Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Setting the Stage Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

6. Technical Tools and Designs for Data Protection

verfasst von : Aurelia Tamò-Larrieux

Erschienen in: Designing for Privacy and its Legal Framework

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter delves into the specific technical tools and designs for data protection key for a privacy by design and default approach. After presenting an introductory scenario, we go on to classify the available privacy and data protection technologies into security, anonymity, autonomy, and transparency tools and designs. Following this taxonomy, the subsequent sections describe the individual tools, techniques, and designs in more details.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Privacy and Data Protection Regulation in Europe
Nächstes Kapitel Mapping the Privacy Protection Tools Throughout the Life Cycle of Data
Fußnoten
1
Gürses, p. 36 distinguishing the term cryptography and privacy. Note that research on cryptography had been established before 1967.
 
2
Gürses, pp. 36-37; cf. also Fischer-Hübner, p. 2143.
 
3
Cf. on the overlap and interplay of the technical tools Chap. 8; the limitations of the technical tools will be discussed in Chap. 10.
 
4
Cf. i.a. Freiling et al., pp. 15-16; Stapleton, pp. 40-47; cf. also Collins, Assessment, pp. 281-287; Panko, pp. 72 et seqq.; Misra/Maheswaran/Hashmi, pp. 24 et seqq.
 
5
Stapleton, pp. 42-44.
 
6
Freiling et al., pp. 15-16; Stapleton, pp. 51-52.
 
7
Federrath/Pfitzmann, pp. 862-863; Freiling et al., pp. 15-16; Stapelton, p. 61; cf. also Yannacopoulos et al., pp. 350-357 proposing a model to determine how much a data subject would claim compensation in case of a data breach.
 
8
Note that ISO 27000 standards are concerned with keeping information assets secure. Cf. on ISO 27000 standards also Chap. 8; cf. also Brenner et al., p. 9; Calder/Watkins, pp. 35 et seqq.
 
9
Cf. ITSEC 1991, Art. 0.2 stating that IT security means “confidentiality—prevention of the unauthorised disclosure of information; integrity—prevention of the unauthorised modification of information; availability—prevention of the unauthorised withholding of information or resources.”; cf. NIST 2013, defining information security as the “protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.”
 
10
Cf. ISO/IEC 27000:2014, Art. 2.12, 2.40, 2.9; ITSEC 1991, Art. 0.2; NIST 2013; cf. also Brenner et al., pp. 3 et seqq.; Calder/Watkins, pp. 35 et seqq.
 
11
Cf. Chap. 3; cf. also Brenner et al., pp. 3-5; Camp, p. 69; Stapleton, p. 211.
 
12
Cf. i.a. Federrath/Pfitzmann, pp. 859-860; Pfleeger/Pfleeger, pp. 10-12; Pohl, pp. 679-681.
 
13
Next to the above referenced standards many cryptography textbooks define those components of security. Cf. i.a. Adams/Lloyd, pp. 37-43; Camp, pp. 68-77; Federrath/Pfitzmann, pp. 859-860; Hankerson/Menezes/Vanstone, pp. 2-5; Kapoor/Pandya, p. 30.
 
14
ISO/IEC 27000: 2016, Art. 2.33; according to Avižienis et al., p. 23 accountability, authenticity, and non-repudiability are secondary attributes of security; cf. also Brenner et al., pp. 3-5; Camp, pp. 73-77.
 
15
Cf. ISO/IEC 27000: 2016, Art. 2.8; Pfleeger/Pfleeger, p. 62; Markwalder, pp. 9-10; Schmeh, pp. 203-404; cf. also Brenner et al., pp. 3-5; cf. also OECD, Authentication, 2007, pp. 16 et seqq.
 
16
Camp, pp. 76-77; Hankerson/Menezes/Vanstone, pp. 2-5; Markwalder, pp. 12-13; cf. also Brenner et al., pp. 3-5.
 
17
Pfitzmann/Hansen, pp. 9-10; cf. also Spindler/Schmechel, pp. 165 et seqq.
 
18
Pfitzmann/Hansen, p. 10; cf. also Wang/Reeves, p. 49; IETF, Privacy Considerations, p. 19.
 
19
The term pseudonym comes from the Greek words pseudo and numon, which translate into the falsely named.
 
20
Pfitzmann/Hansen, p. 33; cf. also Camenisch et al., p. 12.
 
21
Pfitzmann/Hansen, p. 12-16, cf. also Birrell/Schneider, p. 37, p. 42; Wang/Reeves, p. 49.
 
22
Pfitzmann/Hansen, p. 16-17; Wang/Reeves, p. 49.
 
23
Pfitzmann/Hansen, p. 16-17.
 
24
Trombetta/Jiang/Bertino, p. 9; cf. also ISO/IEC 29000: 2011 defining anomymization as the “process by which personally identifiable information (PII) is irreversibly altered in such a way that a PII principal can no longer be identified directly or indirectly, either by the PII controller alone or in collaboration with any other party.”
 
25
Cf. WP 29, Opinion on Anonymisation Techniques, p. 12; cf. also Trombetta/Jiang/Bertino, p. 8.
 
26
The term autonomy stems from the Greek word autonomia combining auto (i.e., self) and nomo (i.e., law).
 
27
Pfleeger/Pfleeger, p. 604; cf. also Bellotti/Sellen, p. 78; Schneier, Blog on Security: Privacy and Control, 2010.
 
28
Cf. i.a. Hedbom, p. 69; ENISA Report, 2014, pp. 44-45 relying on Hedbom’s classification; other classifications provided by Hildebrant, Profiling, p. 305; Janic/Wijbenga/Veugen, pp. 21 et seqq.; Zimmermann, TETs, provides a classification of TETs based on various parameters such as a time component, data type, delivery mode (e.g., push or pull mechanisms), target audience, scope, etc.
 
29
Janic/Wijbenga/Veugen, p. 21; ENISA Report, 2014, p. 45.
 
30
The term cryptology stems from the Greek words kyptós and logós which translate into the science of the secret or the hidden.
 
31
Brooks, p. 76; Cozzens/Miller, p. 1; Kahn, p. xviii; Mollin, p. 79. Note that encryption methods are not a peculiarity of the digital environment. Basic encryption methods have been used for the last 4,000 years in the analog world. Cf. Cozzens/Miller, pp. 2-8; Kahn, pp. 71 et seqq.
 
32
Cf. for cryptology vocabulary Kahn, pp. xv-xviii; Mollin, p. 79. Two cipher structures are typically considered: stream (or shift) cipher and block cipher. A stream cipher encrypts digital data one bit or byte (1 byte encompasses 8 bits) at a time, while a block cipher encrypts blocks of plaintext as a whole and produces ciphertext blocks of the same length. Cf. Mollin, p. 110; Pfleeger/Pfleeger, p. 62; Stallings, p. 83; Wu/Irwin, p. 926..
 
33
Note that today usually a keyword is fed to a generator that deterministically creates a long stream (which is a function of the keyword). A simple stream cipher model is the Ceaser cipher. The key in the Ceaser cipher is shifting a letter n by n+k. Cf. Brooks, pp. 78-79; Cozzens/Miller, p. 24; Herold/Lurz/Wohlrab, pp. 772-773; Kahn, p. 84; Mollin, pp. 82-84; Pfleeger/Pfleeger, pp. 44-46; Schmeh, pp. 43-44.
 
34
Cf. Anderson, pp. 132-134; Garrett, p. 10; Herold/Lurz/Wohlrab, pp. 773-775; Mollin, pp. 112-113; Stallings, p. 83.
 
35
Kahn, p. 396; Herold/Lurz/Wohlrab, pp. 773-775; Stallings, p. 67.
 
36
Kahn, p. 396; Herold/Lurz/Wohlrab, pp. 773-775.
 
37
The national Bureau of Standards (currently the National Institute of Standards and Technology) issued in 1977 the DES as a US Federal Information Processing Standard 46 (FIBS PUB 46). Cf. also Feistel, pp. 15-23; Kahn, p. 980; Mollin, p. 133; Pfleeger/Pfleeger, pp. 68-69; Schmeh, pp. 81-83; Stallings, p. 92; Wu/Irwin, pp. 917-918.
 
38
Brooks, pp. 83-85; Schmeh, p. 86; Stallings, p. 92.
 
39
Cozzens/Miller, p. 13; Garrett, p. 100; Ferguson/Schneier, pp. 51-54; Ferguson/Schneier/Kohno, p. 51; Schmeh, pp. 89-91.
 
