GI LogoGI Logo
  • Login
Digital Library
    • All of DSpace

      • Communities & Collections
      • Titles
      • Authors
      • By Issue Date
      • Subjects
    • This Collection

      • Titles
      • Authors
      • By Issue Date
      • Subjects
Digital Library Gesellschaft für Informatik e.V.
GI-DL
    • English
    • Deutsch
  • English 
    • English
    • Deutsch
View Item 
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Sicherheit
  • P281 - Sicherheit 2018 - Sicherheit, Schutz und Zuverlässigkeit
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Sicherheit
  • P281 - Sicherheit 2018 - Sicherheit, Schutz und Zuverlässigkeit
  • View Item

Hashing of personally identifiable information is not sufficient

Author:
Marx, Matthias [DBLP] ;
Zimmer, Ephraim [DBLP] ;
Mueller, Tobias [DBLP] ;
Blochberger, Maximilian [DBLP] ;
Federrath, Hannes [DBLP]
Abstract
It is common practice of web tracking services to hash personally identifiable information (PII), e. g., e-mail or IP addresses, in order to avoid linkability between collected data sets of web tracking services and the corresponding users while still preserving the ability to update and merge data sets associated to the very same user over time. Consequently, these services argue to be complying with existing privacy laws as the data sets allegedly have been pseudonymised. In this paper, we show that the finite pre-image space of PII is bounded in such a way, that an attack on these hashes is significantly eased both theoretically as well as in practice. As a result, the inference from PII hashes to the corresponding PII is intrinsically faster than by performing a naive brute-force attack. We support this statement by an empirical study of breaking PII hashes in order to show that hashing of PII is not a sufficient pseudonymisation technique.
  • Citation
  • BibTeX
Marx, M., Zimmer, E., Mueller, T., Blochberger, M. & Federrath, H., (2018). Hashing of personally identifiable information is not sufficient. In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. (S. 55-68). DOI: 10.18420/sicherheit2018_04
@inproceedings{mci/Marx2018,
author = {Marx, Matthias AND Zimmer, Ephraim AND Mueller, Tobias AND Blochberger, Maximilian AND Federrath, Hannes},
title = {Hashing of personally identifiable information is not sufficient},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 55-68 } ,
doi = { 10.18420/sicherheit2018_04 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
DateienGroesseFormatAnzeige
sicherheit2018-04.pdf273.2Kb PDF View/Open

Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/sicherheit2018_04

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

DOI: 10.18420/sicherheit2018_04
ISBN: 978-3-88579-675-6
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2018
Language: en (en)
Content Type: Text/Conference Paper

Keywords

  • personally identifiable information
  • hashing
  • pseudonymisation
Collections
  • P281 - Sicherheit 2018 - Sicherheit, Schutz und Zuverlässigkeit [27]

Show full item record


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.

 

 


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.