27 July 2009
I just come back from a visit to COSIC at K.U. Leuven, to teach a course on Computer Security. Claudia Diaz and myself discussed over lunch the idea of putting together a syllabus for Privacy Technologies. Many in this field have been teaching courses and giving guest lectures, but there does not seem to be yet a canonical curriculum, describing that an advanced course in Privacy Technology should teach.
Here is my attempt at proposing such a syllabus — which I will probably revise after discussions at PETS 2009 next week.
- An introduction to Privacy Technology
An overview of the basic concepts, different fields like technology and law, motivation, threat models, Soft versus Hard privacy technology.
Slides from the 2007 COSIC course: Introduction to Privacy Technology [pdf]
(Claudia Diaz has vastly improved these slides to present a lecture on the same topic in this years COSIC course.)
- Privacy in authentication
Modern authentication protocols, initiator privacy and responder privacy, JFKi and JFKr examples, secure password authentication, PAK.
Slides from Estonia computer security course in 2007: Secure authentication[pdf, start at slide 3]
- Selective Disclosure Credentials
Zero knowledge proofs, selective disclosure for discrete logs, Brands credentials, CL signatures and CL credentials, e-cash, abuse prevention.
Slides from Estonia computer security course in 2007: Anonymous credentials[pdf, start at slide 45]
- Anonymous communications
Proxies, Crowds, DC networks, mix networks and onion routing.
Slides from ITE talk in 2006: Introducing Anonymous Communications[pdf]
- An introduction to traffic analysis
History, identification, information extraction, military applications, internet security, traffic data availability
Slides from SantaCrypt 2005 in Prague: An introduction to traffic analysis[pdf]
- The traffic analysis of anonymous communications
Cryptographic attacks, long term intersection and disclosure, short term disclosure, bridging, network discovery.
Slides from Umass Amherst talk: Introduction to traffic analysis[pdf]
- Privacy in Databases
Inference control, k-anonymity, differential privacy, perturbation, trackers.
Slides from CFP 2007: Privacy in Databases[pdf, start at slide 58]
- Privacy in Storage
Encrypted storage, steganographic storage, remote storage, traffic analysis of storage protocols.
- Secure Elections
Electronic voting technologies, secure crypto elections, manual zero-knowledge proofs, receipt freeness, robust mixing.
- Censorship resistance and availability
Blocking technologies, counter-blocking technologies, RF technologies, peer-to-peer file sharing, decentralisation and reputation technologies, sybil attacks.
- Location privacy
Location based services, Mix zones, ad-hoc network privacy, location privacy friendly location services (PriPAYD), charging schemes.
- Identity management protocols
Federated identity management, Liberty, InfoCards, OpenID, PRIME project concepts, privacy policies, P3p, SecPAL.
- Economic, legal and policy issues of Privacy Technology
Privacy economics & attitudes, data protection, data retention, interception by design, lawful access, coercion, privacy as a right, health information.
Note that the order of the topics is arbitrary, and mostly related to what slides I have already available. One could start with less technical subjects and then go to the more cryptographic and statistical topics. If anyone has any nice pointers to slide decks for the topics that have none for the moment, I would appriciate them.