Seminar Privacy und Technischer Datenschutz

  • Type: seminar
  • Chair: KIT-Fakultäten - KIT-Fakultät für Informatik - KASTEL – Institut für Informationssicherheit und Verlässlichkeit - KASTEL Strufe
    KIT-Fakultäten - KIT-Fakultät für Informatik
  • Semester: summer of 2022
  • Lecturer: Prof. Dr. Thorsten Strufe
    Christiane Kuhn
    Markus Raiber
  • SWS: 2
  • Lv-No.: 2400087

The seminar covers current topics in technical Privacy:

-       Anonymus Communication

-       Network-Security

-       Anonymized online services

-       Anonymus digital payment systems

-       Evaluation of the anonymity of online services

-       Anonymized publication of data (Differential Privacy, k-Anonymity)

-       Transparency-/Awareness-improving systems

-       Support in Media Literacy


Language English only
Important Dates

April 21, 9:45 AM in 50.34 Room 252
Introduction (Organization & Topics)

April 28, 9:45 AM in 50.34 Room 252
Kickoff Reading, Writing, Presenting, Topic preferences due

May 3
Topic assignment

July 3
Paper submission deadline ->

July 10
Reviews due

July 17
Revision deadline

~July 25



1) A survey on multimodal behavioral biometric authentication
Supervisor: Matin Fallahi

Secure authentication is a critical part of any digital system. A few years ago, biometric authentication came into our daily lives via fingerprint on smartphones. However, the next generation of authentication systems will be based on behavioral biometrics like EEG, ECG,EMG, gait , eye gaze, etc... which are more secure. This seminar work aims to research, categorize, and analyze works dealing with multimodal behavioral biometrics. 

[1]Rahman A, Chowdhury ME, Khandakar A, Kiranyaz S, Zaman KS, Reaz MB, Islam MT, Ezeddin M, Kadir MA. Multimodal EEG and keystroke dynamics based biometric system using machine learning algorithms. IEEE Access. 2021 Jun 28;9:94625-43.
[2]Multimodal Biometric Authentication for VR/AR using EEG and Eye Tracking
[3]Saevanee H, Clarke NL, Furnell SM. Multi-modal behavioural biometric authentication for mobile devices. InIFIP International Information Security Conference 2012 Jun 4 (pp. 465-474). Springer, Berlin, Heidelberg.


2) A survey on brainwaves computer interface(BCI)
Supervisor: Matin Fallahi

By developing consumer-grade brainwaves devices, BCI is going to have a lot of practical applications. In the first step, we want to have an overview of the BCI field and then focus on the machine learning and preprocessing algorithms.

[1]Ramzan M, Dawn S. A survey of brainwaves using electroencephalography (EEG) to develop robust brain-computer interfaces (BCIs): Processing techniques and algorithms. In2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence) 2019 Jan 10 (pp. 642-647). IEEE.
[2]Vasiljevic GA, de Miranda LC. Brain–computer interface games based on consumer-grade EEG Devices: A systematic literature review. International Journal of Human–Computer Interaction. 2020 Jan 20;36(2):105-42.


3) A survey on odor-based authentication and identification
Supervisor: Matin Fallahi

Researchers revealed the feasibility of using human odor as a unique biometric to identify people. This seminar work aims to research, categorize, and analyze works dealing with odor, especially authentication and identification papers.

[1]Yang B, Lee W. Human body odor based authentication using machine learning. In2018 IEEE Symposium Series on Computational Intelligence (SSCI) 2018 Nov 18 (pp. 1707-1714). IEEE.
[2]Wongchoosuk C, Youngrod T, Phetmung H, Lutz M, Puntheeranurak T, Kerdcharoen T. Identification of people from armpit odor region using networked electronic nose. In2011 Defense Science Research Conference and Expo (DSR) 2011 Aug 3 (pp. 1-4). IEEE.
[3]Sabilla SI, Sarno R. Classification and Gas Concentration Measurements of Human Axillary Odor using Electronic Nose. In2021 13th International Conference on Information & Communication Technology and System (ICTS) 2021 Oct 20 (pp. 161-166). IEEE.


