Hard privacy technologies: Difference between revisions

Hard privacy technologies are methods of protecting data. Hard privacy technologies and soft privacy technologies both fall under the category of privacy enchancing technologies. Hard privacy technologies allow online users to protect their privacy through different services and applications without the trust of the third-parties.^[1] The data protection goal is data minimization and reduction of the trust in third-parties and the freedom (and techniques) to conceal information or to communicate.

ballot

Applications of hard privacy technologies include onion routing, VPNs and the secret ballot^[2] used for democratic elections.^[3]

Systems for anonymous communications

Mix networks

Mix networks are use both cryptography and permutations to provide anonymity in communications.^[4] The combination makes monitoring end-to-end communications more challenging for eavesdroppers since it breaks the link between the sender and recipients.^[5]

Dining Cryptographers Net (DC-net)

DC-net is a protocol for communication that enables secure, uninterrupted communication.^[6] It's round-based protocol enables participants to publish one bit message per round unobservably.^[7]

The Integrated Services Digital Network (ISDN)

ISDN is based on a digital telecommunications network, i.e. a digital 64 kbit/s channel network. ISDN is primarily used for the swapping of networks; therefore it offers effective service for communication.^[8]

Attacks against anonymous communications

In order to cope with attacks on anonymity systems the traffic analysis would trace information such as who is talking with whom, extract profiles and so on. The Traffic Analysis is used for against vanilla or hardened systems.

Families of hard privacy technologies

privacy enhancing technology

Privacy-enhancing Technologies can be distinguished based on their assumption for hard privacy technologies and soft privacy technologies.

soft privacy technologies

Soft privacy technologies are based on the assumption that the third-party can be trusted for the processing of data. This model is based on compliance, consent, control and audit.

Examples of hard privacy technologies

Onion routing

Onion routing is an internet-based encrypted  technique to prevent eavesdropping, traffic analysis attacks and so on. Messages in an onion network are embedded in the encryption layers. [1] The destination in each layer will be encrypted. For each router, message is decrypted by its private key and unveiled like a 'onion' and then the message transmitted to the next router.^[9]

Tor is a free-to-use anonmity service that depends on the concept of onion routing. Among all the PETs, tor has one of the highest user bases.^[10]

VPNs

An Virtual Private Network(VPN) is one of the most important way to protect personal information. VPN connects a private network into a public network which helps users to share information through public networks extends to their computer devices. Thus, using VPNs may benefit from more security.^[11]

Future of hard privacy technology

The future of hard privacy technology include limited disclosure technology and data protection on US disclosure legislation.^[12]

Limited disclosure technology offers a mechanism to preserve individuals' privacy by encouraging them to provide information only a little that is just sufficient to complete an interactionor purchase with service providers. This technology is to restrict the data sharing between consumers and other third parties.^[13]

Data protection on US disclosure legislation.^[14] Although the United States does not have a general federal legistion on data privacy policy, a range of federal data protection laws are sector-related or focus specific data forms.^[15] For example, the Children online privacy protection Act (COPPA) (15 U.S. Code Section 6501) which forbids the collection of any information from a child under the age of 13 years old by internet or by digitally linked devices.^[16] The Video Privacy Protection Act (18 U.S. code § 2710 et seq.) restricts the release of video rental or sale records, including online streaming. ^[17]At last, the Cable Communications Policy Act of 1984  (47 US Code § 551) protects the subscribers' information privacy.^[18]

the LINDDUN methodology

The LINDDUN is short for its seven categories of privacy threats including linkability, recognition, non-repudiations, sensitivity, leakage of details, unconscionability and non-compliance. It is used as a privacy threat modeling methodology that supports analysts in systematically eliciting and mitigating privacy threats in software architectures.^[19] Its main strength is its combination of methodological guidance and privacy knowledge support.^[20]

