Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2010 | Book

Lifelong Privacy: Privacy and Identity Management for Life Read chapter Read first chapter

Privacy and Identity Management for Life

5th IFIP WG 9.2, 9.6/11.4, 11.6, 11.7/PrimeLife International Summer School, Nice, France, September 7-11, 2009, Revised Selected Papers

Editors: Michele Bezzi, Penny Duquenoy, Simone Fischer-Hübner, Marit Hansen, Ge Zhang

Publisher: Springer Berlin Heidelberg

Book Series : IFIP Advances in Information and Communication Technology

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

Table of Contents

Frontmatter

Lifelong Privacy

Lifelong Privacy: Privacy and Identity Management for Life
Abstract
The design of identity management preserving an individual’s privacy must not stop at supporting the user in managing her/his present identities. Instead, since any kind of privacy intrusion may have implications on the individual’s future life, it is necessary that we identify and understand the issues related to longterm aspects of privacy-enhancing identity management. Only that way, according solutions can be developed, which enable users to control the disclosure of their personal data throughout their whole lives, comprising past, present, and future.
This paper will give a general overview about concepts supporting privacy-enhancing identity management. Further, it introduces the reader to the problem field of privacy management by means of privacy-enhancing identity management during various stages of life as well as in various areas of life. Statements about required mechanisms will be given as well as directions regarding the three most important aspects to consider when managing one’s identities: communication infrastructure as well as selection of communication partners and tools.
Andreas Pfitzmann, Katrin Borcea-Pfitzmann
Delegation for Privacy Management from Womb to Tomb – A European Perspective
Abstract
In our information society with processing of personal data in almost all areas of life, the legally granted right to privacy is quite hard to preserve. User-controlled identity management systems have been proposed as a means to manage one’s own private sphere. Still there is no functioning concept how privacy protection can be effectively safeguarded over a long time period and how self-determination in the field of privacy can be maintained in all stages of life from the womb to the tomb. When user control and the capability to exercise rights can not yet or no longer be carried out by the data subject herself, the decisions concerning the processing of personal data may have to be delegated to a delegate. In this text, we elaborate on delegation of privacy-relevant actions under a lifelong perspective and point out possible legal, technological, and organizational measures to appropriately take up the arising challenges. For crucial gaps in current concepts we sketch solutions and explain implications on user-controlled identity management systems. Finally we give recommendations to stakeholders such as data controllers, application designers and policy makers.
Marit Hansen, Maren Raguse, Katalin Storf, Harald Zwingelberg
Saving On-Line Privacy
Abstract
With the increasing use of electronic media for our daily transactions, we widely distribute our personal information. Once released, controlling the dispersal of these information is virtually impossible. Privacy-enhancing technologies can help to minimize the amount of information that needs to be revealed in transactions, on the one hand, and to limit the dispersal, on the other hand. Unfortunately, these technologies are hardly used today. In this paper we aim to foster the adoption by providing a summary of what such technologies can achieve. We hope that by this, policy makers, system architects, and security practitioners will be able to employ privacy-enhancing technologies.
Jan Camenisch, Gregory Neven

Priavcy for Social Network Sites and Collabrative Systems

Context Is Everything Sociality and Privacy in Online Social Network Sites
Abstract
Social Network Sites (SNSs) pose many privacy issues. Apart from the fact that privacy in an online social network site may sound like an oxymoron, significant privacy issues are caused by the way social structures are currently handled in SNSs. Conceptually different social groups are generally conflated into the singular notion of ‘friend’. This chapter argues that attention should be paid to the social dynamics of SNSs and the way people handle social contexts. It shows that SNS technology can be designed to support audience segregation, which should mitigate at least some of the privacy issues in Social Network Sites.
Ronald Leenes
The Freddi Staurs of Social Networking – A Legal Approach
Abstract
One of the most remarkable cultural phenomena that blossomed in the Web 2.0 era are the social networking sites, such as Facebook, MySpace, Friendster, Bebo, Netlog or LinkedIn. The introduction of new communication channels facilitates interactive information sharing and collaboration between various actors over social networking sites. These actors, i.e. the providers and the users, do not always fit in the traditional communications models. In this paper we are going to examine how the new reality, realised via social networking sites, fits in the existing European legal framework on data protection. We are further going to discuss some specific data protection issues, focusing on the role of the relevant actors, using the example of photo tagging.
Eleni Kosta
Facebook and Its EU Users – Applicability of the EU Data Protection Law to US Based SNS
Abstract
The present paper examines the problem of applicable data protection law in a relationship between EU users and non-EU based Social Networking Site (SNS). The analysis will be conducted on the example of Facebook, which is one of the most popular SNS. The goal of the paper is to examine whether European users of Facebook can rely on their national data protection legislations in case of a privacy infringement by the SNS. The 95/46/EC Directive on Data Protection provides several options to protect EU residents in such relation. The paper will analyze whether Facebook’s participation in the Safe Harbor Program means that it is a subject to the regulation of the Data Protection Directive. Then, the paper will discuss if data processing activities of Facebook fall under the scope of the Data Protection Directive at all.
Aleksandra Kuczerawy
On the Security and Feasibility of Safebook: A Distributed Privacy-Preserving Online Social Network
Abstract
Safebook tackles the security and privacy problems of online social networks. It puts a special emphasis on the privacy of users with respect to the application provider and provides defenses against intruders or malicious users. In order to assure privacy in the face of potential violations by the provider, Safebook is designed in a decentralized architecture. It relies on the cooperation among the independent parties that represent the users of the online social network at the same time. Safebook addresses the problem of building secure and privacy-preserving data storage and communication mechanisms in a peer-to-peer system by leveraging trust relationships akin to social networks in real life. This paper resumes the contributions of [7,9,8], and extends the first performance and security evaluation of Safebook.
Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe
Privacy-Respecting Access Control in Collaborative Workspaces
Abstract
In these days’ information society, people share their life with others not only in their direct, personal environment, but also on the Internet by using social software such as collaborative workspaces. In this context, an important issue is maintaining control over personal data, i.e., who is able to access which information. In this paper, we argue why traditional access control mechanisms are inappropriate for collaborative workspaces in general and present a concept for privacy-respecting access control in a web forum as an instance of collaborative workspaces.
Stefanie Pötzsch, Katrin Borcea-Pfitzmann