40
Brooks, pp. 85-87; Ferguson/Schneier, p. 55; Ferguson/Schneier/Kohno, pp. 54-56; Mollin, p. 152; Pfleeger/Pfleeger, pp. 73-75; Schmeh, pp. 127-129; Wu/Irwin, p. 920.
 
41
Brooks, pp. 85-87; Ferguson/Schneier, p. 55; Ferguson/Schneier/Kohno, pp. 54-56; cf. comparison table in Pfleeger/Pfleeger, pp. 73-75; Schmeh, pp. 128-134; Wu/Irwin, p. 920.
 
42
Cf. Ferguson/Schneier, pp. 21-23.
 
43
Ferguson/Schneier, p. 23; Panko, pp. 109-110.
 
44
Ferguson/Schneier, p. 23; cf. also Kapoor/Pandya, pp. 38-40.
 
45
End-to-end encryption means encrypting messages at the “end points of a communication channel,” i.e., at Alice’s device and Bob’s device. Both possess the keys to decrypt the message. Cf. Berkman Center Report, Don’t Panic, 2016, p. 4.
 
46
Cf. i.a. Garrett, pp. 58 et seqq.; Ferguson/Schneier, pp. 21 et seqq.; Panko, pp. 114 et seqq.
 
47
Adams/Lloyd, pp. 9-12; Diffie/Landau, pp. 35-36; Mollin, pp. 157-160; Stallings, pp. 275-279. The concept of using both a private and secret key was first by Diffie/Hellman, pp. 644-654; cf. also Cozzens/Miller, p. 13; Hankerson/Menezes/Vanstone, pp. 4-5; Herold/Lurz/Wohlrab, p. 776; Kahn, pp. 982-983.
 
48
Cf. Brooks, pp. 90-91; Hankerson/Menezes/Vanstone, pp. 6-8; Langheinrich, pp. 85-86; Mollin, pp. 160-161; Pfleeger/Pfleeger, pp. 77-78; Rivest/Shamir/Adleman, pp. 120-126; Stallings, pp. 274-289.
 
49
The fundamental idea behind the RSA cipher is that it remains difficult to factor large numbers into prime numbers, (i.e., numbers that can only be divided by 1 or the number itself). Cf. Cozzens/Miller, pp. 214-217; Garrett, pp. 162-170; Mollin, p. 160. The system works like this: Alice selects two large (preferably of almost equal size) prime numbers, p and q, which she multiplies, resulting in the number n, the RSA modulus. The numbers p and q remain secret, while n is public information (cf. Ferguson/Schneier, p. 229; Kahn, p. 982.). Keeping p and q secret is important as they work as so-called trapdoor, allowing to invert the function. Cf. also Ferguson/Schneier, p. 223, stating that this “trapdoor functionality allows RSA to be used both for encryption and digital signatures”; Brooks, pp. 85-87; Cozzens/Miller, pp. 294-295; Hankerson/Menezes/Vanstone, pp. 6-8; Herold/Lurz/Wohlrab, pp. 777-779; Schmeh, pp. 190-198; Stallings, pp. 284-292.
 
50
It is assumed that for this step Bob does not need Alice’s key. In other words, Bob is able to lock Alice locker without using any additional tool such as a key.
 
51
Herold/Lurz/Wohlrab, p. 776; Mollin, pp. 160-162.
 
52
Cf. Ferguson/Schneier, p. 223; Herold/Lurz/Wohlrab, p. 776; Langheinrich, p. 85; Stallings, pp. 282-284.
 
53
Cf. Schneier, Applied Cryptography, pp. 467 et seqq.
 
54
Ferguson/Schneier, p. 27; cf. also Stallings, p. 275.
 
55
Kahn, p. 982; cf. also Cozzens/Miller, pp. 219-220; Hankerson/Menezes/Vanstone, p. 4.
 
56
Langheinrich, p. 86; Garrett, p. 166; Ferguson/Schneier/Kohno, pp. 27-29.
 
57
Adams/Lloyd, pp. 12-14; Markwalder, pp. 22-25; Nash et al., pp. 45-48.
 
58
Sullivan, ECC, 2013; Wu/Irwin, p. 972.
 
59
Hankerson/Menezes/Vanstone, p. 15 and pp. 18-19, in particular table 1.1 comparing the efficiency of ECC and RSA which demonstrates that bit length of 160 for the ECC achieves the same security level than 1024 RSA. Cf. also Anderson, p. 179; Sullivan, ECC, 2013.
 
60
Desai et al., p. 397; Sullivan, ECC, 2013.
 
61
Cf. ENISA Report 2014, p. 43; cf. on how homomorphic encryption works in particular Gentry, pp. 169 et seqq.; Yi/Paulet/Bertino, pp. 27 et seqq.
 
62
Yi/Paulet/Bertino, pp. 27 et seqq.
 
63
Developed by Popa et al., pp. 85 et seqq.
 
64
Cf. i.a. Camp, pp. 68-77; Federrath/Pfitzmann, pp. 859-860; Hankerson/Menezes/Vanstone, pp. 2-5; Pfleeger/Pfleeger, pp. 10-12.
 
65
Note that the connection can fail to authenticate the server, but the communication would still be encrypted using TSL. Cf. below Sect. 6.3.4.
 
66
ENISA Report, 2014, pp. 22-23.
 
67
Cf. eduroam website <https://​www.​eduroam.​org/​> (last visited November 2017).
 
68
Note that while the terminology digital signature is defined “technically,” i.e., it refers to a technical process based on public-key-cryptography which guarantees authenticity and data integrity, the terminology electronic signature is more used in the legal context (cf. e.g., Directive 1999/93/EC). Yet, this difference is not highly relevant as there are no alternatives to public-key cryptography when the information is exchanged in a so-called “open user group,” (i.e., when the first exchanges are done electronically leaving no possibility to exchange a secret key by using asymmetric encryption tools). Cf. Schlauri, pp. 11-12.
 
69
A typical scenario includes a demand from Alice to her bank, which requires the bank to perform a certain transaction involving Alice’s account. In such a case, the bank needs to be certain that the request is actually coming from Alice and not an intruder. Cf. i.a. Cozzens/Miller, p. 219; Adams/Lloyd, pp. 14-16; Schmeh, p. 201.
 
70
Garrett, p. 288; Pfleeger/Pfleeger, pp. 82-83.
 
71
Ferguson/Schneier/Kohno, p. 200; Schneier, Applied Cryptography, p. 37; cf. also Anderson, pp. 178-179.
 
72
Cf. Sect. 6.3.1; cf. also Cozzens/Miller, pp. 219-220; Creutzig/Buhl, pp. 30-33; Kapoor/Pandya, pp. 68-69; Langheinrich, p. 87; Markwalder, pp. 16-18.
 
73
The reasons for not signing the whole message m but applying the hash function H and singing H(m) instead is that most digital signature schemes are computational intensive. A message can be millions of bits, while a hash is typically between 128 and 512 bits. It is thus faster to sign the h than the m directly. However, one requirement is, that two messages m1 and m2 do not hash to the same value. Cf. Ferguson/Schneier, p. 83; cf. also Cozzens/Miller, p. 221; Kapoor/Pandya, pp. 66-69; Langheinrich, p. 88; Markwalder, pp. 17-18.
 
74
Ferguson/Schneier, p. 83; Ferguson/Schneier/Kohno, p. 77; Kapoor/Pandya, pp. 67-68; Katz, pp. 53-55; Panko, pp. 125-126; Schmeh, p. 226; Stallings, pp. 334-339, p. 343; Wu/Irwin, pp. 886-888.
 
75
Ferguson/Schneier, pp. 83-84; Kapoor/Pandya, p. 67; Oppliger, pp. 28-29; cf. also Stallings, pp. 334-339, p. 343.
 
76
Stallings, p. 336; cf. also Kapoor/Pandya, p. 68.
 
77
Both the metaID and key could be e.g., printed on the good itself or inside the package, cf. Langheinrich, RFID, pp. 344-346; Suzuki/Ohkubo/Kinoshita, p. 636; cf. Chap. 4 for further references.
 
78
Anderson, pp. 163-165; Kapoor/Pandya, p. 68; Stallings, p. 338; Stapleton, p. 199; Wu/Irwin, pp. 891-893. MACs can be based on different algorithms such as hash function (so-called HMAC) or block ciphers. Cf. Stallings, p. 396; cf. also Ferguson/Schneier/Kohno, pp. 91-95.
 
