Formal Analysis of Privacy for Anonymous Location Based Services

Dahl, Morten; Delaune, Stéphanie; Steel, Graham

doi:10.1007/978-3-642-27375-9_6

Cited by 11 publications

(18 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In BAN-style [2] belief logics, a "Forget" operation has been proposed [16] usable for privacy analysis of honest actors [1]. Our work is more similar to state exploration techniques (e.g., [4,5,7,19]). These only consider an (outside) attacker who may be passive or active, but always remembers everything he observes.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

See 1 more Smart Citation

Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy

Veeningen

Weger

Zannone

2013

Security and Trust Management

View full text Add to dashboard Cite

Abstract. In recent years, a number of infrastructures have been proposed for the collection and distribution of medical data for research purposes. The design of such infrastructures is challenging: on the one hand, they should link patient data collected from different hospitals; on the other hand, they can only use anonymised data because of privacy regulations. In addition, they should allow data depseudonymisation in case research results provide information relevant for patients' health. The privacy analysis of such infrastructures can be seen as a problem of data minimisation. In this work, we introduce coalition graphs, a graphical representation of knowledge of personal information to study data minimisation. We show how this representation allows identification of privacy issues in existing infrastructures. To validate our approach, we use coalition graphs to formally analyse data minimisation in two (de)-pseudonymisation infrastructures proposed by the Parelsnoer initiative.

show abstract

Section: Related Work and Conclusionmentioning

confidence: 99%

“…[1,2,4,5,7,19], analyse knowledge of communicating actors. These methods verify that particular information cannot be derived by particular actors.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy

Veeningen

Weger

Zannone

2013

Security and Trust Management

View full text Add to dashboard Cite

show abstract

“…So far, attempts at formalising privacy have usually been domain-specific (e.g., [22,2,10,3,4,23,11,12,24]). We advocate a domain-independent approach to privacy, and develop a formal framework to achieve this in Sect.…”

Section: Privacy Notionsmentioning

confidence: 99%

Enforcing Privacy in the Presence of Others: Notions, Formalisations and Relations

Dong

Jonker

Pang

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Protecting privacy against bribery/coercion is a necessary requirement in electronic services, like e-voting, e-auction and e-health. Domain-specific privacy properties have been proposed to capture this. We generalise these properties as enforced privacy: a system enforces a user's privacy even when the user collaborates with the adversary. In addition, we account for the influence of third parties on a user's privacy. Third parties can help to break privacy by collaborating with the adversary, or can help to protect privacy by cooperating with the target user. We propose independency of privacy to capture the negative privacy impact that third parties can have, and coalition privacy to capture their positive privacy impact. We formally define these privacy notions in the applied pi calculus and build a hierarchy showing their relations.

show abstract

“…A recent body of works uses process algebraic models to analyse linkability in, e.g., electronic toll collection [6], eHealth [7], and e-voting [8]. Linkability is expressed in terms of "experiments": pairs of scenarios that should be indistinguishable to an attacker.…”

Section: Related Workmentioning

confidence: 99%

“…However, traditionally, they focus mostly on secrecy of isolated pieces of information with respect to a malicious outsider, whereas privacy also concerns the building of profiles of personal information by authorised insiders who combine different pieces of information. A recent body of works [6][7][8] extends these formal methods to analyse links between different pieces of information; however, properties are mostly defined in an ad-hoc fashion for particular protocols.…”

Section: Introductionmentioning

confidence: 99%

Symbolic Privacy Analysis through Linkability and Detectability

Veeningen

Weger

Zannone

2013

Trust Management VII

View full text Add to dashboard Cite

Abstract. More and more personal information is exchanged on-line using communication protocols. This makes it increasingly important that such protocols satisfy privacy by data minimisation. Formal methods have been used to verify privacy properties of protocols; but so far, mostly in an ad-hoc way. In previous work, we provided general definitions for the fundamental privacy concepts of linkability and detectability. However, this approach is only able to verify privacy properties for given protocol instances. In this work, by generalising the approach, we formally analyse privacy of communication protocols independently from any instance. We implement the model; identify its assumptions by relating it to the instantiated model; and show how to visualise results. To demonstrate our approach, we analyse privacy in Identity Mixer.

show abstract

Formal Analysis of Privacy for Anonymous Location Based Services

Cited by 11 publications

References 16 publications

Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy

Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy

Enforcing Privacy in the Presence of Others: Notions, Formalisations and Relations

Symbolic Privacy Analysis through Linkability and Detectability

Contact Info

Product

Resources

About