Herrmann, Dominik and Wendolsky, Rolf (2009) Effectivity of Various Data Retention Schemes for Single-Hop Proxy Servers. In: Extended Abstracts of the Fourth Privacy Enhancing Technologies Convention (PET-CON 2009.1), Technical Report TUD-FI09-04, Technische Universität Dresden, ISSN 1430-211X.
Recently, member states of the European Union have legislated new data retention policies. Anonymisation services and proxy servers undermine such data retention efforts, as they allow users to masquerade their IP addresses. Providers of such services have to implement effective data retention mechanisms allowing for traceability while at the same time preserving users' privacy as far as possible. In this paper we analyse the effectivity of four data retention schemes for single-hop proxy servers which use information already stored in logs today. We assess their effectivity by applying them to the historic logs of a mid-range proxy server. According to our evaluation it is insufficient to record data on session-level. Users can only be unambiguously identified with high probability if access time and source address of each request are stored together with the destination address. This result indicates that effective data retention based on currently available identifiers comes at a high cost for users' privacy.
|Item Type:||Conference or Workshop Item (Paper)|
|Date:||25 April 2009|
|Institutions:||Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Retired Professors > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath)|
|Keywords:||Data Retention, Proxy Log|
|Subjects:||000 Computer science, information & general works > 000 Generalities, Science|
000 Computer science, information & general works > 004 Computer science
|Refereed:||Yes, this version has been refereed|
|Created at the University of Regensburg:||Yes|
|Deposited On:||08 Sep 2009 09:12|
|Last Modified:||20 Jul 2011 21:40|