ACCEPTED PAPERS DPM 2014 ==================================================================================== 01. Group Discounts Compatible with Buyer Privacy Authors: Josep Domingo-Ferrer (Universitat Rovira i Virgili) and Alberto Blanco-Justicia (Universitat Rovira i Virgili) Abstract: We show how group discounts can be offered without forcing buyers to surrender their anonymity, as long as buyers can use their own computing devices (e.g. smartphone, tablet or computer) to perform a purchase. Specifically, we present a protocol for privacy-preserving group discounts. The protocol allows a group of buyers to prove how many they are without disclosing their identities. Coupled with an anonymous payment system, this makes group discounts compatible with buyer privacy. Keywords: Group discounts, Cryptographic protocols, Digital signatures ==================================================================================== 04. Privacy-preserving Loyalty Programs Authors: Alberto Blanco-Justicia (Universitat Rovira i Virgili) and Josep Domingo-Ferrer (Universitat Rovira i Virgili) Abstract: Loyalty programs are promoted by vendors to incentivize loyalty in buyers. Although such programs have become widespread, they have been criticized by business experts and consumer associations: loyalty results in profiling and hence in loss of privacy of consumers. We propose a protocol for privacy-preserving loyalty programs that allows vendors and consumers to enjoy the benefits of loyalty (returning customers and discounts, respectively), while allowing consumers to stay anonymous and empowering them to decide how much of their profile they reveal to the vendor. The vendor must offer additional reward if he wants to learn more details on the consumer’s profile. Our protocol is based on partially blind signatures and zero knowledge proofs of knowledge, and provides anonymity to consumers and their purchases, while still allowing negotiated consumer profiling. Keywords: Customer privacy, anonymization, blind signatures, zero-knowledge proofs ==================================================================================== 07. A-PPL: An Accountability Policy Language for Cloud Computing (Short Paper) Abstract: Monir Azraoui (EURECOM), Kaoutar Elkhiyaoui (EURECOM), Melek Onen (EURECOM), Karin Bernsmed (SINTEF), Anderson Santana De Oliveira and Jakub Sendor (SAP Labs) Abstract: The inherent lack of control of users over their data raises various security and privacy challenges in Cloud Computing. One approach to encourage customers to take advantage of the Cloud is the design of new accountability solutions which aid and enable customers to control and be informed on how their data is processed. In this paper, we focus on accountability policies and propose A-PPL, an accountability policy language that represents machine-readable accountability policies. A-PPL policies provide cloud customers and cloud end-users with a way to express accountable obligations in order to automate their enforcement. Our work also describes a use case where medical sensors collect personal data which are then stored and processed in the cloud. We define the accountability obligations related to this use case and translate them into A-PPL policies as a proof of concept of our proposal. Keywords: Cloud Computing, Accountability, Policies, Policy Language, Policy Enforcement ==================================================================================== 08. The crypto-democracy and the Trustworthy (Position Paper) Authors: Sebastien Gambs (Universite de Rennes), Samuel Ranellucci (Universite de Montreal) and Alain Tapp (Universite de Montreal) Abstract: In the current architecture of the Internet, there is a strong asymmetry in terms of power between the entities that gather and process personal data (e.g., major Internet companies, telecom operators, cloud providers, ...) and the individuals from which this personal data is issued. In particular, individuals have no choice but to blindly trust that these entities will respect their privacy and protect their personal data. In this paper, we address this issue by proposing an utopian crypto-democracy model based on existing scientic achievements from the field of cryptography. More precisely, our main objective is to show that cryptographic primitives, including in particular secure multiparty computation, offer a practical solution to protect privacy while minimizing the trust assumptions. In the crypto-democracy, individuals do not have to trust a single physical entity with their personal data but rather their data is distributed among several institutions. Together these institutions form a virtual entity called the Trustworthy that is responsible for the storage of this data but which can also compute on it (provided first that all the institutions agree on this). Finally, we also propose a realistic proof-of-concept of the crypto-democracy, in which the roles of institutions are played by universities. This proof-of-concept would have an important