Hard privacy technologies explained

Hard privacy technologies are methods of protecting data. Hard privacy technologies and soft privacy technologies both fall under the category of privacy enchancing technologies. Hard privacy technologies allow online users to protect their privacy through different services and applications without the trust of the third-parties.[1] The data protection goal is data minimization and reduction of the trust in third-parties and the freedom (and techniques) to conceal information or to communicate.

Applications of hard privacy technologies include onion routing, VPNs and the secret ballot[2] used for democratic elections.[3]

Systems for anonymous communications

Mix networks

Mix networks use both cryptography and permutations to provide anonymity in communications.[4] The combination makes monitoring end-to-end communications more challenging for eavesdroppers, since it breaks the link between the sender and recipients.[5]

Dining Cryptographers Net (DC-net)

See also: Dining cryptographers. DC-net is a protocol for communication that enables secure, uninterrupted communication.[6] Its round-based protocol enables participants to publish one bit message per round unobservably.[7]

The Integrated Services Digital Network (ISDN)

ISDN is based on a digital telecommunications network, i.e. a digital 64 kbit/s channel network. ISDN is primarily used for the swapping of networks; therefore it offers effective service for communication.[8]

Attacks against anonymous communications

In order to cope with attacks on anonymity systems, the traffic analysis would trace information such as who is talking with whom, extract profiles and so on. The traffic analysis is used against vanilla or hardened systems.

Examples of hard privacy technologies

Onion routing

Onion routing is an internet-based encrypted technique to prevent eavesdropping, traffic analysis attacks and so on. Messages in an onion network are embedded in the encryption layers. The destination in each layer will be encrypted. For each router, the message is decrypted by its private key and unveiled like a 'onion' and then the message transmitted to the next router.[9]

Tor is a free-to-use anonymity service that depends on the concept of onion routing. Among all the PETs, tor has one of the highest user bases.[10]

VPNs

A virtual private network (VPN) is one of the most important ways to protect personal information. A VPN connects a private network to a public network, which helps users share information through public networks by extending them to their computer devices. Thus, VPNs users may benefit from more security.[11]

Future of hard privacy technology

The future of hard privacy technology include limited disclosure technology and data protection on US disclosure legislation.[12]

Limited disclosure technology offers a mechanism to preserve individuals' privacy by encouraging them to provide information only a little that is just sufficient to complete an interactionor purchase with service providers. This technology is to restrict the data sharing between consumers and other third parties.[13]

Data protection on US disclosure legislation.[14] Although the United States does not have a general federal legislation on data privacy policy, a range of federal data protection laws are sector-related or focus specific data forms.[15] For example, the Children online privacy protection Act (COPPA) (15 U.S. Code Section 6501) which forbids the collection of any information from a child under the age of 13 years old by internet or by digitally linked devices.[16]  The Video Privacy Protection Act (18 U.S. code § 2710 et seq.) restricts the release of video rental or sale records, including online streaming.[17] At last, the Cable Communications Policy Act of 1984 (47 US Code § 551) protects the subscribers' information privacy.[18]

the LINDDUN methodology

LINDDUN is short for its seven categories of privacy threats including linkability, recognition, non-repudiation, sensitivity, leakage of details, unconscionability and non-compliance. It is used as a privacy threat modeling methodology that supports analysts in systematically eliciting and mitigating privacy threats in software architectures.[19] Its main strength is its combination of methodological guidance and privacy knowledge support.[20]

