Skip to main content

Privacy by Design: On the Conformance Between Protocols and Architectures

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8930)

Abstract

In systems design, we generally distinguish the architecture and the protocol levels. In the context of privacy by design, in the first case, we talk about privacy architectures, which define the privacy goals and the main features of the system at high level. In the latter case, we consider the underlying concrete protocols and privacy enhancing technologies that implement the architectures. In this paper, we address the question that whether a given protocol conforms to a privacy architecture and provide the answer based on formal methods. We propose a process algebra variant to define protocols and reason about privacy properties, as well as a mapping procedure from protocols to architectures that are defined in a high-level architecture language.

Keywords

  • Equational Theory
  • Parallel Composition
  • Message Authentication Code
  • Process Algebra
  • Extraction Rule

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-17040-4_5
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-17040-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)

References

  1. Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the Spi calculus. Technical Report SRC RR 149, Digital Equipment Corporation, Systems Research Center (1998)

    Google Scholar 

  2. Antignac, T., Le Métayer, D.: Privacy architectures: Reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014)

    CrossRef  Google Scholar 

  3. Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014)

    CrossRef  Google Scholar 

  4. Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of SSP 2008. IEEE Symposium on Security and Privacy, pp. 202–215, May 2008

    Google Scholar 

  5. Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 15–198, May 2006

    Google Scholar 

  6. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. SEI Series in Software Engineering, 3rd edn. Addison-Wesley, Reading (2012)

    Google Scholar 

  7. Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. Inf. Syst. Secur. 6503, 125–139 (2011)

    CrossRef  Google Scholar 

  8. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    CrossRef  Google Scholar 

  9. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)

    Google Scholar 

  10. Delaune, S., Ryan, M.D., Smyth, B.: Automatic verification of privacy properties in the applied pi calculus. Trust Management II. IFIP AICT, vol. 263, pp. 263–278. Springer, Boston (2008)

    CrossRef  Google Scholar 

  11. Dong, N., Jonker, H., Pang, J.: Analysis of a receipt-free auction protocol in the applied pi calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  12. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge, paperback edn. MIT Press, New York (2004)

    Google Scholar 

  13. Fournet, C., Abadi, M.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming, POPL 2001, pp. 104–115 (2001)

    Google Scholar 

  14. Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Babu, C.S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  15. Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)

    CrossRef  MATH  MathSciNet  Google Scholar 

  16. Jafari, M., Fong, P.W., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, New York, USA, pp. 213–224 (2011)

    Google Scholar 

  17. Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  18. Li, X., Zhang, Y., Deng, Y.: Verifying anonymous credential systems in applied pi calculus. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 209–225. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  19. Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Sel. Areas Commun. 21(1), 44–54 (2003)

    CrossRef  Google Scholar 

  20. Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts i and ii. Inf. Comput. 100(1), 1–77 (1992)

    CrossRef  MATH  MathSciNet  Google Scholar 

  21. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)

    Google Scholar 

  22. Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cryptology and Information Security Series, vol. 5, pp. 112–142 (2011)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank Daniel Le Métayer for his initial idea and valuable comments during this work. This work is partially funded by the European project PARIS/FP7-SEC-2012-1, the ANR project BIOPRIV, and the Inria Project Lab CAPPRIS.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vinh-Thong Ta .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ta, VT., Antignac, T. (2015). Privacy by Design: On the Conformance Between Protocols and Architectures. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17040-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17039-8

  • Online ISBN: 978-3-319-17040-4

  • eBook Packages: Computer ScienceComputer Science (R0)