ACCEPTED PAPERS DPM 2014

====================================================================================

01. Group Discounts Compatible with Buyer Privacy

Authors: Josep Domingo-Ferrer (Universitat Rovira i Virgili) and
Alberto Blanco-Justicia (Universitat Rovira i Virgili)

Abstract: We show how group discounts can be offered without forcing
buyers to surrender their anonymity, as long as buyers can use their
own computing devices (e.g. smartphone, tablet or computer) to perform
a purchase. Specifically, we present a protocol for privacy-preserving
group discounts. The protocol allows a group of buyers to prove how
many they are without disclosing their identities. Coupled with an
anonymous payment system, this makes group discounts compatible with
buyer privacy.

Keywords: Group discounts, Cryptographic protocols, Digital
signatures

====================================================================================

04. Privacy-preserving Loyalty Programs

Authors: Alberto Blanco-Justicia (Universitat Rovira i Virgili) and
Josep Domingo-Ferrer (Universitat Rovira i Virgili)

Abstract: Loyalty programs are promoted by vendors to incentivize
loyalty in buyers. Although such programs have become widespread, they
have been criticized by business experts and consumer associations:
loyalty results in profiling and hence in loss of privacy of consumers.
We propose a protocol for privacy-preserving loyalty programs that
allows vendors and consumers to enjoy the benefits of loyalty (returning
customers and discounts, respectively), while allowing consumers to stay
anonymous and empowering them to decide how much of their profile they
reveal to the vendor. The vendor must offer additional reward if he
wants to learn more details on the consumer’s profile. Our protocol is
based on partially blind signatures and zero knowledge proofs of
knowledge, and provides anonymity to consumers and their purchases,
while still allowing negotiated consumer profiling.

Keywords: Customer privacy, anonymization, blind signatures,
zero-knowledge proofs

====================================================================================

07. A-PPL: An Accountability Policy Language for Cloud Computing
(Short Paper)

Abstract: Monir Azraoui (EURECOM), Kaoutar Elkhiyaoui (EURECOM),
Melek Onen (EURECOM), Karin Bernsmed (SINTEF), Anderson Santana De
Oliveira and Jakub Sendor (SAP Labs)

Abstract: The inherent lack of control of users over their data
raises various security and privacy challenges in Cloud Computing. One
approach to encourage customers to take advantage of the Cloud is the
design of new accountability solutions which aid and enable customers
to control and be informed on how their data is processed. In this
paper, we focus on accountability policies and propose A-PPL, an
accountability policy language that represents machine-readable
accountability policies. A-PPL policies provide cloud customers and
cloud end-users with a way to express accountable obligations in order
to automate their enforcement. Our work also describes a use case
where medical sensors collect personal data which are then stored and
processed in the cloud. We define the accountability obligations
related to this use case and translate them into A-PPL policies as a
proof of concept of our proposal.

Keywords: Cloud Computing, Accountability, Policies, Policy Language,
Policy Enforcement

====================================================================================

08. The crypto-democracy and the Trustworthy (Position Paper)

Authors: Sebastien Gambs (Universite de Rennes), Samuel Ranellucci
(Universite de Montreal) and Alain Tapp (Universite de Montreal)

Abstract: In the current architecture of the Internet, there is a
strong asymmetry in terms of power between the entities that gather
and process personal data (e.g., major Internet companies, telecom
operators, cloud providers, ...) and the individuals from which this
personal data is issued. In particular, individuals have no choice but
to blindly trust that these entities will respect their privacy and
protect their personal data. In this paper, we address this issue by
proposing an utopian crypto-democracy model based on existing scientic
achievements from the field of cryptography. More precisely, our main
objective is to show that cryptographic primitives, including in
particular secure multiparty computation, offer a practical solution
to protect privacy while minimizing the trust assumptions. In the
crypto-democracy, individuals do not have to trust a single physical
entity with their personal data but rather their data is distributed
among several institutions. Together these institutions form a virtual
entity called the Trustworthy that is responsible for the storage of
this data but which can also compute on it (provided first that all
the institutions agree on this). Finally, we also propose a realistic
proof-of-concept of the crypto-democracy, in which the roles of
institutions are played by universities. This proof-of-concept would
have an important impact in demonstrating the possibilities offered by
the crypto-democracy paradigm.

