Privacy Seminar - Topics
Topics
Below you find a list of the possible topics you can choose in the privacy seminar, together with an initial set of references on the topic. Note that not all reference may be relevant for the specific topic of your paper. To help you in your selection, some of the papers will be available on line for a short while.
- Privacy in databases
- How to provide (controlled) access to personal data stored in databases, without immediately threatening the privacy of the people involved, using mechanisms like differential privacy or statistical disclosure control.
- Privacy friendly search
- How to hide the query (i.e. what is searched for) from the party hosting the database.
- Searching in encrypted databases
- How to also hide the underlying data in the database from the party hosting the database.
- Privacy in machine learning
- How to ensure that individual data used to train a machine learning model is not leaked when using the model.
- Polymorphic encryption
- How to protect privacy in e.g. health care where data must be made conditionally accessible to certain care providers while staying encrypted in general.
- Privacy friendly identity management
- How to use e.g. attribute based credentials or other claims based approaches to make identity management more privacy friendly.
- Privacy friendly revocation of credentials
- How to (efficiently) revoke anonymous credentials. I.e. how to revoke a particular credential, even though individual credentials cannot be traced by definition.
- Revocable privacy
- How to guarantee privacy while also guaranteeing that all users of a system abide by some predetermined rules, i.e. how to design systems that are both privacy friendly and secure.
- Privacy friendly location based services
- How to provide a service that depends on the user's current location, without revealing the actual, exact location?
- Privacy in asynchronous messaging
- How to establish contact anonymously, and how to subsequently exchange messages in an unlinkable fashion that prevents the service provider to learn who is communicating with who.
- Anonymous cryptocurrencies
- How to make Bitcoin like cryptocurrencies privacy friendly.
- Secure multiparty computation
- How to jointly compute the output of a function (e.g. some aggregate statistic) without revealing the individual inputs.
- Obfuscation
- Can obfuscation and other methods of ‘resistance’ help to protect your privacy?
Privacy friendly IBE :
You can also propose your own topic, but your choice has to be approved. Note: for every topic, make sure you make clear what the problem to be solved is, and why this is a problem in practice. Also question to what extend the proposed mechanisms actually preserve privacy. Find studies that attach the proposed schemes.
Selected references
Below you can find a set of references to get you started on a topic. These are by no means the only relevant references. You are encouraged, in fact required, to find other references on your own.
Privacy in databases
- C. Dwork. “Differential Privacy”. In: Automata, Languages and Programming, 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II. 2006, pp. 1–12
- C. Dwork and A. Roth. “The Algorithmic Foundations of Differential Privacy”. In: Foundations and Trends in Theoretical Computer Science 9.3-4 (2014), pp. 211–407.
- A. Hundepool et al. Statistical Disclosure Control. Wiley, 2012.
Privacy friendly search
- Claude Castelluccia, Emiliano De Cristofaro, Daniele Perito: Private Information Disclosure from Web Searches. PET Symposium 2010, Berlin. Springer, pp 38-55.
- Benny Chor, Eyal Kushilevitz, Oded Goldreich, Madhu Sudan: Private Information Retrieval. J. ACM 45(6): 965-981 (1998).
Searching in encrypted databases
- Dawn Xiaodong Song, David Wagner, Adrian Perrig: Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security & Privacy (S&P), 2000, p 44.
- Muhammad Naveed, Seny Kamara, Charles V. Wright: Inference Attacks on Property-Preserving Encrypted Databases ACM CCS 2015, p 644-655.
Privacy in machine learning
- Emiliano De Cristofaro. A Critical Overview of Privacy in Machine Learning. IEEE Security & Privacy Magazine, Volume 19, Issue 4, July-August 2021.
- Maria Rigaki, Sebastian Garcia, A Survey of Privacy Attacks in Machine Learning. 2017. arXiv:2007.07646
- R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks against machine learning mod- els,” in Proc. IEEE Symp. Security Privacy, 2017.
- Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot. When the Curious Abandon Honesty: Federated Learning Is Not Private. https://arxiv.org/abs/2112.02918
Polymorphic encryption
- E. Verheul, B. Jacobs, C. Meijer, M. Hildebrandt and J. de Ruiter, Polymorphic Encryption and Pseudonymisation for Personalised Healthcare, whitepaper, 2016. http://eprint.iacr.org/2016/411
Privacy friendly identity management
- David Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030–1044, October 1985.
- Birgit Pfitzmann and Michael Waidner: Analysis of Liberty Single-Sign-on with Enabled Clients, IEEE Internet Computing 2003.
- Hansen, Schwartz and Cooper: Privacy and Identity Management, IEEE Security & Privacy 2008.