Notes and References

  1. Book: Sabine. Trepte. Leonard. Reinecke. 2001. Privacy Online. 10.1007/978-3-642-21521-6. 978-3-642-21520-9.
  2. Book: Electronic Voting. 2017. Public Evidence from Secret Ballots. https://www.researchgate.net/publication/320229306. Lecture Notes in Computer Science. 10615. 84–109. 10.1007/978-3-319-68687-5_6. 1707.08619. 978-3-319-68686-8. 34871552. Bernhard . Matthew . Benaloh . Josh . Alex Halderman . J. . Rivest . Ronald L. . Ryan . Peter Y. A. . Stark . Philip B. . Teague . Vanessa . Vora . Poorvi L. . Wallach . Dan S. .
  3. 10.1007/s00766-010-0115-7 . A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements . 2011 . Deng . Mina . Wuyts . Kim . Scandariato . Riccardo . Preneel . Bart . Joosen . Wouter . Requirements Engineering . 16 . 3–32 . 856424 .
  4. Sampigethaya, K. . Poovendran, R.. December 2006. A Survey on Mix Networks and Their Secure Applications. Proceedings of the IEEE . 94 . 12 . 2142–2181 . 10.1109/JPROC.2006.889687. 207019876 .
  5. Book: 2009. Privacy Preservation over Untrusted Mobile Networks. Bettini, Claudio . et al . Lecture Notes in Computer Science. Privacy In Location-Based Applications: Research Issues and Emerging Trends . 5599 . Springer . 88 . 10.1007/978-3-642-03511-1_4. 2009LNCS.5599...84A. 978-3-642-03511-1 . Ardagna . Claudio A. . Jajodia . Sushil . Samarati . Pierangela . Stavrou . Angelos .
  6. Ievgen Verzun. Secure Dynamic Communication Network And Protocol. Listat Ltd.
  7. Chaum DL. 1988. The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol. 1 . 1 . 65–75. 10.1007/BF00206326 . 2664614 .
  8. Book: ISDN The Integrated Services Digital Network: Concepts, Methods, Systems. Springer Berlin Heidelberg. 1988. 978-3-662-08036-8.
  9. Web site: Onion Routing.
  10. Web site: Dingledine . Roger . Mathewson . Nick . Syverson . Paul. 2004. Tor: The Second-Generation Onion Router.
  11. Hoa Gia Bao Nguyen. 2018. WIRELESS NETWORK SECURITYA GUIDE FOR SMALL AND MEDIUM PREMISES. Information Technology.
  12. 2015. Do People Know About Privacy and Data Protection Strategies? Towards the "Online Privacy Literacy Scale". OPLIS. Law, Governance and Technology Series. 20 . 10.1007/978-94-017-9385-8. 978-94-017-9384-1.
  13. 2018. Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework. SSRN Electronic Journal. 10.2139/ssrn.3121658. Corrales . Marcelo . Jurcys . Paulius . Kousiouris . George .
  14. Web site: 2001. The Benefits and Costs Of Online Privacy Legislation. 10.2139/ssrn.292649. 167184959. Hahn . Robert W. . Layne-Farrar . Anne . SSRN.
  15. Cobb . Stephen. 2016. Data privacy and data protection. US Law and Legislation.
  16. Book: Hung, Cho Kiu & Fantinato, Marcelo & Roa, Jorge. 2018. Children Privacy Protection.. 1–3. 10.1007/978-3-319-08234-9_198-1. 978-3-319-08234-9.
  17. Web site: Li, Xiangbo . Darwich, Mahmoud . Bayoumi, Magdy. 2020. A Survey on Cloud-Based Video Streaming Services..
  18. 2011. A comparative study of online privacy regulations in the U.S. and China. Telecommunications Policy. 35. 7. 603–616. 10.1016/j.telpol.2011.05.002. Wu . Yanfang . Lau . Tuenyu . Atkin . David J. . Lin . Carolyn A. .
  19. Book: 10.1109/EuroSPW.2018.00017 . Interaction-Based Privacy Threat Elicitation . 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) . 2018 . Sion . Laurens . Wuyts . Kim . Yskout . Koen . Van Landuyt . Dimitri . Joosen . Wouter . 79–86 . 978-1-5386-5445-3 . 49655002 .
  20. 2020. A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes. Computers & Security. 94. 101755. 10.1016/j.cose.2020.101755. 2117/190711 . 214007341 . Robles-González . Antonio . Parra-Arnau . Javier . Forné . Jordi . free .