79
Ferguson/Schneier, pp. 97-98; Ferguson/Schneier/Kohno, pp. 89-90; Stallings, pp. 338-339, pp. 382-384.
 
80
Wang/Kobsa, pp. 352 et seqq.; Renaud, pp. 104-105; Schneier, Digital Security, pp. 145-147; Stapleton, pp. 94-100.
 
81
Anderson, pp. 457 et seqq.; Schneier, Digital Security, pp. 141-145; cf. also Adams/Sasse, p. 40; Chapple et al., p. 8.
 
82
Cf. Anderson, pp. 464 et seqq.; Economist, Shifting identity, 2015.
 
83
Anderson, p. 481, cf. also pp. 477 et seqq. on potential failures of biometric identification systems.
 
84
Cf. Juels/Rivest, pp. 1 et seqq.
 
85
Juels/Rivest, p. 2.
 
86
Schneier, Applied Cryptography, pp. 151-152.
 
87
Ferguson/Schneier/Kohno, p. 228; Schneier, Applied Cryptography, p. 52.
 
88
Cf. e.g., RainbowCrack website <http://​project-rainbowcrack.​com/​> (last visited November 2017).
 
89
Ferguson/Schneier/Kohno, pp. 304-305; Schneier, Applied Cryptography, pp. 52-53.
 
90
A study issued in 2012 which analyzed 70 millions Yahoo passwords, showed that around 1% of users use the same password (such as 123456) and that passwords were roughly equivalent to 10-bit strength keys. Cf. Bonneau, pp. 538-552; cf. also Anderson, pp. 32 et seqq.; Panko, pp. 209-211; Wu/Irwin, pp. 893-894, p. 898.
 
91
Cf. Wang/Kobsa, pp. 352 et seqq.; Renaud, pp. 104-105; Schneier, Digital Security, pp. 145-147; Stapleton, pp. 94-100; cf. also Wu/Irwin, pp. 901 et seq. one-time passwords and token valid only for a single login session. Note that a two-factor authentication can be combined of any two ways of verification stated above, such as a combination of “something I know” (e.g., a PIN, password), “something I have” (e.g., a mobile phone, ATM card), “something I am” (e.g., fingerprint, retina, voice), or even “where I am” (any location specific data).
 
92
Juels/Rivest, pp. 1 et seqq.
 
93
The introduction of honeywords necessitates a verification system, in which the correct password P i is indexed (so-called honeychecker), and the generation of “bogus passwords” which look real. In fact, if the honeywords look totally unlike the structure of Pi then it will be easy for an attacker to determine the real password (e.g., P i = password1, and the generated honeywords are P1 = asdf123 and P2 = 123asdf than it is easy to guess the correct password). Therefore, honeywords generation system must be designed carefully taking in mind this weakness. Juels/Rivest, pp. 1 et seqq.
 
94
Adams/Lloyd, pp. 12-14; Markwalder, pp. 22-25; Nash et al., pp. 45-48; Panko, pp. 137-140; cf. also Spies, pp. 83 et sqq.
 
95
The X.509v3 certificate is the most widely employed one. Markwalder, p. 24; Spies, p. 79, pp. 92-93; cf. also Adams/Lloyd, pp. 71 et seqq.; Panko, p. 138; Schmeh, pp. 516-518, pp. 536-543; ISO/IEC 9594-8: 2008; IETF, Internet X.509 Public Key Infrastructure Certificate.
 
96
Adams/Lloyd, pp. 71 et seqq.; Markwalder, pp. 24-25; Nash et al., pp. 72-74; Schmeh, pp. 536-540.
 
97
Chapple et al., pp. 299-300; Ferguson/Schneier/Kohno, pp. 275-276; Schmeh, p. 519, p. 522, pp. 550 et seqq.
 
98
Ferguson/Schneier/Kohno, pp. 283-285; cf. also Spies, p. 80, pp. 85-87 stating that the revocation of a certificate is an important element required to build a secure system.
 
99
Comodo, Symantec, and GoDaddy are currently dominating the CA market. Cf. W3Tech Surveys website <https://​w3techs.​com/​technologies/​overview/​ssl_​certificate/​all?​key5sk1=​c64a84083542232a​05a37ed4ce2ed7f7​0299dfc7> (last visited November 2017).
 
100
Ferguson/Schneier/Kohno, p. 292.
 
101
Cf. Adams/Lloyd, pp. 21-35; Binder, p. 7; Chapple et al., pp. 289-290; Ferguson/Schneier/Kohno, pp. 275-276; Markwalder, pp. 22-27; Spies, p. 75 et seqq.
 
102
The X.509 standard is the most widely used one for certificate based PKIs. It lays down a system of CAs which issue certificates for users, websites, or other entities that have a private key. Cf. Spies, p. 79; Wu/Irwin, pp. 990-991.
 
103
Chapple et al., p. 289.
 
104
Ferguson/Schneier/Kohno, pp. 285 et seqq.
 
105
Ferguson/Schneier/Kohno, pp. 284; cf. also Markwalder, p. 21; Spies, p. 80; cf. Adams/Lloyd, pp. 131-148 on the different trust models (e.g., hierarchical trust models, Web of Trust models, etc.).
 
106
Thus even if a universal PKI would be efficient, the ability to guarantee security and thereby trust is unrealistic, cf. Ferguson/Schneier/Kohno, pp. 284. Therefore, PGP or other distributed Web of Trust architectures might be an interesting approach.
 
107
The TLS was developed by the IETF in 1996. The aim was to standardize an SSL-like protocol (until 1996 Netscape and Microsoft had been developing different security protocols; SSL 1.0, SSL 2.0, SSL 3.0). Cf. Brooks, pp. 104-105; Davies, chapter 6; Oppliger, pp. 68-72; Panko, pp. 153 et seqq.; Rescorla, pp. 44-50; Thomas, pp. 4-7, pp. 117 et seqq.; Wu/Irwin, pp. 1009-1010; IETF, TLS Protocol 1.0.
 
108
A protocol is a standard that guides the connection and data transfer between endpoints.
 
109
Brooks, pp. 104-105; Langheinrich, pp. 86-87; Mollin, p. 243; Oppliger, pp. 65-73; Rescorla, pp. 43-53; cf. also Wu/Irwin, pp. 1009-1010; IETF, TLS Protocol 1.0; IETF, SSL Protocol 3.0; IETF, Recommendations for Secure Use of TLS. Note the public-key infrastructure mentioned above is the underlying technology that provides security for the TSL; ENISA Report, 2014, pp. 27-28.
 
110
Goldberg, p. 11 stating that SSL and TSL are the most widely used privacy-enhancing technology; cf. also Wu/Irwin, p. 1009; cf. also IETF, Recommendations for Secure Use of TLS; ENISA Report, 2014, pp. 27-29. Note that also TLS is subject to attacks, cf. IETF, Summarizing Known Attacks on TLS.
 
111
Herold/Lurz/Wohlrab, p. 456.
 
112
Brooks, pp. 104-107; Langheinrich, p. 86; Mollin, p. 243; Oppliger, pp. 65-73; Rescorla, pp. 44-55; Thomas, pp. 68-69.
 
113
Cf. Brooks, pp. 104-110; Davies, pp. 297 et seqq., pp. 381 et seqq.; Mollin, pp. 243-249; Rescorla, pp. 57-82; Thomas, pp. 37-52; Wu/Irwin, pp. 1010 et seqq.
 
114
Cf. e.g., website <www.​gogetssl.​com> offering certificates at a low price from different CA.
 
115
Arnbak, pp. 204-205.
 
116
Arnbak, pp. 204-205.
 
117
Langheinrich, pp. 86-87, Rescorla, pp. 44-55.
 
118
Mollin, p. 249; Rescorla, pp. 44-45; Thomas, pp. 2-4.
 
119
Langheinrich, p. 87; Opplinger, p. 75; Rescorla, p. 55.
 
120
Calder/Watkins, p. 151; Steinberg/Speed, pp. 11 et seqq.
 
121
Steinberg/Speed, pp. 33 et seqq.
 
122
Cf. Schneier, Digital Security, pp. 193-194.
 
123
Pfleeger/Pfleeger, pp. 26-27; Panko, pp. 198 et seqq.; Stallings, Physical Security, p. 109; cf. also ISO/IEC 27001, A.9. on the security of the environment, or A.8. on screening of personnel; cf. also Brenner et al., pp. 64 et seqq.
 
124
Cf. Catuogno/Turchi, p. 207 on IDS for Internet of Things devices such as SVELTE proposed by Raza/Wallgren/Vogt, pp. 2661 et seqq.
 
