Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection

  • Ulrich FlegelEmail author
  • Florian Kerschbaum
  • Philip Miseldine
  • Ganna Monakova
  • Richard Wacker
  • Frank Leymann
Part of the Advances in Information Security book series (ADIS, volume 49)


One company by itself cannot detect all instances of fraud or insider attacks. An example is the simple case of buyer fraud: a fraudulent buyer colludes with a supplier creating fake orders for supplies that are never delivered. They circumvent internal controls in place to prevent this kind of fraud, such as a goods receipt, e.g., by ordering services instead of goods. Based on the evidence collected at one company, it is often extremely difficult to detect such fraud, but if companies collaborate and correlate their evidence, they could detect that the ordered services have never actually been provided.


Personal Data Service Orient Architecture Privacy Issue Data Privacy Sustainable Solution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB, pp. 143–154. Morgan Kaufmann (2002)Google Scholar
  2. 2.
    Atallah, M.J., Bykova, M., Li, J., Frikken, K.B., Topkara, M.: Private collaborative forecasting and benchmarking. In: V. Atluri, P.F. Syson, S.D.C. diver Vimercati (eds.) Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 103–114. ACM (2004)Google Scholar
  3. 3.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th ACM Symposium on Theory of Computing, pp. 1–10. ACM (1988)Google Scholar
  4. 4.
    Bizer, J.: Sieben goldene Regeln des Datenschutzes. Datenschutz und Datensicherheit 31(5), 350–356 (2007)CrossRefGoogle Scholar
  5. 5.
    Botan, I., Kossmann, D., Fischer, P.M., Kraska, T., Florescu, D., Tamosevicius, R.: Extending XQuery with window functions. In: VLDB ’07: Proceedings of the 33rd international conference on Very Large Data Bases, pp. 75–86. VLDB Endowment (2007)Google Scholar
  6. 6.
    Decker, G., Kopp, O., Barros, A.: An Introduction to Service Choreographies. Information Technology 50(2), 122–127 (2008)Google Scholar
  7. 7.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: G. Brassard (ed.) Proceedings of the Conference on Advances in Cryptology (CRYPTO’89), no. 435 in Lecture Notes in Computer Science, pp. 307–315. Springer, Santa Barbara, California (1989)Google Scholar
  8. 8.
    Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 (1995).
  9. 9.
    Flegel, U.: Pseudonymizing Unix log files. In: G. Davida, Y. Frankel, O. Rees (eds.) Proceedings of the Infrastructure Security Conference (InfraSec2002), no. 2437 in Lecture Notes in Computer Science, pp. 162–179. Springer, Bristol, United Kingdom (2002)Google Scholar
  10. 10.
    Flegel, U.: Privacy-Respecting Intrusion Detection, Advances in Information Security, vol. 35. Springer, New York (2007)Google Scholar
  11. 11.
    Gemmel, P.S.: An introduction to threshold cryptography. Cryptobytes 2(3), 7–12 (1997)Google Scholar
  12. 12.
    Federal data protection act. In: German Federal Law Gezette, p. 2954 ff. (1990). http: //
  13. 13.
    Criminal code. In: German Federal Law Gezette, p. 945 ff. (1998).
  14. 14.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th ACM Conference on Theory of Computing, pp. 218–229. ACM (1987)Google Scholar
  15. 15.
    Karastoyanova, D., Khalaf, R., Schroth, R., Paluszek, M., Leymann, F.: BPEL Event Model. Technical Report Computer Science 2006/10, University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany, University of Stuttgart, Institute of Architecture of Application Systems (2006)Google Scholar
  16. 16.
    Kerschbaum, F.: Distance-preserving pseudonymization for timestamps and spatial data. In: P. Ning, T. Yu (eds.) WPES, pp. 68–71. ACM (2007)Google Scholar
  17. 17.
    Kopp, O., van Lessen, T., Nitzsche, J.: The Need for a Choreography-aware Service Bus. In: YR-SOC 2008, pp. 28–34. Online (2008)Google Scholar
  18. 18.
    Lee, A.J., Tabriz, P., Borisov, N.: A privacy-preserving interdomain audit framework. In: Proceedings of the 5th ACM workshop on Privacy in electronic society, pp. 99–108. ACM, New York, NY, USA (2006). DOI Scholar
  19. 19.
    Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correlation of security alerts. In: Proceedings of the 13th USENIX Security Symposium, pp. 239–254. San Diego, California, USA (2004)Google Scholar
  20. 20.
    Mills, D.: Network time protocol (version 3) specification, implementation (1992)Google Scholar
  21. 21.
    OASIS: Web Services Security Policy Language (WS-SecurityPolicy) (2005). URL Google Scholar
  22. 22.
    OASIS: Web ServicesBusiness Process Execution Language Version 2.0 (2007)Google Scholar
  23. 23.
    OASIS: Web Services Reliable Messaging Policy Assertion (WS-RM Policy) (2008). URL Google Scholar
  24. 24.
    OECD: Guidelines on the protection of privacy and transborder flows of personal data., 3343, en_2649_34255_1815186_1_1_1_1, 00.html, (2009-07-01) (1980)
  25. 25.
    OMG: Business process modelling notation (BPMN) specification version 1.2 (2006)Google Scholar
  26. 26.
    Parekh, J.J., Wang, K., Stolfo, S.J.: Privacy-preserving payload-based correlation for accurate malicious traffic detection. In: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pp. 99–106. ACM, New York, NY, USA (2006). DOI 1145 / 1162666.1162667Google Scholar
  27. 27.
    United States House of Representatives 93d Congress, n.S.: US privacy act of 1974. http: // 4privacyact -overview.htm (2009-07-01)
  28. 28.
    Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    W3C: OWL-S: Semantic Markup for Web Services (2004). URL
  30. 30.
    W3C: Web Service Modeling Ontology (WSMO) (2005). URL
  31. 31.
    W3C: Web Services Policy 1.2 - Framework (WS-Policy) (2006). URL
  32. 32.
    W3C: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language (2007). URL
  33. 33.
    Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)Google Scholar
  34. 34.
    Xu, J., Fan, J., Ammar, M., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), pp. 280–289 (2002)Google Scholar
  35. 35.
    Yao, A.C.C.: Protocols for secure computations (extended abstract). In: Proceedings of the annual IEEE Symposium on Foundations of Computer Science, pp. 160–164. IEEE (1982)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Ulrich Flegel
    • 1
    Email author
  • Florian Kerschbaum
    • 1
  • Philip Miseldine
    • 1
  • Ganna Monakova
    • 2
  • Richard Wacker
    • 3
  • Frank Leymann
    • 2
  1. 1.SAP Research Center KarlsruheKarlsruheGermany
  2. 2.Institute of Architecture of Application SystemsUniversity of StuttgartStuttgartGermany
  3. 3.Institut für Informations- und Wirtschaftsrecht (IIWR)Karlsruhe Institute of Technology (KIT)KarlsruheGermany

Personalised recommendations