Privacy Patterns for Pseudonymity
- 628 Downloads
Abstract
To implement the principle of Privacy by Design mentioned in the European General Data Protection Regulation one important measurement stated there is pseudonymisation. Pseudonymous data is widely used in medical applications and is investigated e.g. for vehicular ad-hoc networks and Smart Grid. The concepts used there address a broad range of important aspects and are therefore often specific and complex. Some privacy patterns are already addressing pseudonymity, but they are mostly abstract or rather very specific. This paper proposes privacy patterns for the development of pseudonymity concepts based on the analysis of pseudonymity solutions in use cases.
Keywords
Privacy by Design Privacy patterns Pseudonymity AnonymityNotes
Acknowledgement
This work was supported by the Ministry for Science and Culture of Lower Saxony as part of SecuRIn (VWZN3224).
References
- 1.Regulation (EU) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
- 2.Biskup, J., Flegel, U.: On pseudonymization of audit data for intrusion detection. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 161–180. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44702-4_10CrossRefGoogle Scholar
- 3.Caiza, J.C., Martín, Y.S., Del Alamo, J.M., Guamán, D.S.: Organizing design patterns for privacy: a taxonomy of types of relationships. In: Proceedings of the 22nd European Conference on Pattern Languages of Programs, EuroPLoP 2017, pp. 32:1–32:11. ACM, New York (2017)Google Scholar
- 4.Camenisch, J., Lehmann, A.: Privacy-preserving user-auditable pseudonym systems. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 269–284, April 2017Google Scholar
- 5.Caumanns, J.: Der Patient bleibt Herr seiner Daten Realisierung des eGK-Berechtigungskonzepts über ein ticketbasiertes, virtuelles Dateisystem. Informatik-Spektrum 29(5), 323–331 (2006)CrossRefGoogle Scholar
- 6.Colesky, M., et al.: Privacy patterns. https://privacypatterns.org/. Accessed 1 Aug 2018
- 7.Drozd, O.: Privacy pattern catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: Aspinall, D., Camenisch, J., Hansen, M., Fischer-Hübner, S., Raab, C. (eds.) Privacy and Identity 2015. IAICT, vol. 476, pp. 129–140. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41763-9_9CrossRefGoogle Scholar
- 8.Falletta, V., Teofili, S., Proto, S., Bianchi, G.: P-DIBS: Pseudonymised DIstributed billing system for improved privacy protection. In: 2007 16th IST Mobile and Wireless Communications Summit, pp. 1–5, July 2007Google Scholar
- 9.Finster, S., Baumgart, I.: Pseudonymous smart metering without a trusted third party. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1723–1728, July 2013Google Scholar
- 10.Gong, Y., Cai, Y., Guo, Y., Fang, Y.: A privacy-preserving scheme for incentive-based demand response in the smart grid. IEEE Trans. Smart Grid 7(3), 1304–1313 (2016)CrossRefGoogle Scholar
- 11.Gudymenko, I.: A privacy-preserving e-ticketing system for public transportation supporting fine-granular billing and local validation. In: Proceedings of the 7th International Conference on Security of Information and Networks, SIN 2014, pp. 101:101–101:108. ACM, New York (2014)Google Scholar
- 12.Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)Google Scholar
- 13.Henrici, D., Gotze, J., Muller, P.: A hash-based pseudonymization infrastructure for RFID systems. In: Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2006), pp. 6-27, June 2006Google Scholar
- 14.Heurix, J., Karlinger, M., Neubauer, T.: Pseudonymization with metadata encryption for privacy-preserving searchable documents. In: 2012 45th Hawaii International Conference on System Sciences, pp. 3011–3020, January 2012Google Scholar
- 15.Hillen, C.: The pseudonym broker privacy pattern in medical data collection. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 999–1005, August 2015Google Scholar
- 16.Hussain, R., Son, J., Kim, D., Nogueira, M., Oh, H., Tokuta, A.O., Seo, J.: PBF: a new privacy-aware billing framework for online electric vehicles with bidirectional auditability. Wirel. Commun. Mob. Comput. 2017 (2017)CrossRefGoogle Scholar