Keywords: Privacy, Trust, Secure computation, Democracy

====================================================================================

12. Privacy-Preserving Electronic Toll System with Dynamic Pricing for Low
Emission Zones (Short Paper)

Authors: Roger Jardi-Cedo (Universitat Rovira i Virgili), Jordi
Castella-Roca (Universitat Rovira i Virgili) and Alexandre Viejo
(Universitat Rovira i Virgili)

Abstract: The high levels of pollution and traffic congestion present
in almost all major cities around the world have brought solutions such
as the deployment of electronic toll systems in some of these cities.
The main purpose of those electronic toll systems is to restrict the
access of vehicles to certain city areas, named low emission zones
(LEZs). Since its adoption, this solution has proven to be quite
promising. However, current proposals are still far from being ideal.
More specifically, current schemes still introduce a significant error
percentage in the detection of fraudulent drivers. Moreover, they
usually require toll systems to be equipped with cameras that take
pictures of all the vehicles that pass through the control points. This
behavior may represent a serious privacy threat for the drivers. In this
article, a new electronic toll system is proposed. The aim of the new
proposal is to detect fraud while preserving drivers’ privacy. More
concretely, it provides a non-probabilistic fraud control and the
control points only take pictures of the vehicles that misbehave. Last
but not least, the proposed system applies an enhanced dynamic pricing
that can help the authorities to better distribute traffic over the road
network.

Keywords: Electronic road pricing, Low emission zone, Dynamic pricing,
Driver privacy, Security

====================================================================================
14. Towards an Image Encryption Scheme with Content-Based 
Image Retrieval Properties (Short Paper) 

Authors: Bernardo Ferreira (Universidade Nova de Lisboa), Joao
Rodrigues (Universidade Nova de Lisboa), Joao Leitao (Universidade
Nova de Lisboa) and Henrique Domingos (Universidade Nova de Lisboa)

Abstract: Storage requirements for visual data has been increasing in
recent years, following the emergence of many new services and
applications for both personal and corporate use. This has been a key
driving factor for the adoption of cloud-based data outsourcing
solutions. However, outsourcing data storage to the Cloud also leads to
new challenges that must be carefully addressed, specially regarding
privacy. In this paper we propose a novel secure framework for
outsourced and distributed storage/retrieval in large private image
repositories. Our proposal is based on a novel cryptographic scheme,
named IES-CBIR, specifically designed for media image data. Our solution
enables both encrypted storage and querying using Content Based Image
Retrieval (CBIR) while preserving privacy. We have built a prototype of
the proposed framework, analyzed its security properties, and
experimentally evaluated it's performance and precision. Our results
show that IES-CBIR allows more efficient operations than existing
proposals, both in terms of time and space overheads, while enabling
less restrictive use cases and application scenarios.

Keywords: Data and Computation Outsourcing, Applied Cryptography,
Encrypted Data Processing, Privacy-Preserving Content-based Image
Retrieval

====================================================================================

18. Secure Improved Cloud-Based RFID Authentication Protocol

Authors: Sarah Abughazalah (Royal Holloway), Konstantinos
Markantonakis (Royal Holloway) and Keith Mayes (Royal Holloway)

Abstract: Although Radio Frequency IDentication (RFID) systems promise
a fruitful future, security and privacy concerns have affected the
adoption of the RFID technology. Several studies have been proposed to
tackle the RFID security and privacy concerns under the assumption that
the server is secure. In this paper, we assume that the server resides
in the cloud, which might be insecure. Hence, the tag's data might be
prone to privacy invasion and attacks. Xie et al. proposed a new scheme
called /cloud-based RFID authentication/, which aimed to address the
security and privacy concerns of RFID tag's data in the cloud. In this
paper, We informally analysed Xie et al. protocol and formally analysed
it using a privacy model and CasperFDR, and they showed that Xie et al.
protocol is not immune against reader impersonation attacks, location
tracking and tag's data breach. Therefore, we proposed a new protocol
that guarantees that the tag's data in the cloud are anonymous, and
cannot be compromised. Furthermore, the proposed protocol achieves a
mutual authentication between all the entities participating in a
communication session, such as a cloud server, a reader and a tag.
Finally, we analysed the proposed protocol informally and formally using
a privacy model and CasperFDR. The results indicate that the proposed
protocol achieves data secrecy and authentication for RFID tags.

