PET PhD course

Privacy has become an increasingly important topic as our data and data about us is both increasing and more and more being collected and mined. This course will give an overview of privacy concepts and terminology as well as concrete examples of privacy-enhancing technologies (PET) and some of their applications.

Course topics will include: Legal privacy basics, basic PET terms& concepts, anonymous communication (Mixes, Onion Routing, TOR, DC-Nets, etc.), data minimization technologies (blind signatures, zero-knowledge proofs, anonymous credentials, PIR, multi-party secure computation), Privacy policy languages (P3P, PPL, etc.), privacy-enhanced access control, transparency-enhancing tools, privacy-enhanced applications (privacy-enhanced identity management, PET for SNS, Cloud Computing, Smart Grids, eHealth systems etc.).

SWITS is a network for security researchers, primarily PhD students, in Sweden. This course on Privacy-Enhancing Technologies (PET) has been designed to accommodate SWITS PhD students from any location.

Objectives

The course objectives and learning outcomes are as follows.

Objectives

The students should be able to:

• recognize threats to privacy
• explain the basic privacy terminology and concepts and use them correctly
• find and apply documentation of privacy-related problems and technologies
• get an overview of existing privacy-enhancing technologies (PET)
• analyze system PET descriptions in terms of their privacy protection and how they work
• identify vulnerabilities of system descriptions and predict their corresponding threats
• select counter-measures to identified threats and argue their effectiveness
• compare counter-measures and evaluate their side-effects
• present and explain their reasoning to others

such that the students can:

• reason about privacy in general and PET in particular and
• incorporate existing PET into their research or start developing new ones

Course Content

• Legal context for privacy in Europe.
• Fundamental privacy terminology and concepts.
• A range of privacy-enhancing technologies (PET).

Prerequisites

This course is for PhD students in Computer Science or related subjects. There are no other special prerequisites.

Syllabus

This document will contain the topics distribution over dates, fixed dates and locations, and the reading lists before each meeting.

SWITS PET PhD course 2012 - suggested list of sessions including topics

By default, all sessions start at 10 am and end at 4 pm to allow for travel time, individual sessions can deviate from this depending on the location. Lunch is included at least at the first meeting and we might get support for others and perhaps travel cost subsidies.

Session 1

Session 1 (5 hours) May 3, 2012, KTH, E35, Osquars Backe 2, 100 40 Stockholm, 3rd floor

• Welcome and introductions
• Quiz
• Introductory presentations (IP) by Simone Fischer-Hübner: IP1) Introduction to the concept of Privacy & legal Aspects (EU Data Protection Directive 95/46/EC, PUL, newly proposed EU Privacy Regulation, ePrivacy Directive), slides
• Discussion
• Lunch
• IP2) Introduction to PET: Terminology
• Guest lecture: Douglas Wikstrom on E-voting
• IP3) Basic concepts for anonymous communication: Mix-nets

Reading assignment before the session:

• Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 , 23/11/1995 P. 0031 - 0050 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML Optionally, this can be replaced by secondary sources on the EU directive. For example, it is summarized in Simone Fischer-Hübner’s book listed below.

• Andreas Pfitzmann, Marit Hansen, “A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability,Pseudonymity, and Identity Management”, Version v0.34 Aug. 10, 2010, http://kantarainitiative.org/confluence/download/attachments/45059055/terminology+for+talking+about+privacy.pdf

• David Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, Communications of the ACM, 24 (2). 1981, pp. 84-88.

  Additional Reading:

• Simone Fischer-Hübner, “IT-Security and Privacy - Design and Use of Privacy-Enhancing Security Mechanisms”, Springer Scientific Publishers, Lecture Notes of Computer Science, LNCS 1958, May 2001, ISBN 3-540-42142-4 (Chapters 2, 4). Available via the Springer subscription of Swedish universities at http://www.springerlink.com/content/978-3-540-42142-9/ or on Google Books.

Session 2

Session 2 (5 hours), 8 June 2012, KAU:

Location: Karlstad university in room 21 A 345 (house 21), see map.

For several people traveling together, it is recommended to take a taxi from the train station.

• Continuation: Onion Routing, DC-nets, Crowds (Simone Fischer-Hübner)
• Real-time anonymous networks: TOR and JAP, hidden services, censor-free systems
• Traffic-Flow Analysis: Attacks and countermeasures

General Reading assignment before Session 2:

• Roger Dingledine and Nick Mathewson, The Free Haven Project; Paul Syverson, Naval Research Lab, “Tor: The Second-Generation Onion Router”, 13th USENIX Security Symposium, 2004, pdf

• (recommended, but optional: Mike Reiter, Avi Rubin, “Anonymous Web Transactions with Crowds”, Communications of the ACM, Vol.42, No.2, February 1999, pp. 32-38, pdf)

• David Chaum, The dining cryptographers problem: Unconditional sender and recipient untraceability, Journal of cryptology, 1988 - Springer, html

Reading assignment before student presentations:

Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton, "Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail", which was presented at this years IEEE Security & Privacy, pdf.

