[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.5555/2394420.2394421guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Authorization architectures for privacy-respecting surveillance

Published: 28 June 2007 Publication History

Abstract

Even more than in our physical world, in our digital world we need systems that meet the security objective of service providers and users in equal measure. This paper investigates the requirements of secure authorizations with respect to accountability and privacy in the context of surveillance for misuse detection during service utilization. We develop a model of system architectures for secure and privacy-respecting authorizations that allows to derive and compare the properties of available technology. It is shown how the model maps to existing authorization architectures.

References

[1]
Biskup, J., Karabulut, Y.: A hybrid PKI model with an application for secure meditation. In: Shenoi, S. (ed.) Proceedings of the 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Cambridge, England, July 2002, pp. 271-282. Kluwer, Dordrecht (2002)
[2]
Flegel, U.: Pseudonymizing Unix log files. In: Davida, G. I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 162-179. Springer, Heidelberg (2002)
[3]
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93-118. Springer, Heidelberg (2001)
[4]
Gollmann, D.: 10.2.1: Kerberos. In: Computer Security, pp. 168-171. John Wiley & Sons, Inc, West Sussex (1999)
[5]
Flegel, U.: Pseudonymizing Audit Data for Privacy Respecting Misuse Detection. PhD thesis, University of Dortmund, Dept. of Computer Science (January 2006)
[6]
Pfitzmann, A.: Multilateral security: Enabling technologies and their evaluation. In: Wilhelm, R. (ed.) Informatics. LNCS, vol. 2000, pp. 50-62. Springer, Heidelberg (2001)
[7]
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology (May 2006) dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.28.pdf
[8]
van Rossum, H., Gardeniers, H., Borking, J., et al.: Privacy-enhancing technologies: The path to anonymity, vol. ii, Technical report, Registratiekamer Netherlands and Information and Privacy Commissioner Ontario, Canada, Achtergrondstudies en Verkenningen 5B, Rijswijk, Netherlands (August 1995)
[9]
Bundestag, D. D.: Gesetz über Rahmenbedingungen für elektronische Signaturen (SIGG) (in German). Bundesgesetzblatt, Teil I(1) (January 2005) 2, http://bundesrecht.juris.de/bundesrecht/sigg_2001/
[10]
Gabber, E., Gibbons, P. B., Kristol, D. M., Matias, Y., Mayer, A.: On secure and pseudonymous client-relationships with multiple servers. ACM Transactions on Information and System Security 2(3), 390-415 (1999)
[11]
Cranor, L. F.: Agents of choice: Tools that facilitate notice and choice about web site data practices. In: Proceedings of the 21st International Conference on Privacy and Personal Data Protection, Hong Kong SAR, China, September 1999, pp. 19-25 (1999)
[12]
Clauß, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37(2), 205-219 (2001)
[13]
Köhntopp, M., Berthold, O.: Identity management based on P3P. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 141-160. Springer, Heidelberg (2001)
[14]
Köpsell, S., Wendolsky, R., Federrath, H.: Revocable anonymity. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 206-220. Springer, Heidelberg (2006)
[15]
Federrath, H.: Privacy enhanced technologies: Methods - markets - misuse. In: Katsikas, S. K., Lopez, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 1-9. Springer, Heidelberg (2005)
[16]
Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. LNCS, vol. 1958. Springer, Heidelberg (2001)
[17]
Seys, S., Díaz, C., De Win, B., Naessens, V., Goemans, C., Claessens, J., Moreau, W., De Decker, B., Dumortier, J., Preneel, B.: Anonymity and privacy in electronic services (APES) Deliverable 2 - Requirement study of different applications. Technical report, K. U. Leuven (May 2001)
[18]
Goldberg, I.: Privacy-enhancing technologies for the internet, II: Five years later. In: Dingledine, R., Syverson, P. F. (eds.) PET 2002. LNCS, vol. 2482, pp. 1-12. Springer, Heidelberg (2003)
[19]
Goldberg, I., Wagner, D., Brewer, E.: Privacy enhancing technologies for the internet. In: Proceedings of the COMPCON'97, San Jose, California, USA, February 1997, IEEE (1997) http://www.cs.berkeley.edu/ daw/privacy-compcon97-www/privacy-html.html
[20]
Chaum, D.: Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms. In: Seberry, J., Pieprzyk, J. P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 246-264. Springer, Heidelberg (1990)
[21]
Van Herreweghen, E.: Secure anonymous signature-based transactions. In: Goos, G., Hartmanis, J., van Leeuwen, J. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 55-71. Springer, Heidelberg (2000)
[22]
Brands, S. A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, Massachusetts, USA (2000)
[23]
Glenn, A., Goldberg, I., Légaré, F., Stiglic, A.: A description of protocols for private credentials (October 2001) http://eprint.iacr.org/2001
[24]
Stubblebine, S. G., Syverson, P. F.: Authentic attributes with fine-grained anonymity protection. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 276- 294. Springer, Heidelberg (2001)
[25]
