Hashing of personally identifiable information is not sufficient
Zusammenfassung
It is common practice of web tracking services to hash personally identifiable information
(PII), e. g., e-mail or IP addresses, in order to avoid linkability between collected data sets of web
tracking services and the corresponding users while still preserving the ability to update and merge data
sets associated to the very same user over time. Consequently, these services argue to be complying
with existing privacy laws as the data sets allegedly have been pseudonymised. In this paper, we
show that the finite pre-image space of PII is bounded in such a way, that an attack on these hashes
is significantly eased both theoretically as well as in practice. As a result, the inference from PII
hashes to the corresponding PII is intrinsically faster than by performing a naive brute-force attack.
We support this statement by an empirical study of breaking PII hashes in order to show that hashing
of PII is not a sufficient pseudonymisation technique.
- Vollständige Referenz
- BibTeX
Marx, M., Zimmer, E., Mueller, T., Blochberger, M. & Federrath, H.,
(2018).
Hashing of personally identifiable information is not sufficient.
In:
Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D.
(Hrsg.),
SICHERHEIT 2018.
Bonn:
Gesellschaft für Informatik e.V..
(S. 55-68).
@inproceedings{mci/Marx2018,
author = {Marx, Matthias AND Zimmer, Ephraim AND Mueller, Tobias AND Blochberger, Maximilian AND Federrath, Hannes},
title = {Hashing of personally identifiable information is not sufficient},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 55-68 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Marx, Matthias AND Zimmer, Ephraim AND Mueller, Tobias AND Blochberger, Maximilian AND Federrath, Hannes},
title = {Hashing of personally identifiable information is not sufficient},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 55-68 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Dateien | Größe | Format | Anzeige | |
---|---|---|---|---|
sicherheit2018-04.pdf | 273.2Kb | Öffnen |
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Feedback abschicken
Mehr Information
ISBN: 978-3-88579-675-6
ISSN: 1617-5468
Datum: 2018
Sprache:
(en)

Typ: Text/Conference Paper