Kwecka, Zbigniew, Buchanan, William J and Saliou, Lionel (2008) Validation of 1-N OT algorithms in privacy-preserving investigations. In: 7th European Conference on Information Warfare and Security, 30th June-1st July 2008, University of Plymouth, UK.
Available under License Creative Commons Attribution Non-commercial.
Download (155kB) | Preview
Most organisations relay on digital information systems (ISs) in day-to-day operations, and often sensitive data about employees and customers are stored in such systems. This, effectively, makes ISs enhanced surveillance measures, which can reach further than CCTV monitoring and provide valuable resources for internal and external investigations. For privacy reasons, if a digital forensic investigation is to take place, only the investigators should know the identities of the suspects. Ideally, the investigators should not have to disclose these identities to the data holders, while the data holders, i.e. organisations whose data subjects are being investigated, should not have to disclose their full databases to investigators. The only data that should be disclosed should relate to that involving the subject – thus the need for a privacy-preserving investigation system. Several privacy preserving algorithms have been proposed, but most of them are only of theoretical interest since empirical evaluations have rarely been undertaken. The main novelty in this paper is that it applies a 1-out-n Oblivious Transfer (1-n OT) algorithm to a new area of privacy-preserving investigations. Hence, an implementation of a straightforward privacy-preserving investigation system that can be used in real-life applications is outlined. The system uses tried and tested encryption algorithms: RSA for hiding the identity of the suspect; AES to conceal from investigators records not relating to the suspect; and commutative RSA to allow discovery of index where a suspect’s data is stored in the third party records. This paper outlines an initial evaluation of the system proving that it may be successfully used in digital forensic investigations, conducted by public authorities and private organisations alike. The empirical evaluation also shows that the time required by this system to run grows in line with increasing number of records and increasing size of records, which is desirable compared to exponential growth observed in many systems that employ 1-n OT protocols.
|Item Type:||Conference or Workshop Item (Paper)|
|Uncontrolled Keywords:||privacy preservation; data mining; digital forensics; digital suspect watchlist; oblivious transfer;|
|University Divisions/Research Centres:||Faculty of Engineering, Computing and Creative Industries > School of Computing|
|Dewey Decimal Subjects:||000 Computer science, information & general works >|
000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data > 005.8 Data security
|Depositing User:||Professor Bill Buchanan|
|Date Deposited:||23 Dec 2010 12:30|
|Last Modified:||07 Apr 2011 12:00|
Actions (login required)