Lysyanskaya, A., Rivest, R. L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H. M., Adams, C. M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184-199. Springer, Heidelberg (2000)
[26]
Schechter, S., Parnell, T., Hartemink, A.: Anonymous authentication of membership in dynamic groups. In: Franklin, M. K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184-195. Springer, Heidelberg (1999)
[27]
Gritzalis, D., Moulinos, K., Iliadis, J., Lambrinoudakis, C., Xarhoulakos, S.: Pythia: Towards anonymity in authentication. In: Dupuy, M., Paradinas, P. (eds.) Proceedings of the IFIP TC11 16th International Conference on Information Security (Sec'01), Paris, France, IFIP, June 2001, pp. 1-17. Kluwer Academic Publishers, Dordrecht (2001)
[28]
Hirose, S., Yoshida, S.: A user authentication scheme with identity and location privacy. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 235-246. Springer, Heidelberg (2001)
[29]
Handley, B.: Resource-efficient anonymous group identification. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 295-312. Springer, Heidelberg (2001)
[30]
Davida, G., Frankel, Y., Tsiounis, Y., Yung, M.: Anonymity control in e-cash systems. In: Hirschfeld, R. (ed.) FC 1997. LNCS, vol. 1318, pp. 1-16. Springer, Heidelberg (1997)
[31]
Camenisch, J., Maurer, U., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 96. LNCS, vol. 1146, pp. 33-43. Springer, Heidelberg (1996)
[32]
Claessens, J., Preneel, B., Vandewalle, J.: Anonymity controlled electronic payment systems. In: Proceedings of the 20th Symposium on Information Theory in the Benelux, Haasrode, Belgium, May 1999, pp. 109-116 (1999)
[33]
Pointcheval, D.: Self-scrambling anonymizers. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 259-275. Springer, Heidelberg (2001)
[34]
Nakanishi, T., Haruna, N., Sugiyama, Y.: Unlinkable electronic coupon protocol with anonymity control. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, pp. 37-46. Springer, Heidelberg (1999)
[35]
Büschkes, R., Kesdogan, D.: Privacy enhanced intrusion detection. In: Müller, G., Rannenberg, K. (eds.) Multilateral Security in Communications. Information Security, pp. 187-204. Addison Wesley, Reading (1999)
[36]
Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319-327. Springer, Heidelberg (1990)
[37]
Chan, Y.Y.: On privacy issues of internet access services via proxy servers. In: Baumgart, R. (ed.) CQRE (Secure) '99. LNCS, vol. 1740, pp. 183-191. Springer, Heidelberg (1999)
[38]
Groß, S., Lein, S., Steinbrecher, S.: A multilateral secure payment system for wireless LAN hotspots. In: Katsikas, S. K., Lopez, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 80-89. Springer, Heidelberg (2005)
[39]
Stubblebine, S. G., Syverson, P. F., Goldschlag, D. M.: Unlinkable serial transactions: Protocols and applications. ACM Transactions on Information and System Security 2(4), 354-389 (1999)
[40]
Fischer-Hübner, S., Brunnstein, K.: Opportunities and risks of intrusion detection expert systems. In: Proceedings of the International IFIP-GI-Conference Opportunities and Risks of Artificial Intelligence Systems (ORAIS'89), July 1989, Hamburg, Germany, IFIP (1989)
[41]
IDA (Intrusion Detection and Avoidance System): Ein einbruchsentdeckendes und einbruchsvermeidendes System (in German). Reihe Informatik. Shaker (1993)
[42]
Sobirey, M., Richter, B., König, H.: The intrusion detection system AID - Architecture and experiences in automated audit trail analysis. In: Horster, P. (ed.) Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security, Essen, Germany, IFIP, September 1996, pp. 278-290. Chapman & Hall, London (1996)
[43]
Lundin, E., Jonsson, E.: Anomaly-based intrusion detection: privacy concerns and other problems. Computer Networks 34(4), 623-640 (2000)
[44]
Eckert, C., Pircher, A.: Internet anonymity: Problems and solutions. In: Dupuy, M., Paradinas, P. (eds.) Proceedings of the IFIP TC11 16th International Conference on Information Security (Sec'01), Paris, France, IFIP, June 2001, pp. 35-50. Kluwer Academic Publishers, Dordrecht (2001)
[45]
Pang, R., Paxson, V.: A high-level programming environment for packet trace anonymization and transformation. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, ACM SIGCOMM, August 2003, pp. 339-351. ACM Press, New York (2003)
[46]
Alamäki, T., Björksen, M., Dornbach, P., Gripenberg, C., Gyórbíró, N., Márton, G., Németh, Z., Skyttä, T., Tarkiainen, M.: Privacy enhancing service architectures. In: Dingledine, R., Syverson, P. F. (eds.) PET 2002. LNCS, vol. 2482, pp. 99-109. Springer, Heidelberg (2003)

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings
EuroPKI'07: Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
June 2007
374 pages
ISBN:3540734074
  • Editors:
  • Javier Lopez,
  • Pierangela Samarati,
  • Josep L. Ferrer

Sponsors

  • Ministerio De Educacion Y Ciencia: Ministerio De Educacion Y Ciencia
  • Universitat de les Illes Balears: Universitat de les Illes Balears

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 28 June 2007

Author Tags

  1. architecture
  2. authorization
  3. intrusion detection
  4. misuse detection
  5. privacy
  6. pseudonym
  7. surveillance

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 0
    Total Downloads
  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media