TU Darmstadt / ULB / TUbiblio

PEEPLL: Privacy-Enhanced Event Pseudonymisation with Limited Linkability

Zimmer, Ephraim ; Burkert, Christian ; Petersen, Tom ; Federrath, Hannes (2020):
PEEPLL: Privacy-Enhanced Event Pseudonymisation with Limited Linkability.
In: SAC'20 : Proceedings of the 35th Annual ACM Symposium on Applied Computing, pp. 1308-1311,
ACM, 35th ACM/SIGAPP Symposium on Applied Computing, virtual Conference, 30.03.-03.04.2020, ISBN 978-1-4503-6866-7,
DOI: 10.1145/3341105.3375781,
[Conference or Workshop Item]

Abstract

Pseudonymisation provides the means to reduce the privacy impact of data collection and processing on individual subjects. Its application on data records, especially in an environment with additional constraints, like re-identification in the course of incident response, implies assumptions and privacy issues, which contradict the achievement of the desirable privacy level. Proceeding from two real-world scenarios, where personal and identifying data needs to be processed, we identify a system model for pseudonymisation and explicitly state the sustained privacy threats. With this system and threat model, we derive privacy protection goals together with possible technical realisations, which are integrated into our event pseudonymisation framework PEEPLL for the context of event processing, like auditing of user activities. Our framework provides privacy-friendly linkability in order to maintain the possibility for automatic event correlation and evaluation, while at the same time reduces the privacy impact on individuals. With this framework, privacy provided by event pseudonymisation can be enhanced by a more rigorous commitment to the concept of personal data minimisation.

Item Type: Conference or Workshop Item
Erschienen: 2020
Creators: Zimmer, Ephraim ; Burkert, Christian ; Petersen, Tom ; Federrath, Hannes
Title: PEEPLL: Privacy-Enhanced Event Pseudonymisation with Limited Linkability
Language: English
Abstract:

Pseudonymisation provides the means to reduce the privacy impact of data collection and processing on individual subjects. Its application on data records, especially in an environment with additional constraints, like re-identification in the course of incident response, implies assumptions and privacy issues, which contradict the achievement of the desirable privacy level. Proceeding from two real-world scenarios, where personal and identifying data needs to be processed, we identify a system model for pseudonymisation and explicitly state the sustained privacy threats. With this system and threat model, we derive privacy protection goals together with possible technical realisations, which are integrated into our event pseudonymisation framework PEEPLL for the context of event processing, like auditing of user activities. Our framework provides privacy-friendly linkability in order to maintain the possibility for automatic event correlation and evaluation, while at the same time reduces the privacy impact on individuals. With this framework, privacy provided by event pseudonymisation can be enhanced by a more rigorous commitment to the concept of personal data minimisation.

Title of Book: SAC'20 : Proceedings of the 35th Annual ACM Symposium on Applied Computing
Publisher: ACM
ISBN: 978-1-4503-6866-7
Uncontrolled Keywords: personal data minimisation, pseudonymisation framework, privacy protection goals, limited linkability, pseudonym re-usage, indistinguishability unobservability
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
Event Title: 35th ACM/SIGAPP Symposium on Applied Computing
Event Location: virtual Conference
Event Dates: 30.03.-03.04.2020
Date Deposited: 05 Feb 2021 09:07
DOI: 10.1145/3341105.3375781
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details