Research
Privacy enhancing technologies are technological solutions that help users to control the use and spread of their personal information. Our work in this project can be broadly grouped into the following themes listed below.
- Privacy forensics focuses on discovering ways that users' privacy can be breached. Every electronic access, whether through Web, phone, or other communication networks, leaves a `digital trace' that can be collected, analyzed and linked with relevant information to construct user profiles. In some cases the collected data may directly contain users' personal information, such as age, address, or credit card number. In other cases, such data may not be directly available, but the leaked information can still be used to limit the range of values; for example, it may be inferable that the user's age is between 20 and 30.
- Communication privacy considers privacy aspects associated with the identities of communicating parties. A communication channel in a simple case establishes a link between a sender and a receiver, and in more general cases among members of a group. A privacy-preserving communication system protects information about the origin and/or destination of a message. Moreover, it can also ensure that two communications originated by the same sender are unlinkable. There are many services, such as Internet voting, whistleblowing, and privacy-preserving payment systems, that can only exist if communication privacy can be ensured. An Internet voting system should ideally allow voters to anonymously cast their votes from their homes. A democratic society provides mechanisms for individuals to express their views or report wrongdoings without fear of persecution. Making a payment with anonymous electronic cash is pointless if your IP address is revealed to the shop. Communication privacy is essential for such services when used online.
- Privacy preserving authentication includes models and systems that allow a user to authenticate himself to a service provider or a peer, as an entity possessing a certain attribute. This is the first step in accessing many online services. The commonly used method of authentication through name and password, or the more advanced cryptographic methods using one-time passwords or certificates, reveal users' identities. Simplistic approaches to protecting identities using pseudonyms assume trusted third parties—an assumption very hard to realize in practice. In recent years there have been attempts to formalize the anonymity requirements of such authentication systems and to propose systems that satisfy these requirements.
- Systems for enhancing privacy will focus on the design and development of systems that can be deployed in practice. In addition to implementations, this theme will also focus on the designs and theoretical underpinnings of these systems. System development in this theme will be guided by the principles of usefulness outlined in the introduction. We will provide abstract models that capture aspects of privacy and design systems that ensure protection for those aspects. We will build systems that will improve existing technologies to a state where they will have greater usefulness, and benefit more people in our increasingly interconnected world.
- A secure electronic healthcare record infrastructure ensures that personal health information is accessible only to those who need it, and is only used with the consent of patients and the relevant laws. We are specifically investigating the role of digital rights management technology, which allows information owners to control the use and distribution of their information with a machine-enforceable policy.
- Anonymization of health records is a required element of information integration, reducing and limiting the risk of disclosure of sensitive and private information. The need for having publicly available health information comes from legislation as well as from practical needs. Anonymization helps with the problem of creating data sets for research and testing that maintain patient confidentiality. An important aspect of anonymization that we are working on is to determine, quantify, and measure the privacy, the usefulness of anonymized data, and most importantly the balance between these two objectives.