Jump to content

Hard privacy technologies

From Wikipedia, the free encyclopedia

Hard privacy technologies are methods of protecting data. Hard privacy technologies and soft privacy technologies both fall under the category of privacy-enhancing technologies. Hard privacy technologies allow online users to protect their privacy through different services and applications without the trust of the third-parties.[1] The data protection goal is data minimization and reduction of the trust in third-parties and the freedom (and techniques) to conceal information or to communicate.

Applications of hard privacy technologies include onion routing, VPNs and the secret ballot[2] used for democratic elections.[3]

Systems for anonymous communications

[edit]

Mix networks

[edit]

Mix networks use both cryptography and permutations to provide anonymity in communications.[4] The combination makes monitoring end-to-end communications more challenging for eavesdroppers, since it breaks the link between the sender and recipients.[5]

Dining Cryptographers Net (DC-net)

[edit]

DC-net is a protocol for communication that enables secure, uninterrupted communication.[6] Its round-based protocol enables participants to publish one bit message per round unobservably.[7]

The Integrated Services Digital Network (ISDN)

[edit]

ISDN is based on a digital telecommunications network, i.e. a digital 64 kbit/s channel network. ISDN is primarily used for the swapping of networks; therefore it offers effective service for communication.[8]

Attacks against anonymous communications

[edit]

In order to cope with attacks on anonymity systems, the traffic analysis would trace information such as who is talking with whom, extract profiles and so on. The traffic analysis is used against vanilla or hardened systems.

Examples of hard privacy technologies

[edit]

Onion routing

[edit]

Onion routing is an internet-based encrypted technique to prevent eavesdropping, traffic analysis attacks and so on. Messages in an onion network are embedded in the encryption layers. The destination in each layer will be encrypted. For each router, the message is decrypted by its private key and unveiled like an 'onion' and then the message transmitted to the next router.[9]

Tor is a free-to-use anonymity service that depends on the concept of onion routing. Among all the PETs, tor has one of the highest user bases.[10]

VPNs

[edit]

A virtual private network (VPN) is one of the most important ways to protect personal information. A VPN connects a private network to a public network, which helps users share information through public networks by extending them to their computer devices. Thus, VPNs users may benefit from more security.[11]

Future of hard privacy technology

[edit]

The future of hard privacy technology include limited disclosure technology and data protection on US disclosure legislation.[12]

Limited disclosure technology offers a mechanism to preserve individuals' privacy by encouraging them to provide information only a little that is just sufficient to complete an interactionor purchase with service providers. This technology is to restrict the data sharing between consumers and other third parties.[13]

Data protection on US disclosure legislation.[14] Although the United States does not have a general federal legislation on data privacy policy, a range of federal data protection laws are sector-related or focus specific data forms.[15] For example, the Children online privacy protection Act (COPPA) (15 U.S. Code Section 6501) which forbids the collection of any information from a child under the age of 13 years old by internet or by digitally linked devices.[16] The Video Privacy Protection Act (18 U.S. code § 2710 et seq.) restricts the release of video rental or sale records, including online streaming.[17] At last, the Cable Communications Policy Act of 1984 (47 US Code § 551) protects the subscribers' information privacy.[18]

the LINDDUN methodology

[edit]

LINDDUN is short for its seven categories of privacy threats including linkability, recognition, non-repudiation, sensitivity, leakage of details, unconscionability and non-compliance. It is used as a privacy threat modeling methodology that supports analysts in systematically eliciting and mitigating privacy threats in software architectures.[19] Its main strength is its combination of methodological guidance and privacy knowledge support.[20]

See also

[edit]