References

1. Trepte, Sabine & Reinecke, Leonard. (2001). Trepte, Sabine; Reinecke, Leonard (eds.). Privacy Online. Vol. 10.1007/978-3-642-21521-6. doi:10.1007/978-3-642-21521-6. ISBN 978-3-642-21520-9.
2. Bernhard, Matthew & Benaloh, Josh & Halderman, J. & Rivest, Ronald & Ryan, Peter & Stark, Philip & Teague, Vanessa & Vora (2017). "Public Evidence from Secret Ballots". Electronic Voting. Lecture Notes in Computer Science. Vol. 84-109. 10.1007/978-3-319-68687-5_6. pp. 84–109. arXiv:1707.08619. doi:10.1007/978-3-319-68687-5_6. ISBN 978-3-319-68686-8. S2CID 34871552.
3. Mina, Deng; Kim, Wuyts; Riccardo, Scandariato; Bart, Preneel; Wouter, Joosen (1 May 2010). "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements". Requirements Engineering. 16 (1): 3-32. 30p. 20 Diagrams, 8 Charts.
4. Sampigethaya, K.Poovendran, R. (December 2006). "A Survey on Mix Networks and Their Secure Applications". Proceedings of the IEEE Proc. IEEE Proceedings of the IEEE.: 94(12):2142-2181.
5. Claudio A. Ardagna (2009). "Privacy Preservation over Untrusted Mobile Networks". In Bettini, Claudio; et al. (Eds.). Lecture Notes in Computer Science. Privacy In Location-Based Applications: Research Issues and Emerging Trends. Springer. p. 88.: 84. Bibcode:2009LNCS.5599...84A. doi:10.1007/978-3-642-03511-1_4. ISBN 978-3-642-03510-4 – via ISBN 9783642035111.
6. Ievgen Verzun. "Secure Dynamic Communication Network And Protocol". Listat Ltd.
7. Chaum DL (1988). "The dining cryptographers problem: unconditional sender and recipient untraceability". J Cryptol: 1(1):65–75.
8. Dr. rer. nat. Peter Bocker (1988). ISDN The Integrated Services Digital Network: Concepts, Methods, Systems. Springer Berlin Heidelberg. ISBN 978-3-662-08036-8.
9. "Onion Routing".
10. Dingledine, Roger & Mathewson, Nick & Syverson, Paul (2004). "Tor: The Second-Generation Onion Router". Paul Syverson. 13.
11. Hoa Gia Bao Nguyen (2018). "WIRELESS NETWORK SECURITYA GUIDE FOR SMALL AND MEDIUM PREMISES". Information Technology.
12. Trepte, Sabine & Teutsch, Doris & Masur, Philipp K. & Eichler, C. & Fischer, Mona & Hennhöfer, Alisa & Lind, Fabienne (2015). "Do People Know About Privacy and Data Protection Strategies? Towards the "Online Privacy Literacy Scale"". OPLIS. Law, Governance and Technology Series. 10.1007/978-94-017-9385-8. doi:10.1007/978-94-017-9385-8. ISBN 978-94-017-9384-1.
13. Corrales, Marcelo & Jurcys, Paulius & Kousiouris, George (2018). "Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework". SSRN Electronic Journal. 10.2139/ssrn.3121658. doi:10.2139/ssrn.3121658.
14. Layne-Farrar, Anne & Hahn, Robert (2001). "The Benefits and Costs Of Online Privacy Legislation". Regulation2point0, Working Papers. 54. 10.2139/ssrn.292649. doi:10.2139/ssrn.292649. S2CID 167184959.
15. Cobb, Stephen (2016). "Data privacy and data protection". US Law and Legislation.
16. Hung, Cho Kiu & Fantinato, Marcelo & Roa, Jorge (2018). Children Privacy Protection. Vol. 10.1007/978-3-319-08234-9_198-1. pp. 1–3. doi:10.1007/978-3-319-08234-9_198-1. ISBN 978-3-319-08234-9.
17. Li, Xiangbo & Darwich, Mahmoud & Bayoumi, Magdy (2020). "A Survey on Cloud-Based Video Streaming Services". {{cite journal}}: Cite journal requires |journal= (help)
18. Wu, Yanfang & Lau, Tuenyu & Atkin, David & Lin, Carolyn (2011). "A comparative study of online privacy regulations in the U.S. and China". Telecommunications Policy. 35. 603-616. 10.1016/j.telpol.2011.05.002. (7): 603–616. doi:10.1016/j.telpol.2011.05.002.
19. Sion, Laurens & Wuyts, Kim & Yskout, Koen & Landuyt, Dimitri & Joosen, Wouter (2018). "Interaction-Based Privacy Threat Elicitation". EuroSPW. 79-86. 10.1109.
20. Robles-González, Antonio, Parra-Arnau, Javier b, Forné, Jordi a (2020). "A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes". Computers & Security. 94: 101755. doi:10.1016/j.cose.2020.101755.