Title: Improving Privacy in Applications by Managing the Disclosed Personal Properties (Het verbeteren van privacy in toepassingen door het beheer van prijsgegeven persoonlijke eigenschappen)
Other Titles: Improving Privacy in Applications by Managing the Disclosed Personal Properties
Authors: Verslype, Kristof
Issue Date: 1-Mar-2011
Abstract: <!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --&gt; Due to the digitalizationof the society, our privacy is at stake. This text focuses on thesituation in which the user is given the control over which personalinformation, such as his age group or zip code, he discloses to otherentities. In order to disclose personal information in a trustworthyway, this information is contained in digital credentials. A credential is anattestation of rights, qualifications and other personal information,endorsed by a trusted third party. Examples of credentials areidentity cards, driver's licenses, diplomas, medical prescriptions,money and tickets. Classical paper-based credentials are increasinglyreplaced by digital ones.Nowadays, huge amounts ofpersonal information about people are collected in hundreds ofdatabases, often together with profiles (e.g. one's purchasingbehavior). This poses a big risk since these databases are valuableto (internal and external) adversaries. Moreover, databases can belinked creating even bigger databases. This process is put to ahigher level by the introduction of digital credentials.Therefore, it would be astep forward for credential-based multi-party applications if 1) onlythe minimum amount of required personal information is disclosed bythe user to the service provider and if 2) linking of databases ismade difficult.This text starts bydesigning three privacy-preserving credential-based multi-partyapplications in which these two requirements are taken into account:an ePoll system, an eTicketing system and an ePrescription system. Inthe three systems, the privacy of the user is maximized and isreconciled with the functional and control requirements of theservice provider. At the same time, the controlling oversightorganization can ensure that the public interest is maintained andcan take steps in case of misbehavior. These applications showed thatthe design of privacy-preserving applications is -- although complex-- feasible. The development of suchapplications is not easy. Therefore, a middleware framework thatoffers support for the application developer at the user side, theservice provider side and the control organization side is designed.The framework requirements are derived from privacy-related recurringfunctionality of the designed applications. A uniform interface isprovided and different technologies are pluggable into the frameworksuch that they implement a part of the interface. The framework isflexible: 1) It is easy to let an application use anotherimplementation of the same technology (e.g. a more efficient versionof Idemix) or another technology (e.g. U-Prove instead of Idemix). 2)The framework is portable to other devices/platforms whileapplications running on top of the framework do not change. 3) It ispossible to load only that part of the framework and implementationsthat is required by the application using it.In the mentionedapplications, credentials are used intensively and the user often hasto disclose personal information contained in these credentials.Therefore, an initial impetus is given for a metric which assists theuser in making choices related to the disclosure of personalinformation contained in credentials to service providers. This isuseful in order to keep the user's privacy towards the differentservice providers as large as possible and to inform the user abouthis current level of privacy towards different service providers.This solution can be integrated into the framework. In each of the threeapplications, the secure storage of credentials is crucial.Therefore, a solution is offered to protect the credentials againstloss and theft. The credentials are usable everywhere at any time,while the security of the credentials and the privacy of the user ismaximized. This is done by using a smart card or SIM card as a securetoken, in combination with secure, privacy-preserving storage ofcredentials on a server. Finally, a solution isprovided which allows the service provider to limit the number ofaccesses to a service per timeframe (e.g. 10 times a week), while thedifferent accesses by the same user can be unlinkable. Hence, despitethe fact that little personal information is disclosed by the user,the service provider is offered a solution enabling it to realizeenhanced access control. This can be used by many privacy-preservingapplications and could be an extension of the framework.
Publication status: published
KU Leuven publication type: TH
Appears in Collections:Informatics Section

Files in This Item:
File Status SizeFormat
thesis.pdf Published 3209KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.