Abstract
With the increased use of the Internet to share confidential information with other users around the world, the demands to protect this information are also increasing. This is why, today, privacy has found its important place in users' lives. However, Internet users have different interpretations of the meaning of privacy. This fact makes it difficult to find the best way to address the privacy issue. In addition, most of the current standard protocols in use over the Internet do not support the level of privacy that most users expect. The purpose of this chapter is to discuss the best balance between users' expectation and the practical level of privacy to address user privacy needs and evaluate the most important protocols from privacy aspects.
TopWhat Is Privacy?
The term privacy had come into existence when for the first time people declared themselves as owners of some items of physical property and wanted to protect them against intruders (Hirshleifer, 1980). Later, this term was used in a broader scope, especially in computer systems, and in combination with other terms such as anonymity, secrecy, etc.
Unfortunately, the broad scope of this term allowed it to be confused with other terms, such as security terms, whereby they were conceived to be the same, which is not true. This fact leads to disagreement on the privacy definitions.
In computer terms, privacy which considered being a social term gives one the ability to choose what data he/she wants to expose to others and what data he/she wants to keep from others. In other words, privacy gives users to control their data disclosure. But when interactions are done via computers and networks, privacy often relies on technical tools for data confidentiality and data integrity. Security, on the other hand, gives one the ability to protect these data and preserve their confidentiality. These important data can be anything including user’s bank information, names, date of birth, medical information, user’s address and any information that can give an attacker a possibility to track this user.
This information might be of different nature when we are talking about privacy in a company. The data can indeed be company’s product details (confidential data that are hidden from competitors), codes, employees’ personal information, etc.
Sometimes, privacy and security are conflicting. One example of this scenario is where a company records the location of its users in order to use it as part of the authorization process – perhaps some applications or datasets may only be accessed from inside company premises. But although this helps the company maintain security, tracking and recording employees' location could violate their privacy.
Key Terms in this Chapter
Authentication: Act of verifying identity of an entity.
DNSSEC: An extension to DNS which secures the DNS functions and verifies the authenticity and integrity of query results from a signed zone.
IPSec: provides access control, data authentication, integrity, and confidentiality for the data that is sent between communication nodes across IP networks.
Standard Protocols: Agreements between international organizations concerning computer communications, networking and Internet architecture.
DHCPv6: A protocol that can be used to allow a DHCP server to automatically assign an IP address to a host from a defined range of IP addresses configured for that network.
Authorization: act of determining whether requesting entity is allowed access to a resource
Open Standard for Authorization (OAuth): Provides user’s authorization without a need for the resource owners to share his credentials.
Privacy: The ability to choose what data to expose to others and what data to keep from others.
Host Identity Protocol (HIP): Provides a unique identity for a node. This protocol used in scenarios such as multihoming or when a user is dynamic and mobile.