Skip to main content

Limiting Disclosure by Hiding the Identity

  • 337 Accesses

Abstract

This chapter begins the examination of techniques that are designed to limit disclosure (rather than exposure). In particular, it focuses on technologies that limit disclosure by hiding the identity of the user. The chapter describes the following example PETs in this category: k-anonymity and credential systems. The basic scheme, enhancements, strengths, and limitations are presented for each of these PETs.

Keywords

  • Database privacy
  • k-anonymity
  • Quasi-identifier
  • Generalization
  • Suppression
  • Data utility
  • -diversity
  • t-closeness
  • Credential system
  • Pedersen commitment
  • Blind signature
  • Zero-knowledge proof-of-knowledge (ZKPoK)
  • Non-transferability
  • Unlinkability

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-81043-6_6
  • Chapter length: 34 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   44.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-81043-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   59.99
Price excludes VAT (USA)

References

  • C. Adams, Achieving non-transferability in credential systems using hidden biometrics. Secur. Commun. Netw. 4(2), 195–206 (2011, Feb)

    CrossRef  Google Scholar 

  • C. Aggarwal, On k-anonymity and the curse of dimensionality, in Proceedings of the 31st Conference on Very Large Databases, (Trondheim, Norway, 2005, Aug), pp. 901–909

    Google Scholar 

  • G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, A. Zhu, Anonymizing tables, in Proceedings of the International Conference on Database Theory, (Springer LNCS 3363, 2005, Jan 5–7), pp. 246–258

    Google Scholar 

  • J. Ali, Validating Leaked Passwords with k-Anonymity. Cloudfare blog (2018)

    Google Scholar 

  • O. Angiuli, J. Waldo, Statistical tradeoffs between generalization and suppression in the de-identification of large-scale data sets, in IEEE 40th Annual Computer Software and Applications Conference, (2016), pp. 589–593

    Google Scholar 

  • R.J. Bayardo, R. Agrawal, Data privacy through optimal k-anonymization, in Proceedings of the 21st International Conference on Data Engineering, (2005, Apr), pp. 217–228

    Google Scholar 

  • D. Bissessar, C. Adams, D. Liu, Using biometric key commitments to prevent unauthorized lending of cryptographic credentials, in Proceedings of the 12th Annual Conference on Privacy, Security and Trust (PST 2014), (Toronto, Canada, 2014, July 23–24)

    Google Scholar 

  • M. Blanton, Online subscriptions with anonymous access, in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIA CCS), (Tokyo, Japan, 2008, Mar 18–20), pp. 217–227

    Google Scholar 

  • P. Bonizzoni, G. Della Vidova, R. Dondi, The k-anonymity problem is hard, in International Symposium on Fundamentals of Computation Theory, (Springer LNCS 5699, 2009, Sep 2–4), pp. 26–37

    Google Scholar 

  • S. Brands, Privacy-protected transfer of electronic information, U.S. Patent (filed August 1993), patent number 5,604,805, issued February 1997

    Google Scholar 

  • S. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy (The MIT Press, 2000)

    CrossRef  Google Scholar 

  • S. Brands, A technical overview of digital credentials, Credentica paper, (2002, Feb 20)

    Google Scholar 

  • M. Branscombe, PassProtect tells you if your password has been pwned, ZDNet, (2018, May 25)

    Google Scholar 

  • J. Brodkin, Find out if your password has been pwned – Without sending it to a server, Ars Technica, (2018, Feb 23)

    Google Scholar 

  • J. Camenisch, A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in Advances in Cryptology: Proceedings of Eurocrypt 2001, (Springer LNCS 2045, 2001), pp. 93–118

    CrossRef  Google Scholar 

  • J. Camenisch, S. Hohenberger, M. Kohlweiss, A. Lysyanskaya, M. Meyerovich, How to win the clone wars: Efficient periodic n-times anonymous authentication, in Proceedings of the 13th ACM Conference on Computer and Communications Security, (Alexandria, Virginia, USA, 2006, Oct), pp. 201–210

    Google Scholar 

  • J. Camenisch, M. Dubovitskaya, P. Kalambet, A. Lehmann, G. Neven, F.-S. Preiss, T. Usatiy, IBM identity mixer: Authentication without identification, Idemix Presentation, IBM Research – Zurich, (2015, Nov 12)

