Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2011 | Book

Towards Knowledge Intensive Data Privacy Read chapter Read first chapter

Data Privacy Management and Autonomous Spontaneous Security

5th International Workshop, DPM 2010 and 3rd International Workshop, SETOP 2010, Athens, Greece, September 23, 2010, Revised Selected Papers

Editors: Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Ana Cavalli, Jean Leneutre

Publisher: Springer Berlin Heidelberg

Book Series : Lecture Notes in Computer Science

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book constitutes the thoroughly refereed joint post proceedings of two international workshops, the 5th International Workshop on Data Privacy Management, DPM 2010, and the 3rd International Workshop on Autonomous and Spontaneous Security, SETOP 2010, collocated with the ESORICS 2010 symposium in Athens, Greece, in September 2010. The 9 revised full papers for DPM 2010 presented together with two keynote talks are accompanied by 7 revised full papers of SETOP 2010; all papers were carefully reviewed and selected for inclusion in the book. The DPM 2010 papers cover topics such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The SETOP 2010 papers address several specific aspects of the previously cited topics, as for instance the autonomic administration of security policies, secure P2P storage, RFID authentication, anonymity in reputation systems, etc.

Table of Contents

Frontmatter

Keynote Talks

Towards Knowledge Intensive Data Privacy
Abstract
Privacy preserving data mining tools only use in a limited way information and knowledge other than the data base being protected. In this paper we plead on the need of knowledge intensive tools in data privacy. More especifically, we discuss the role of knowledge related tools in data protection and in disclosure risk assessment.
Vicenç Torra
Privacy in Data Publishing
Abstract
In modern digital society, personal information about individuals can be easily collected, shared, and disseminated. These data collections often contain sensitive information, which should not be released in association with respondents’ identities. Removing explicit identifiers before data release does not offer any guarantee of anonymity, since de-identified datasets usually contain information that can be exploited for linking the released data with publicly available collections that include respondents’ identities. To overcome these problems, new proposals have been developed to guarantee privacy in data release. In this chapter, we analyze the risk of disclosure caused by public or semi-public microdata release and we illustrate the main approaches focusing on protection against unintended disclosure. We conclude with a discussion on some open issues that need further investigation.
Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga

Data Privacy Management

A User-Oriented Anonymization Mechanism for Public Data
Abstract
A challenging task in privacy protection for public data is to realize an algorithm that generalizes a table according to a user’s requirement. In this paper, we propose an anonymization scheme for generating a k-anonymous table, and show evaluation results using three different tables. Our scheme is based on full-domain generalization and the requirements are automatically incorporated into the generated table. The scheme calculates the scores of intermediate tables based on user-defined priorities for attributes and selects a table suitable for the user’s requirements. Thus, the generated table meets user’s requirements and is employed in the services provided by users without any modification or evaluation.
Shinsaku Kiyomoto, Toshiaki Tanaka
FAANST: Fast Anonymizing Algorithm for Numerical Streaming DaTa
Abstract
Streaming data is widely used in today’s world. Data comes from different sources in streams, and must be processed online and with minimum delay. These data streams usually contain confidential data such as customers’ purchase information, and need to be mined in order to reveal other useful information like customers’ purchase patterns. Privacy preservation throughout these processes plays a crucial role. K-anonymity is a well-known technique for preserving privacy. The principle issues in k-anonymity are data loss and running time. Although some of the existing k-anonymity techniques are able to generate anonymized data with acceptable data loss, their main drawback is that they are very time consuming, and are not applicable in a streaming context since streaming data is usually very sensitive to delay, and needs to be processed quite fast. In this paper, we propose a cluster-based k-anonymity algorithm called FAANST (Fast Anonymizing Algorithm for Numerical Streaming daTa) which can anonymize numerical streaming data quite fast, while providing an admissible data loss. We also show that FAANST can be easily extended to support data streams consisting of categorical values as well as numerical values.
Hessam Zakerzadeh, Sylvia L. Osborn
Secret-Sharing Hardware Improves the Privacy of Network Monitoring
Abstract
Network service providers monitor the data flow to detect anomalies and malicious behavior in their networks. Network monitoring inspects the data flow over time and thus has to store packet data. Storing of data impedes the privacy of users. A radically new approach counteracts such privacy concerns by exploiting threshold cryptography. It encrypts all monitored traffic. The used symmetric keys are made available to monitoring entities only if they collect enough evidence of malicious behavior. This new approach overcomes weaknesses of packet anonymization. It calls for dedicated hardware that is able to encrypt packets and generate key-share information for gigabit networks. This article proves that the application of Shamir’s secret sharing scheme is possible. The presented hardware is able to protect up to 1.8 million packets per second. The creation of such a high-speed hardware required innovations on the algorithmic, the protocol, and on the architectural level. The outcome is a surprisingly small circuit that fits commercially available FPGA cards. It was tested under real-world conditions. It proved to protect the users’ privacy while monitoring gigabit networks.
Johannes Wolkerstorfer
Non-uniform Stepping Approach to RFID Distance Bounding Problem
Abstract
RFID systems are vulnerable to relay attacks (mafia fraud and terrorist fraud) as well as distance fraud. Several distance bounding protocols suitable to RFID systems were proposed to avoid these attacks. The common point of these protocols is to try to reduce success probability of the attacker. To the best of our knowledge, there is no RFID distance bounding protocol without final signature that provides success probability of attacker smaller than (3/4) n in the presence of all frauds. In this paper, we propose an RFID distance bounding protocol that creates binary responses by traversing the register with non-uniform steps based on the secret key in addition to binary challenges. Our protocol without final signature is the first to converge the success probability of the attacker to the ideal case, which is (1/2) n for all frauds. Furthermore, our protocol is robust against disturbances of channel, has low computational cost and also provides privacy.
