Abstract
The deployment of security measures can lead in many occasions to an infringement of users’ privacy. Indeed, nowadays we have many examples about surveillance programs or personal data breaches in online service providers. In order to avoid the latter problem, we need to establish security measures that do not involve a violation of privacy rights. In this communication we discuss the main challenges when conciliating information security and users’ privacy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A recent example of privacy enhancing technologies being questioned by a government is that of Cameron in the UK who, after the attack on Charlie Hebdo in Paris, stated: “are we going to allow a means of communications where it simply is not possible to do that [listen in on communications]?” http://www.theguardian.com/technology/2015/jan/15/david-cameron-encryption-anti-terror-laws.
- 2.
See, for instance, the call made by Tor: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users.
References
EU Cybersecurity plan to protect open internet and online freedom and opportunity—cyber security strategy and proposal for a directive. http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security (February 2013). http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security
Aaber, Z.S., Crowder, R.M., Fadhel, N.F., Wills, G.B.: Preventing document leakage through active document. In: 2014 World Congress on Internet Security (WorldCIS), pp. 53–58 (Dec 2014)
Backes, M., Gerling, S., Lorenz, S., Lukas, S.: X-pire 2.0: A user-controlled expiration date and copy protection mechanism. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1633–1640. SAC ’14, ACM, New York, NY, USA (2014). doi:http://doi.acm.org/10.1145/2554850.2554856
Backes, M., Maffei, M., Pecina, K.: Automated synthesis of privacy-preserving distributed applications. In: Proceedings of ISOC NDSS (2012). http://www.lbs.cs.uni-saarland.de/publications/asosda-long.pdf
Balsa, E., Brandimarte, L., Acquisti, A., Diaz, C., Gurses, S.: Spiny CACTOS: OSN users attitudes and perceptions towards cryptographic access control tools. In: Proceedings 2014 Workshop on Usable Security (2014). https://www.internetsociety.org/doc/spiny-cactos-osn-users-attitudes-and-perceptions-towards-cryptographic-access-control-tools
Benjumea, V., Choi, S.G., Lopez, J., Yung, M.: Anonymity 2.0 - X.509 extensions supporting privacy-friendly authentication. In: Proceedings of Cryptology and Network Security, 6th International Conference, CANS 2007, pp. 265–281. Singapore, 8–10 Dec 2007. doi:10.1007/978-3-540-76969-9_17
Bertino, E., Ghinita, G., Kantarcioglu, M., Nguyen, D., Park, J., Sandhu, R., Sultana, S., Thuraisingham, B., Xu, S.: A roadmap for privacy-enhanced secure data provenance. J. Intell. Inf. Syst. 43(3), 481–501 (2014)
Boyd, C.: Digital multisignatures. In: Cryptography Coding, pp. 241–246 (1989)
Camenisch, J.: Efficient anonymous fingerprinting with group signatures. In: Advances in Cryptology-ASIACRYPT 2000, pp. 415–428. Springer (2000)
Chaum, D., van Heyst, E.: Group signatures. In: Proceedings of Advances in Cryptology—EUROCRYPT’91, Workshop on the Theory and Application of of Cryptographic Techniques, pp. 257–265. Brighton, UK, 8–11 April 1991. doi:10.1007/3-540-46416-6_22
Chow, S.S., Yiu, S.M., Hui, L.C.: Efficient identity based ring signature. In: Applied Cryptography and Network Security. pp. 499–512. Springer (2005)
Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Advances in Cryptology-CRYPTO 2012, pp. 643–662. Springer (2012)
Díaz, C., Tene, O., Gürses, S.: Hero or villain: the data controller in privacy law and technologies. Ohio State Law J. 74 (2013)
Diaz, J., Arroyo, D., Rodriguez, F.B.: A formal methodology for integral security design and verification of network protocols. J. Syst. Softw. Accepted (In Press). doi:10.1016/j.jss.2013.09.020
Diaz, J., Arroyo, D., Rodriguez, F.B.: Fair anonymity for the Tor network. CoRR abs/1412.4707 (2014), http://arxiv.org/abs/1412.4707
Diaz, J., Arroyo, D., Rodriguez, F.B.: New x.509-based mechanisms for fair anonymity management. Comput. Secur. 46, 111–125 (2014). doi:10.1016/j.cose.2014.06.009
