Abstract: Healthcare Information Systems typically fall into the group of systems in which the need of data sharing conflicts with the privacy. A myriad of these systems have to, however, constantly communicate among each other. One of the ways to address the dilemma between data sharing and privacy is to use data obfuscation by lowering data accuracy to guarantee patient’s privacy while retaining its usefulness. Even though many obfuscation methods are able to handle numerical values, the obfuscation of non-numerical values (e.g., textual information) is not as trivial, yet extremely important to preserve data utility along the process. In this paper, we preliminary investigate how to exploit ontologies to create obfuscation mechanism for releasing personal and electronic health records (PHR and EHR) to selected audiences with different degrees of obfuscation. Data minimisation and access control should be supported to enforce different actors, e.g., doctors, nurses and managers, will get access to no more information than needed for their tasks. Besides that, ontology-based obfuscation can also be used for the particular case of data anonymisation. In such case, the obfuscation has to comply with a specific criteria to provide anonymity, so that the data set could be safely released. This research contributes to: state the problems in the area; review related privacy and data protection legal requirements; discuss ontology-based obfuscation and anonymisation methods; and define relevant healthcare use cases. As a result, we present the early concept of our Ontology-based Data Sharing Service (O-DSS) that enforces patient’s privacy by means of obfuscation and anonymisation functions.

Citation: Iwaya, Leonardo H. and Giunchiglia, Fausto and Martucci, Leonardo A. and Hume, Alethia and Fischer-H{\”u}bner, Simone and Chenu-Abente, Ronald, “Ontology-Based Obfuscation and Anonymisation for Privacy”, In “Privacy and Identity Management. Time for a Revolution? 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers”, 2016, Springer International Publishing, Cham, pages 343–358, isbn 978-3-319-41763-9, doi 10.1007/978-3-319-41763-9_23, http://dx.doi.org/10.1007/978-3-319-41763-9_23. New York, USA, July 2016.

Download: http://bit.ly/2iTQvzT

Abstract: In this paper, we introduce a privacy-enhanced Peer Manager, which is a fundamental building block for the implementation of a privacy-preserving collective adaptive systems computing platform. The Peer Manager is a user-centered identity management platform that keeps information owned by a user private and is built upon an attribute based privacy policy. Furthermore, this paper explores the ethical, privacy and social values aspects of collective adaptive systems and their extensive capacity to transform lives. We discuss the privacy, social and ethical issues around profiles and present their legal privacy requirements from the European legislation perspective. © IFIP International Federation for Information Processing 2015.

Citation: Mark Hartswood, Marina Jirotka, Ronald Chenu-Abente, Alethia Hume, Fausto Giunchiglia, Leonardo A. Martucci, Simone Fischer-Hübner. “Privacy for Peer Profiling in Collective Adaptive Systems.” Privacy and Identity Management for the Future Internet in the Age of Globalisation. Springer International Publishing, 2014. 237-252.

Download: http://bit.ly/2jJvi0h

Abstract: Digital societies increasingly rely on secure communication between parties. Certificate enrollment protocols are used by certificate authorities to issue public key certificates to clients. Key agreement protocols, such as Diffie-Hellman, are used to compute secret keys, using public keys as input, for establishing secure communication channels. Whenever the keys are generated by clients, the bootstrap process requires either (a) an out-of-band verification for certification of keys when those are generated by the clients themselves, or (b) a trusted server to generate both the public and secret parameters. This paper presents a novel constrained key agreement protocol, built upon a constrained Diffie-Hellman, which is used to generate a secure public-private key pair, and to set up a certification environment without disclosing the private keys. In this way, the servers can guarantee that the generated key parameters are safe, and the clients do not disclose any secret information to the servers.

Citation: F{\’a}bio Borges and Leonardo A. Martucci and Filipe Beato and and Max M{\”u}hlh{\”a}user (2014). Secure and Privacy-Friendly Public Key Generation and Certification. In Proceedings of the 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 24–26 September, Beijing, China, TrustCom 2014.

Download: http://bit.ly/2j4irD0

Abstract: Privacy-enhancing technologies for the Smart Grid usually address either the consolidation of users’ energy consumption or the verification of billing information. The goal of this paper is to introduce iKUP, a protocol that addresses both problems simultaneously. iKUP is an efficient privacy-enhancing protocol based on DC-Nets and Elliptic Curve Cryptography as Commitment. It covers the entire cycle of power provisioning, consumption, billing, and verification. iKUP allows: (i) utility providers to obtain a consolidated energy consumption value that relates to the consumption of a user set, (ii) utility providers to verify the correctness of this consolidated value, and (iii) the verification of the correctness of the billing information by both utility providers and users. iKUP prevents utility providers from identifying individual contributions to the consolidated value and, therefore, protects the users’ privacy. The analytical performance evaluation of iKUP is validated through simulation using as input a real-world data set with over 157 million measurements collected from 6,345 smart meters. Our results show that iKUP has a worse performance than other protocols in aggregation and decryption, which are operations that happen only once per round of measurements and, thus, have a low impact in the total protocol performance. iKUP heavily outperforms other protocols in encryption, which is the most demanded cryptographic function, has the highest impact on the overall protocol performance, and it is executed in the smart meters.

Citation: F{\’a}bio Borges and Leonardo A. Martucci (2014). {iKUP} Keeps Users’ Privacy in the Smart Grid. In Proceedings of the IEEE Conference on Communications and Network Security (CNS 2014), 29–31 Oct, San Francisco, CA, USA.

Download: http://bit.ly/2iKIKgv

Abstract: The impact of Social Collective Intelligent Systems (SCIS) on the individual right of privacy is discussed in this chapter under the light of the relevant privacy principles of the European Data Protection Legal Framework and the OECD Privacy Guidelines. This chapter analyzes the impact and limits of profiling, provenance and reputation on the right of privacy and review the legal privacy protection for profiles. From the technical perspective, we discuss opportunities and challenges for designing privacy-preserving systems for SCIS concerning collectives and decentralized systems. Furthermore, we present a selection of privacy-enhancing technologies that are relevant for SCIS including anonymous credentials, transparency-enhancing tools and the PrimeLife Policy Language (PPL) and discuss how these technologies can help to enforce the main legal principles of the European Data Protection Legal Framework.

Citation: Fischer-Hübner, S. and Martucci, L. A., “Privacy in Social Collective Intelligence Systems”, in Miorandi, D., Maltese, V., Rovatsos, M., Nijholt., A. and Stewart, J. (eds) Social collective intelligence: Combining the powers of humans and machines Springer, 2014.

Download: http://bit.ly/2iGuZz7