On the Difficult Tradeoff Between Security and Privacy: Challenges for the Management of Digital Identities

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)


The deployment of security measures can lead in many occasions to an infringement of users’ privacy. Indeed, nowadays we have many examples about surveillance programs or personal data breaches in online service providers. In order to avoid the latter problem, we need to establish security measures that do not involve a violation of privacy rights. In this communication we discuss the main challenges when conciliating information security and users’ privacy.


  1. 1.
  2. 2.
    Aaber, Z.S., Crowder, R.M., Fadhel, N.F., Wills, G.B.: Preventing document leakage through active document. In: 2014 World Congress on Internet Security (WorldCIS), pp. 53–58 (Dec 2014)Google Scholar
  3. 3.
    Backes, M., Gerling, S., Lorenz, S., Lukas, S.: X-pire 2.0: A user-controlled expiration date and copy protection mechanism. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1633–1640. SAC ’14, ACM, New York, NY, USA (2014). doi:http://doi.acm.org/10.1145/2554850.2554856
  4. 4.
    Backes, M., Maffei, M., Pecina, K.: Automated synthesis of privacy-preserving distributed applications. In: Proceedings of ISOC NDSS (2012). http://www.lbs.cs.uni-saarland.de/publications/asosda-long.pdf
  5. 5.
    Balsa, E., Brandimarte, L., Acquisti, A., Diaz, C., Gurses, S.: Spiny CACTOS: OSN users attitudes and perceptions towards cryptographic access control tools. In: Proceedings 2014 Workshop on Usable Security (2014). https://www.internetsociety.org/doc/spiny-cactos-osn-users-attitudes-and-perceptions-towards-cryptographic-access-control-tools
  6. 6.
    Benjumea, V., Choi, S.G., Lopez, J., Yung, M.: Anonymity 2.0 - X.509 extensions supporting privacy-friendly authentication. In: Proceedings of Cryptology and Network Security, 6th International Conference, CANS 2007, pp. 265–281. Singapore, 8–10 Dec 2007. doi:10.1007/978-3-540-76969-9_17
  7. 7.
    Bertino, E., Ghinita, G., Kantarcioglu, M., Nguyen, D., Park, J., Sandhu, R., Sultana, S., Thuraisingham, B., Xu, S.: A roadmap for privacy-enhanced secure data provenance. J. Intell. Inf. Syst. 43(3), 481–501 (2014)CrossRefGoogle Scholar
  8. 8.
    Boyd, C.: Digital multisignatures. In: Cryptography Coding, pp. 241–246 (1989)Google Scholar
  9. 9.
    Camenisch, J.: Efficient anonymous fingerprinting with group signatures. In: Advances in Cryptology-ASIACRYPT 2000, pp. 415–428. Springer (2000)Google Scholar
  10. 10.
    Chaum, D., van Heyst, E.: Group signatures. In: Proceedings of Advances in Cryptology—EUROCRYPT’91, Workshop on the Theory and Application of of Cryptographic Techniques, pp. 257–265. Brighton, UK, 8–11 April 1991. doi:10.1007/3-540-46416-6_22
  11. 11.
    Chow, S.S., Yiu, S.M., Hui, L.C.: Efficient identity based ring signature. In: Applied Cryptography and Network Security. pp. 499–512. Springer (2005)Google Scholar
  12. 12.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Advances in Cryptology-CRYPTO 2012, pp. 643–662. Springer (2012)Google Scholar
  13. 13.
    Díaz, C., Tene, O., Gürses, S.: Hero or villain: the data controller in privacy law and technologies. Ohio State Law J. 74 (2013)Google Scholar
  14. 14.
    Diaz, J., Arroyo, D., Rodriguez, F.B.: A formal methodology for integral security design and verification of network protocols. J. Syst. Softw. Accepted (In Press). doi:10.1016/j.jss.2013.09.020
  15. 15.
    Diaz, J., Arroyo, D., Rodriguez, F.B.: Fair anonymity for the Tor network. CoRR abs/1412.4707 (2014), http://arxiv.org/abs/1412.4707
  16. 16.
    Diaz, J., Arroyo, D., Rodriguez, F.B.: New x.509-based mechanisms for fair anonymity management. Comput. Secur. 46, 111–125 (2014). doi:10.1016/j.cose.2014.06.009 CrossRefGoogle Scholar
  17. 17.
    Fakhoury, H.M.: Technology and privacy can co-exist. The New York Times (12 Dec 2012). http://www.nytimes.com/roomfordebate/2012/12/11/privacy-and-the-apps-you-download/privacy-and-technology-can-and-should-co-exist
  18. 18.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)Google Scholar
  19. 19.
    Gurses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 317, 1178–1179. http://www.ncbi.nlm.nih.gov/pubmed/17761870
