Enforcing Privacy in the Presence of Others: Notions, Formalisations and Relations

Protecting privacy against bribery/coercion is a necessary requirement in electronic services, like e-voting, e-auction and e-health. Domain-specific privacy properties have been proposed to capture this. We generalise these properties as enforced privacy: a system enforces a user’s privacy even when the user collaborates with the adversary. In addition, we account for the influence of third parties on a user’s privacy. Third parties can help to break privacy by collaborating with the adversary, or can help to protect privacy by cooperating with the target user. We propose independency of privacy to capture the negative privacy impact that third parties can have, and coalition privacy to capture their positive privacy impact. We formally define these privacy notions in the applied pi calculus and build a hierarchy showing their relations.

[1]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[2]  Jan Jürjens,et al.  Verifying Cryptographic Code in C: Some Experience and the Csec Challenge , 2011, Formal Aspects in Security and Trust.

[3]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[4]  Jun Pang,et al.  Formal Analysis of Privacy in an eHealth Protocol , 2012, ESORICS.

[5]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[6]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[7]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[8]  Pascal Lafourcade,et al.  A formal taxonomy of privacy in voting protocols , 2012, 2012 IEEE International Conference on Communications (ICC).

[9]  Masayuki Abe,et al.  Receipt-Free Sealed-Bid Auction , 2002, ISC.

[10]  Pascal Lafourcade,et al.  Defining Privacy for Weighted Votes, Single and Multi-voter Coercion , 2012, ESORICS.

[11]  Jun Pang,et al.  A formal framework for quantifying voter-controlled privacy , 2009, J. Algorithms.

[12]  Andreas Pashalidis,et al.  Relations Among Privacy Notions , 2009, Financial Cryptography.

[13]  Mark Ryan,et al.  Reduction of Equational Theories for Verification of Trace Equivalence: Re-encryption, Associativity and Commutativity , 2012, POST.

[14]  Pascal Lafourcade,et al.  Vote-Independence: A Powerful Privacy Notion for Voting Protocols , 2011, FPS.

[15]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Vincent Cheval,et al.  Proving More Observational Equivalences with ProVerif , 2013, POST.

[18]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[19]  Jun Pang,et al.  Challenges in eHealth: From Enabling to Enforcing Privacy , 2011, FHIES.

[20]  Rohit Chadha,et al.  Formal analysis of multi-party contract signing , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[21]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[22]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[23]  Byoungcheon Lee,et al.  Providing Receipt-Freeness in Mixnet-Based Voting Protocols , 2003, ICISC.

[24]  Bart De Decker,et al.  A Privacy-Preserving eHealth Protocol Compliant with the Belgian Healthcare System , 2008, EuroPKI.

[25]  Jun Pang,et al.  Analysis of a Receipt-Free Auction Protocol in the Applied Pi Calculus , 2010, Formal Aspects in Security and Trust.

[26]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[27]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[28]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[29]  Ninghui Li,et al.  Introduction to special section SACMAT'08 , 2011, TSEC.

[30]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[31]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[32]  Jun Pang,et al.  Bulletin Boards in Voting Systems: Modelling and Measuring Privacy , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[33]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[34]  Catuscia Palamidessi,et al.  Theory of Security and Applications , 2011, Lecture Notes in Computer Science.

[35]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[36]  Tatsuaki Okamoto,et al.  An electronic voting scheme , 1996, IFIP World Conference on IT Tools.

[37]  Alan Wassyng,et al.  Foundations of Health Informatics Engineering and Systems , 2011, Lecture Notes in Computer Science.

[38]  Graham Steel,et al.  Formal Analysis of Privacy for Anonymous Location Based Services , 2011, TOSCA.

[39]  Michael Backes,et al.  A Security API for Distributed Social Networks , 2011, NDSS.

[40]  Moti Yung,et al.  Computer Security – ESORICS 2012 , 2012, Lecture Notes in Computer Science.

[41]  Ralf Küsters,et al.  An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[42]  Andreas Pashalidis,et al.  Relations among privacy notions , 2009, TSEC.

[43]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).