Keywords: RFID, Cloud server, Privacy, Security protocol, Privacy model,
CasperFDR

====================================================================================

19. Towards Inherent Privacy Awareness in Workflows

Authors: Maria Koukovini (National Technical University of Athens),
Eugenia Papagiannakopoulou (National Technical University of Athens),
Georgios Lioudakis (National Technical University of Athens) and
Nikolaos Dellas (SingularLogic)

Abstract: This paper presents a holistic approach to the realisation
of Privacy by Design in workflow environments, ensuring that workflow
models are rendered privacy-aware already at their specification
phase. In this direction, the proposed framework, considering the
particular technical requirements stemming from data protection
principles, is centred around the following features: a novel,
ontology-based approach to workflow modelling, which manages, unlike
all other existing technologies, to adequately capture privacy aspects
pertaining to workflow execution; the appropriate codification of
privacy requirements into compliance rules and directives; an
automated procedure for the verification of workflow models and their
subsequent transformation, if needed, so that they become inherently
privacy-aware before being deployed for execution.

Keywords: Privacy compliance, Workflow modelling, Verification, Ontologies

====================================================================================

21. Configuration Behavior of Restrictive Default Privacy Settings on
Social Network Sites - Analyzing the Combined Effect of Default
Settings and Interface Style

Author: Markus Tschersich (Goethe-University Frankfurt)

Abstract: Research about privacy in the context of social network
sites is based on the assumption that all entered personal information
is publicly accessible on the platform by default. Literature about
default settings and the sharing of per-sonal information in social
network sites lacks empirical insight into how re-strictive privacy
default settings influences the behavior of users. To gain empirical
insight a social network site privacy interface prototype was built to
investigate the influence of default settings and interface style on the
pri-vacy configuration behavior of users. Results show configuration
behavior differences between participants having restrictive or
non-restrictive privacy default settings. Further, interfaces with
multiple pages of privacy settings induce participants to keep their
default settings.

Keywords: Social Networks, Privacy by Default, Privacy Default Setting
Interface

====================================================================================

22. Association Rule Mining on Fragmented Database *(Short Paper)*

Authors: Amel Hamzaoui (Qatar University), Qutaibah Malluhi (Qatar
University), Riley Ryan (Qatar University) and Clifton Chris (Purdue
University)

Abstract: Anonymization methods are an important tool to protect
privacy. The goal is to release data while preventing individuals from
being identified. Most approaches generalize data, reducing the level
of detail so that many individuals appear the same. An alternate class
of methods, including anatomy, fragmentation, and slicing, preserves
detail by generalizing only the link between identifying and sensitive
data. We investigate learning association rules on such a database.
Association rule mining on a generalized database is challenging, as
specific values are replaced with generalizations, eliminating
interesting fine-grained correlations. We instead learn association
rules from a fragmented database, preserving fine-grained values. Only
rules involving both identifying and sensitive information are
affected; we demonstrate the efficacy of learning in such environment.

Keywords: Anonymous fragmentation, Rule mining, Data privacy

====================================================================================

29. Index Optimization for L-Diversified Database-as-a-Service

Authors: Jens Kohler (Karlsruhe Institute of Technology) and Hannes
Hartenstein (Karlsruhe Institute of Technology).

Abstract: Preserving the anonymity of individuals by technical means
when outsourcing databases to semi-trusted providers gained importance
in recent years. Anonymization approaches that fulfill anonymity
notions like $\ell$-diversity and can be used to outsource databases
exist. However, using indexes on anonymized data to increase query
execution performance significantly differs from using plaintext
indexes and it is not clear whether using an anonymized index is
beneficial or not. In this paper, we present Dividat, an approach that
makes anonymized database outsourcing more practical and deployable by
optimizing the indexing of l-diversified data. We show that the
efficiency of anonymized indexes differs from traditional indexes and
performance gains of a factor of 5 are possible by optimizing indexing
strategies. We propose strategies to determine which indexes should be
created for a given query workload and used for a given query. To
apply these strategies without actually creating each possible
indexes, we propose and validate models to estimate the performance of
anonymized index tables a-priori.

Keywords: Database-as-a-service, Anonymized indexes, l-Diversity,
Performance optimization

====================================================================================