Privacy for eGovernment Applications

A Three-Dimensional Framework to Analyse the Governance of Population Registers
Abstract
In June 2006, the Swiss Parliament made two important decisions with regards to public registers’ governance and individuals’ identification. It adopted a new law on the harmonisation of population registers in order to simplify statistical data collection and data exchange from around 4’000 decentralized registers, and it also approved the introduction of a Unique Person Identifier (UPI). The law is rather vague about the implementation of this harmonisation and even though many projects are currently being undertaken in this domain, most of them are quite technical. We believe there is a need for analysis tools and therefore we propose a conceptual framework based on three pillars (Privacy, Identity and Governance) to analyse the requirements in terms of data management for population registers.
José Formaz, Olivier Glassey
Use of ePassport for Identity Management in Network-Based Citizen-Life Processes
Abstract
Digital identity management (IdM) for citizen-life processes requires trusted relationship among the service providers and users. Current IdM systems tend to lack the trust component in particular for online transactions. We propose the use of ePassport as a globally interoperable trust token to bridge the gap between offline and online environments. The paper analyses trust attributes of the ePassport and recognizes the extensions required to its deployment in an online IdM for high-value transactions. An architecture is proposed for a network-based IdM system to support three categories of life processes: eGovernment services, high value private services, and eCommerce. The solution is compatible with privacy-enhancing technologies while at the same time creating trusted digital identities and offering users convenience.
Pravir Chawdhry, Ioannis Vakalis
The Use of Privacy Enhancing Technologies for Biometric Systems Analysed from a Legal Perspective
Abstract
The deployment of biometric systems could have serious life long implications for the privacy and data protection rights of individuals. The use of appropriate biometric technologies permitting the creation of multiple trusted revocable protected biometric identities may present a response to this challenge. The paper presents a review from a legal perspective of these privacy enhancing technologies which are being developed in the 7 th framework EU project TURBINE. It is argued that if privacy considerations are taken into account in the design and technology of biometric systems, this will have a positive influence on the review of the proportionality of the use of biometric systems.
Els J. Kindt

Privacy and Identity Management for eHealth and Ambient Assisted Living Applications

Assuring Privacy of Medical Records in an Open Collaborative Environment - A Case Study of Walloon Region’s eHealth Platform
Abstract
In many European countries, elderly citizens constitute a growing part of the population. In some countries like Belgium, it is expected to be as high as one third of the population by 2060. Non-traditional high-tech healthcare solutions are therefore indispensable to cope with the shortage of medical and paramedical staff in the future. In this context, several eHealth projects are launched to modernise the public healthcare system and to address the challenges of declining active workforce in the medical domain. The Walloon Region of Belgium is sponsoring an eHealth Platform for the deployment of internet-based technologies for monitoring of patients and exchange of medical records between hospitals and general practitioners. In this paper, we provide an overview of this eHealth platform and report on-going design activities on managing privacy-sensitive medical data by using a context-aware access control model.
Syed Naqvi, Gautier Dallons, Arnaud Michot, Christophe Ponsard
Goal-Oriented Access Control Model for Ambient Assisted Living
Abstract
Ambient assisted living is a new interdisciplinary field aiming at supporting senior citizens in their home by means of embedded technologies. This domain offer an interesting challenge for providing dependability and security in a privacy-respecting way: in order to provide services in an emergency we cannot monitor on a second-by-second base a senior citizen. Beside being immoral, it would be illegal (at least in Europe). At the same time if we do not get notified of an emergency, the entire system would be useless.
In this paper we present an access control model for this domain that extends RBAC with the notion of organizational model, goals and dependencies. In this model we can associate permission to the objectives that have been assigned to the users of the system and solve the trade-off between security and dependability.
Fabio Massacci, Viet Hung Nguyen

