As the internet becomes a more prevalent part of our society, its security remains an issue of high value. As the internet becomes more important and more secure, the attacks against it advance as well. One of the most debated topics in the politics of cyber security is the idea of attribution in networks. This is the idea that there should be some way of identifying who is doing what on a network. The benefit is that when there is an attack, it is easy to find out the identity of the attacker. The downside is that many people believe this to be an invasion of privacy. In order to further consider this topic, we look to combine ideas from research done on privacy and research done on cybersecurity.
We propose a method that allows for attribution while limiting the data provided around the user. We separate identifiers of users into two categories: sensitive attributes, and quasi-identifiers. Here, the former is a class of attributes about the user that are more revealing than the latter. We can use these identifiers at each layer in a different way so that the user can maintain some amount of privacy, unless there is good enough reason to reveal the user.
Author:
Eran Toch, Claudio Bettini, Erez Shmueli, Laura Radaelli, Andrea Lanzi, Daniele Riboni, Bruno Lepri
