Course Name: Privacy-Enhancing Technologies (PET)

Lecturer: Simone Fischer-Hübner

Level: PhD course (4 points)

Time and Place:  winter/spring 2003, 12A 424, and CS library (18.Feb. 13-15, 4.March 13-15, 18.March 10-12).

Aims and objectives: This course aims at providing an understanding and awareness of privacy threats in the Global Information Society, and at supporting the use and design of technologies enforcing privacy aspects. The course will consists of lectures and student presentations and will be given in English.

1. Introduction:

- Privacy Principles and Legislation (11.Feb.)

- Privacy Threats and Risks in the Global Information Society (11.Feb.)

- Criteria for PET (18. Feb.)

2. PET for Protecting User Identities:

2.1 Protection at Communication Level:

- DC nets (18.Feb.)

- MIX nets (18/25.Feb.)

- Mix net applications: Anonymous Remailers and Browsers, Onion Routing, Freedom network, Flying Freedom (25.Feb.)

- Crowds (25.Feb.)

2.2 Protection at System Level:

- Anonymous system access with credential based access control (25.Feb.)

2.3 Protection at Application Level:

- Blind Signatures, Ecash, Anonymous payment protocols (4.March)

- Anonymous vorting schemes (4.March)

2.4 Protection of User Identities in Audit Trails

-Pseudonymous Auditing (18.March)

- Inference Controls for Statistical Database Systems (18.March)

- Privacy Preserving Data Mining (3.April)

4. PET for Personal Data Protection:

- P3P (Platform for Privacy Preferences) (3.April)

- Privacy-enhanced Identity Management (3.April)

- Formal Privacy Model for Access Control (10.April)

- Enterprise Privacy Policies (10.April)

- Steganography (10.April)

Simone Fischer-Hübner, "IT-Security and Privacy-Design and Use of Privacy-Enhancing Security Mechanisms",  Springer Scientific Publishers, Lecture Notes of Computer Science,  LNCS 1958,  May 2001, ISBN 3-540-42142-4.
 

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://www.privacy.org/pi/intl_orgs/ec/eudp.html

DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) http://www.cdt.org/privacy/guide/protect/telecom-priv02.pdf

Simone Fischer-Hübner, "Privacy and Security at Risk in the Gloabl Information Society", n: Information, Communication & Society, Vol. 1 (4), Winter 1998, pp. 419-441, Routledge.

V.Mayer-Schönberger, "The Internet and Privacy Legislation: Cookies for a Threat?", West Virginia Journal of Law & Technology, Volume I, Issue 1 - March 17, 1997, http://www.wvjolt.wvu.edu/wvjolt/current/issue1/articles/mayer/mayer.htm

Privacy International, "Privacy and Human Rights - An International Survey of Privacy Laws and Developments", 2002, http://www.privacy.org/pi/survey/phr2002/

Philip Agre, Marc Rotenberg, Technology and Privacy: The New Landscape, The MIT Press, 1997.

Common Criteria Editorial Board: Common Criteria for Information Technology Security Evaluation Version 2.1, September 2000, http://csrc.ncsl.nist.gov/nistpubs/cc

Registratiekamer, Privacy-Enhancing Technologies: The Path to Anonymity, Volume II, Achtergrondstudies en Verkenningen 5B, Rijswijk, August 1995

Andreas Pfitzmann, Marit Köhntopp: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology (PDF); Draft v0.12, 2001-06-17; v0.8 (PDF) in: Hannes Federrath (Ed.): Designing Privacy Enhancing Technologies; Proc. Workshop on Design Issues in Anonymity and Unobservability; LNCS 2009; 2001

D.Chaum, "The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability", Journal of Cryptology, 1, 1988, http://cypherpunks.venona.com/date/1992/12/msg00107.html

M.Waidner, "Unconditional Sender and Recipient Untraceability in spite of Active Attacks", Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 302-319, http://www.semper.org/sirene/publ/Waid_90fail-stopDC.ps.gz

Peter Wayner, "Disappearing Cryptography", chapter 11, Academic Press, 1996.

J.Boyan, The Anomyzer: Protecting User Privacy on the Web. Computer-Mediated Communication Magazine, 1997.

