Enforced Privacy

Description

Privacy has been a fundamental property for distributed systems which provide e-services to users. In these systems, users become more and more concerned about their anonymity and how their personal information has been used. For example, in voting systems a voter wants to keep her vote secret. Recently, strong privacy properties in voting such asreceipt-freeness and coercion-resistance were proposed and have received considerable attention. These notions seek to prevent vote buying (where a voter chooses to renounce her vote). These strong notions of privacy, which we will call enforced privacy, actually capture the essential idea that privacy must be enforced by a system upon its users, instead of users desiring privacy.

The first aim of this project is to extend enforced privacy from voting to other domains, such as online auctions, anonymous communications, healthcare, and digital rights management, where enforced privacy is a paramount requirement. For example, in healthcare, a patient's health record is private information. However, a patient contracting a serious disease is at risk of discrimination by parties aware of her illness. The inability to unveil (specific parts of) the health record of a patient is a minimal requirement for her privacy.

The second aim of the project is to develop a domain-independent formal framework in which enforced privacy properties in different domains can be captured in a natural, uniform and precise way. Typically, enforced privacy properties will be formalised as equivalence relations on traces, which take into account both the knowledge of the intruder and the users. Within the framework, algorithms can be designed to support analysis of e-service systems which claim to have enforced privacy properties. In the end, the formalisation and techniques will be applied to verify existing real-life systems and to help the design of new systems with enforced privacy properties.

Team members

The following members are involved in the project:

Journals

Conference and Workshop Proceedings

Technical reports

Financial support

The project is supported by the University of Luxembourg and the National Research Fund Luxembourg.