Privacy-preserving Personal Information Management

The spread of Information and Communication Technologies (ICTs) has transformed the way we deliver services, and has made them in general more efficient and more accessible to users. With these improvements however came new challenges. The extensive use of electronic services in our daily life, and the massive gathering of transactional data have led to serious privacy violations. In this thesis we provide techniques to enhance users’ privacy, and to give them greater control over their data. We propose a protocol allowing users to authorize access to their remotely-stored records, according to a self-chosen privacy policy, and without the storage server learning the access pattern to their records, or the index of the queried records. This prevents the storage server from linking the identity of the party retrieving a record to that of the record owner. In many applications, the association between the identity of the record retriever and that of the record owner represents sensitive information, and needs to be kept private. The proposed protocol is called Accredited Symmetrically Private Information Retrieval (ASPIR), and uses Brands’s Anonymous Credentials [Bra00] and a Symmetrically Private Information Retrieval (SPIR) scheme by Lipmaa [Lip05], as building blocks. Next, we extend the above ASPIR protocol to a setting where the stored records belong to multiple owners simultaneously. The new protocol, called Multi-Authorizer ASPIR, allows the owners of a record to authorize access to their data according to a self-chosen privacy policy, without the storage server learning the access pattern to their record. We present constructions for settings where the retrieving party has to provide authorizations either from all the owners of the target record, or from a subset of them of size greater that a certain threshold. We also consider the case of a General Access Structure, where the retrieval is allowed only if authorizations from certain pre-defined subsets of the owners are provided. The Multi-authorizer ASPIR protocol is more efficient than ASPIR, and can be built with any SPIR primitive. Finally, we dedicate the last part of the thesis to applying privacy preserving techniques to a real world problem. In particular, we consider the area of e-health, and provide a privacy-preserving protocol for handling prescriptions in the Belgian healthcare system.