    Google Scholar 

  • M. Chase, M. Kohlweiss, A. Lysyanskaya, S. Meiklejohn, Malleable signatures: New definitions and delegatable anonymous credentials, in IEEE 27th Computer Security Foundations Symposium, (Vienna, 2014), pp. 199–213

    Google Scholar 

  • D. Chaum, Blind signatures for untraceable payments, in Advances in Cryptology: Proceedings of Crypto ‘82, (1983), pp. 199–203

    CrossRef  Google Scholar 

  • D. Chaum, J.-H. Evertse, J. van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, in Advances in Cryptology: Proceedings of Eurocrypt ‘87, (Springer LNCS 304, 1988), pp. 127–141

    CrossRef  Google Scholar 

  • L. Chen, A.N. Escalante, B.H. Löhr, M. Manulis, A.-R. Sadeghi, A privacy-protecting multi-coupon scheme with stronger protection against splitting, in Proceedings of the 11th International Conference on Financial Cryptography and Data Security (FC 2007), (Springer LNCS 4886, 2008), pp. 29–44

    Google Scholar 

  • C. Díaz, S. Seys, J. Claessens, B. Preneel, Towards measuring anonymity, in Proceedings of the Second International Workshop on Privacy Enhancing Technologies, (Springer, LNCS 2482, San Francisco, USA, 2002 Apr 14–15), pp. 54–68

    Google Scholar 

  • K. El Emam, F. Kamal Dankar, Protecting privacy using k-anonymity. J. Am. Med. Inform. Assoc. 15(5), 627–637 (2008, Sep-Oct)

    CrossRef  Google Scholar 

  • J. Fan, C. Adams, Using malleable signatures to allow multi-show capability in digital credentials. Int. J. Sensor Netw. Data Commun. 7(4), 6 (2018)

    Google Scholar 

  • O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, in Proceedings of the 27th Annual IEEE Symposium on Foundations of Computer Science, (1986, Oct 27–29), pp. 174–187

    Google Scholar 

  • S. Goldwasser, M. Bellare, Lecture notes on cryptography, in Lecture Notes for a Week-Long Course on Cryptography Taught at MIT Over Ten Summers, (2008, July)

    Google Scholar 

  • S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof systems. Soc. Indust. Appl. Math. (SIAM) J. Comput. 18(1), 186–208 (1989, Feb)

    MathSciNet  MATH  Google Scholar 

  • A. Hundepool, L. Willenborg, μ- and τ-Argus: Software for statistical disclosure control, in Third International Seminar on Statistical Confidentiality, (Bled, 1996)

    Google Scholar 

  • R. Impagliazzo, S. Miner More, Anonymous credentials with biometrically-enforced non-transferability, in Proceedings of the Workshop on Privacy in the Electronic Society, (Washington, DC, USA, 2003, Oct 30), pp. 60–71

    Google Scholar 

  • B. Kenig, T. Tassa, A practical approximation algorithm for optimal k-anonymity. Data Min. Knowl. Disc. 25, 134–168 (2012)

    MathSciNet  CrossRef  Google Scholar 

  • D.A. Knox, C. Adams, Digital credentials with privacy-preserving delegation. Secur. Commun. Netw. 4(8), 825–838 (2011, Aug)

    CrossRef  Google Scholar 

  • N. Li, T. Li, S. Venkatasubramanian, t-Closeness: Privacy beyond k-anonymity and l-diversity, in Center for Education and Research Information Assurance and Security (CERIAS) Tech Report 2007–78, (Purdue University, 2007)

    Google Scholar 

  • L. Li, B. Pal, J. Ali, N. Sullivan, R. Chatterjee, T. Ristenpart, Protocols for checking compromised credentials, arXiv.org, arXiv:1905.13737v3 (2019, Sep 4)

    Google Scholar 

  • A. Machanavajjhala, D. Kifer, J. Gehrke, M. Venkitasubramaniam, l-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, 1(1), article 3, 52pp (2007, Mar)

    Google Scholar 

  • A. Meyerson, R. Williams, On the complexity of optimal k-anonymity, in Symposium on Principles of Database Systems, (2004, June 14–16), pp. 223–228

    Google Scholar 

  • Microsoft, U-Prove, in Research Project Description, (2012, Feb 25)

