teepe BAN Logic is not 'Sound', Constructing Epistemic Logics for Security is Difficult , 2006 .

[169]  L. H. Christoph The role of metacognitive skills in learning to solve problems , 2006 .

[170]  Ron Suskind,et al.  The One Percent Doctrine: Deep Inside America's Pursuit of Its Enemies Since 9/11 , 2006 .

[171]  Eelco Herder,et al.  Forward, Back and Home Again - Analyzing User Behavior on the Web , 2006 .

[172]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[173]  Wouter Teepe,et al.  Party profiles on the web: an analysis of the logfiles of non-partisan interactive political internet sites in the 2003 and 2004 election campaigns in Belgium , 2007, New Media Soc..

[174]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[175]  Mads Dam,et al.  A Completeness Result for BAN Logic , 2007 .

[176]  Joseph Y. Halpern Revisiting the Foundations of Authentication Logics , 2007 .

[177]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[178]  Ichiro Hasuo,et al.  Semantics and logic for security protocols , 2009, J. Comput. Secur..