A taxonomy for privacy enhancing technologies

Abstract Privacy-enhancing technologies (PETs) belong to a class of technical measures which aim at preserving the privacy of individuals or groups of individuals. Numerous PETs have been proposed for all kinds of purposes, but are difficult to be compared with each other. The challenge here lies in the fact that information privacy is a comprehensive concept with solutions being diverse, with different focus and aims. As existing taxonomies cover information security-related aspects, while neglecting privacy-specific properties, this work aims at filling this gap by describing a universal taxonomy of PETs where the taxonomy aspects are selected such that they allow the categorization of PETs in different dimensions and properties to cover a wide area of privacy (e.g., user privacy, data privacy). It provides the reader with a tool for the systematic comparison of different PETs. This helps in identifying limitations of existing PETs, complementary technologies, and potential research directions. To demonstrate its applicability, the proposed taxonomy is applied to a set of key technologies covering different disciplines such as data anonymization, privacy-preserving data querying, communication protection, and identity hiding.

[1]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[2]  S. Fischer-Hübner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[3]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[4]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[5]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[6]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[7]  Chris Clifton,et al.  Providing Privacy through Plausibly Deniable Search , 2009, SDM.

[8]  Maria Kjaerland,et al.  A taxonomy and comparison of computer security incidents from the commercial and government sectors , 2006, Comput. Secur..

[9]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[10]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[12]  David Chaum,et al.  Electronic Mail, Return Address, and Digital Pseudonyms , 1981 .

[13]  Catherine Dwyer Privacy in the Age of Google and Facebook , 2011, IEEE Technology and Society Magazine.

[14]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[15]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[16]  D. Koo,et al.  HIPAA privacy rule and public health; guidance from CDC and the U.S. Department of Health and Human Services , 2003 .

[17]  Brent Waters,et al.  Bi-Deniable Public-Key Encryption , 2011, CRYPTO.

[18]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[19]  Luigi Lo Iacono Multi-centric universal pseudonymisation for secondary use of the EHR. , 2007, Studies in health technology and informatics.

[20]  Ueli Maurer,et al.  Information-Theoretic Cryptography , 1999, CRYPTO.

[21]  Athman Bouguettaya,et al.  Privacy on the Web: Facts, Challenges, and Solutions , 2003, IEEE Secur. Priv..

[22]  Stephen Marsh,et al.  Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) Side , 2005, iTrust.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[25]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[26]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[27]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[28]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[29]  Christian Cachin,et al.  An information-theoretic model for steganography , 1998, Inf. Comput..

[30]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[31]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[32]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[33]  Raj Sharman,et al.  Handbook of Research on Social and Organizational Liabilities in Information Security , 2008 .

[34]  K. Pommerening,et al.  Secondary use of the EHR via pseudonymisation. , 2004, Studies in health technology and informatics.

[35]  Christopher Anglim,et al.  USA Patriot Act : a legislative history of the Uniting and Strengthening of America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, Public Law no. 107-56 (2001) , 2002 .

[36]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[37]  Ross J. Anderson,et al.  On the limits of steganography , 1998, IEEE J. Sel. Areas Commun..

[38]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[39]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[40]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[41]  Gonzalo Álvarez,et al.  A new taxonomy of Web attacks suitable for efficient encoding , 2003, Comput. Secur..

[42]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[43]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[44]  Jan H. P. Eloff,et al.  A taxonomy for information security technologies , 2003, Comput. Secur..

[45]  Rita Noumeir,et al.  Pseudonymization of Radiology Data for Research Purposes , 2007, Journal of Digital Imaging.

[46]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[47]  D. Richard Kuhn,et al.  Data Loss Prevention , 2010, IT Professional.

[48]  Thomas Neubauer,et al.  Pseudonymization with Metadata Encryption for Privacy-Preserving Searchable Documents , 2012, 2012 45th Hawaii International Conference on System Sciences.

[49]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[50]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[51]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[52]  Christoph Grabenwarter,et al.  European Convention on Human Rights , 2014 .

[53]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[54]  Eila Niemelä,et al.  A Taxonomy of Information Security for Service-Centric Systems , 2007, 33rd EUROMICRO Conference on Software Engineering and Advanced Applications (EUROMICRO 2007).

[55]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[56]  Henk C. A. van Tilborg,et al.  Encyclopedia of Cryptography and Security, 2nd Ed , 2005 .

[57]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[58]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[59]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[60]  Stephan Katzenbeisser,et al.  Information Hiding Techniques for Steganography and Digital Watermaking , 1999 .

[61]  Bradley Malin,et al.  Evaluating re-identification risks with respect to the HIPAA privacy rule , 2010, J. Am. Medical Informatics Assoc..

[62]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[63]  Mohamed Cheriet,et al.  Taxonomy of intrusion risk assessment and response system , 2014, Comput. Secur..

[64]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[65]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[66]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[67]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.