125
Pfleeger/Pfleeger, p. 26; cf. also Brenner et al., pp. 87 et seqq.; cf. ISO/IEC 27001, A.10.4.
 
126
Cf. on firewalls Panko, pp. 251 et seqq.; Wu/Irwin, pp. 807 et seqq.
 
127
Pfleeger/Pfleeger, p. 27; cf. also Catuogno/Turchi, p. 207; Federrath/Pfitzmann, pp. 872-875; Schneier, Digital Security, pp. 212-216; cf. ISO/IEC 27001, A.10.5-7.
 
128
Pfleeger/Pfleeger, p. 27; cf. also Brenner et al., pp. 78 et seqq.; Calder/Watkins, pp. 184 et seqq.; Chapple et al., pp. 178 et seqq. on phyiscal security; Collins, pp. 273-275; Federrath/Pfitzmann, pp. 872-875; Schmeh, pp. 329-332; Stapleton, p. 72; Stallings, Physical Security, p. 109; ISO/IEC 27001, A.9.1.
 
129
Calder/Watkins, pp. 184 et seqq.; Stallings, Physical Security, pp. 109-110.
 
130
Trombetta/Jiang/Bertino, p. 9; cf. also Domingo-Ferrer/Sánchez/Soria-Comas, pp. 15 et seqq.; WP 29, Opinion on Anonymisation Techniques, pp. 12-14.
 
131
Domingo-Ferrer/Sánchez/Soria-Comas, p. 15; Trombetta/Jiang/Bertino, p. 9; WP 29, Opinion on Anonymisation Techniques, p. 12.
 
132
Domingo-Ferrer/Sánchez/Soria-Comas, pp. 16-18; Trombetta/Jiang/Bertino, pp. 8-9; ENISA Report, 2014, pp. 34-35.
 
133
Trombetta/Jiang/Bertino, p. 9.
 
134
Trombetta/Jiang/Bertino, p. 10.
 
135
Datta, p. 6; Fienberg/McIntyre, pp. 14-17; Trombetta/Jiang/Bertino, p. 10; Raghunathan, pp. 174-175; WP 29, Opinion on Anonymisation Techniques, p. 13; ENISA Report, 2014, p. 35; cf. also Dalenius/Reiss, pp. 73 et seqq. who were the first to propose the data swapping technique; Domingo-Ferrer/Sánchez/Soria-Comas, p. 18.
 
136
Datta, p. 6; Fienberg/McIntyre, pp. 14-17; Trombetta/Jiang/Bertino, p. 10; WP 29, Opinion on Anonymisation Techniques, p. 13.
 
137
Dwork, pp. 1-12; Dwork/Smith, pp. 136 et seqq.; cf. also WP 29, Opinion on Anonymisation Techniques, p. 15.
 
138
WP 29, Opinion on Anonymisation Techniques, p. 15; NIST De-Identification of Personal Information, 2015, pp. 7-8; cf. also Harvard University Privacy Tools Project website on differential privacy: <http://​privacytools.​seas.​harvard.​edu/​differential-privacy> (last visited April 2018).
 
139
WP 29, Opinion on Anonymisation Techniques, p. 12.
 
140
E.g. Fitbit Charge measures heart-rate variability, cf. Sawh, Wearable News Blog, 2016.
 
141
Taelman et al., pp. 1366 et seqq.
 
142
Cf. Jensen/Lu/Yiu, pp. 36 et seqq.; cf. also Pfitzmann et al., pp. 38 et seqq.
 
143
Domingo-Ferrer/Sánchez/Soria-Comas, pp. 15-16; Raghunathan, pp. 176 et seqq.; WP 29, Opinion on Anonymisation Techniques, p. 16.
 
144
Domingo-Ferrer/Sánchez/Soria-Comas, pp. 31-33; Sweeney, p. 564; Trombetta/Jiang/Bertino, pp. 11-12; cf. also WP 29, Opinion on Anonymisation Techniques, p. 16; NIST De-Identification of Personal Information, 2015, pp. 20-21.
 
145
For example, generalizing numerical values can be achieved by recoding them in interval values (e.g., instead of height 170cm, a range of 170-180cm). Cf. Trombetta/Jiang/Bertino, pp. 11-12; cf. also ENISA Report, 2014, pp. 32-34.
 
146
Domingo-Ferrer/Sánchez/Soria-Comas, pp. 31-33; Sweeney, pp. 564 et seqq.; Trombetta/Jiang/Bertino, pp. 11-12; WP 29, Opinion on Anonymisation Techniques, pp. 16-17.
 
147
Cf. Sweeney, p. 566; Trombetta/Jiang/Bertino, p. 12; WP 29, Opinion on Anonymisation Techniques, p. 17.
 
148
Trombetta/Jiang/Bertino, p. 12; WP 29, Opinion on Anonymisation Techniques, p. 18.
 
149
WP 29, Opinion on Anonymisation Techniques, p. 18; cf. also Domingo-Ferrer/Sánchez/Soria-Comas, pp. 47-48; Trombetta/Jiang/Bertino, p. 12.
 
150
WP 29, Opinion on Anonymisation Techniques, p. 20; cf. Pfitzmann/Hansen, p. 21.
 
151
WP 29, Opinion on Anonymisation Techniques, pp. 20-21; NIST De-Identification of Personal Information, 2015, pp. 16-17.
 
152
Pfitzmann/Hansen, p. 33.
 
153
Camenisch et al., p. 12.
 
154
Cf. Birrell/Schneider, pp. 38 et seqq.; cf. also IERC, IoT Report, 2015, pp. 68-70.
 
155
Birrell/Schneider, p. 39, cf. also pp. 39-42 elaborating further on the different models of interaction between identity provider, service provider, and user. A typical setting would include the user requesting a service from the service provider and the service provider demanding an authorization assertion either directly form the user’s identity provider, user’s local client or the user. Once the service provider receives the assertion it provides the user with the service. Cf. also Pfitzmann/Hansen, p. 33 defining identity management as “managing various partial identities (usually denoted by pseudonyms) of an individual person, i.e., administration of identity attributes including the development and choice of the partial identity and pseudonym to be (re)used in a specific context or role.”
 
156
Birrell/Schneider, pp. 42-43; cf. also Palfrey/Gasser, pp. 12 et seqq.
 
157
Cf. Birrell/Schneider, pp. 42-43; Palfrey/Gasser, pp. 16-17.
 
158
Cf. official e-Estonia website <https://​e-estonia.​com/​component/​electronic-id-card/​> (last visited November 2016).
 
159
Birrell/Schneider, p. 43.
 
160
Birrell/Schneider, p. 43; De Miscault, pp. 47 et seqq.
 
161
Rountree, p. 29; Laurent et al., p. 35.
 
162
Rountree, pp. 29-30.
 
163
Cf. Birrell/Schneider, p. 43; Palfrey/Gasser, p. 12.
 
164
Camenisch et al., p. 7; Birrell/Schneider, p. 43; cf. also IERC, IoT Report, 2015, pp. 68 et seqq. and the EU FP6 and FP7 projects on PRIME and PrimeLife.
 
165
Camenisch et al., p. 7.
 
166
Fischer-Hübner et al., pp. 233-238. Under the role-centered model user can create multiple identities and define and set various disclosure rules depending on the identity used. The relationship-centered model adapts the privacy preferences of users depending on the communication partner. The town-map-based model sets varying privacy default settings depending on specific areas, such as work area.
 
167
Birrell/Schneider, p. 43.
 
168
Birrell/Schneider, p. 43.
 
169
Birrell/Schneider, p. 43.
 
170
Cf. Gürses/Troncoso/Diaz, unpaginated with an example of birth data (i.e., being able to prove that one is over 18 without revealing the actual data of birth or any other information). Cf. also Quisquater/Guillou/Berson, pp. 628 et seqq. on zero knowledge proofs.
 
171
Brunton/Nissenbaum, unpaginated. Cf. also Brunton/Nissenbaum, Obfuscation, p. 1 stating that “obfuscation is the deliberate addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection.”
 
172
ENISA Report, 2014, p. 29.
 
173
Brunton/Nissenbaum, unpaginated; cf. also Pasquale, p. 6. An example of sending out more information than needed is provided by Howe/Nissenbaum, pp. 417-420 namely the TrackMeNot function. TrackMeNot is a Firefox extension that sends random, fake search queries to search engines in order to protect the tracking functions of the search engine.
 