References

[edit]
  1. ^ Trepte, Sabine; Reinecke, Leonard, eds. (2001). Privacy Online. doi:10.1007/978-3-642-21521-6. ISBN 978-3-642-21520-9.
  2. ^ Bernhard, Matthew; Benaloh, Josh; Alex Halderman, J.; Rivest, Ronald L.; Ryan, Peter Y. A.; Stark, Philip B.; Teague, Vanessa; Vora, Poorvi L.; Wallach, Dan S. (2017). "Public Evidence from Secret Ballots". Electronic Voting. Lecture Notes in Computer Science. Vol. 10615. pp. 84–109. arXiv:1707.08619. doi:10.1007/978-3-319-68687-5_6. ISBN 978-3-319-68686-8. S2CID 34871552.
  3. ^ Deng, Mina; Wuyts, Kim; Scandariato, Riccardo; Preneel, Bart; Joosen, Wouter (2011). "A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements" (PDF). Requirements Engineering. 16: 3–32. doi:10.1007/s00766-010-0115-7. S2CID 856424.
  4. ^ Sampigethaya, K.; Poovendran, R. (December 2006). "A Survey on Mix Networks and Their Secure Applications" (PDF). Proceedings of the IEEE. 94 (12): 2142–2181. doi:10.1109/JPROC.2006.889687. S2CID 207019876.
  5. ^ Ardagna, Claudio A.; Jajodia, Sushil; Samarati, Pierangela; Stavrou, Angelos (2009). "Privacy Preservation over Untrusted Mobile Networks". In Bettini, Claudio; et al. (eds.). Privacy In Location-Based Applications: Research Issues and Emerging Trends. Lecture Notes in Computer Science. Vol. 5599. Springer. p. 88. Bibcode:2009LNCS.5599...84A. doi:10.1007/978-3-642-03511-1_4. ISBN 978-3-642-03511-1.
  6. ^ Ievgen Verzun. "Secure Dynamic Communication Network And Protocol". Listat Ltd.
  7. ^ Chaum DL (1988). "The dining cryptographers problem: unconditional sender and recipient untraceability". J Cryptol. 1 (1): 65–75. doi:10.1007/BF00206326. S2CID 2664614.
  8. ^ ISDN The Integrated Services Digital Network: Concepts, Methods, Systems. Springer Berlin Heidelberg. 1988. ISBN 978-3-662-08036-8.
  9. ^ "Onion Routing".
  10. ^ Dingledine, Roger; Mathewson, Nick; Syverson, Paul (2004). "Tor: The Second-Generation Onion Router".
  11. ^ Hoa Gia Bao Nguyen (2018). "WIRELESS NETWORK SECURITYA GUIDE FOR SMALL AND MEDIUM PREMISES". Information Technology.
  12. ^ "Do People Know About Privacy and Data Protection Strategies? Towards the "Online Privacy Literacy Scale"". OPLIS. Law, Governance and Technology Series. 20. 2015. doi:10.1007/978-94-017-9385-8. ISBN 978-94-017-9384-1.
  13. ^ Corrales, Marcelo; Jurcys, Paulius; Kousiouris, George (2018). "Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework". SSRN Electronic Journal. doi:10.2139/ssrn.3121658.
  14. ^ Hahn, Robert W.; Layne-Farrar, Anne (2001). "The Benefits and Costs Of Online Privacy Legislation". SSRN. doi:10.2139/ssrn.292649. S2CID 167184959.
  15. ^ Cobb, Stephen (2016). "Data privacy and data protection". US Law and Legislation.
  16. ^ Hung, Cho Kiu & Fantinato, Marcelo & Roa, Jorge (2018). Children Privacy Protection. pp. 1–3. doi:10.1007/978-3-319-08234-9_198-1. ISBN 978-3-319-08234-9.{{cite book}}: CS1 maint: multiple names: authors list (link)
  17. ^ Li, Xiangbo; Darwich, Mahmoud; Bayoumi, Magdy (2020). "A Survey on Cloud-Based Video Streaming Services".
  18. ^ Wu, Yanfang; Lau, Tuenyu; Atkin, David J.; Lin, Carolyn A. (2011). "A comparative study of online privacy regulations in the U.S. and China". Telecommunications Policy. 35 (7): 603–616. doi:10.1016/j.telpol.2011.05.002.
  19. ^ Sion, Laurens; Wuyts, Kim; Yskout, Koen; Van Landuyt, Dimitri; Joosen, Wouter (2018). "Interaction-Based Privacy Threat Elicitation". 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). pp. 79–86. doi:10.1109/EuroSPW.2018.00017. ISBN 978-1-5386-5445-3. S2CID 49655002.
  20. ^ Robles-González, Antonio; Parra-Arnau, Javier; Forné, Jordi (2020). "A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes". Computers & Security. 94: 101755. doi:10.1016/j.cose.2020.101755. hdl:2117/190711. S2CID 214007341.