CHAPTER 6

REFERENCES

H. Aamot, C. D. Kohl, D. Richter, P. Knaup-Gregori, “Pseudonymization of patient identifiers for translational research”, BMC Medical Informatics and Decision Making, vol. 13, pp. 1-15, 2013.

Article 29 Working Party, “Opinion 04/2007 on the concept of personal data”, 2007. (WP29, 2007)

Article 29 Working Party, “Opinion 02/2013 on apps on smart devices”, 2013. (WP29, 2013)

Article 29 Working Party, “Opinion 05/2014 on anonymisation techniques”, 2014. (WP29, 2014)

Article 29 Working Party, “Guidelines on Personal data breach notification under Regulation 2016/679”, 2018. (WP29, 2018)

Y. Agarwal and M. Hall, “Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing,” in Proceeding of the 11th annual international conference on Mobile systems, applications, and services, pp. 97–110, ACM, 2013.

D. J. Bernstein and T. Lange, «Post-quantum cryptography – dealing with the fallout of physics success», Cryptology ePrint Archive, 2017.

V. Chatzistefanou and K. Limniotis, "On the (non-)anonymity of anonymous social networks", E-Democracy Privacy-Preserving, Secure, Intelligent E-Government Services, Communications in Computer and Information Science, Springer, vol. 792, pp. 153-168, 2017.

T. Chen, I. Ullah, M. A. K âafar, R. Boreli, Information leakage through mobile analytics services. HotMobile 2014, pp. 15:1-15:6, 2014.

L. Demir, A. Kumar, M. Cunche and C. Lauradoux, “The pitfalls of hashing for privacy”, IEEE Communications Surveys and Tutorials, vol. 20, no. 1. pp. 551-565, 2018.

Digital Summit ’s Data Protection Focus Group, “White Paper on Pseudonymization”, 2017.

C. R. Dougherty, "Vulnerability Note VU#836068 - MD5 vulnerable to collision attacks", Vulnerability notes database, CERT Carnegie Mellon University Software Engineering Institute, 2008.

P. Eckersley, “How Unique Is Your Web Browser?”, PETS 2010, pp. 1-18, 2010.

B. S. Elger, J. Iavindrasana, L. L. Iacono, H. Müller, N. Roduit, P. Summers and J. Wright, “Strategies for health data exchange for secondary, cross-institutional clinical research”, Computer Methods and Programs in Biomedicine, Elsevier, vol. 99, pp. 230-251, 2010.

ENISA, “Algorithms, key sizes and parameters”, 2014. (Enisa, 2014b)

ENISA, “Distributed Ledger Technology and Cybersecurity”, 2016.

ENISA, “Privacy and data protection in mobile applications - A study on the app development ecosystem and the technical implementation of GDPR”, 2017.

ENISA, “Privacy and Data Protection by Design – from policy to engineering”, 2014. (Enisa, 2014a)

ENISA, “Privacy by design in big data”, 2015.

ENISA, “Technology-induced challenges in privacy and data protection in Europe”, 2008.

FIPS, Federal Information Processing Standards Publication 197, “Advanced Encryption Standard ”, 2001.

FIPS, Federal Information Processing Standards Publication 198-1, “The Keyed-Hash Message Authentication Code (HMAC) ”, 2008.

FIPS, Federal Information Processing Standards Publication 180-4, Secure Hash Standard, 2012.

FIPS, Federal Information Processing Standards Publication 202, SHA-3 Standard: Permutation-Based Hash

and Extendable-Output Functions, 2015.

M. C. Grace, W. Zhou, X. Jiang, A.-R. Sadeghi, Unsafe exposure analysis of mobile in-app advertisements”,

WISEC 2012, pp. 101-112, 2012.

S. Gurses, C. Troncoso and C. Diaz, “Engineering privacy by design reloaded” Amsterdam Privacy Conference, 2015.

N. Gura, A. Patel, A. Wander, H. Eberle and S. C. Shantz, Comparing elliptic curve cryptography and RSA on 8-bit CPUs, In International workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 119-132, 2004.

ISO, ISO/IEC 20889:2018, Privacy enhancing data de-identification terminology and classification of techniques, ISO, Geneva, ISO, Geneva, Switzerland, 2018.

ISO, ISO/TS 25237:2017, Health Informatics Pseudonymization. ISO, Geneva, Switzerland, 2017.

S. Jajodia and R. Sandhu, “Polyinstantiation integrity in multilevel relations”. In Proc. Of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 104-115, 1990.

I. Jeun, K. Lee and D. Won, “Enhanced Code-Signing Scheme for Smartphone Applications, In: Kim T. et al. (eds.), Future Generation Information Technology, FGIT 2011, Lecture Notes in Computer Science, vol. 7105. Springer, Berlin, Heidelberg, pp. 353-360, 2011.