174
Cf. TrackMeNot website <https://​cs.​nyu.​edu/​trackmenot/​> (last visited November 2017).
 
175
Probably the most popular method of anonymization are single hop proxies. Cf. El Kalam et al., p. 526; cf. also Goldberg, p. 8; Pfitzmann et al., pp. 22-23; ENISA Report, 2014, p. 30.
 
176
Cf. Pfitzmann et al., pp. 22-23; cf. also Brooks, p. 220; El Kalam et al., pp. 526 et seqq.
 
177
Pfitzmann et al., pp. 22-23.
 
178
Langheinrich, p. 90.
 
179
Brooks, p. 220; Wang/Kobsa, pp. 352 et seqq. The idea of mixes was already described by Chaum in 1981, cf. Chaum, pp. 84 et seqq.; cf. also Pfitzmann et al., pp. 33 et seqq.
 
180
Loshin, pp. 7 et seqq.
 
181
Brooks, p. 220; Loshin, pp. 14-15.
 
182
Fischer-Hübner, pp. 2144-2145; Langheinrich, p. 90; Wang/Kobsa, pp. 352 et seqq.
 
183
Loshin, pp. 14 et seqq.; Wang/Kobsa, pp. 352 et seqq.
 
184
Cf. official TOR website <https://​www.​torproject.​org/​about/​overview.​html.​en> (last visited November 2017); cf. also Loshin, pp. 5 et seqq.
 
185
El Kalam et al., p. 527; Loshin, pp. 5 et seqq.
 
186
Brunton/Nissenbaum, unpaginated.
 
187
Feigenbaum/Ford, pp. 58 et seqq.; cf. also Dissent website <http://​dedis.​cs.​yale.​edu/​dissent/​> (last visited November 2017).
 
188
Wang/Kobsa, pp. 352 et seqq.
 
189
Cf. on robo.txt website <http://​www.​robotstxt.​org/​robotstxt.​html> (last visited November 2017).
 
190
McDonald/Cranor, pp. 550 et seqq.
 
191
Iachello/Hong, pp. 68-69; Jensen/Potts, pp. 471-478; cf. also McDonald et al., p. 39 with further references.
 
192
Zimmeck/Bellovin, pp. 3-7.
 
193
It was developed by the W3C. Cf. W3C Recommendation on P3P, 2002; Cranor, p. 4 et seq.; Iachello/Hong, pp. 49-51; Langheinrich, pp. 93-101; Wang/Kobsa, pp. 352 et seqq.
 
194
Wang/Kobsa, pp. 352 et seqq.; Cranor, p. 4; cf. also W3C Recommendation on P3P, 2002.
 
195
Langheinrich, p. 93; cf. also Cannon, pp. 28-29; W3C Recommendation on P3P, 2002.
 
196
Wang/Kobsa, pp. 352 et seqq.; Cranor, Privacy Preferences, pp. 450-453; Cranor, pp. 4-7; W3C Recommendation on P3P, 2002.
 
197
APPEL complements P3P and allows user to specify their privacy preferences in terms of rules (i.e., specifies the conditions under which data may be collected and used). Cf. Cranor/Langheinrich/Marchiori.
 
198
Cf. Wang/Kobsa, pp. 352 et seqq.; cf. also Langheinrich, pp. 93-101; Iachello/Hong, p. 50; W3C Recommendation on P3P, 2002.
 
199
Cranor, Privacy Preferences, p. 456.
 
200
Cranor, Privacy Preferences, pp. 456-463.
 
201
Wang/Kobsa, pp. 352 et seqq.; cf. also cf. also W3C Recommendation on P3P, 2002.
 
202
Zimmeck/Bellovin, pp. 3-7.
 
203
Zimmeck/Bellovin, pp. 3-7.
 
204
E.g., allowing the collection of personal information (yes/no), providing encryption for storage or transmission (yes/no), allowing tracking through cookies (yes/no), etc. Cf. Zimmeck/Bellovin, p. 7.
 
205
Casassa Mont, pp. 331 et seqq.
 
206
Bussard/Neven/Preiss, p. 317; Casassa Mont, pp. 341 et seqq.
 
207
Bussard/Neven/Preiss, pp. 318-320; Casassa Mont, p. 346.
 
208
Sweeney/Crosas/Bar-Sinai, unpaginated; cf. also Harvard University Privacy Tools Project website on data tags <http://​privacytools.​seas.​harvard.​edu/​datatags> (last visited November 2017).
 
209
Sweeney/Crosas/Bar-Sinai, unpaginated.
 
210
Sweeney/Crosas/Bar-Sinai, unpaginated.
 
211
Their demo decision tree can be found at <datatags.​org> and relies on the expertise of members of Harvard’s Data Privacy Lab and Berkman Klein Center for Internet and Society. Cf. Sweeney/Crosas/Bar-Sinai, unpaginated.
 
212
Sweeney/Crosas/Bar-Sinai, unpaginated.
 
213
Sweeney/Crosas/Bar-Sinai, unpaginated.
 
214
Cf. i.a. Searls, pp. 163 et seqq. with reference to the Berkman Klein Center for Internet & Security VRMproject <https://​cyber.​harvard.​edu/​research/​projectvrm> (last visited November 2017); Mayer-Schönberger, delete, pp. 144-168; Zittrain, pp. 1212 et seqq.; cf. also Rubinstein, p. 10 on the challenges of PDS.
 
215
Kirkham et al., pp. 12 et seqq.; cf. also Urquhart/Sailaja/McAuley, pp. 7-8; Opinion EDPS, 2016, pp. 3 et seqq.
 
216
De Montjoye et al., openPDS, pp. 1; cf. website <http://​openpds.​media.​mit.​edu/​#architecture> (last visited November 2017); cf. also Pentland, pp. 225-233 in particular.
 
217
De Montjoye et al., openPDS, p. 1 stating that SafeAnswer “allows services to ask questions whose answers are calculated against the metadata instead of trying to anonymize individuals’ metadata.”
 
218
De Montjoye et al., openPDS, pp. 3-6.
 
219
De Montjoye et al., openPDS, pp. 3-6.
 
220
Korba/Kenny, pp. 123-128.
 
221
Korba/Kenny, pp. 123-128.
 
222
Korba/Kenny, p. 128 with reference for XrML description to Kenny/Korba, pp. 656-659.
 
223
Not only Web browser track Alice online activities (logging her Web search entries), but also (flash) cookies installed on service providers webpages. These cookies are not “wiped” when deleting online search histories. Special tools such as CCleaner exist to delete such files. Cf. CCleaner website <https://​www.​ccleanercloud.​com/​> (last visited April 2018).
 
224
Cf. Reardon/Basin/Čapkun, p. 38.
 
225
See on secure deletion in particular Reardon, pp. 13 et seqq.
 
226
Reardon/Basin/Čapkun, p. 39; Reardon, pp. 15 et seq.
 
227
Reardon/Basin/Čapkun, p. 39.
 
228
Reardon/Basin/Čapkun, p. 40.
 
229
NIST Guidelines on Media Sanitization, 2014, pp. 24-25 on purging and destroying techniques. Cf. also DoD Media Sanitization Guidelines 5220.22M (a standard for erasing or wiping data from a hard drive).
 
230
So-called in-place updates cf. Reardon, pp. 23-25.
 
231
Reardon/Basin/Čapkun, p. 40; Reardon, pp. 20-21; Cf. also NIST Guidelines on Media Sanitization, 2014, p. 24 on clearing; DoD Media Sanitization Guidelines 5220.22M.
 
232
Reardon/Basin/Čapkun, p. 40; Reardon, pp. 21-22.
 
233
Reardon, p. 22. Note that for encrypted data, Cryptographic Erase (CE) technology renders the access to the data’s encryption key infeasible. Thus leaving only the ciphertext on the medium. Cf. NIST Guidelines on Media Sanitization, 2014, p. 9.
 
234
Reardon/Basin/Čapkun, p. 41; Reardon, pp. 27-29.
 
235
Cf. Hansen, pp. 1703 et seqq.; Rundle, unpaginated.
 
236
Cf. website <https://​wiki.​mozilla.​org/​Privacy_​Icons> (last visited November 2017); cf. also Janic/Wijbenga/Veugen, p. 21.
 
237
Cf. website <https://​disconnect.​me/​icons> (last visited November 2017); cf. also Janic/Wijbenga/Veugen, p. 21.
 
238
Cf. Hansen, pp. 1703 et seqq.; Holtz/Zwingelberg/Hansen, pp. 282-284 describing the PrimeLife Project’s icons and discussing how well users understand them.
 