    Google Scholar 

  • S. Kendall More, Secure group communication: Self-healing key distribution and nontransferable anonymous credentials, PhD thesis, University of California, San Diego, 2003

    Google Scholar 

  • G. Neven, IBM identity mixer (idemix), in Presentation Given at NIST Meeting on Privacy Enhancing Technology, (Gaithersburg, MD, USA, 2011 Dec 8–9)

    Google Scholar 

  • A. Øhrn, L. Ohno-Machado, Using boolean reasoning to anonymize databases. Artif. Intell. Med. 15(3), 235–254 (1999)

    CrossRef  Google Scholar 

  • A. Pfitzmann, M. Hansen, A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, in Anonymity Terminology Document, Version v0.34 (2010, Aug 10)

    Google Scholar 

  • A. Piotrowska, J. Hayes, T. Elahi, S. Meiser, G. Danezis, The loopix anonymity system, in Proceedings of the 26th USENIX Security Symposium, (Vancouver, BC, Canada, 2017, Aug 16–18), pp. 1199–1216. (See also arXiv.com, 1703.00536, 16pp., 1 March 2017)

    Google Scholar 

  • T. Pryds Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, in Advances in Cryptology: Proceedings of Crypto ‘91, (1992), pp. 129–140

    CrossRef  Google Scholar 

  • Y. Rubner, C. Tomasi, L.J. Guibas, The earth mover’s distance as a metric for image retrieval. Int. J. Comput. Vis. 40(2), 99–121 (2000, Nov)

    CrossRef  Google Scholar 

  • P. Samarati, Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001, Nov-Dec)

    CrossRef  Google Scholar 

  • P. Samarati, L. Sweeney, Protecting privacy when disclosing information: k-anonymity and its enforcement through generalisation and suppression, in SRI International, (1998)

    Google Scholar 

  • A. Serjantov, G. Danezis, Towards an information theoretic metric for anonymity, in Proceedings of the Second International Workshop on Privacy Enhancing Technologies, (Springer, LNCS 2482, San Francisco, USA, 2002, Apr 14–15), pp. 41–53

    Google Scholar 

  • A. Sonnino, M. Al-Bassam, S. Bano, S. Meiklejohn, G. Danezis, Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers, in Network and Distributed System Security (NDSS) Symposium, (San Diego, CA, USA, 2019, Feb 24–27), 15pp

    Google Scholar 

  • L. Sweeney, Guaranteeing anonymity when sharing medical data, the Datafly system, in Proceedings of the Fall Symposium of the American Medical Informatics Association, (1997), pp. 51–55

    Google Scholar 

  • L. Sweeney, Simple demographics often identify people uniquely, in Carnegie Mellon University, Data Privacy Working Paper 3, (Pittsburgh, 2000)

    Google Scholar 

  • L. Sweeney, K-anonymity: A model for protecting privacy. Int. J. Uncertain. Fuzziness Knowlege-Based Syst. 10(5), 557–570 (2002a)

    MathSciNet  CrossRef  Google Scholar 

  • L. Sweeney, Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertain. Fuzziness Knowlege-Based Syst. 10(5), 571–588 (2002b)

    MathSciNet  CrossRef  Google Scholar 

  • P.F. Syverson, S.G. Stubblebine, Group principals and the formalization of anonymity, in Proceedings of the First World Congress on Formal Methods in the Development of Computing Systems (FM ‘99), Volume 1, (Springer, LNCS 1708, Toulouse, France, 1999, Sep 20–24), pp. 814–833

    Google Scholar 

  • P.F. Syverson, S.G. Stubblebine, D M. Goldschlag, Unlinkable serial transactions, in Proceedings of the First International Conference on Financial Cryptography, (Springer, LNCS 1318, Anguilla, British West Indies, 1997, Feb 24–28), pp. 39–55

    Google Scholar 

  • Watchtower, About Watchtower Privacy in 1Password. 1Password Support (2020, Oct 8)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Adams, C. (2021). Limiting Disclosure by Hiding the Identity. In: Introduction to Privacy Enhancing Technologies. Springer, Cham. https://doi.org/10.1007/978-3-030-81043-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81043-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81042-9

  • Online ISBN: 978-3-030-81043-6

  • eBook Packages: Computer ScienceComputer Science (R0)