D.Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms", Communications of the ACM, 24 (2). 1981, pp. 84-88, http://world.std.com/~franl/crypto/chaum-acm-1981.html

L.Cottrell, "Mixmaster and Remailer Attacks", 1995 http://www.obscura.com/~loki/remailer/remailer-essay.html

Electronic Frontiers Georgia: Reliable Remailer List, http://anon.efga.org/~rlist

I.Goldberg, D.Wagner, E.Brewer, "Privacy-Enhancing Technologies for the Internet", Proceedings of COMPCON´97, San Jose, February, 1997

C.Gülcu, G. Tsudik, "Mixing E-Mail with Babel", Proceedings of the IEEE Symposium on Network and Distributed System Security, 1996.

P. Syverson, D. Goldschlag, M. Reed, "Anonymous Connections and Onion Routing", Proceedings of the 1997 Symposium on Security and Privacy, Oakland, 1997, http://www.itd.nrl.navy.mil/ITD/5540/projects/onion-routing/OAKLAND_97.ps , http://www.onion-router.net/Publications.html

A.Pfitzmann, B.Pfitzmann, M.Waidner, "ISDN-MIXes - Untraceable Communication with very small Bandwidth Overhead", in: Information Security, Proceedings of the IFIP TC-11 International Conference Sec'91, May 1991, Brighton, D. T. Lindsay, W. L. Price (eds.), North-Holland, Amsterdam 1991, http://www.semper.org/sirene/publ/PfPW_91TelMixeGI_NTG.ps.gz 

D.Kesdogan, H.Federrath, A.Jerichow, A.Pfitzmann, "Location Management Strategies increasing Privacy in Mobile Communication Systems", Proceedings of the IFIP TC11 SEC '96 Conference , Chapman & Hall, London 1996, 39-48, http://www.semper.org/sirene/publ/KFJP_96MobilPriv.Samos.ps.gz 

M.Reiter, A.Rubin, "Anonymous Web Transactions with Crowds", Communications of the ACM, Vol.42, No.2, February 1999, pp. 32-38.

C. Shields and B. N. Levine. A Protocol for Anonymous Communication Over the Internet. Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 33-42. November 2000.

ZeroKnowledge, Freedom White Papers.

Alberto Escudero Pascual, M. Hedenfalk, P. Heselius,  "Location Privacy in Mobile Internet - An extension to Freedom Network",  INET2001. Stockholm. June 2001, http://www.it.kth.se/~aep/publications/

D.Chaum, "Security without Identification: Transaction Systems to Make Big Brother Obsolete", Communications of the ACM, 28 (10). 1985, pp.1030-1044, http://www.chaum.com/articles/Security_Wthout_Identification.htm 

D.Chaum, A.Fiat, M.Naor, "Untraceable Electronic Cash", Proceedings: Advances in Cryptology - Crypto´88, S.Goldwasser (Ed.), 1988, Lecture Notes in Computer Sciences, Springer Verlag. http://link.springer.de/link/service/series/0558/papers/0403/04030319.pdf

D.Chaum, "Achieving Electronic Privacy", Scientific American, August 1992, pp.76-81, http://www.chaum.com/articles/Achieving_Electronic_Privacy.htm 

S.v Solms, D.Naccache, "On blind signatures and perfect crimes", Computers and Security 11 (1992) 581-583.

S.Brands, "Electronic Cash on the Internet", Proceedings of the Internet Society 1995 Symposium on Network and Distributed System Security, San Diego, California, 16-17 February, 1995

David Chaum, !Secret Secret-Ballot Receipts and Transparent Integrity- Better and less-costly electronic voting at polling places," http://www.vreceipt.com/article.pdf

Pseudonymous Auditing:

M.Sobirey, S.Fischer-Hübner, K.Rannenberg, "Pseudonymous Auditing for a Privacy-Enhanced Intrusion Detection", Proceedings of the IFIP TC-11 Sec'97-Conference "Information Security in Research and Business", Copenhagen, May 14-16, Eds: L.Yngström, J.Carlsen, Chapman&Hall, 1997.

Michael Sobirey, Datenschutzorientiertes Intrusion Detection, DuD-Fachbeiträge, vieweg-Verlag 1999.