239
Cranor, Privacy Preferences, pp. 463-464.
 
240
Rowena/Wright/Wadhwa, pp. 100 et seqq.; cf. also Chap. 8.
 
241
Cf. website of CUPS <https://​cups.​cs.​cmu.​edu/​privacyLabel/​> (last visited November 2017) on privacy nutrition labels with an example of a privacy nutrition label <https://​cups.​cs.​cmu.​edu/​privacylabel-05-2009/​current/​1.​php> (last visited November 2017).
 
242
Cf. Langweg/Rajbhandari, pp. 161 et seqq.
 
243
Langweg/Rajbhandari, pp. 161 et seqq.
 
244
ResearchKit is provided by Apple Inc. cf. website <http://​www.​apple.​com/​researchkit/​> (last visited April 2018). This application enables user to share health data over their mobile phones to medical researchers conducting research studies in areas such as autism, asthma, breast cancer, diabetes, or Parkinson’s disease. It provides users with a consent form, information on who has access to their data, and enables them to withdraw consent at any time.
 
245
Cf. website <https://​www.​healthbank.​coop/​> (last visited April 2018). Healthbank is a cooperative and provides its members with a health data exchange platform. It incentives users to share the data collected over multiple devices such as wearable devices with others, enables researchers or companies to offer rewards or financial incentives for user data, and visualizes the health and fitness related data for its users.
 
246
Cf. i.a. ENISA Report, 2014, p. 45 stating Google Dashboard as an example; cf. also Janic/Wijbenga/Veugen, p. 22 stating PrimeLife’s Privacy Dashboard and Google Dashboard as examples.
 
247
Cf. website <https://​www.​google.​com/​dashboard/​> (last visited April 2018); cf. also Janic/Wijbenga/Veugen, p. 22.
 
248
Cf. Google Takeout website <https://​takeout.​google.​com/​settings/​takeout> (last visited April 2018).
 
249
Cf. PrivacyFix website <http://​www.​privacyfix.​com/​start/​install> (last visited November 2016).
 
250
ENISA Report, 2014, p. 45 stating as an example Lightbeam, a Firefox add-on. Another well-known example is Ghostery, a Chrome plug-in.
 
251
ENISA Report, 2014, p. 45 with further references.
 
252
Lécuyer et al., pp. 49 et seqq.
 
253
Lécuyer et al., Sunlight, pp. 554 et seqq.
 
254
Lécuyer et al., Sunlight, pp. 554 et seqq.
 
255
Wright, p. 310; Wright/De Hert, pp. 5 et seqq.; Weber, p. 5. PIA follow the same logic as risk assessment processes; cf. also NIST Risk Management Guide, 2002; ISO/IEC 27005: 2011.
 
256
C.f. Froomkin, pp. 1748 et seqq. on Privacy Impact Notices (PINs); note that the GDPR does not require the publication of PIA, cf. Chap. 8.
 
257
Wright/De Hert, pp. 5 et seqq.; Weber, p. 25; cf. also Chap. 10.
 
258
The PIAF is a project co-funded by the EU Commission. They reviewed the privacy impact assessment policies and practices of various countries before establishing recommendations for a privacy impact assessment framework for the EU. Cf. website <http://​www.​piafproject.​eu/​Index.​html> (last visited November 2017); cf. also Wright, p. 310.
 
