Pseudonymization Service for X-Road eGovernment Data Exchange Layer

  • Jan Willemson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6866)


Pseudonymization is sometimes used as a light-weight alternative to fully cryptographic solutions, when information from different data sources needs to be linked in a privacy-preserving manner. In this paper, we review several previously proposed pseudonymization techniques, point out their cryptographic and design flaws. As a solution, we have developed a simple pseudonymization framework based on X-Road, a unified database access layer serving as the basis for most eGovernment services developed in Estonia. Our solution has been fully implemented and benchmarking results together with the security analysis are presented to conclude the paper.


  1. 1.
    Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, SIGMOD 2003, pp. 86–97. ACM, New York (2003)Google Scholar
  2. 2.
    Ansper, A., Buldas, A., Freudenthal, M., Willemson, J.: Scalable and eficient PKI for inter-organizational communication. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 308–318. IEEE, Los Alamitos (2003)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM, New York (1993)Google Scholar
  4. 4.
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: CCS 2008: Proceedings of the 15th ACM conference on Computer and communications security, pp. 257–266. ACM, New York (2008)CrossRefGoogle Scholar
  5. 5.
    Bogdanov, D., Laur, S., Willemson, J.: Sharemind: A framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Bogetoft, P., Christensen, D.L., Damgård, I., Geisler, M., Jakobsen, T.P., Krøigaard, M., Nielsen, J.D., Nielsen, J.B., Nielsen, K., Pagter, J., Schwartzbach, M.I., Toft, T.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51, 557–594 (2004)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  9. 9.
    Galindo, D., Verheul, E.R.: Microdata sharing via pseudonymization. In: Work Session on Statistical Data Confidentiality, Manchester, December 17-19, 2007, pp. 24–32. Eurostat (2009)Google Scholar
  10. 10.
    Galindo, D., Verheul, E.R.: Pseudonymized Data Sharing. In: Privacy and Anonymity in Information Management Systems: New Techniques for New Practical Problems. Advanced Information and Knowledge Processing, pp. 157–179. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM, New York (2009)Google Scholar
  12. 12.
    Kalja, A.: System integration process of government information systems. In: Kocaoglu, D., Anderson, T., Piscataway, N. (eds.) Proceedings of PICMET 2003: Portland International Conference on Management of Engineering and Technology (2003)Google Scholar
  13. 13.
    Kalja, A., Reitsakas, A., Saard, N.: eGovernment in Estonia: best practices. In: Anderson, T.R., Daim, T.U., Kocaoglu, D.F., Piscataway, N. (eds.) Technology Management: A Unifying Discipline for Melting the Boundaries, pp. 500–506 (2005)Google Scholar
  14. 14.
    Lo Iacono, L.: Multi-centric universal pseudonymisation for secondary use of the EHR. Studies in Health Technology and Informatics 126, 239–247 (2007)Google Scholar
  15. 15.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay—a secure two-party computation system. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, pp. 287–302. USENIX Association, Berkeley (2004)Google Scholar
  16. 16.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, pp. 111–125 (2008)Google Scholar
  17. 17.
    Neubauer, T., Heurix, J.: A methodology for the pseudonymization of medical data. International Journal of Medical Informatics, 1–15 (November 2010) (in print)Google Scholar
  18. 18.
    Neubauer, T., Kolb, M.: Technologies for the Pseudonymization of Medical Data: A Legal Evaluation. In: Fourth International Conference on Systems, pp. 7–12. IEEE, Los Alamitos (2009)Google Scholar
  19. 19.
    Pommerening, K., Reng, M.: Secondary use of the EHR via pseudonymisation. Studies in Health Technology and Informatics 103, 441–446 (2004)Google Scholar
  20. 20.
    Riedl, B., Grascher, V., Fenz, S., Neubauer, T.: Pseudonymization for improving the Privacy in E-Health Applications. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), pp. 255–264. IEEE, Los Alamitos (January 2008)CrossRefGoogle Scholar
  21. 21.
    Riedl, B., Grascher, V., Neubauer, T.: A Secure e-Health Architecture based on the Appliance of Pseudonymization. Journal of Software 3(2), 23–32 (2008)CrossRefGoogle Scholar
  22. 22.
    Song, J., Poovendran, R., Lee, J., Iwata, T.: The AES-CMAC Algorithm. IETF RFC 4493 (June 2006),
  23. 23.
    Willemson, J., Ansper, A.: A Secure and Scalable Infrastructure for Inter-Organizational Data Exchange and eGovernment Applications. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 572–577. IEEE, Los Alamitos (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jan Willemson
    • 1
    • 2
  1. 1.CyberneticaTartuEstonia
  2. 2.Software Technology and Applications Competence CenterTartuEstonia

Personalised recommendations