Addressing Privacy: Matching User Requirements with Implementation Techniques

This paper outlines the basic privacy requirements namely anonymity, pseudonimity, unlinkability and unobservability and how these requirements can be linked with related literatures implementation techniques for best supporting design decisions during system development. The work presented is structured as follows. Firstly, the basic privacy requirements that should be considered during system design and development are analysed. Secondly, the privacy implementation techniques that realize these requirements are presented. The paper concludes with a critical analysis of the above techniques. The aim of this analysis is twofold: (a) to understand the coverage of the area and (b) to understand the best fit for purpose of different privacy implementation techniques.

[1]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[2]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  B. Achiriloaie,et al.  VI REFERENCES , 1961 .

[4]  Sjaak Brinkkemper,et al.  Information Systems Engineering: State of the Art and Research Themes , 2000 .

[5]  Pericles Loucopoulos,et al.  Enterprise Knowledge Management and Conceptual Modelling , 1997, Conceptual Modeling.

[6]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[7]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[8]  Pericles Loucopoulos,et al.  Enterprise Modelling and the Teleological Approach to Requirements Engineering , 1995, Int. J. Cooperative Inf. Syst..

[9]  Michael K. Reiter,et al.  Anonymous Web transactions with Crowds , 1999, CACM.

[10]  Stefanos Gritzalis,et al.  Enhancing Web privacy and anonymity in the digital era , 2004, Inf. Manag. Comput. Secur..

[11]  Christian Grothoff,et al.  gap - Practical Anonymous Networking , 2003, Privacy Enhancing Technologies.

[12]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[13]  Simone Fischer Hübner IT-Security and Privacy : Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[14]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  Birgit Pfitzmann,et al.  Rechtssicherheit trotz Anonymität in offenen digitalen Systemen , 1990 .

[17]  J. C. Cannon Privacy: What Developers and IT Professionals Should Know , 2004 .

[18]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[19]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[20]  Sjaak Brinkkemper,et al.  From Information Modelling to Enterprise Modelling , 2000 .

[21]  Stefanos Gritzalis,et al.  Security Requirements Engineering for e-Government Applications: Analysis of Current Frameworks , 2004, EGOV.