Anonymisation and Privacy-Enhancing Technologies

Privacy of Outsourced Data
Abstract
Data outsourced to an external storage server are usually encrypted since there is the common assumption that all data are equally sensitive. The encrypted data however cannot be efficiently queried and their selective release is not possible or require the application of specific solutions. To overcome these problems, new proposals have been recently developed, which are based on a fragmentation technique possibly combined with encryption. The main advantage of these proposals is that they limit the use of encryption, thus improving query execution efficiency. In this paper, we describe such fragmentation-based approaches focusing in particular on the different data fragmentation models proposed in the literature. We then conclude the paper with a discussion on some research directions.
Sabrina De Capitani di Vimercati, Sara Foresti
Sharing Data for Public Security
Abstract
Data sharing is a valuable tool for improving security. It allows integrating information from multiple sources to better identify and respond to global security threats. On the other side, sharing of data is limited by privacy and confidentiality. A possible solution is removing or obfuscating part of the data before release (anonymization), and, to this scope, various masking algorithms have been proposed. However, finding the right balance between privacy and the quality of data is often difficult, and it needs a fine calibration of the anonymization process. It includes choosing the ’best’ set of masking algorithms and an estimation of the risk in releasing the data. Both these processes are rather complex, especially for non-expert users. In this paper, we illustrate the typical issues in the anonymization process, and introduce a tool for assisting the user in the choice of the set of masking transformations. We also propose a caching system to speed up this process over multiple runs on similar datasets. Although, the current version has limited functionalities, and more extensive testing is needed, it is a first step in the direction of developing a user-friendly support tool for anonymization.
Michele Bezzi, Gilles Montagnon, Vincent Salzgeber, Slim Trabelsi
An Analysis for Anonymity and Unlinkability for a VoIP Conversation
Abstract
With the growth of its popularity, VoIP is increasingly popular nowadays. Similarly to other Internet applications, VoIP users may desire to be unlinkable with their participated VoIP session records for privacy issues. In this paper, we explore the Items of Interests (IOIs) from anonymisation aspects based on a simplified VoIP model and analyse the potential links between them. We address possible methods to break the links. Finally, we also discuss requirements for a VoIP anonymisation Service (VAS) in terms of functionality, performance and usability. Based on this, we discuss the fundamental design requirements for a VAS which we intend to subsequently implement.
Ge Zhang
PRIvacy LEakage Methodology (PRILE) for IDS Rules
Abstract
This paper introduces a methodology for evaluating PRIvacy LEakage in signature-based Network Intrusion Detection System (IDS) rules. IDS rules that expose more data than a given percentage of all data sessions are defined as privacy leaking. Furthermore, it analyses the IDS rule attack specific pattern size required in order to keep the privacy leakage below a given threshold, presuming that occurrence frequencies of the attack pattern in normal text are known. We have applied the methodology on the network intrusion detection system Snort’s rule set. The evaluation confirms that Snort in its default configuration aims at not being excessively privacy invasive. However we have identified some types of rules rules with poor or missing ability to distinguish attack traffic from normal traffic.
Nils Ulltveit-Moe, Vladimir Oleshchuk