Ali Özhan Gürel, Atakan Arslan, Mete Akgün
E-Ticketing Scheme for Mobile Devices with Exculpability
Abstract
An electronic ticket is a contract, in digital format, between the user and the service provider, and reduces both economic costs and time in many services such as air travel industries or public transport. However, the electronic ticket security has to be strongly guaranteed, as well as the privacy of their users. We present an electronic ticketing system that considers these security requirements and includes the exculpability as a security requirement for these systems, i.e users and the service provider can not falsely accuse each other of misbehaviour. The system ensures that either both parties receive their desired data from other or neither does (fair exchange). Furthermore, this scheme takes special care of the computational requirements on the users’ side, as we consider the use of mobile devices with light-weight cryptography, because they are the best positioned in order to manage the electronic tickets in the near future.
Arnau Vives-Guasch, Magdalena Payeras-Capella, Macià Mut-Puigserver, Jordi Castellà-Roca
Privacy Enforcement and Analysis for Functional Active Objects
Abstract
In this paper we present an approach for the enforcement of privacy in distributed active object systems, illustrate its implementation in the language ASPfun, and formally prove privacy based on information flow security.
Florian Kammüller
L–PEP: A Logic to Reason about Privacy–Enhancing Cryptography Protocols
Abstract
In recent years, many cryptography protocols have been designed for many different scenarios, with the purpose of preserving security of communications as well as privacy and anonymity of participant entities. In general, every proposed solution has possed a real challenge to the existing formal methods of protocol analysis and verification. The main goal of this work is the proposal of a logic to reason about privacy-enhancing monotonic and non–monotonic cryptography protocols. The new logic will be called L-PEP and it extends the existing Rubin’s logic of beliefs.
Almudena Alcaide, Ali E. Abdallah, Ana I. González–Tablas, José M. de Fuentes
Surveillance, Privacy and the Law of Requisite Variety
Abstract
In both the academic literature and in the media there have been concerns expressed about the level of surveillance technologies used to facilitate security and its effect upon privacy. Government policies in the USA and the UK are continuing to increase surveillance technologies to counteract perceived terrorist threats. Reflecting upon Ashby’s Law of Requisite Variety, the authors conclude that these policies will not meet espoused ends and investigate an alternative strategy for policy making. The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving ID management and privacy is considered as being supported by ID assurance solutions. As the means of exploring the relationship between surveillance and privacy in terms of the proposed methodology, the authors use scenarios from a public report commissioned by the UK Government. The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level.
Vasilios Katos, Frank Stowell, Peter Bednar
A Notation for Policies Using Feature Structures
Abstract
New security and privacy enhancing technologies are demanded in the new information and communication environments where a huge number of computers interact with each other in a distributed and ad hoc manner to access various resources. In this paper, we focus on access control because this is the underlying core technology to enforce security and privacy. Access control decides permit or deny according to access control policies. Since notations of policies are specialized in each system, it is difficult to ensure consistency of policies that are stated in different notations. In this paper, we propose a readable notation for policies by adopting the concept of feature structures, which has mainly been used for parsing in natural language processing. Our proposed notation is also logically well-founded, which guarantees strict access control decisions, and expressive in that it returns not only a binary value of permit or deny but also various result values through the application of partial order relations of the security risk level. We illustrate the effectiveness of our proposed method using examples from P3P.
Kunihiko Fujita, Yasuyuki Tsukada

