Owing to advances in information technology, storage and processing of large amounts of data becomes all the time easier. This enables more and more individuals and institutions to monitor other people without consent by observing the data traces they leave in computer systems. Privacy-enhancing technologies serve as building blocks for systems that avoid such privacy problems without constraining functionality unnecessarily. These technologies thus contribute to privacy protection and informational self-determination in the information society.
When Bob rents a car, usually a copy of his driving licence is kept. The rental company is certainly right in verifying that Bob holds a valid driving licence, but should the company learn his birthday? When Alice buys a book online, she has to enter her name and address. Fair enough, but Alice’s personal reading interests are nothing to the vendor. In many situations, people got used to releasing more information than necessary, for instance, to handle a business process. Obviously, personal data in the wrong hands (and possibly linked to other sources of information) may lead to disadvantages for the persons concerned. The idea of privacy-enhancing identity management is to assist people in minimising the amount of personal data communicated on the Internet. It further helps to ensure that personal information cannot be accumulated by stepwise combination of multiple data sources. To achieve these goals, a middleware architecture integrates various technologies such as digital pseudonyms, cryptographic credentials and infrastructures for anonymous communication. Specific user interfaces are designed to handle different partial identities. By evaluating a track record of personal data releases, the interfaces also inform users about the risk of being identified in person.
Our research on privacy-enhancing identity management systems at TU Dresden is conducted in close cooperation with international project partners. Our particular expertise includes systems architecture and interfaces, development of operational prototypes as well as design of user interfaces that support reflected handling of personal data. Another focus is fundamental work on terminology building and on metrics for linkability of personal data.
In the absence of anonymising technology, every computer connected to the Internet communicates with a unique address. As a result, the web server of the visited page, the Internet access provider as well as every eavesdropper on unencrypted connections can learn which websites a user behind a specific address is browsing. The ability to fully identify individual users not only compromises their privacy. In certain situations, users may also be exposed to security risks. Anonymous communication technologies are designed to anonymise communication partners in a computer network even if the underlying network infrastructure does not support anonymous participation. One option is to avoid direct message transfers from senders to recipients. Encrypted messages are instead routed via detours over multiple intermediate nodes, called "mixes". The name refers to the nodes&rsquot; task to change the order, i.e. "mix", data packets before relying them in completely re-encoded form. This ensures that even eavesdroppers who observe all connections cannot infer any relation between data packets by evaluating content or timing information.
Researchers of our group have studied anonymising technologies in circuit and packet switched networks of various topologies since the 1980s. In the course of project "AN.ON", we have created an anonymity service for the Internet. Since its deployment in 2000, the service is being used by thousands of people all around the globe. Up to now, our anonymity service is the only one in the world that implements the cascade architecture, which is considered as particularly secure.