- 17.IBM Research - Zürich: Specification of the identity mixer cryptographic library version 2.4.43. https://abc4trust.eu/index.php?option=com_content&view=article&id=187. Accessed 1st Aug 2018
- 18.Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 194–201. IEEE (2017)Google Scholar
- 19.Liu, H., Ning, H., Zhang, Y., Guizani, M.: Battery status-aware authentication scheme for V2G networks in smart grid. IEEE Trans. Smart Grid 4(1), 99–110 (2013)CrossRefGoogle Scholar
- 20.Lu, R., Lin, X., Luan, T.H., Liang, X., Shen, X.: Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE Trans. Veh. Technol. 61(1), 86–96 (2012)CrossRefGoogle Scholar
- 21.Mano, K., Minami, K., Maruyama, H.: Privacy-preserving publishing of pseudonym-based trajectory location data set. In: 2013 International Conference on Availability, Reliability and Security, pp. 615–624, September 2013Google Scholar
- 22.Martinez-Pelaez, R., Rico-Novella, F., Satizabal, C.: Mobile payment protocol for micropayments: withdrawal and payment anonymous. In: 2008 New Technologies, Mobility and Security, pp. 1–5, November 2008Google Scholar
- 23.Narayanan, A., Shmatikov, V.: Robust De-anonymization of Large Sparse Datasets. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP 2008, pp. 111–125. IEEE Computer Society, Washington, DC, USA (2008)Google Scholar
- 24.Neubauer, T., Kolb, M.: Technologies for the pseudonymization of medical data: a legal evaluation. In: 2009 Fourth International Conference on Systems, pp. 7–12, March 2009Google Scholar
- 25.Neubauer, T., Heurix, J.: A methodology for the pseudonymization of medical data. Int. J. Med. Inform. 80(3), 190–204 (2011)CrossRefGoogle Scholar
- 26.Noumeir, R., Lemay, A., Lina, J.M.: Pseudonymization of radiology data for research purposes. J. Digit. Imaging 20(3), 284–295 (2007)CrossRefGoogle Scholar
- 27.PCI Security Standards Council: Tokenization product security guidelines. Technical report 1.0, PCI Security Standards Council, April 2015. https://www.pcisecuritystandards.org/documents/Tokenization_Product_Security_Guidelines.pdf
- 28.Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)Google Scholar
- 29.Pommerening, K., Reng, M.: Secondary use of the EHR via pseudonymisation. Stud. Health Technol. Inform. 103, 441–446 (2004)Google Scholar
- 30.Rahim, Y.A., Sahib, S., Ghani, M.K.A.: Pseudonmization techniques for clinical data: Privacy study in Sultan Ismail Hospital Johor Bahru. In: 7th International Conference on Networked Computing, pp. 74–77, September 2011Google Scholar
- 31.Riedl, B., Grascher, V., Neubauer, T.: Applying a threshold scheme to the pseudonymization of health data. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 397–400, December 2007Google Scholar
- 32.Rottondi, C., Mauri, G., Verticale, G.: A data pseudonymization protocol for smart grids. In: 2012 IEEE Online Conference on Green Communications (GreenCom), pp. 68–73, September 2012Google Scholar
- 33.Schumacher, M.: Security patterns and security standards - with selected security patterns for anonymity and privacy. In: Privacy, European Conference on Pattern Languages of Programs (EuroPLoP 2003) (2003)Google Scholar
- 34.Seigneur, J.M., Jensen, C.D.: Trust enhanced ubiquitous payment without too much privacy loss. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC 2004, pp. 1593–1599. ACM, New York (2004)Google Scholar
- 35.Stingl, C., Slamanig, D.: Berechtigungskonzept für ein ehealth-portal. na (2007)Google Scholar
- 36.Sweeney, L.: Simple demographics often identify people uniquely. Health (San Franc.) 671, 1–34 (2000)Google Scholar
- 37.Thenmozhi, T., Somasundaram, R.M.: Pseudonyms based blind signature approach for an improved secured communication at social spots in VANETs. Wirel. Pers. Commun. 82(1), 643–658 (2015)CrossRefGoogle Scholar
- 38.Zhao, X., Li, H.: Privacy preserving authenticating and billing scheme for video streaming service. In: Wen, S., Wu, W., Castiglione, A. (eds.) CSS 2017. LNCS, vol. 10581, pp. 396–410. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69471-9_29CrossRefGoogle Scholar