Skip to main content

Application-Oriented Selection of Privacy Enhancing Technologies

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13279)

Abstract

To create privacy-friendly software designs, architects need comprehensive knowledge of privacy-enhancing technologies (PETs) and their properties. Existing works that systemize PETs, however, are outdated or focus on comparison criteria rather than providing guidance for their practical selection. In this short paper we present an enhanced classification of PETs that is more application-oriented than previous proposals. It integrates existing criteria like the privacy protection goal, and also considers practical criteria like the functional context, a technology’s maturity, and its impact on various non-functional requirements.

Keywords

  • Privacy engineering
  • Privacy by design
  • Data protection by design

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-07315-1_5
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   44.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-07315-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   59.99
Price excludes VAT (USA)

Notes

  1. 1.

    As soft privacy goals, some works also use the goals Intervenability and Transparency [22].

  2. 2.

    Note that we do not compare our approach to Heurix et al. [23], since they partly use different privacy protection goals and provide few selection criteria that would allow a direct comparison.

References

  1. Abay, N.C., Zhou, Y., Kantarcioglu, M., Thuraisingham, B., Sweeney, L.: Privacy preserving synthetic data release using deep learning. In: Berlingerio, M., Bonchi, F., Gärtner, T., Hurley, N., Ifrim, G. (eds.) ECML PKDD 2018. LNCS (LNAI), vol. 11051, pp. 510–526. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-10925-7_31

    CrossRef  Google Scholar 

  2. Al-Momani, A., et al.: Land of the lost: privacy patterns’ forgotten properties: enhancing selection-support for privacy patterns. In: Proceedings of the 36th Annual ACM Symposium on Applied Computing, pp. 1217–1225 (2021)

    Google Scholar 

  3. Alshammari, M., Simpson, A.: Privacy architectural strategies: an approach for achieving various levels of privacy protection. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, pp. 143–154 (2018)

    Google Scholar 

  4. Bab, K., et al.: Jiff (2021). GitHub repository. https://github.com/multiparty/jiff

  5. Bloemen, R., Vienhage, P.: Openzkp (2020). GitHub repository. https://github.com/0xProject/OpenZKP

  6. Bost, R.: Open symmetric searchable encryption (opensse) (2021). GitHub repository. https://github.com/OpenSSE

  7. Centelles, A., Diehl, S.: 1-out-of-2 oblivious transfer (2020). GitHub repository. https://github.com/adjoint-io/oblivious-transfer

  8. Claßen, P., Grabowski, K., Modras, K.: Anonymous credentials (2020). GitHub repository. https://github.com/whotracksme/anonymous-credentials

  9. David, R., Sison, J., Vickery, J., Bundoo, K.A., Ahmed, S.: Sybil-E: LSB-steganography (2020). https://github.com/RobinDavid/LSB-Steganography

  10. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: LINDDUN: running example - social network 2.0. https://www.linddun.org/downloads. Accessed 14 Feb 2022

  11. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)

    CrossRef  Google Scholar 

  12. European Union Agency for Cybersecurity (ENISA): Privacy and data protection by design (2015). https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design

  13. European Union Agency for Cybersecurity (ENISA): Pets maturity assessment repository (2019). https://www.enisa.europa.eu/publications/enisa2019s-pets-maturity-assessment-repository

  14. European Union Agency for Cybersecurity (ENISA): Pseudonymisation techniques and best practices-recommendations on shaping technology according to data protection and privacy provisions (2019). https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices

  15. European Union Agency for Cybersecurity (ENISA)): Data protection engineering (2022). https://www.enisa.europa.eu/publications/data-protection-engineering

  16. Colt Frederickson: recrypt (2022). GitHub repository. https://github.com/IronCoreLabs/recrypt-rs

  17. Goldberg, I.: Off-the-record messaging. https://otr.cypherpunks.ca/

  18. Google: Fully homomorphic encryption (FHE). GitHub repository. https://github.com/google/fully-homomorphic-encryption

  19. Group, I.T.L.W.: Transport layer security. https://datatracker.ietf.org/wg/tls/charter/

  20. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 14(3), 25 (2011)

    Google Scholar 

  21. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design reloaded. In: Amsterdam Privacy Conference, pp. 1–21 (2015)

    Google Scholar 

  22. Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 IEEE Security and Privacy Workshops, pp. 159–166. IEEE (2015)