Autonomous and Spontaneous Security

Securing P2P Storage with a Self-organizing Payment Scheme
Abstract
This paper describes how to establish trust for P2P storage using a payment-based scheme. This scheme relies on the monitoring of storage peers on a regular basis. The verification operations allow assessing peer behavior and eventually estimating their subsequent remuneration or punishment. The periodic verification operations are used to enforce the fair exchange of a payment against effective cooperative peer behavior. Payments are periodically provided to peers based on the verification results. Only cooperative peers are paid by data owners with the help of intermediates in the P2P network, thus accommodating peer churn. Moreover, our payment scheme does not require any centralized trusted authority to appropriately realize a large-scale system. Simulations in this paper evaluate the capability of the payment scheme to work as a sieve to filter out non cooperative peers.
Nouha Oualha, Yves Roudier
STARS: A Simple and Efficient Scheme for Providing Transparent Traceability and Anonymity to Reputation Systems
Abstract
Reputation systems play a vital role in constructing mutual trust relationships between different entities in autonomic computing networks by enforcing them to act as prescribed protocols or specifications. They can be, however, subverted and abused if the association rules between an entity’s identity and its reputation is exploited. While various anonymizating techniques can be used to prevent that, the extent of anonymity is extremely hard to be determined at an appropriate level, potentially allowing sophisticated attackers to correlate a party with its reputation. To manifest and further gain insights into such vulnerabilities, we systematically decompose the reputation system into four components from a functional perspective and use a set of performance metrics to examine them. Specifically, a new attack taxonomy is given, and a simple scheme termed STARS, which is transparent to particular reputation systems, is proposed for achieving both anonymity and traceability. We finally discuss implementation issues and validate performance through case studies, comparative analysis, and simulations.
Zonghua Zhang, Jingwei Liu, Youki Kadobayashi
DualTrust: A Distributed Trust Model for Swarm-Based Autonomic Computing Systems
Abstract
For autonomic computing systems that utilize mobile agents and ant colony algorithms for their sensor layer, trust management is important for the acceptance of the mobile agent sensors and to protect the system from malicious behavior by insiders and entities that have penetrated network defenses. This paper examines the trust relationships, evidence, and decisions in a representative system and finds that by monitoring the trustworthiness of the autonomic managers rather than the swarming sensors, the trust management problem becomes much more scalable and still serves to protect the swarm. We propose the DualTrust conceptual trust model. By addressing the autonomic manager’s bi-directional primary relationships in the ACS architecture, DualTrust is able to monitor the trustworthiness of the autonomic managers, protect the sensor swarm in a scalable manner, and provide global trust awareness for the orchestrating autonomic manager.
Wendy Maiden, Ioanna Dionysiou, Deborah Frincke, Glenn Fink, David E. Bakken
MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies
Abstract
We present the core functionality of MIRAGE, a management tool for the analysis and deployment of configuration policies over network security components, such as firewalls, intrusion detection systems, and VPN routers. We review the two main functionalities embedded in our current prototype: (1) a bottom-up analysis of already deployed network security configurations and (2) a top-down refinement of global policies into network security component configurations. In both cases, MIRAGE provides intra-component analysis to detect inconsistencies in single component deployments; and inter-component analysis, to detect multi-component deployments which are not consistent. MIRAGE also manages the description of the security architecture topology, to guarantee the proper execution of all the processes.
Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia, Stere Preda
A DSL for Specifying Autonomic Security Management Strategies
Abstract
Existing self-protection frameworks so far hardly addressed the specification of autonomic security adaptation strategies which guide risk-aware selection or reconfiguration of security mechanisms. Domain-Specific Languages (DSL) present many benefits to achieve this goal in terms of simplicity, automated strategy verification, and run-time integration. This paper presents a DSL to describe security adaptation policies. The DSL is based on the condition-action approach and on a taxonomy of threats and applicable reactions. The DSL also allows to capture trade-offs between security and other concerns such as energy efficiency during the decision making phase. A translation mechanism to refine the DSL into a run-time representation, and integrate adaptation policies within legacy self-protection frameworks is also presented.
Ruan He, Marc Lacoste, Jacques Pulou, Jean Leneutre
Secure and Scalable RFID Authentication Protocol
Abstract
The radio frequency identification (RFID) enables identifying an object remotely via radio waves. This feature has been used in a huge number of applications, reducing dramatically the costs in some production processes. Nonetheless, it also poses serious privacy and security risks to them. Thus, researchers have presented secure schemes that prevent attackers from misusing the information which is managed in those environments. These schemes are designed to be very efficient at the client-side, due to the limited resources of the tags. However, they should be efficient at the server-side also, because the server manages a high number of tags, i.e. any proposal must be scalable in the number of tags. The most efficient schemes are based on client-server synchronization. The answer of the tag is previously known by the server. These kind of schemes commonly suffers desynchronization attacks. We present a novel scheme with two main features: (i) it improves the scalability at the sever-side; and (ii) the level of resistance to desynchronization attacks can be configured.
Albert Fernàndez-Mir, Jordi Castellà-Roca, Alexandre Viejo
Some Ideas on Virtualized System Security, and Monitors
Abstract
Virtualized systems such as Xen, VirtualBox, VMWare or QEmu have been proposed to increase the level of security achievable on personal computers. On the other hand, such virtualized systems are now targets for attacks. We propose an intrusion detection architecture for virtualized systems, and discuss some of the security issues that arise. We argue that a weak spot of such systems is domain zero administration, which is left entirely under the administrator’s responsibility, and is in particular vulnerable to trojans. To avert some of the risks, we propose to install a role-based access control model with possible role delegation, and to describe all undesired activity flows through simple temporal formulas. We show how the latter are compiled into Orchids rules, via a fragment of linear temporal logic, through a generalization of the so-called history variable mechanism.
Hedi Benzina, Jean Goubault-Larrecq
Backmatter
Metadata
Title
Data Privacy Management and Autonomous Spontaneous Security
Editors
Joaquin Garcia-Alfaro
Guillermo Navarro-Arribas
Ana Cavalli
Jean Leneutre
Copyright Year
2011
Publisher
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-19348-4
Print ISBN
978-3-642-19347-7
DOI
https://doi.org/10.1007/978-3-642-19348-4

Premium Partner

    Image Credits