4) A survey on electronic noses
Supervisor: Matin Fallahi

Electronic noses have wide applications such as disease detection, environment monitoring, food quality monitoring, and even authentication. This seminar investigates existing electronic nose devices, data preprocessing, and feature extraction pipelines in this area.

[1]Hu W, Wan L, Jian Y, Ren C, Jin K, Su X, Bai X, Haick H, Yao M, Wu W. Electronic noses: from advanced materials to sensors aided with data processing. Advanced Materials Technologies. 2019 Feb;4(2):1800488.
[2]Borowik P, Adamowicz L, Tarakowski R, Siwek K, Grzywacz T. Odor detection using an e-nose with a reduced sensor array. Sensors. 2020 Jan;20(12):3542.
[3]Cheng L, Meng QH, Lilienthal AJ, Qi P. Development of compact electronic noses: A review. Measurement Science and Technology. 2021 Mar 16.


5) Measuring similarity over road networks
Supervisor: Alex Miranda Pascual

Nowadays, due to the expansion of geo-tracking devices, we have an unprecedented amount of human and vehicle trajectories. The study areas of these trajectories are very diverse, but here we are interested in studying a common problem: How we can measure the similarity of two trajectories. Some similarity measures in the state of the art make use of road networks to measure distance, so in this seminar we are interested in exploring and surveying these options, and understanding what are the benefits and drawbacks of this use of road networks.

[1]H. Yuan and G. Li, "Distributed In-memory Trajectory Similarity Search and Join on Road Network," 2019 IEEE 35th International Conference on Data Engineering (ICDE), 2019, pp. 1262-1273, doi: 10.1109/ICDE.2019.00115.
[2]Z. Fang, Y. Du, X. Zhu, L. Chen, Y. Gao, C.S. Jensen. (2021) Deep Spatially and Temporally Aware Similarity Computation for Road Network Constrained Trajectories. ArXiv Preprint
[3]J. R. Hwang, H. Y. Kang, & K. J. Li (2005). Spatio-temporal similarity analysis between trajectories on road networks. In International Conference on Conceptual Modeling (pp. 280-289). Springer, Berlin, Heidelberg.
[4]H. Zhao, Q. Han, H. Pan and G. Yin, "Spatio-temporal Similarity Measure for Trajectories on Road Networks," 2009 Fourth International Conference on Internet Computing for Science and Engineering, 2009, pp. 189-193, doi: 10.1109/ICICSE.2009.18.
[5]Y. Xia, G. Y. Wang, X. Zhang, G. B. Kim, & H. Y. Bae (2011). Spatio-temporal similarity measure for network constrained trajectory data. International Journal of Computational Intelligence Systems, 4(5), 1070-1079.


6) A relation between syntactic and semantic privacy notions
Supervisor: Alex Miranda Pascual

There exist two well-known families of privacy notions: syntactic and semantic. Syntactic notions specify conditions an anonymized database should exhibit; while semantic describe guarantees that the anonymization mechanisms should satisfy. Although the difference between these is apparent, there exists a relation [1] between two important representatives of each: t-closeness (syntactic) and differential privacy (semantic). The goal of this seminar topic is to explore these two families by specifically understanding how we can ensure t-closeness from differential privacy and vice versa, and the implications this relation might entail. 

[1]J. Domingo-Ferrer, J. Soria-Comas (2015) "From t-closeness to differential privacy and vice versa in data anonymization". 
[2]J. Domingo-Ferrer, J. Soria-Comas (2018). "Connecting randomized response, post-randomization, differential privacy and t-closeness via deniability and permutation". arXiv preprint arXiv:1803.02139.