259
Wright, pp. 311-313; cf. also ENISA Report, 2014, p. 12.
 
260
Wright, pp. 311-313; cf. also ENISA Report, 2014, p. 12.
 
261
Wright, pp. 310-313; cf. also ENISA Report, 2014, p. 12.
 
262
Wright, pp. 310-313; cf. also ENISA Report, 2014, p. 12.
 
263
Cf. ENISA Report, 2014, p. 7, 21 in particular.
 
Literatur
Adams, A. & Sasse, A. (1999). Users Are Not the Enemy. Communications of the ACM, 42(12), 40-46.CrossRef
Adams, C. & Lloyd, S. (2003). Understanding PKI: Concepts, Standards, and Deployment Considerations (2nd edition). Boston: Addison-Wesley Pearson Education.
Anderson, R. (2008). Security Engineering—A Guide to Building Dependable Distributed Systems (2nd edition). Indianapolis: Wiley Publishing.
Arnbak, A. (2015). Securing private communications: Protecting private communications security in EU law: fundamental rights, functional value chains and market incentives. Dissertation, University of Amsterdam, IViR 166342.
Avižienis, A., Lapire, J.C., Randell, B. & Landwehr, C. (2004). Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Computer Society, 1(1), 1-23.
Bellotti, V. & Sellen, A. (1993). Design for Privacy in Ubiquitous Computing Environments. Proceedings of the Third European Conference on Computer-Supported Cooperative Work, Milan, Italy, 77-92.
Birrell, E. & Schneider, F. (2013). Federated Identity Management Systems: A Privacy-Based Characterization. IEEE Security & Privacy, 11(5), 36-48.CrossRef
Bonneau, J. (2012). The science of guessing: analyzing an anonymized corpus of 70 million passwords. IEEE Symposium on Security and Privacy, 5, 538-552.
Brenner, M., Gentschen Felde, N., Hommel, W., Metzger, S., Reiser, H. & Schaaf, T. (2011). Praxisbuch ISO/IEC 27001—Management der Informationssicherheit und Vorbereitung auf die Zertifizierung. München: Carl Hanser Verlag.CrossRef
Brooks, R. (2014). Introduction to Computer and Network Security—Navigating the Shades of Gray. London: CRC Press.
Brunton, F. & Nissenbaum, H. (2015). Obfuscation—A User’s Guide or Privacy and Protest. Cambridge: MIT Press. (cited: Obfuscation)CrossRef
Bussard, L., Neven, G. & Preiss, F.S. (2011). Matching Privacy Policies and Preferences: Access Control, Obligations, Authorisations, and Downstream Usage. In J. Camenisch, S. Fischer-Hübner & K. Rannenberg (Eds.), Privacy and Identity Management for Life (pp. 313-326). Heidelberg: Springer.CrossRef
Calder, A. & Watkins, S. (2015). IT Governance—An International Guide to Data Security and ISO27001/ISO27002 (6th edition). London: KoganPage.
Camenisch, J., Leenes, R., Hansen, M. & Schallaböck, J. (2011). An Introduction to Privacy-Enhancing Identity Management. In J. Camenisch, R. Leenes & D. Sommer (Eds.), Digital Privacy (pp. 3-21). Heidelberg: Springer.CrossRef
Camp, J. (2000). Trust and Risk in Internet Commerce. Cambridge: MIT Press.
Cannon, J. (2005). Privacy: What Developers and IT Professionals Should Know. Boston: Addison-Wesley.
Casassa Mont, M. (2011). Privacy Models and Languages: Obligation Policies. In J. Camenisch, R. Leenes & D. Sommer (Eds.), Digital Privacy (pp. 331-361). Heidelberg: Springer.CrossRef
Chapple, M., Ballad, B., Ballad, T. & Banks, E. (2014). Access Control, Authentication, and Public Key Infrastructure. Sudbury: Jones & Bartlett Learning.
Chaum, D. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84-90.CrossRef
Collins, L. (2014). Access Controls. In J. Vacca (Ed.), Cyber Security and IT Infrastructure Protection (pp. 269-280). Amsterdam: Elsevier.CrossRef
———— (2014). Assessments and Audits. In J. Vacca (Ed.), Cyber Security and IT Infrastructure Protection (pp. 281-293). Amsterdam: Elsevier. (cited: Assessments)
Cranor, L.F. (2005). Privacy Policies and Privacy Preferences. In L.F. Cranor & S. Garfinkel (Eds.), Security and Usability—Designing Secure Systems That People Can Use (pp. 447-471). Sebastopol: O’Reilly. (cited: Privacy Preferences)
———— (2002). Web Privacy with P3P. Sebastopol: O’Reilly.
Creutzig, C. & Buhl, A. (1999). PGP—Pretty Good Privacy: Der Briefumschlag für Ihre Post, Translation into German (4th edition). Art d’Ameublement.
Dalenius, T. & Reiss, S. (1982). Data-swapping: A technique for disclosure control. Journal of Statistical Planning and Inference, 6(1), 73-85.CrossRef
Davies, J. (2011). Implementing SSL/TLS using cryptography and PKI. Indianapolis: Wiley.
De Miscault, A. (2015). The Management of Identity by the Federation. In M. Laurent & S. Bouzefrane (Eds.), Digital Identity Management (pp. 47-93). Amsterdam: Elsevier.CrossRef
De Montjoye, Y.A., Shmueli, E., Wang, S. & Pentland, A. (2014). openPDS: Protecting the Privacy of Metadata through SafeAnswers. PLoS One, 9(7), 1-9. (cited: openPDS)
Desai, S., Bedi, R., Jagdale, B. & Wadhai, M. (2011). Elliptic Curve Cryptography for Smart Phone OS. Conference paper for the International Conference on Advances in Computing and Communications. In Advances in Computing and Communications, (pp. 397-406). Heidelberg: Springer. <https://​doi.​org/​10.​1007/​978-3-642-22714-1_​41>CrossRef
Diffie, W. & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22, 644-654.CrossRef
Diffie, W. & Landau, S. (1999). Privacy on the Line: The Politics of Wiretapping and Encryption. Cambridge: MIT Press.
Domingo-Ferrer, J., Sánchez, D. & Soria-Comas, J. (2016). Database Anonymization: Privacy Models, Data Utility, and Microaggregation-based Intern-model Connections. Synthesis Lectures on Information Security, Privacy, and Trust [Electronic version]. Morgan & Claypool. <https://​doi.​org/​10.​2200/​S00690ED1V01Y201​512SPT015>
Dwork, C. & Smith, A. (2009). Differential Privacy for Statistics: What we Know and What we Want to Learn. Journal of Privacy and Confidentiality, 1(2), 135-154.
El Kalam, A., Aguilar Melchor, C., Berthold, S., Camenisch, J., Clauß, S., Deswarte, Y., Kohlweiss, M., Panchenko, A., Pimenidis, L. & Roy, M. (2011). Further Privacy Mechanisms. In J. Camenisch, R. Leenes & D. Sommer (Eds.), Digital Privacy (pp. 485-555). Heidelberg: Springer.CrossRef
Federrath, H. & Pfitzmann, A. (2011). Datensicherheit. In M. Schulte & R. Schröder (Eds.), Handbuch des Technikrechts—Allgemeine Grundlagen (pp. 857-886). Heidelberg: Springer.CrossRef
Feigenbaum, J. & Ford, B. (2015). Seeking Anonymity in an Internet Panopticon. Communications of the ACM, 58(1), 58-69.CrossRef
Feistel, H. (1973). Cryptography and Computer Privacy. Scientific American, 228(5), 15-23.CrossRef
Ferguson, N. & Schneier, B. (2003). Practical Cryptography. Indianapolis: Wiley.
Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Indianapolis: Wiley.
Fienberg, S. & McIntyre, J. (2004). Data Swapping: Variations on a Theme by Dalenius and Reiss. Paper presented at the International Workshop on Privacy in Statistical Databases, Computational Aspects of Statistical Confidentiality Project Final Conference, Barcelona, Spain, 14-29. <https://​doi.​org/​10.​1007/​978-3-540-25955-8_​2>CrossRef
Fischer-Hübner, S. (2009). Privacy-Enhancing Technologies. In Encyclopedia of Database Systems (pp. 2142-2147). Heidelberg: Springer.
Fischer-Hübner, S., Pettersson, J.S., Bergmann, M., Hansen, M., Pearson, S. & Casassa Mont, M. (2008). HCI Designs for Privacy-Enhancing Identity Management. In J. Camenisch, R. Leenes & D. Sommer (Eds.), Digital Privacy (pp. 230-525). Heidelberg: Springer.
Freiling, F., Grimm, R., Grosspietsch, K.E., Keller, H., Mottok, J., Münch, I., Rannenberg, K. & Saglietti, F. (2014). Technische Sicherheit und Informationssicherheit—Unterschiede und Gemeinsamkeiten. Informatik Spektrum, 37(1), 14-24.CrossRef
Froomkin, M. (2015). Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements. University of Illinois Law Review, 1713-1790.
Garrett, P. (2011). Making, Breaking Codes: An Introduction to Cryptology. New Jersey: Prentice Hall.
Goldberg, I. (2008). Privacy-Enhancing Technologies for the Internet III: Ten Years Later. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 3-18). New York: Auerbach Publications.
Hankerson, D., Menezes, A. & Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Heidelberg: Springer.
Hansen, M. (2009). Putting privacy pictograms into practice—A European perspective. Conference Paper presented at 39. Jahrestagung der Gesellschaft für Informatik, Lübeck, 1703-1716.
Herold, H., Lurz, B. & Wohlrab, J. (2012). Grundlagen der Informatik (2nd edition). München: Pearson Education.
Hildebrandt, M. (2008). Profiling and the Identity of the European Citizen. In M. Hildebrandt & S. Gutwirth (Eds.), Profiling the European Citizen: Cross-Disciplinary Perspectives (pp. 303-324). Heidelberg: Springer. (cited: Profiling)CrossRef
Holtz, L.E., Zwingelberg, H. & Hansen, M. (2011). Privacy Policy Icons. In J. Camenisch, S. Fischer-Hüber & K. Rannenberg (Eds.), Privacy and Identity Management for Life (pp. 279-285). Heidelberg: Springer.CrossRef
Howe, D. & Nissenbaum, H. (2009). TrackMeNot: Resisting Surveillance in Web Search. In I. Kerr, C. Steeves & V. Lucock (Eds.), Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society (pp. 417-436). Oxford: University Press.
Iachello, G. & Hong, J. (2007). End-User Privacy in Human-Computer Interaction. Foundation and Trends in Human-Computer Interaction, 1(1), 1-137.CrossRef
Jensen, C., Lu, H. & Yiu, M.L. (2009). Location Privacy Techniques in Client-Server Architectures. In C. Bettini, S. Jajodia, P. Samarati & X. S. Wang, Privacy in Location-Based Applications, Vol. 5599 of the Series Lecture Notes in Computer Science (pp 31-58). Heidelberg: Springer.CrossRef
Kahn, D. (1996). The Codebreakers: The Story of Secret Writing. New York: Scribner.
Kapoor, B. & Pandya, P. (2014). Data Encryption. In J. Vacca (Ed.), Cyber Security and IT Infrastructure Protection (pp. 29-73). Amsterdam: Elsevier.CrossRef