    Google Scholar 

  23. Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)

    CrossRef  Google Scholar 

  24. Hundepool, A., et al.: Statistical Disclosure Control, vol. 2. Wiley, New York (2012)

    CrossRef  Google Scholar 

  25. IBM: libgroupsig (2021). GitHub repository. https://github.com/IBM/libgroupsig

  26. Intel: Intel SGX. https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html

  27. Johnson, N., Near, J.P., Hellerstein, J.M., Song, D.: Chorus: a programming framework for building scalable differential privacy mechanisms. In: 2020 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 535–551. IEEE (2020)

    Google Scholar 

  28. Kunz, I., Banse, C., Stephanow, P.: Selecting privacy enhancing technologies for IoT-based services. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds.) SecureComm 2020. LNICST, vol. 336, pp. 455–474. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63095-9_29

    CrossRef  Google Scholar 

  29. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: privacy beyond k-anonymity and l-diversity. In: 2007 IEEE 23rd International Conference on Data Engineering, pp. 106–115. IEEE (2007)

    Google Scholar 

  30. Liones, E., Langille, D.: Muchpir demo (2021). GitHub repository. https://github.com/ReverseControl/MuchPIR

  31. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discovery from Data (TKDD) 1(1), 3-es (2007)

    Google Scholar 

  32. Mivule, K.: Utilizing noise addition for data privacy, an overview. arXiv preprint arXiv:1309.3958 (2013)

  33. NASA: Technology readiness level definitions. https://www.nasa.gov/directorates/heo/scan/engineering/technology/technology_readiness_level

  34. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)

    Google Scholar 

  35. Prasser, F., Kohlmayer, F., Babioch, K., Vujosevic, I., Bild, R.: Arx data anonymization tool. https://arx.deidentifier.org/

  36. Rubio, J.E., Alcaraz, C., Lopez, J.: Selecting privacy solutions to prioritise control in smart metering systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 176–188. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_15

    CrossRef  Google Scholar 

  37. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Software Eng. 35(1), 67–82 (2008)

    CrossRef  Google Scholar 

  38. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(05), 557–570 (2002)

    MathSciNet  CrossRef  Google Scholar 

  39. The TensorFlow Federated Authors: TensorFlow Federated (2018). GitHub repository. https://github.com/tensorflow/federated

  40. The TOR Project: Tor browser. https://www.torproject.org/

  41. Unknown authors: Openabe (2021). GitHub repository. https://github.com/zeutro/openabe

  42. Unknown Authors: Python implementation of post-randomisation method for disclosure control (2021). https://github.com/JiscDACT/pram

  43. Unknown authors: Differential privacy (2022). GitHub repository. https://github.com/google/differential-privacy

  44. Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. (CSUR) 51(3), 1–38 (2018)

    CrossRef  Google Scholar 

  45. Wagner, I., Yevseyeva, I.: Designing strong privacy metrics suites using evolutionary optimization. ACM Trans. Privacy Secur. (TOPS) 24(2), 1–35 (2021)

    CrossRef  Google Scholar 

  46. Wu, Z., Li, G., Shen, S., Lian, X., Chen, E., Xu, G.: Constructing dummy query sequences to protect location privacy and query privacy in location-based services. World Wide Web 24(1), 25–49 (2020). https://doi.org/10.1007/s11280-020-00830-x

    CrossRef  Google Scholar 

  47. Wuyts, K., Van Landuyt, D., Sions, L., Wouter, J.: LINDDUN: mitigation strategies and solutions. https://www.linddun.org/mitigation-strategies-and-solutions. Accessed 30 July 2021

Download references

Acknowledgements

We thank our colleagues Martin Schanzenbach, Georg Bramm, and Mark Gall who provided their domain expertise on many privacy-enhancing technologies.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Immanuel Kunz .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Kunz, I., Binder, A. (2022). Application-Oriented Selection of Privacy Enhancing Technologies. In: Gryszczyńska, A., Polański, P., Gruschka, N., Rannenberg, K., Adamczyk, M. (eds) Privacy Technologies and Policy. APF 2022. Lecture Notes in Computer Science(), vol 13279. Springer, Cham. https://doi.org/10.1007/978-3-031-07315-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-07315-1_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-07314-4

  • Online ISBN: 978-3-031-07315-1

  • eBook Packages: Computer ScienceComputer Science (R0)