Joachim Biskup, Ulrich Flegel, "On Pseudonymisation of Audit Data for Intrusion Detection", Proceedings of the Workshop on Design Issues in Anonymity and Unobervability, ICSI, Berkley, California, July 25-26, 2000, Springer LNCS 2009, p. 161 ff., http://link.springer.de/link/service/series/0558/papers/2009/20090161.pdf
 

Anonymous System Access with SPKI certificates and Credential-based Access Control:

P.Nikander, L.Viljanen, "Storing and Retrieving Internet Certificates", in: S.Knapskog, T.Brekne, Proceedings of the Third Nordic Workshop on Secure IT Systems, Trondheim, 5-6 November, 1998, http://www.tcm.hut.fi/~pnr/publications/Nordsec-98.pdf

Tuomas Aura, Carl Ellison, "Privacy and Accountability in Certificate Systems", Research Report A61, Laboratory for Theoretical Computer Science, Helsinki University of Technology, Espoo, Finland, April 2000, http://saturn.hut.fi/Publications/papers/aura/HUT-TCS-A61.pdf  

Workshop Papers, "Credential-Based Access Control in open, interoperable IT-Systems" within Informatik 2002 - 32. Jahrestagung der Gesellschaft für Informatik, Dortmund,  October 2nd, 2002, http://ls6-www.cs.uni-dortmund.de/issi/cred_ws/index.html.en

D.Denning, Cryptography and Data Security, Addison-Wesley, Chapter 6, pp.331-389, 1982

Rakesh Agrawal, R. Srikant, "Privacy-Preserving Data Mining", IBM Almaden Research Center, http://ragrawal-userv.userv.web.cmu.edu/papers/privacy.pdf

S.Fischer-Hübner, A.Ott, "From A Formal Task-based Privacy Model to its Implementation", Proceedings of the 21st National Information Systems Security Conference, Arlington / VA, October 5-8, 1998,

G. Karjoth, M. Schunter: A Privacy Policy Model for Enterprises; 15th IEEE Computer Security Foundations Workshop CSFW 2002; Keltic Lodge, 2002,  http://www.semper.org/sirene/publ/KaSc02.privacyASL.CSFW02-final.pdf

G. Karjoth, M. Schunter, M. Waidner: The Platform for Enterprise Privacy Practices – Privacy-enabled Management of Customer Data; In 2nd Workshop on Privacy Enhancing Technologies (PET 2002), San Francisco, 2002. Springer, LNCS, http://www.semper.org/sirene/publ/KaSW1_02.EP3P4PET.pdf

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation 16 April 200,  http://www.w3.org/TR/P3P/

Lorrie Faith Cranor, Web Privacy with P3P , O'Reilly , September 2002.

Electronic Privacy Information Center (EPIC), "Pretty Poor Privacy: An Assessment of P3P and Internet Privacy", http://www.epic.org/reports/prettypoorprivacy.html,  June 2000.

O.Berthold, M.Köhntopp, "Identity Management Based on P3P", Proceedings of the Workshop on Design Issues in Anonymity and Unobervability, ICSI, Berkley, California, July 25-26,  2000, Springer LNCS 2009.

Sebastian Clauß, Marit Köhntopp: Identity Managements and Its Support of Multilateral Security; in: Computer Networks 37 (2001), Special Issue on Electronic Business Systems; Elsevier, North-Holland 2001; 205-219

Neil F. Johnson, Sushil Jajodia, "Steganography: Seeing the Unseen",    IEEE Computer, February 1998: 26-34. http://www.jjtc.com/pub/r2026a.htm

.Johnson, S.Jajodia, "Steganalysis of Images Created Using Current Steganographic Software", Proceedings of the Workshop on Information Hiding, Portland, Oregon/USA, 15-17 April 1998, http://www.jjtc.com/ihws98/jjgmu.html

Peter Wayner, "Disappearing Cryptography", chapter 9, Academic Press, 1996.

E.Franz, A.Pfitzmann, "Einführung in die Steganographie und Ableitung eines neuen Stegoparadigmas", Informatik-Spektrum, Vol.21 (4), August 1998, Springer-Verlag.

Overhead projector slides from the previous PET course (winter 2001):

session1

session2

session3

session4

session5

session6

session7

session8

session9

session10

session11