Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection

  • Joachim Biskup
  • Ulrich Flegel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1907)


Privacy and surveillance by intrusion detection are potentially conflicting organizational and legal requirements.In order to support a balanced solution, audit data is inspected for personal data and identifiers referring to real persons are substituted by transaction-based pseudonyms. These pseudonyms are constructed as shares for a suitably adapted version of Shamir’s cryptographic approach to secret sharing. Under sufficient suspicion, expressed as a threshold on shares, audit analyzers can perform reidentification.


privacy anonymity pseudonymity audit analysis intrusion detection secret sharing purpose binding 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Kai Rannenberg, Andreas Pfitzmann, and Günther Müller. It security and multilateral security. In Kai Rannenberg, editors Multilateral Security in Communications. Information Security. Addison Wesley, first edition, 1999 Müller and Rannenberg [38], pages 21–29.Google Scholar
  2. [2]
    Joachim Biskup. Technical enforcement of informational assurances. In Sushil Jajodia, editor, Proceedings of the 12th international IFIP TC11 WG 11.3 Working Conference on Database Security, pages 17–40, Chalkidiki, Greece, July 1998. IFIP, Kluwer Academic Publishers.Google Scholar
  3. [3]
    Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281, October 1995.
  4. [4]
    Erster Senat des Bundesverfassungsgerichts. Urteil vom 15. Dezember 1983 zum Volkszählungsgesetz-1 BvR 209/83 u.a. (in German). Datenschutz und Datensicherung, 84(4):258–281, April 1984. Scholar
  5. [5]
    Federal data protection act. In Bundesgesetzblatt, page 2954 ff. December 1990.
  6. [6]
    Bundesministerium des Inneren. Entwurf zur Anderung des BDSG und anderer Gesetze (in German), July 1999.,
  7. [7]
    Bundesministerium für Bildung, Wissenschaft, Forschung und Technologie. Federal act establishing the general conditions for information and communication services — information and communication services act. Federal Law Gazette I, 52:1870, June 1997.
  8. [8]
    Federal Ministry of Posts and Telecommunications. Telecommunications carriers data protection ordinance. Federal Law Gazette I, page 982, July 1996.
  9. [9]
    Der Deutsche Bundestag. Telecommunications act, July 1996.
  10. [10]
    Entwurf einer Telekommunikations-Datenschutzverordnung (TDSV) (in German), 1999 December.
  11. [11]
    Directive 97/66/EC of the European Parliament and of the Council of 15 december 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector. Official Journal L 024, January 1998.
  12. [12]
    Michael Sobirey, Simone Fischer-Hübner, and Kai Rannenberg. Pseudonymous audit for privacy enhanced intrusion detection. In L. Yngström and J. Carlsen, editors, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), pages 151–163, Copenhagen, Denkmark, May 1997. IFIP, Chapman & Hall, London.Google Scholar
  13. [13]
    Birgit Pfitzmann, Michael Waidner, and Andreas Pfitzmann. atRechtssicherheit trotz Anonymiät in offenen digitalen Systemen (in German). Datenschutz und Datensicherheit, 14(5–6):243–253, 305–315, 1990.Google Scholar
  14. [14]
    Emilie Lundin and Erland Jonsson. Privacy vs intrusion detection analysis. In Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection (RAID’99) [39].Google Scholar
  15. [15]
    Emilie Lundin and Erland Jonsson. Some practical and fundamental problems with anomaly detection. In Proceedings of NORDSEC’99, Kista Science Park, Sweden, November 1999.Google Scholar
  16. [16]
    Simone Fischer-Hübner and Klaus Brunnstein. Opportunities and risks of intrusion detection expert systems. In Proceedings of the International IFIP-GI-Conference Opportunities and Risks of Artificial Intelligence Systems ORAIS’89, Hamburg, Germany, July 1989. IFIP.Google Scholar
  17. [17]
    Simone Fischer-Hübner. IDA (Intrusion Detection and Avoidance System): Ein einbruchsentdeckendes und einbruchsvermeidendes System (in German). Informatik. Shaker, first edition, 1993.Google Scholar
  18. [18]
    Michael Sobirey. Aktuelle Anforderungen an Intrusion Detection-Systeme und deren Berücksichtigung bei der Systemgestaltung von AID2 (in German). In Hans H. Brüggemann and Waltraud Gerhardt-Häckl, editors, Proceedings of Verläßliche IT-Systeme, DuD-Fachbeiträge, pages 351–370, Rostock, Germany, April 1995. GI, Vieweg.Google Scholar
  19. [19]
    M. Sobirey, B. Richter, and H. König. The intrusion detection system AID-Architecture and experiences in automated audit trail analysis. In P. Horster, editor, Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security, pages 278–290, Essen, Germany, September 1996. IFIP, Chapman & Hall, London.Google Scholar
  20. [20]
    Michael Sobirey. Datenschutzoruientiertes Intrusion Detection (in German). DuD-Fachbeiträge. Vieweg, first edition, 1999.Google Scholar
  21. [21]
    Michael Meier and Thomas Holz. Sicheres Schlüsselmanagement für verteilte Intrusion-Detection-Systeme (in German). In Patrick Horster, editor, System-sicherheit, DuD-Fachbeiträge, pages 275–286, Bremen, Germany, March 2000. GI-2.5.3, ITG-6.2, OCG/ACS, TeleTrusT, Vieweg.Google Scholar
  22. [22]
    Roland Büschkes and Dogan Kesdogan. Privacy enhanced intrusion detection. In Kai Rannenberg, editors. Multilateral Security in Communications. Information Security. Addison Wesley, first edition, 1999 Müller and Rannenberg [38], pages 187–204.Google Scholar
  23. [23]
    Terry Escamilla. Intrusion Detection: Network Security Beyond the Firewall. Wiley Computer Publishing. John Wiley & Sons, Inc., first edition, 1998.Google Scholar
  24. [24]
    Katherine E. Price. Host-based misuse detection and conventional operating systems’ audit data collection. Master’s thesis, Purdue university, December 1997.Google Scholar
  25. [25]
    National Computer Security Center. US DoD Standard: Department of Defense Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, Supercedes CSC-STD-001-83, dtd 15 Aug 83, Library No. S225,711, December 1985.
  26. [26]
    National Computer Security Center. Audit in trusted systems. NCSC-TG-001, Library No. S-228,470, July 1987.
  27. [27]
    Common Criteria Implementation Board, editor. Common Criteria for Information Technology Security Evaluation — Part 2: Security functional requirements, Version 2.1. Number CCIMB-99-032. National Institute of Standards and Technology, August 1999.
  28. [28]
    Inc. Sun Microsystems. Solaris 2.6 System Administrator Collection, volume 1, chapter SunSHIELD Basic Security Module Guide. Sun Microsystems, Inc., 1997.Google Scholar
  29. [29]
    Rebecca Gurley Bace. Intrusion Detection. Macmillan Technical Publishing, first edition, 2000.Google Scholar
  30. [30]
    Hervé Debar, Marc Dacier, and Andreas Wespi. Towards a taxonomy of intrusiondetection systems. Technical Report 93076, IBM Research Division, Zurich Research Laboratory, 8803 Rüschlikon, Switzerland, June 1998.Google Scholar
  31. [31]
    Darren Reed. Ip filter., 1999.
  32. [32]
    Stephen E. Smaha. svr4++, A common audit trail interchange format for Unix. Technical report, Haystack Laboratories, Inc., Austin, Texas, October 1994. Version 2.2.Google Scholar
  33. [33]
    Matt Bishop. A standard audit trail format. In Proceedings of the 18th National Information Systems Security Conference, pages 136–145, Baltimore, Maryland, October 1995.Google Scholar
  34. [34]
    Stefan Axelsson, Ulf Lindquist, and Ulf Gustafson. An approach to unix security logging. In Proceedings of the 21st National Information Systems Security Conference, pages 62–75, Crystal City, Arlington, VA, October 1998.Google Scholar
  35. [35]
    Douglas Robert Stinson. Cryptography — Theory and Practice, chapter Secret Sharing Schemes, pages 326–331. Discrete mathematics and its applications. CRC Press, first edition, 1995.Google Scholar
  36. [36]
    Bruce Schneier and John Kelsey. Cryptographic support for secure logs on untrusted machines. In Proceedings of the First International Workshop on the Recent Advances in Intrusion Detection (RAID’98), Lovain-la-Neuve, Belgium, September 1998. IBM Emergency Response Team. content.html.
  37. [37]
    John Kelsey and Bruce Schneier. Minimizing bandwidth for remote access to cryptographically protected audit logs. In Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection (RAID’99) [39].Google Scholar
  38. [38]
    Günter Müller and Kai Rannenberg, editors. Multilateral Security in Communications. Information Security. Addison Wesley, first edition, 1999.Google Scholar
  39. [39]
    Purdue University, CERIAS. Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection (RAID’99), West Lafayette, Indiana, September 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Ulrich Flegel
    • 1
  1. 1.University of DortmundDortmundGermany

Personalised recommendations