The papers introducing differential privacy and t-closeness are:
[3]C. Dwork, F. McSherry, K. Nissim, A. Smith (2006). Calibrating Noise to Sensitivity in Private Data Analysis. In: Halevi, S., Rabin, T. (eds) Theory of Cryptography. TCC 2006. Lecture Notes in Computer Science, vol 3876. Springer, Berlin, Heidelberg.
[4]N. Li, T. Li and S. Venkatasubramanian, "t-Closeness: Privacy Beyond k-Anonymity and l-Diversity," 2007 IEEE 23rd International Conference on Data Engineering, 2007, pp. 106-115, doi: 10.1109/ICDE.2007.367856.


7) Generative graphs model
Supervisor: Patricia Guerra Balboa

Social networks, medicine or traffic management are just a few of the innumerable applications of graph theory in data analysis. The great advantage of graph analysis is the ability to save data structure and relation properties. On the other hand, the growing of synthetic data as an incredible tool that allows to simulate not yet encountered conditions, is immune to some common statistic problems and has good properties in terms of scalability, finds a new branch of study when we want to generate graphs as these ones need special tools, both in traditional generative approaches and machine learning ones, due to structure and non-independence of these data. Therefore, the goal of this project is to understand the state of the art in graph data generation both in the traditional approaches and the deep generative models.

Advanced goal: Although synthetic data has numerous advantages, in terms of privacy, training databases are susceptible to Membership Inference Attacks, so an extra goal would be to understand how to protect our graph generative models with differential privacy.
Topics: Graph generative models • Deep learning • Synthetic Data • Differential Privacy

References: Hamilton, W. L. (2020). Graph representation learning (Vol. 14) (No. 3). Morgan & Claypool Publishers.
Qin, Z., Yu, T., Yang, Y., Khalil, I., Xiao, X., & Ren, K. (2017). Generating synthetic decentralized social graphs with local differential privacy., 425–438.


8) Topology of privacy
Supervisor: Patricia Guerra Balboa

Information has intrinsic geometric and topological structure, arising from relative relationships beyond absolute values or types. For instance, the fact that two people did or did not share a meal describes a relationship independent of the meal’s ingredients. Multiple such relationships give rise to relations and their lattices. Lattices have topology. That topology informs the ways in which information may be observed, hidden, inferred, and dissembled. Privacy preservation may be understood as finding isotropic topologies, in which relations appear homogeneous. Moreover, the underlying lattice structure of those topologies have a temporal aspect, which reveals how isotropy may contract over time, thereby puncturing privacy. The goal of this project is to understand privacy from the topological perspective using Dowker complexes.

Advanced goal: Once we understand how to measure privacy preservation and loss using topology we could go further and overview the topology-based privacy enhancing techniques.
Topics: Topology • Data structure • Privacy of relations

References: Erdmann, M. (2017). Topology of privacy: Lattice structures and information bubbles for inference and obfuscation. arXiv preprint arXiv:1712.04130.


9) Computing with spatial trajectories
Supervisor: Patricia Guerra Balboa

In order to understand what we need to protect when we work with trajectory data, we need first to understand which kind of information can be extracted from this data. In this project we will introduce location based social networks (LBSN) and how information can be extracted using them both about user and locations. when understanding user in terms of their trajectories we will discover how to model location history of an individual and how to estimate similarity between different users according to their location data, inferring relationships between them. When understanding locations information, we are going to overview how to find the locations’ matching the user interest and how this can be learned from the individual’s historical data.
Topics: Trajectory • analysis of privacy risk • location-based social networks

References: Hsu, J., Gaboardi, M., Haeberlen, A., Khanna, S., Narayan, A., Pierce, B. C., & Roth, A. (2014).
Zheng, Y., & Zhou, X. (2011). Computing with spatial trajectories. Springer Science & Business Media.


10) How to Whistleblow
Supervisor: Christoph Coijanovic

Whistleblowing (i.e., the act of exposing wrongdoing within some organization to the public) often comes with great personal risk.
While some countries guarantee legal protection to whistleblowers, they face persecution or even worse in others.
Thus, it is crucial to provide anonymous means of submitting compromising information.
In recent years, many news organizations have adopted SecureDrop [1] and GlobaLeaks [2] to receive information.
Academic research has also produced multiple purpose-built protocols [3-5], which might provide even stronger privacy protection.
The goal of this work is to survey existing approaches for whistleblowing and compare them based on provided functionality, usability, and privacy protection.

