Security Seminar: Privacy

Contents: | Introduction | Organisation | Topics |

Introduction

Privacy has always been a controversial topic. Governments and business want to collect information about their citizens and customers - for their own benefit as well their clients. In surveys, people claim that they value their privacy. In practice, people give away personal information very easily, either because they do not receive a service otherwise, or because they are unable to protect that information reliably. With the calls for ever increasing security - after the events of the last few years - privacy has eroded even further, it seems.

In this seminar we will explore the state of the art in privacy enhancing technologies (PET), and discuss theories (technical, legal and societal) of privacy.

Organisation

The seminar is organised by me, Jaap-Henk Hoepman (follow the link for contact details). Merel Koning (room H02.047) is the second teacher for this course (email: m.koning@cs.ru.nl). The course code is I00136.

You will do, in groups of two, a small research project on a particular topic, chosen from the list of topics below. The idea is to let you first investigate a particular practical case (what are the privacy issues (from a societal perspective), how are they dealt with), and then let you perform some research using particular PETs to solve the problem. You will report on that research both in class with a presentation, and by writing a student paper on the same topic. Presence at all lectures is mandatory! (Not present without a valid reason = fail!).

The final grade = (2*grade for paper + grade for presentation) / 3. If the grade for the paper or the presentation is below 5.5, the lowest grade is the final grade!

Prerequisites

You should have successfully completed the Cryptography course.

Presentation in class

You must give a two hour presentation of your research in class. The goal of the presentation is to present an overview of your results, and to engage class in a discussion about your research topic. Make sure that you also discuss the essential technical ideas in your research in sufficient detail. Bring your own laptop for the presentations, if you plan to use powerpoint or similar. You may also use the blackboard instead, if you wish. Make sure each of you puts about the same effort in preparing and presenting.

You must discuss presentations with the teachers at least one week before you are scheduled to give them to class. We have a fixed time slot for that: from 13:00 to 13:30 each Friday (i.e. just before the start of the lecture), in room HG 02.049 (Jaap-Henk's office). Send us an email, containing a draft of the presentation, if you want to discuss with us, at least one day before (ie wednesday night at the latest).

Student paper

You must write a report about your research. The report should be roughly 10 pages (excluding references and appendices) on A4 paper with reasonable margins and a 10 or 11 point font. The goal of the paper is to

analyse a particular practical case (what are the privacy issues (from a societal perspective) and how are they dealt with),
give a precise and concise description of the core problem,
investigate which privacy enhancing technologies (PET) can potentially be applied to increase privacy and solve this problem,
describe how these PETs have been or should be applied in this particular case to the best effect, and
(informally) prove or argue that the solution you propose actually solves the problem, and
write down your own perspective and opinion on how effective these PETs are in this case.

The paper should be based academic literature on the topic. Some initial references are provided for each of the topics, but you are expected to do your own literature study and to find additional relevant references. The paper could also be based on input obtained during the presentation of the research in class. The paper should contain at least one protocol. The societal part could be based on interviews with stakeholders.

Paper skeleton

You must prepare a skeleton of the student paper. This must be submitted to the teachers to check whether the paper is going into the right direction. The skeleton should therefore contain an outline of the full paper. It should contain all envisioned chapters and sections, each with a few lines describing what it will contain. Also include all references you aim to cite.

Deadlines

The paper skeleton must be submitted on or before May 18, 2012.

Deadline for the final paper is June 22, 2012.

Possible topics/cases

You can chose from the following topics

location privacy; roadpricing, ov chipkaart
rfid privacy
identity management
electronic voting
electronisch patient records (the dutch system)
smart metering/smart grids
search engine privacy
profiling; behavioural advertising
social networks
cloud computing

A list of references to get you started is available here.

Last Version - $Revision: 30 $ / $Date: 2010-12-27 13:58:17 +0100 (Mon, 27 Dec 2010) $
(Note: changeover from CVS to dotless svn version numbers on 19 Jan 2008)
Maintained by Jaap-Henk Hoepman
Email: Email address