Skip to main content
SpringerLink
Log in

Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection

  • Chapter
  • First Online:
Insider Threats in Cyber Security

Part of the book series: Advances in Information Security ((ADIS,volume 49))

Abstract

One company by itself cannot detect all instances of fraud or insider attacks. An example is the simple case of buyer fraud: a fraudulent buyer colludes with a supplier creating fake orders for supplies that are never delivered. They circumvent internal controls in place to prevent this kind of fraud, such as a goods receipt, e.g., by ordering services instead of goods. Based on the evidence collected at one company, it is often extremely difficult to detect such fraud, but if companies collaborate and correlate their evidence, they could detect that the ordered services have never actually been provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB, pp. 143–154. Morgan Kaufmann (2002)

    Google Scholar 

  2. Atallah, M.J., Bykova, M., Li, J., Frikken, K.B., Topkara, M.: Private collaborative forecasting and benchmarking. In: V. Atluri, P.F. Syson, S.D.C. diver Vimercati (eds.) Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 103–114. ACM (2004)

    Google Scholar 

  3. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th ACM Symposium on Theory of Computing, pp. 1–10. ACM (1988)

    Google Scholar 

  4. Bizer, J.: Sieben goldene Regeln des Datenschutzes. Datenschutz und Datensicherheit 31(5), 350–356 (2007)

    Article  Google Scholar 

  5. Botan, I., Kossmann, D., Fischer, P.M., Kraska, T., Florescu, D., Tamosevicius, R.: Extending XQuery with window functions. In: VLDB ’07: Proceedings of the 33rd international conference on Very Large Data Bases, pp. 75–86. VLDB Endowment (2007)

    Google Scholar 

  6. Decker, G., Kopp, O., Barros, A.: An Introduction to Service Choreographies. Information Technology 50(2), 122–127 (2008)

    Google Scholar 

  7. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: G. Brassard (ed.) Proceedings of the Conference on Advances in Cryptology (CRYPTO’89), no. 435 in Lecture Notes in Computer Science, pp. 307–315. Springer, Santa Barbara, California (1989)

    Google Scholar 

  8. Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 (1995). http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html

  9. Flegel, U.: Pseudonymizing Unix log files. In: G. Davida, Y. Frankel, O. Rees (eds.) Proceedings of the Infrastructure Security Conference (InfraSec2002), no. 2437 in Lecture Notes in Computer Science, pp. 162–179. Springer, Bristol, United Kingdom (2002)

    Google Scholar 

  10. Flegel, U.: Privacy-Respecting Intrusion Detection, Advances in Information Security, vol. 35. Springer, New York (2007)

    Google Scholar 

  11. Gemmel, P.S.: An introduction to threshold cryptography. Cryptobytes 2(3), 7–12 (1997)

    Google Scholar 

  12. Federal data protection act. In: German Federal Law Gezette, p. 2954 ff. (1990). http: //www.datenschutz-berlin.de/gesetze/bdsg/bdsgeng.htm

  13. Criminal code. In: German Federal Law Gezette, p. 945 ff. (1998). http://www.iuscomp.org/gla/statutes/StGB.htm

  14. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th ACM Conference on Theory of Computing, pp. 218–229. ACM (1987)

    Google Scholar 

  15. Karastoyanova, D., Khalaf, R., Schroth, R., Paluszek, M., Leymann, F.: BPEL Event Model. Technical Report Computer Science 2006/10, University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany, University of Stuttgart, Institute of Architecture of Application Systems (2006)

    Google Scholar 

  16. Kerschbaum, F.: Distance-preserving pseudonymization for timestamps and spatial data. In: P. Ning, T. Yu (eds.) WPES, pp. 68–71. ACM (2007)

    Google Scholar 

  17. Kopp, O., van Lessen, T., Nitzsche, J.: The Need for a Choreography-aware Service Bus. In: YR-SOC 2008, pp. 28–34. Online (2008)