Session 3

Session 3, 30. August or 27. September Chalmers

• Privacy metrics, Privacy impact assessment (PIA) – very short intro by Simone or volunteers
• Location privacy (Pedro and Raja)
• VANET privacy (Joel, Stelios, Nikolaos)

Session 4

Session 4, 27. September, or 4. October KTH

• Invited talk by Gunnar Kreitz on MPC, bind signatures, zero-knowledge
• Protocols for privacy-enhanced applications: anonymous voting protocols, private information retrieval maybe (Emma, Benjamin, Filippo)

Session 5

Session 5, 18. October, KAU

• Invited talk by Rose-Mharie?
• PET for smart grids (Valentin)
• Statistical database security, differential privacy, privacy-preserving data mining (Arnar, Bart)

Session 6

Session 6, 29. October, Chalmers

• Invited talk by Datainspektionen?
• Privacy and accountability in the Cloud (Ali/Zeeshan)
• Transparency-enhancing tools (Tobias)

Session 7

Session 7, 12. November, KTH

• Anonymous credentials: Idemix, U-Prove, ABC4Trust project
• Privacy policy languages: P3P, XACML, PPL (PrimeLife Policy Language)
• (Perhaps guest lectures for the two topics above) otherwise policy languages (Tobias)
• Privacy-enhanced access control (Guillermo, Oleksandr)

Session 8

Session 8, 4. December, KAU

• Privacy-preserving social networks (PeerSon, Diaspora, Safebook, Persona) Sonja
• Usable privacy (Julio)
• Privacy culture/understanding policies (Bilal)

Remote participation

For remote participation, we will use Adobe Connect or Skype. Log-in information will be posted here.

Quizzes

Short quizzes will be given at the start of each meeting to check that the course participants have read the assigned papers.

Reading List

At each meeting, there will be presentations with papers assigned for prior reading to make sure the presentations are better understood and to enable a more in-depth discussion. For each student presentation topic, there will be 3 papers assigned to be read by everyone.

Related reading list

There will be a place to collect relevant related reading.

Topics and groups assignment

Topics and group assignment will be done as follows. At the first meeting, Simone and Sonja will give an overview of the available topics.

There can be groups of 2 (preferred) or 1. Each group does the following.

• Form a group, send participants list
• Select a topic
• Find 3 relevant papers for others to read, and discuss the paper selection with Simone and Sonja well in advance.
• Find other relevant papers/books/material to prepare for the presentation
• Give an in-depth presentation of the selected topic
• Formulate 3 discussion questions to be taken up after the presentation

Leftover topics

The topics that have not been selected for presentations will either be covered by (guest) lectures or additional reading lists.

Day structure

Each meeting will have roughly the same structure. The following are the basic components of each meeting. The order is not yet finalized.

• Introduction/welcome/overview
• Student presentation and discussion
• lunch
• Guest lecture
• Student presentation and discussion
• General discussion

Web site

All course information will be available on the KTH social web site for the course DD3344.

Ladok number

At KTH, the course has the number DD3344 and is registered with 7.5 ECTS.

Grading

The grades are pass/fail - P/F.

The criteria are as follows. To pass the course, the students successfully complete the following tasks.

• Do assigned reading
• Select a topic
• Suggest a relevant reading list for the other participants Present the selected topic
• Lead a discussion on the selected topic
• Hand in a written assignment
• Participate in at least 80% of the meetings, preferably in person
• Missed meetings can be made up by a written report on the meeting topics.

Written assignment

The writing assignment consists of 4 pages of text, reflecting on any topic presented in the course (including privacy in general) and, if applicable, how it relates to the participant’s own research, otherwise how it relates to the participant’s own experience.

Guest lectures

There will be a guest lecture at most meetings. We invite a mix of people, representing academic, industrial, or policy experts on a particular privacy topic.

The first guest lecture will be given by Douglas Wikstrom on e-voting.

Lunch

The first lunch will be provided, we are working on the rest.

Course responsible

The course is led jointly by Sonja Buchegger at KTH and Simone Fischer-Hübner at KAU. If you have any questions, please write to both buc at csc dot kth dot se and simone dot fischer-huebner at kau dot se.