H. Kumar, S. Kumar, R. Joseph, D. Kumar, S. K. S. Singh and P. Kumar, Rainbow table to crack password using MD5 hashing algorithm”, In IEEE Conference on Information & Communication Technologies (ICT), pp. 433-439, 2013.

A. Kurtz, H. Gascon, T. Becker, K. Rieck and F. C. Freiling, Fingerprinting Mobile Devices Using Personalized Configurations, PoPETs 2016 (1), pp. 4-19, 2016.

J. Lehnhardt and A. Spalka, “Decentralized Generation of Multiple, Uncorrelatable Pseudonyms without Trusted Third Parties, In: Furnell S., Lambrinoudakis C., Pernul G. (eds.), Trust, Privacy and Security in Digital Business (TrustBus) 2011, Lecture Notes in Computer Science, vol. 6863, pp. 113-124, Springer, Berlin, Heidelberg, 2011.

J. Martin, T. Mayberry, C. Donahue, L. Foppe, L. Brown, C. Riggins, E. C. Rye and D. Brown, A Study of MAC Address Randomization in Mobile Devices and When it Fails, PoPETs 2017 (4), pp. 365-383, 2017.

Richard McPherson, R. Shokri, V. Shmatikov, “Defeating Image Obfuscation with Deep Learning”, CoRR abs/1609.00408, 2016.

A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot, Handbook of Applied Cryptography, CRC Press, 1996.

NIST, “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)”, Special Publication (NIST SP) - 800-122, 2010.

N. Provos and D. Mazieres, “A future-adaptable password scheme, In Proceedings of USENIX annual technical conference, Monterey, 1999.

R.L. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, vol. 21, no. 2, pp. 120-126, 1978.

R. Oppliger, “Contemporary Cryptography”, Artech House Publishers, 2005.

A. Pfitzmann and M. Hansen, “A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management”, 2010.

RSA Laboratories, PKCS#1 v2.2:RSA Cryptography Standard ”, 2012.

P. Schartner and M. Schaffer, Unique User-Generated Digital Pseudonyms, Computer Network Security, MMM-ACNS 2005, Lecture Notes in Computer Science, vol. 3685, pp. 194-205, Springer, Berlin, Heidelberg, 2005.

C. Spensky, J., Stewart, A. Yerukhimovich, R. Shay, A. Trachtenberg, R. Housley, and R. K. Cunningham, SoK: Privacy on Mobile Devices – It’s Complicated, Proceedings on Privacy Enhancing Technologies ; 2016 (3):96– 116, 2016.

R. Stevens, C. Gibler, J. Crussell, J. Erickson and H. Chen, Investigating User Privacy in Android Ad Libraries, In Workshop on Mobile Security Technologies (MoST), page 10, 2012.

M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov, The First Collision for Full SHA-1, Crypto 2017, Lecture Notes on Computer Science, Springer, vol. 10401, pp. 570-596, 2017. (Stevens, 2017a)

M. Stevens and D. Shumow, Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions, USENIX Security Symposium, pp. 881-897, 2017. (Stevens, 2017b)

S. Son, D. Kim, and V. Shmatikov, What Mobile Ads Know About Mobile Users, Network and Distributed System Security Symposium, 2016.

Su, J., Shukla, A., Goel, S. and Narayanan, A. (2017) De-anonymizing web browsing data with social networks, WWW ’17, pp.1261–1269, 2017.

V. F. Taylor, A. R. Beresford and I. Martinovic, Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones, CoRR abs/1708.03520, 2017.

V. F. Taylor, R. Spolaor, M. Conti, and I. Martinovic, “Robust Smartphone App Identification via Encrypted Network Traffic Analysis. IEEE Trans. Information Forensics and Security, vol. 13, no. 1. pp. 63-78, 2018.

UK Government, Office for Science, Distributed Ledger Technology: beyond block chain”, 2016.

M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso and F. Piessens, Why MAC Address Randomization is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 413424, 2016.

E. Verheul, B. Jacobs, C. Meijer, M. Hildebrandt, J. Ruiter, Polymorphic Encryption and Pseudonymisation for Personalised Healthcare – A Whitepaper, Cryptology ePrint Archive, Report 2016/411, 2016.

X. Wang and H. Yu, “How to Break MD5 and Other Hash Functions”, EUROCRYPT 2005, Lecture Notes in Computer Science, Springer, vol. 3494, pp. 1935, 2005.

X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt, Identity, location, disease and more: Inferring your secrets from Android public resources, in ACM CCS 2013.