    Google Scholar 

  18. Lee, A.J., Tabriz, P., Borisov, N.: A privacy-preserving interdomain audit framework. In: Proceedings of the 5th ACM workshop on Privacy in electronic society, pp. 99–108. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10.1145/1179601.1179620

    Google Scholar 

  19. Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correlation of security alerts. In: Proceedings of the 13th USENIX Security Symposium, pp. 239–254. San Diego, California, USA (2004)

    Google Scholar 

  20. Mills, D.: Network time protocol (version 3) specification, implementation (1992)

    Google Scholar 

  21. OASIS: Web Services Security Policy Language (WS-SecurityPolicy) (2005). URL http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf

    Google Scholar 

  22. OASIS: Web ServicesBusiness Process Execution Language Version 2.0 (2007)

    Google Scholar 

  23. OASIS: Web Services Reliable Messaging Policy Assertion (WS-RM Policy) (2008). URL http://docs.oasis-open.org/ws-rx/wsrmp/200702

    Google Scholar 

  24. OECD: Guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/document/18Z0, 3343, en_2649_34255_1815186_1_1_1_1, 00.html, (2009-07-01) (1980)

  25. OMG: Business process modelling notation (BPMN) specification version 1.2 (2006)

    Google Scholar 

  26. Parekh, J.J., Wang, K., Stolfo, S.J.: Privacy-preserving payload-based correlation for accurate malicious traffic detection. In: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pp. 99–106. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10. 1145 / 1162666.1162667

    Google Scholar 

  27. United States House of Representatives 93d Congress, n.S.: US privacy act of 1974. http: //www.usdoj.gov/opcl/197 4privacyact -overview.htm (2009-07-01)

  28. Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  29. W3C: OWL-S: Semantic Markup for Web Services (2004). URL http://www.w3.org/Submission/OWL-S/

  30. W3C: Web Service Modeling Ontology (WSMO) (2005). URL http://www.w3.org/TR/wsdl20/

  31. W3C: Web Services Policy 1.2 - Framework (WS-Policy) (2006). URL http://www.w3.org/Submission/WS-Policy/

  32. W3C: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language (2007). URL http://www.w3.org/Submission/WSMO/

  33. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)

    Google Scholar 

  34. Xu, J., Fan, J., Ammar, M., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), pp. 280–289 (2002)

    Google Scholar 

  35. Yao, A.C.C.: Protocols for secure computations (extended abstract). In: Proceedings of the annual IEEE Symposium on Foundations of Computer Science, pp. 160–164. IEEE (1982)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Research Center Karlsruhe, 76131, Vincenz-Prießnitz-Str. 1, Karlsruhe, Germany

    Ulrich Flegel, Florian Kerschbaum & Philip Miseldine

  2. Institute of Architecture of Application Systems, University of Stuttgart, Universitätsstraße 38, 70569, Stuttgart, Germany

    Ganna Monakova & Frank Leymann

  3. Institut für Informations- und Wirtschaftsrecht (IIWR), Karlsruhe Institute of Technology (KIT), Haid-und-Neu-Strasse 6, 76131, Karlsruhe, Germany

    Richard Wacker

Authors
  1. Ulrich Flegel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Kerschbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philip Miseldine
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ganna Monakova
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Richard Wacker
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Frank Leymann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ulrich Flegel .

Editor information

Editors and Affiliations

  1. , Informatics & Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, Kongens Lyngby, DK-2800, Denmark

    Christian W. Probst

  2. Copeland St., Pittsburgh, 15232, USA

    Jeffrey Hunker

  3. Hamburg-Harburg, Institut für Sicherheit in verteilten, Technische Universitaet, Harburger Schlossstrasse 20, Hamburg-Harburg, 21079, Germany

    Dieter Gollmann

  4. , Department of Computer Science, University of California, Davis, Shields Ave. One, Davis, 95616-8562, USA

    Matt Bishop

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Flegel, U., Kerschbaum, F., Miseldine, P., Monakova, G., Wacker, R., Leymann, F. (2010). Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-7133-3_7

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-7132-6

  • Online ISBN: 978-1-4419-7133-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation