Pseudonymous Audit for Privacy Enhanced Intrusion Detection

  • Michael Sobirey
  • Simone Fischer-Hübner
  • Kai Rannenberg
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT)


Intrusion detection systems can serve as powerful security audit analysis tools. But by analysing the user activities, they are affecting the privacy of the users at the same time. Pseudonymous audit can be the basis for privacy enhanced intrusion detection. In this paper, the concept of pseudonymous audit for privacy enhanced intrusion detection and its prototype realisations are presented. Furthermore it is discussed whether IT security evaluation criteria cover pseudonymous audit and the respective changes are suggested.*


Pseudonymous audit privacy enhancing technologies intrusion detection systems IT security evaluation criteria 


  1. [BauKo88]
    Bauer, D. S.; Koblentz, M. E.: NIDX–An expert system for real-time network intrusion detection, Proc. of the IEEE Computer Networking Symp., New York, NY, April 1988, 98–106Google Scholar
  2. [Bru+91]
    Brunnstein, K.; Fischer-Hübner, S.; Swimmer, M.: Concepts of an expert system for virus detection, Lindsay, D.; Price, W. (eds.): Information Security, Proc. of the IFIP/Sec’91Conference, Brighton, UK, May 1991, North Holland, Elsevier, 391–402Google Scholar
  3. [CCEB96]
    Common Criteria Editorial Board: Common Criteria for Information Technology Security Evaluation, version 1.0, Jan. 1996, 4 of 5 partsGoogle Scholar
  4. [CDN_SSC93]
    Canadian System Security Center: The Canadian Trusted Security Evaluation Criteria, version 3.0e, Jan. 1993, Communications Security Establishment, Government of CanadaGoogle Scholar
  5. [CEC91]
    Commission of the European Communities: IT Security Evaluation Criteria, V. 1. 2, Office for Official Publications of the European Communities, Luxembourg, June 1991Google Scholar
  6. [Chau85]
    Chaum, D.: Security without Identification: Transaction systems to make a Big Brother obsolete, CACM 28(1985)10, 1030–1044Google Scholar
  7. [De+87]
    Denning, D. E.; Neumann, P G; Parker, D.: Social aspects of computer security, Proc. of the 10th National Computer Security Conference ( NCSC ), Baltimore, MD, 1987, 320–325Google Scholar
  8. [DoRa90]
    Dowell, C.; Ramstedt, P.: The ComputerWatch data reduction tool, Proc. of the 13th NCSC, Washington, D.C., Oct. 1990, 99–108Google Scholar
  9. [DSL90]
    Intrusion Detection: The State of the Art, Data Security Letter no. 22, Nov. 1990, 4–7Google Scholar
  10. [EU95]
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataGoogle Scholar
  11. [Fî92]
    Fischer-Hübner, S.: IDA - An Intrusion Detection and Avoidance System (in German), dissertation, Aachen, Shaker, 1992Google Scholar
  12. [Fî94]
    Fischer-Hübner, S.: Towards a privacy-friendly design and use of IT-security mechanisms, Proc. of the 17th NCSC, Baltimore, MD, Oct. 1994, 142–152Google Scholar
  13. [Fi+92]
    Fischer-Hübner, S.; Yngström, L.; Holvast, J.: Addressing vulnerability and privacy problems generated by the use of IT-security mechanisms, in Aiken, R. (ed.): Proc. of the IFIP 12th World Computer Congress, vol. II, Education and Society, Madrid, Sept. 1992, 245–257Google Scholar
  14. [HaMa92]
    Habra, N.; Mathieu, I.: ASAX: Software architecture and rule-based language for universal audit trail analysis, Deswarte, Y.; Eizenberg, G. (eds.): Proc. of the 2nd European Symposium on Research in Computer Security (ESORICS’ 92), Toulouse, Nov. 1992, 435–450Google Scholar
  15. [HLI95]
    Haystack Laboratories, Inc.: Stalker version 2, product description, 1995Google Scholar
  16. ISO/IEC95]
