What you don't know, you don't have to protect. This rule is becoming
increasingly more relevant with security threats changing ever faster.
Nonetheless, this rule is easily overlooked when traditional data security is
combined with obscuring personally identifying information. In current pseudo
anonymous data sharing systems, often, a Trusted Third Party (TTP) is
introduced to broker pseudo anonymous data exchange between parties. The TTP
becomes an attractive target and securing it can be expensive. Worse still, a
TTP can be ordered to give up collected data without consent of the original
data sources. In this paper we will introduce a novel method for pseudo
anonymized data exchange without a TTP. We consider a virtual data-table (T),
and n sources (B1..Bn) each holding a part of T, consisting of a number of
incomplete rows of T. The challenge now is to select a number of rows from the
virtual table T according to some selection criteria with a minimum knowledge
gain for all parties involved. Clearly in reducing a TTP to construct T is the
opposite of minimum knowledge gain. This paper introduces a method to combine
well known security principles to meet the challenge differently.
|
Jelmer Faber is currently employed as a junior researcher at Faber
Organisatievernieuwing, located in Oss, the Netherlands. Jelmer is a master
student in the area of Business Information Systems at Eindhoven University of
Technology. His specialisation will be in the field of business process
management.
Sjoerd Mostert is a founding partner of Pointlogic in Rotterdam and is responsible for mathematical techniques and software technology in the areas of human resource management, labour time management and service processes for government and non-profit organisations. Sjoerd graduated from Erasmus University of Rotterdam in 1993 with a degree in Econometrics, specialising in operations research. |
Last modified: Sat, 23 Feb 2008 17:13:44 +0100