- Camenisch, Lysyanskaya: "An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation", EUROCRYPT 2001: 93-118
- Jan Camenisch, Els Van Herreweghen: Design and implementation of the idemix anonymous credential system. ACM Conference on Computer and Communications Security 2002: 21-30
- G. Alpár, J.-H. Hoepman, and J. Siljee. The Identity Crisis - Security, Privacy and Usability Issues in Identity Management. Journal of Information System Security, 9(1):23-53, 2013.
Privacy friendly revocation of credentials
- W. Lueks, G. Alpár, J.-H. Hoepman, and P. Vullers. Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers. Computers & Security, 2017.
- Jan Camenisch and Anna Lysyanskaya. “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials”. In: Advances in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18- 22, 2002, Proceedings. 2002, pp. 61–76.
Revocable privacy
- W. Lueks, M. Everts, and J.-H. Hoepman. Revocable Privacy: Principles, Use Cases, and Technologies. In Annual Privacy Forum (APF 2015), Lect. Not. Comp. Sci. 9484, pages 124-143, 2016.
- W. Lueks, J.-H. Hoepman, and K. Kursawe. Forward-Secure Distributed Encryption. In 14th Privacy Enhancing Technologies Symposium (PETS 2014), pages 123-142, Amsterdam, July 16-18, 2014.
- How to win the clonewars: efficient periodic n-times anonymous authentication, by Jan Camenisch, Susan Hohenberger, Markulf Kohlweiss, Anna Lysyanskaya, and Mira Meyerovich. In the Proceedings of the 13th ACM conference on Computer and communications security (CCS 2006), Alexandria, Virginia, USA, 2006, pages 201-210. http://www.freehaven.net/anonbib/cache/clonewars.pdf
- W. Lueks, M. Everts, and J.-H. Hoepman. Vote to Link: recovering from misbehaving anonymous users. In Workshop on Privacy in the Electronic Society (WPES 2016), pages 111-122, Vienna, Austria, October 24, 2016.
Privacy friendly location based services
- Latanya Sweeney: k-Anonymity: A Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5): 557-570 (2002).
- Marco Gruteser, Dirk Grunwald: Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. MobiSys 2003, pp 31-42.
- J. Balasch, A. Rial, C. Troncoso, C. Geuens, B. Preneel, and I. Verbauwhede, "PrETP: Privacy-Preserving Electronic Toll Pricing," In 19th USENIX Security Symposium 2010, Usenix, pp. 63-78, 2010. https://www.cosic.esat.kuleuven.be/publications/article-1408.pdf
- One Nation, Tracked. An Investigation Into The Smartphone Tracking Industry From Times Opinion, New York Times, December 2019.
- Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel: “Unique in the Crowd: The privacy bounds of human mobility”, Scientific Reports volume 3, Article number: 1376 (2013) https://www.nature.com/articles/srep01376
Privacy in asynchronous messaging
- Nikita Borisov, George Danezis, and Ian Goldberg. DP5: A private presence service. In Proceedings on Privacy Enhancing Technologies 2015, 2015.
- Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An anonymous messaging system handling millions of users. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 321–338. IEEE Computer Society, 2015.
- J.-H. Hoepman. Privately (and Unlinkably) Exchanging Messages Using a Public Bulletin Board. In ACM Workshop on Privacy in the Electronic Society (WPES 2015), pages 85-94, Denver, CO, USA, October 12 2015.
Anonymous cryptocurrencies
- Chaum, David (1983). "Blind signatures for untraceable payments" (PDF). Advances in Cryptology Proceedings. 82 (3): 199–203.
- Chaum, D.; Fiat, A.; Naor, M. (1990). "Untraceable electronic cash" (PDF). In S. Goldwasser. Advances in Cryptology - CRYPTO '88 Proceedings. New York: Springer-Verlag. pp. 319–327.
- Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza: Zerocash: Decentralized Anonymous Payments from Bitcoin. IEEE Symposium on Security and Privacy 2014: 459-474
Secure multiparty computation
- Andrew Chi-Chih Yao: Protocols for Secure Computations (Extended Abstract) FOCS 1982: 160-164
Obfuscation
- Seda Gürses, Rebekah Overdorf, Ero Balsa (2018), Stirring the POTs: Protective Optimization Technologies, In Emre Bayamlioglu, Irina Baraliuc, Liisa Janssens, Mireille Hildebrandt (Eds.) Being Profiled: Cogitas Ergo Sum: 10 years of Profiling the European Citizen, Amsterdam University Press, Amsterdam.
- Finn Brunton, Helen Nissenbaum (2015), Obfuscation. A User’s Guide for Privacy and Protest. https://we.riseup.net/assets/355198/Obfuscation.pdf
Privacy friendly IBE
Last Version - Tue Feb 22 12:41:30 2022 +0100 / e1e3326.
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman
Email: jhh@cs.ru.nl