  20. 20.
    He, W., Akhawe, D., Jain, S., Shi, E., Song, D.: Shadowcrypt: Encrypted web applications for everyone. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1028–1039. ACM (2014)Google Scholar
  21. 21.
    Henry, R., Henry, K., Goldberg, I.: Making a nymbler nymble using verbs. In: Privacy Enhancing Technologies, pp. 111–129 (2010)Google Scholar
  22. 22.
    Johnson, P.C., Kapadia, A., Tsang, P.P., Smith, S.W.: Nymble: anonymous ip-address blocking. In: Privacy Enhancing Technologies, pp. 113–133 (2007)Google Scholar
  23. 23.
    Juels, A., Kaliski Jr, B.S.: Pors: Proofs of retrievability for large files. In: Proceedings of the 14th ACM conference on Computer and communications security, pp. 584–597. ACM (2007)Google Scholar
  24. 24.
    Li, S., Sadeghi, A.R., Heisrath, S., Schmitz, R., Ahmad, J.: hpin/htan: a lightweight and low-cost e-banking solution against untrusted computers. In: Danezis, G. (ed.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 7035, pp. 235–249. Springer, Berlin Heidelberg (2012). doi:10.1007/978-3-642-27576-0_19
  25. 25.
    Long, J., Skoudis, E., Eijkelenborg, A.V.: Google Hacking for Penetration Testers. Syngress Publishing, San Francisco (2004)Google Scholar
  26. 26.
    OECD: The E-Government imperative (Complete Edition—ISBN 9264101179), E-Government Studies, vol. 2003 (2003)Google Scholar
  27. 27.
    Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using mylar. In: Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014, pp. 157–172, 2014, Seattle, WA, USA, April 2–4(2014). https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/popa
  28. 28.
    Preibusch, S., Peetz, T., Acar, G., Berendt, B.: Purchase details leaked to PayPal. In: Financial Cryptography (2015). https://lirias.kuleuven.be/handle/123456789/476251
  29. 29.
    Qureshi, A., MegÃas, D., Rifà -Pous, H.: Framework for preserving security and privacy in peer-to-peer content distribution systems. Expert Syst. Appl. 42(3), 1391–1408 (2015). http://www.sciencedirect.com/science/article/pii/S0957417414005351
  30. 30.
    Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t jane protect her privacy? In: Privacy Enhancing Technologies, pp. 244–262. Springer (2014)Google Scholar
  31. 31.
    Ryck, P.D.: Client-side web security: mitigating threats against web sessions. Ph.D. thesis, University of Leuven (2014). https://lirias.kuleuven.be/bitstream/123456789/471059/1/thesis.pdf
  32. 32.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)CrossRefGoogle Scholar
  33. 33.
    Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), pp. 121–128. IEEE (2014)Google Scholar
  34. 34.
    Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: The role of the underground market in twitter spam and abuse. In: Proceedings of the 22nd Usenix Security Symposium (2013)Google Scholar
  35. 35.
    Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In: ACM Conference on Computer and Communications Security, pp. 72–81 (2007)Google Scholar
  36. 36.
    Tsang, P.P., Kapadia, A., Cornelius, C., Smith, S.W.: Nymble: blocking misbehaving users in anonymizing networks. IEEE Trans. Dependable Sec. Comput. 8(2), 256–269 (2011)CrossRefGoogle Scholar
  37. 37.
    De Capitani di Vimercati, S., Erbacher, R., Foresti, S., Jajodia, S., Livraga, G., Samarati, P.: Encryption and fragmentation for data confidentiality in the cloud. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) Foundations of Security Analysis and Design VII, Lecture Notes in Computer Science, vol. 8604, pp. 212–243. Springer International Publishing (2014). doi:10.1007/978-3-319-10082-1_8
  38. 38.
    Whitten, A., Tygar, J.D.: Why johnny can’t encrypt: a usability evaluation of pgp 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium—Volume 8, pp. 14–14. SSYM’99, USENIX Association, Berkeley, CA, USA (1999). http://dl.acm.org/citation.cfm?id=1251421.1251435

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Departamento de Ingenieria Informatica, Escuela Politecnica Superior, Grupo de Neurocomputacion BiologicaUniversidad Autonoma de Madrid MadridSpain
  2. 2.Institute of Physical and Information Technologies (ITEFI)Spanish National Research Council (CSIC)MadridSpain

Personalised recommendations