Kenny, S. & Korba, L. (2002). Applying digital rights management systems to privacy rights management. Computers & Security, 21(7), 648-664.CrossRef
Kirkham, T., Winfield, S., Ravet, S. & Kellomäki, S. (2013). The Personal Data Store Approach to Personal Data Security. IEEE Security & Privacy, 11(5), 12-19.CrossRef
Korba, L. & Kenny, S. (2003). Towards Meeting the Privacy Challenge: Adapting DRM. In J. Feigenbaum (Ed.), Digital Rights Management, Vol. 2696 of the Series Lecture Notes in Computer Science (pp. 118-136). Heidelberg: Springer.
Langheinrich, M. (2005). Personal Privacy in Ubiquitous Computing—Tools and System Support. Dissertation, ETH Zurich, No. 16100.
———— (2005). Die Privatsphäre im Ubiquitous Computing—Datenschutzaspekte der RFID-Technologie. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 329-362). Heidelberg: Springer. (cited: RFID)
Langweg, H. & Rajbhandari, L. (2012). Flexible Regulation with Privacy Points. S. Fischer-Hübner, S. Katsikas & G. Quirchmayr (Eds.), Trust, Privacy and Security in Digital Business (pp. 161-166). (Revised papers of the 9th International Conference, TrustBus 2012, Vienna, Austria). Heidelberg: Springer.CrossRef
Laurent, M., Denouël, J. Levallois-Barth, C. & Waelbroeck, P. (2015) Digital Identity. In M. Laurent & S. Bouzefrane (Eds.), Digital Identity Management (pp. 1-24). Amsterdam: Elsevier.
Lécuyer, M., Spahn, R., Spiliopolous, Y., Chaintreau, A., Geambasu, R. & Hsu, D. (2015). Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence. Proceeding of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, 554-566. <https://​doi.​org/​10.​1145/​2810103.​2813614> (cited: Lécuyer et al., Sunlight)
Lécuyer, M., Ducoffe, G., Lan, F., Papancea, A., Petsios, T., Spahn, R., Chaintreau, A. & Geambasu, R. (2014). XRay: enhancing the web’s transparency with differential correlation. Proceeding of the 23rd USENIX conference on Security Symposium, San Diego, CA, 49-64. Retrieved from <https://​arxiv.​org/​abs/​1407.​2323>
Loshin, P. (2013). Practical Anonymity—Hiding in Plain Sight Online. Amsterdam: Elsevier.
Markwalder, D. (2009). Public Key Infrastructure—Eignung von PKI zur Erfüllung zivilrechtlicher Anforderungen aus Gesetz und Vertrag innerhalb einer Unternehmung (B2B, B2C und B2E). Zürich: Schulthess.
Mayer-Schönberger, V. (2009). delete—The Virtue of Forgetting in the Digital Age. Princeton: University Press. (cited: delete)
McDonald, A. & Cranor, L.F. (2008). The Cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society, 4(3), 541-565.
McDonald, A., Reeder, R., Gage, K.P. & Cranor, L.F. (2009). A Comparative Study of Online Privacy Policies and Formats. I. Goldberg & M. Atallah (Eds.), Privacy Enhancing Technologies, 9th International Symposium (pp. 37-55). Heigelberg: Springer.CrossRef
Mollin, R. (2007). An Introduction to Cryptography (2nd edition). London: CRC Press.
Misra, S., Maheswaran, M. & Hashmi, S. (2017). Security Challenges and Approaches in Internet of Things, Briefs in Electrical and Computer Engineering. Heidelberg: Springer.CrossRef
Nash, A., Duane, W., Joseph, C. & Brink, D. (2001). PKI: Implementing and Managing E-Security. New York: Osborne/McGraw-Hill.
Oppliger, R. (2009). SSL and TSL: Theory and Practice. Information Security and Privacy Series. Boston: Artech House.
Panko, R. (2010). Corporate Computer and Network Security (2nd edition). Boston: Pearson Education.
Pasquale, F. (2015). The Black Box Society—The Secret Algorithms That Control Money and Information. Cambridge: Harvard University Press.CrossRef
Pfitzmann, A., Juschka, A., Stange, A.K., Steinbrecher, S. & Köpsell, S. (2008). Communication Privacy. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 19-46). New York: Auerbach Publications.
Pfleeger, C. & Pfleeger, S.L. (2007). Security in Computing (4th edition). Boston: Pearson Education.
Popa, R.A., Redfield, C., Zeldovich, N. & Balakrishnan, H. (2011). CryptDB: protecting confidentiality with encrypted query processing. Proceedings of the 23rd ACM Symposium on Operating Systems Principles, Cascais, Portugal, 85-100. <https://​doi.​org/​10.​1145/​2043556.​2043566>
Raghunathan, B. (2013). The Complete Book of Data Anonymization—From Planning to Implementation. London: CRC Press.CrossRef
Raza, S., Wallgren, L. & Voigta, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks, 11(8), 2661–2674.CrossRef
Reardon, J., Basin, D. & Čapkun, S. (2014). On Secure Data Deletion, IEEE Security & Privacy Symposium, Issue May/June, 37-44.
Reardon, J. (2014). Secure Data Deletion. Dissertation, ETH Zurich No. 22475.
Renaud, K. (2005). Evaluating Authentication Mechanisms. In L.F. Cranor & S. Garfinkel, Security and Usability, Designing Secure Systems That People Can Use (pp. 103-128). Sebastopol: O’Reilly.
Rescorla, E. (2001). SSL and TLS: Designing and Building Secure Systems. Boston: Addison-Wesley.
Rivest, R., Shamir, A. & Adleman, L. (1978). A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21 (2), 120-126.CrossRef
Rountree, D. (2013). Federated Identity Primer. Amsterdam: Elsevier.
Rowena, R., Wrigth, D. & Wadhwa, K. (2013), Developing a privacy seal scheme (that works). International Data Privacy Law, Vol. 3 (2), pp. 100–116.CrossRef
Rubinstein, I. (2013). Big Data: The End of Privacy or a New Beginning? International Data Privacy Law, 1-14.
Schlauri, S. (2002). Elektronische Signaturen. Dissertation, Universität Zürich, Publikationen aus dem Zentrum für Informations- und Kommunikationsrecht. Zürich: Schulthess.
Schmeh, K. (2013). Krytografie—Verfahren, Protokolle, Infrastrukturen (5th edition). Deutsche Nationalbibliothek dpunkt.
Schneier, B. (2015). Secrets and Lies—Digital Security in a Networked World. Indianapolis: John Wiley & Sons. (cited: Digital Security)CrossRef
———— (1996). Applied Cryptography—Protocols, Algorithms, and Source Code in C (2nd edition). Indianapolis: John Wiley & Sons. (cited: Applied Cryptography)
Searls, D. (2012). The Intention Economy—When Customers Take Charge. Cambridge: Harvard Business Review Press.
Spies, T. (2014). Public Key Infrastructure. In J. Vacca (Ed.), Cyber Security and IT Infrastructure Protection (pp. 75-106). Amsterdam: Elsevier.CrossRef
Spindler, G. & Schmechel, P. (2016). Personal Data and Encryption in the European Data Protection Regulation. Journal of Intellectual Property, Information Technology and E-Commerce Law, 7(2), 163-177.
Stallings, W. (2014). Cryptography and Network Security—Principles and Practice (6th edition). Boston: Pearson.
———— (2014). Physical Security Essentials. In J. Vacca (Ed.), Cyber Security and IT Infrastructure Protection (pp. 109-133). Amsterdam: Elsevier. (cited: Physical Security)
Stapleton, J. (2014). Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity. London: CRC Press.CrossRef
Steinberg, J. & Speed, T. (2005). SSL VPN—Understanding, evaluating, and planning secure, web-based remote access. Birmingham: Packt Publishing.
Suzuki, K., Ohkubo, M. & Kinoshita, S. (2008). Cryptographic Approaches to RFID Security and Privacy. In S. Ahson & M. Ilyas (Eds.), RFID Handbook, Applications, Technology, Security, and Privacy (pp. 631-641). London: CRC Press.
Sweeney, L. (2002). K-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5), 557-570.CrossRef
Taelman, J., Vandeput, S., Spaepen, A. & Van Huffel, S. (2009). Influence of Mental Stress on Heart Rate and Heart Rate Variability. In J. Vander Sloten, P. Verdonck, M. Nyssen & J. Haueisen (Eds.), Proceedings of the 4th European Conference of the International Federation for Medical and Biological Engineering (pp. 1366-1369). Heidelberg: Springer.CrossRef
Thomas, S. (2000). SSL & TLS Essentials: Securing the Web. Indianapolis: John Wiley & Sons.
Trombetta, A., Jiang, W. & Bertino, E. (2010). Advanced Privacy-Preserving Data Management and Analysis. In J. Nin & J. Herranz (Eds.), Privacy and Anonymity in Information Management Systems—New Techniques for New Practical Problems (pp. 7-27). Heidelberg: Springer.CrossRef
Urquhart, L., Sailaja, N. & McAuley, D. (2017). Realising the Right to Data Portability for the Domestic Internet of Things. Personal and Ubiquitous Computing. Heidelberg: Springer.CrossRef
Wang, Y. & Kobsa, A. (2008). Privacy Enhancing Technologies. In M. Gupta (Ed.), Handbook of Research on Emerging Developments in Data Privacy (pp. 352-375). ICI Global.
Wang, X. & Reeves, D. (2015). Traceback and Anonymity. Briefs in Computer Science. Heidelberg: Springer.CrossRef
Wright, D. (2013). Making Privacy Impact Assessment More Effective. Information Society, 29(5), 307-315.CrossRef
Wright, D. & De Hert, P. (2012). Introduction to Privacy Impact Assessment. In D. Wright & P. De Hert (Eds.), Privacy Impact Assessment (pp. 3-32). Law, Governance and Technology Series. Heidelberg: Springer.CrossRef
Wu, C.H. & Irwin, D. (2013). Introduction to Computer Networks and Cybersecurity. London: CRC Press.
Yannacopoulos, A., Katsikas, S., Gritzalis, S., Lambrinoudakis, C. & Xanthopoulos, S. (2008). In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 347-362). New York: Auerbach Publications.
Yi, X., Paulet, R. & Bertino, E. (2014). Homomorphic Encryption and Applications. Briefs in Computer Science. Heidelberg: Springer.
Zittrain, J. (2000). What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication. Stanford Law Review, 52(5), 1201-1250.CrossRef
Metadaten
Titel
Technical Tools and Designs for Data Protection
verfasst von
Aurelia Tamò-Larrieux
Copyright-Jahr
2018
Buch
Designing for Privacy and its Legal Framework

Print ISBN: 978-3-319-98623-4

Electronic ISBN: 978-3-319-98624-1

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-98624-1_6

Premium Partner

    Bildnachweise