    International Organization for Standardization /International Electrotechnical Commission, Joint Technical Committee 1, Subcommittee 27: Evaluation Criteria for IT Security, Part 1–3, Working Drafts Winter 1995/96; Documents ISO/IEC JTC1/SC27/N1269, ISO/IEC JTC1/SC27/N1270, ISO/IEC JTC1/SC27/N1271Google Scholar
  17. [Lu+92]
    Lunt, T. et al.: A real time Intrusion Detection Expert System (IDES) - Final Report, SRI International, Menlo Park, CA, Feb. 1992Google Scholar
  18. [Mo91]
    Moitra, A.: Audit Log Viewer and Analyzer, Proc. of the 7th Intrusion Detection Workshop, May 1991, SRI International, Menlo Park, CAGoogle Scholar
  19. [Pfi+91]
    Pfitzmann, A.; Pfitzmann, B.; Waidner, M.: ISDN-MIXes: Untraceable communication with very small bandwidth overhead, Proc. of the IFIP-TC11 Sec’91 Conference, Brighton, UK, May 1991, 245–257Google Scholar
  20. [Pro94]
    Proctor, P.: Audit reduction and misuse detection in heterogeneous environments: Framework and application, Proc. of the 10th Annual Computer Security Applications Conference, Orlando, FL, Dec. 1994, 117–125Google Scholar
  21. [Ra94]
    Rannenberg, K.: Recent Development in IT Security Evaluation–The Need for Evaluation Criteria for multilateral Security; in Sizer, R. et al.: Security and Control of Information Technology in Society–Proc. of the IFIP TC9/WG 9.6 Working Conference, August 12–17, 1993, St. Petersburg, Russia; North-Holland, Amsterdam, 1994, 113–128Google Scholar
  22. [ReIPC95]
    Registratiekamer, The Netherlands and Information and Privacy Commissioner/Ontario, Canada: Privacy-enhancing Technologies: The path to anonymity, vol. I, Aug. 1995Google Scholar
  23. [Schae9l]
    Schaefer, L. J.: Employee privacy and intrusion detection systems: Monitoring on the job, Proc. of the 14th NCSC, Washington, D. C., Oct. 1991, 188–194Google Scholar
  24. [Sma88]
    Smaha, S. E.: Haystack: An intrusion detection system, Proc. of the 11th NCSC, Baltimore, MD, Oct. 1988, 37–44Google Scholar
  25. [SmaWi94]
    Smaha, S. E.; Winslow, J.: Misuse detection tools, Computer Security Journal 10(1994)1, Spring, 39–49Google Scholar
  26. [Sna+91]
    Snapp, S. R. et al.: DIDS (Distributed Intrusion Detection System) Motivation, archi- tecture and an early prototype, Proc. of the 14th NCSC, Washington, Oct. 1991, 167–176Google Scholar
  27. [So+96]
    Sobirey, M.; Richter, B.; König, H.: The Intrusion Detection System AID. Architecture, and experiences in automated audit analysis, in Horster, P. (ed.): Communications and Multimedia Security II, Proc. of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security, Essen, Germany, Sept. 1996, Chapman and Hall, London, 278–290Google Scholar
  28. [SoFi96]
    Sobirey, M.; Fischer-Hübner, S.: Privacy oriented audit, Draft Proc. of the 13th Annual CSR (Centre for Software Reliability) Workshop “Design for Protecting the User”, Bürgenstock, Switzerland, Sept. 1996, section 13Google Scholar
  29. [SoRa96]
    Sobirey, M.; Rannenberg, K.: Remarks on the Coverage of Pseudonymous Auditing in the Evaluation Criteria for IT Security; Att. 2 to the German NB Reasons for disapproval of ISO/IEC CD 15408–2 (ISO/IEC JTC 1/SC 27 N 1402); Summary of Voting, ISO/IEC JTC 1/SC27 N1476Google Scholar
  30. [US_DOD85]
    US DoD Standard: Department of Defense Trusted Computer System Evaluation Criteria, Dec. 1985, DOD 5200.28-STD, Supersedes CSC-STD-001–83, dtd 15 Aug. 83Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 1997

Authors and Affiliations

  • Michael Sobirey
    • 1
  • Simone Fischer-Hübner
    • 2
  • Kai Rannenberg
    • 3
  1. 1.Computer Science InstituteBrandenburg University of Technology at CottbusCottbusGermany
  2. 2.Faculty for InformaticsUniversity of HamburgHamburgGermany
  3. 3.Institute for Informatics and Society, Telematics DepartmentUniversity of FreiburgFreiburgGermany

Personalised recommendations