[1]Di Salvo, P. (2021). Securing Whistleblowing in the Digital Age: SecureDrop and the Changing Journalistic Practices for Source Protection. Digital Journalism, 9, 443 - 460.
[3]Habbabeh, A., Asprion, P., & Schneider, B. (2020). Mitigating the Risks of Whistleblowing - an Approach Using Distributed System Technologies. PoEM Workshops.
[4] Eskandarian, S., Corrigan-Gibbs, H., Zaharia, M., & Boneh, D. (2021). Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy. USENIX Security Symposium.
[5]Newman, Z., Servan-Schreiber, S., & Devadas, S. (2021). Spectrum: High-Bandwidth Anonymous Broadcast with Malicious Security. IACR Cryptol. ePrint Arch., 2021, 325.
[6] Ahmed-Rengers, M., Vasile, D.A., Hugenroth, D., Beresford, A.R., & Anderson, R.P. (2022). CoverDrop: Blowing the Whistle Through A News App. Proceedings on Privacy Enhancing Technologies, 2022


11) Bootstrapping Group Communication Without Leaking Metadata
Supervisor: Christoph Coijanovic

To communicate over an encrypted channel, users need to exchange some key material.
Classically, before sending a message to Bob, Alice would request Bob's public key through some public key infrastructure (PKI).
However, without explicit protection, the PKI learns that Alice intends to talk to Bob.
In many cases, this information is sensible and should not be publically disclosed (e.g., if Bob is a psychologist, an adversary can infer that Alice likely has mental health problems).
Alpenhorn [1] solves this issue for one-to-one communication:
It allows users to establish shared keys and initialize conversations while claiming to not disclose any metadata about ongoing activities.
The goal of this work is to a) determine the bootstrapping requirements for group communication, b) analyze to which extent Alpenhorn can meet these requirements, and c) suggest improvements that would make Alpenhorn more suitable for the group communication setting.

[1]Lazar, D., & Zeldovich, N. (2016). Alpenhorn: Bootstrapping Secure Communication Without Leaking Metadata. OSDI.


12) A survey on privacy in corona contact tracing
Supervisor: Markus Raiber

Several approaches to contact tracing for stopping infection chains have been proposed during the pandemic.
This seminar topic aims to give an overview over the different privacy implications these solutions have.

- C. Troncoso et al. “Decentralized Privacy-Preserving Proximity Tracing”. In: IEEE Data Eng. Bull. 43.2 (2020). First published 3 April 2020 on, pp. 36–66. url:
- Apple and Google. Privacy-Preserving Contact Tracing. 2020. url:
- C. Castelluccia, N. Bielova, A. Boutet, M. Cunche, C. Lauradoux, D. L. Métayer, and V. Roca. DESIRE: A Third Way for a European Exposure Notification System. 2020.
- R. Canetti, Y. T. Kalai, A. Lysyanskaya, R. L. Rivest, A. Shamir, E. Shen, A. Trachtenberg, M. Varia, and D. J. Weitzner. PrivacyPreserving Automated Exposure Notification. 2020. Cryptology ePrint Archive, Report 2020/863
- W. Lueks et al. "CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing" Proceedings on Privacy Enhancing Technologies, vol.2021, no.4, 2021, pp.350-368.
- W. Beskorovajnov, F. Dörre, G. Hartung, A. Koch, J. MüllerQuade, and T. Strufe. “ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized–Decentralized Divide for Stronger Privacy”. In: ASIACRYPT 2021
- C. Kuhn, M. Beck, and T. Strufe. “Covid Notions: Towards Formal Definitions – and Documented Understanding – of Privacy Goals and Claimed Protection in Proximity-Tracing Services”. In: Online Soc. Networks Media 22 (2021).