impact in demonstrating the possibilities offered by the crypto-democracy paradigm. Keywords: Privacy, Trust, Secure computation, Democracy ==================================================================================== 12. Privacy-Preserving Electronic Toll System with Dynamic Pricing for Low Emission Zones (Short Paper) Authors: Roger Jardi-Cedo (Universitat Rovira i Virgili), Jordi Castella-Roca (Universitat Rovira i Virgili) and Alexandre Viejo (Universitat Rovira i Virgili) Abstract: The high levels of pollution and traffic congestion present in almost all major cities around the world have brought solutions such as the deployment of electronic toll systems in some of these cities. The main purpose of those electronic toll systems is to restrict the access of vehicles to certain city areas, named low emission zones (LEZs). Since its adoption, this solution has proven to be quite promising. However, current proposals are still far from being ideal. More specifically, current schemes still introduce a significant error percentage in the detection of fraudulent drivers. Moreover, they usually require toll systems to be equipped with cameras that take pictures of all the vehicles that pass through the control points. This behavior may represent a serious privacy threat for the drivers. In this article, a new electronic toll system is proposed. The aim of the new proposal is to detect fraud while preserving drivers’ privacy. More concretely, it provides a non-probabilistic fraud control and the control points only take pictures of the vehicles that misbehave. Last but not least, the proposed system applies an enhanced dynamic pricing that can help the authorities to better distribute traffic over the road network. Keywords: Electronic road pricing, Low emission zone, Dynamic pricing, Driver privacy, Security ==================================================================================== 14. Towards an Image Encryption Scheme with Content-Based Image Retrieval Properties (Short Paper) Authors: Bernardo Ferreira (Universidade Nova de Lisboa), Joao Rodrigues (Universidade Nova de Lisboa), Joao Leitao (Universidade Nova de Lisboa) and Henrique Domingos (Universidade Nova de Lisboa) Abstract: Storage requirements for visual data has been increasing in recent years, following the emergence of many new services and applications for both personal and corporate use. This has been a key driving factor for the adoption of cloud-based data outsourcing solutions. However, outsourcing data storage to the Cloud also leads to new challenges that must be carefully addressed, specially regarding privacy. In this paper we propose a novel secure framework for outsourced and distributed storage/retrieval in large private image repositories. Our proposal is based on a novel cryptographic scheme, named IES-CBIR, specifically designed for media image data. Our solution enables both encrypted storage and querying using Content Based Image Retrieval (CBIR) while preserving privacy. We have built a prototype of the proposed framework, analyzed its security properties, and experimentally evaluated it's performance and precision. Our results show that IES-CBIR allows more efficient operations than existing proposals, both in terms of time and space overheads, while enabling less restrictive use cases and application scenarios. Keywords: Data and Computation Outsourcing, Applied Cryptography, Encrypted Data Processing, Privacy-Preserving Content-based Image Retrieval ==================================================================================== 18. Secure Improved Cloud-Based RFID Authentication Protocol Authors: Sarah Abughazalah (Royal Holloway), Konstantinos Markantonakis (Royal Holloway) and Keith Mayes (Royal Holloway) Abstract: Although Radio Frequency IDentication (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the assumption that the server is secure. In this paper, we assume that the server resides in the cloud, which might be insecure. Hence, the tag's data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called /cloud-based RFID authentication/, which aimed to address the security and privacy concerns of RFID tag's data in the cloud. In this paper, We informally analysed Xie et al. protocol and formally analysed it using a privacy model and CasperFDR, and they showed that Xie et al. protocol is not immune against reader impersonation attacks, location tracking and tag's data breach. Therefore, we proposed a new protocol that guarantees that the tag's data in the cloud are anonymous, and cannot be compromised. Furthermore, the proposed protocol achieves a mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags. Keywords: RFID, Cloud server, Privacy, Security protocol, Privacy model, CasperFDR ==================================================================================== 19. Towards Inherent Privacy Awareness in Workflows Authors: Maria Koukovini (National Technical University of Athens), Eugenia Papagiannakopoulou (National Technical University of Athens), Georgios Lioudakis (National Technical University of Athens) and Nikolaos Dellas (SingularLogic) Abstract: This paper presents a holistic approach to the realisation of Privacy by Design in workflow environments, ensuring that workflow models are rendered privacy-aware already at their specification phase. In this direction, the proposed framework, considering the particular technical requirements stemming from data protection principles, is centred around the following features: a novel, ontology-based approach to workflow modelling, which manages, unlike all other existing technologies, to adequately capture privacy aspects pertaining to workflow execution; the appropriate codification of privacy requirements into compliance rules and directives; an automated procedure for the verification of workflow models and their subsequent transformation, if needed, so that they become inherently privacy-aware before being deployed for execution. Keywords: Privacy compliance, Workflow modelling, Verification, Ontologies ==================================================================================== 21. Configuration Behavior of Restrictive Default Privacy Settings on Social Network Sites - Analyzing the Combined Effect of Default Settings and Interface Style Author: Markus Tschersich (Goethe-University Frankfurt) Abstract: Research about privacy in the context of social network sites is based on the assumption that all entered personal information is publicly accessible on the platform by default. Literature about default settings and the sharing of per-sonal information in social network sites lacks empirical insight into how re-strictive privacy default settings influences the behavior of users. To gain empirical insight a social network site privacy interface prototype was built to investigate the influence of default settings and interface style on the pri-vacy configuration behavior of users. Results show configuration behavior differences between participants having restrictive or non-restrictive privacy default settings. Further, interfaces with multiple pages of privacy settings induce participants to keep their default settings. Keywords: Social Networks, Privacy by Default, Privacy Default Setting Interface ==================================================================================== 22. Association Rule Mining on Fragmented Database *(Short Paper)* Authors: Amel Hamzaoui (Qatar University), Qutaibah Malluhi (Qatar University), Riley Ryan (Qatar University) and Clifton Chris (Purdue University) Abstract: Anonymization methods are an important tool to protect privacy. The goal is to release data while preventing individuals from being identified. Most approaches generalize data, reducing the level of detail so that many individuals appear the same. An alternate class of methods, including anatomy, fragmentation, and slicing, preserves detail by generalizing only the link between identifying and sensitive data. We investigate learning association rules on such a database. Association rule mining on a generalized database is challenging, as specific values are replaced with generalizations, eliminating interesting fine-grained correlations. We instead learn association rules from a fragmented database, preserving fine-grained values. Only rules involving both identifying and sensitive information are affected; we demonstrate the efficacy of learning in such environment. Keywords: Anonymous fragmentation, Rule mining, Data privacy ==================================================================================== 29. Index Optimization for L-Diversified Database-as-a-Service Authors: Jens Kohler (Karlsruhe Institute of Technology) and Hannes Hartenstein (Karlsruhe Institute of Technology). Abstract: Preserving the anonymity of individuals by technical means when outsourcing databases to semi-trusted providers gained importance in recent years. Anonymization approaches that fulfill anonymity notions like $\ell$-diversity and can be used to outsource databases exist. However, using indexes on anonymized data to increase query execution performance significantly differs from using plaintext indexes and it is not clear whether using an anonymized index is beneficial or not. In this paper, we present Dividat, an approach that makes anonymized database outsourcing more practical and deployable by optimizing the indexing of l-diversified data. We show that the efficiency of anonymized indexes differs from traditional indexes and performance gains of a factor of 5 are possible by optimizing indexing strategies. We propose strategies to determine which indexes should be created for a given query workload and used for a given query. To apply these strategies without actually creating each possible indexes, we propose and validate models to estimate the performance of anonymized index tables a-priori. Keywords: Database-as-a-service, Anonymized indexes, l-Diversity, Performance optimization ====================================================================================