Fakhoury, H.M.: Technology and privacy can co-exist. The New York Times (12 Dec 2012). http://www.nytimes.com/roomfordebate/2012/12/11/privacy-and-the-apps-you-download/privacy-and-technology-can-and-should-co-exist
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)
Gurses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 317, 1178–1179. http://www.ncbi.nlm.nih.gov/pubmed/17761870
He, W., Akhawe, D., Jain, S., Shi, E., Song, D.: Shadowcrypt: Encrypted web applications for everyone. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1028–1039. ACM (2014)
Henry, R., Henry, K., Goldberg, I.: Making a nymbler nymble using verbs. In: Privacy Enhancing Technologies, pp. 111–129 (2010)
Johnson, P.C., Kapadia, A., Tsang, P.P., Smith, S.W.: Nymble: anonymous ip-address blocking. In: Privacy Enhancing Technologies, pp. 113–133 (2007)
Juels, A., Kaliski Jr, B.S.: Pors: Proofs of retrievability for large files. In: Proceedings of the 14th ACM conference on Computer and communications security, pp. 584–597. ACM (2007)
Li, S., Sadeghi, A.R., Heisrath, S., Schmitz, R., Ahmad, J.: hpin/htan: a lightweight and low-cost e-banking solution against untrusted computers. In: Danezis, G. (ed.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 7035, pp. 235–249. Springer, Berlin Heidelberg (2012). doi:10.1007/978-3-642-27576-0_19
Long, J., Skoudis, E., Eijkelenborg, A.V.: Google Hacking for Penetration Testers. Syngress Publishing, San Francisco (2004)
OECD: The E-Government imperative (Complete Edition—ISBN 9264101179), E-Government Studies, vol. 2003 (2003)
Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using mylar. In: Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014, pp. 157–172, 2014, Seattle, WA, USA, April 2–4(2014). https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/popa
Preibusch, S., Peetz, T., Acar, G., Berendt, B.: Purchase details leaked to PayPal. In: Financial Cryptography (2015). https://lirias.kuleuven.be/handle/123456789/476251
Qureshi, A., MegÃas, D., Rifà -Pous, H.: Framework for preserving security and privacy in peer-to-peer content distribution systems. Expert Syst. Appl. 42(3), 1391–1408 (2015). http://www.sciencedirect.com/science/article/pii/S0957417414005351
Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t jane protect her privacy? In: Privacy Enhancing Technologies, pp. 244–262. Springer (2014)
Ryck, P.D.: Client-side web security: mitigating threats against web sessions. Ph.D. thesis, University of Leuven (2014). https://lirias.kuleuven.be/bitstream/123456789/471059/1/thesis.pdf
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)
Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), pp. 121–128. IEEE (2014)
Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: The role of the underground market in twitter spam and abuse. In: Proceedings of the 22nd Usenix Security Symposium (2013)
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: ACM Conference on Computer and Communications Security, pp. 72–81 (2007)
Tsang, P.P., Kapadia, A., Cornelius, C., Smith, S.W.: Nymble: blocking misbehaving users in anonymizing networks. IEEE Trans. Dependable Sec. Comput. 8(2), 256–269 (2011)
De Capitani di Vimercati, S., Erbacher, R., Foresti, S., Jajodia, S., Livraga, G., Samarati, P.: Encryption and fragmentation for data confidentiality in the cloud. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) Foundations of Security Analysis and Design VII, Lecture Notes in Computer Science, vol. 8604, pp. 212–243. Springer International Publishing (2014). doi:10.1007/978-3-319-10082-1_8
Whitten, A., Tygar, J.D.: Why johnny can’t encrypt: a usability evaluation of pgp 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium—Volume 8, pp. 14–14. SSYM’99, USENIX Association, Berkeley, CA, USA (1999). http://dl.acm.org/citation.cfm?id=1251421.1251435
Acknowledgments
This work was supported by Comunidad de Madrid (Spain) under the project S2013/ICE-3095-CM (CIBERDINE).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Arroyo, D., Diaz, J., Gayoso, V. (2015). On the Difficult Tradeoff Between Security and Privacy: Challenges for the Management of Digital Identities. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)