Identity Management and Multilateral Security

Digital Personae and Profiles as Representations of Individuals
Abstract
This paper explores the concepts of digital personae and profiles and the way they represent individuals. Even though their manifestation as data sets seems similar, they originate in different ways. The differences between the two forms of digital representations have major implications for their connection and application to known individuals. Digital personae are connected to known individuals in the real world, whereas profiles are not. However, different types of identification can establish the connection between a profile and an offline individual. A profile can then transform into a digital persona. The differences between digital personae and profiles have implications for the applicability of data protection regulations and influence the amount of control individuals have over their representations and decisions based on these. This paper shows the relation between digital personae and profiles and indicates where privacy and autonomy of individuals can be at stake.
Arnold Roosendaal
Anonymous Credentials in Web Applications
A Child’s Play with the PRIME Core
Abstract
Web applications dealing with personal data in a privacy-friendly way have the need for anonymous credential systems. While there are already protocols describing anonymous credential systems and libraries, implementing the protocols, application using the libraries are rare. Without applications supporting anonymous credentials, companies will not start building a credential infrastructure and vice versa. This paper presents an easy way to issue and use anonymous credentials for web applications. By reducing the initial cost for both parties, the barrier of “starting first” can be lowered.
Benjamin Kellermann, Immanuel Scholz
Reaching for Informed Revocation: Shutting Off the Tap on Personal Data
Abstract
We introduce a revocation model for handling personal data in cyberspace. The model is motivated by a series of focus groups undertaken by the EnCoRe project aimed at understanding the control requirements of a variety of data subjects. We observe that there is a lack of understanding of the various technical options available for implementing revocation preferences, and introduce the concept of informed revocation by analogy to Faden and Beauchamp’s informed consent. We argue that we can overcome the limitations associated with informed consent via the implementation of EnCoRe technology solutions. Finally, we apply our model and demonstrate its validity to a number of data-handling scenarios which have arisen in the context of the EnCoRe research project. We have found that data subjects tend to alter their default privacy preferences when they are informed of all the different types of revocation available to them.
Ioannis Agrafiotis, Sadie Creese, Michael Goldsmith, Nick Papanikolaou
Multilateral Privacy in Clouds: Requirements for Use in Industry
Abstract
After the virtualisation of single components of computing systems such as storage, networks or computing devices the next step is the abstraction of the infrastructure as a whole: cloud computing. There are already cloud services on the market, but most of them rely on proprietary technology. Hence standards for cloud computing are needed that realise the requirements we have for present systems. In this context it is important to think of requirements for privacy when personal data are distributed in cloud services and on the other hand on restrictions an owner of computing resources wants to impose. It is important to note that the concepts that enable multilateral privacy are also needed by industry for the flexible realisation of service level agreements and governance to incorporate cloud services in business processes and to be compliant with legal regulations as e.g. SOX, EuroSOX. Therefore the methods that are needed to realise business critical IT services as cloud services are the same as for privacy.
Ina Schiering, Markus Hansen

Usability, Awareness and Transparency Tools

PET-USES: Privacy-Enhancing Technology – Users’ Self-Estimation Scale
Abstract
This paper describes the “Privacy-Enhancing Technology Users’ Self-Estimation Scale (PET-USES)”, a questionnaire that enables users to evaluate PET user interfaces for their overall usability and to measure six different PET aspects. The PET-USES is intended to be used during usability testing and evaluation of PET user interfaces. The focus of the PET-USES is the subjective experience of the user rather than the intrinsic PET functionality of the application being tested. Although the test has been developed within the PrimeLife project to test the usability of PETs developed therein, the test is constructed in such a fashion that it should be applicable to a wide variety of PETs. The objective of this paper is to outline the creation and the background of the PET-USES questionnaire and invite the usability community not only to use the test, but also to contribute to the further development of the PET-USES.
Erik Wästlund, Peter Wolkerstorfer, Christina Köffel
Addressing the Privacy Paradox by Expanded Privacy Awareness – The Example of Context-Aware Services
Abstract
When interacting with applications, users are less restrictive in disclosing their personal data than if asked in an application-independent context. On a more general level this behavior is termed as privacy paradox. The creation of privacy awareness can assist users in dealing with context-aware services without harming their privacy unintentionally, thereby addressing the privacy paradox. The paper in hand provides a research approach towards the integration of privacy awareness on an application-specific level, especially taking into account conflicting interests between users and providers of context-aware services. It shows that expanding privacy awareness towards knowledge about methods and tools to react turns out to be useful.
André Deuker
Secure Logging of Retained Data for an Anonymity Service
Abstract
The recently introduced legislation on data retention to aid prosecuting cyber-related crime in Europe also affects the achievable security of systems for anonymous communication on the Internet. We have analyzed the newly arising risks associated with the process of accessing and storage of the retained data and propose a secure logging system, which utilizes cryptographic smart cards, trusted timestamping servers and distributed storage. These key components will allow for controlled access to the stored log data, enforce a limited data retention period, ensure integrity of the logged data, and enable reasonably convenient response to any legitimated request of the retained data. A practical implementation of the proposed scheme was performed for the AN.ON anonymity service, but the scheme can be used for other services affected by data retention legislation.
Stefan Köpsell, Petr Švenda
Adding Secure Transparency Logging to the PRIME Core
Abstract
This paper presents a secure privacy preserving log. These types of logs are useful (if not necessary) when constructing transparency services for privacy enhancement. The solution builds on and extends previous work within the area and tries to address the shortcomings of previous solutions regarding privacy issues.
Hans Hedbom, Tobias Pulls, Peter Hjärtquist, Andreas Lavén
Backmatter
Metadata
Title
Privacy and Identity Management for Life
Editors
Michele Bezzi
Penny Duquenoy
Simone Fischer-Hübner
Marit Hansen
Ge Zhang
Copyright Year
2010
Publisher
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-14282-6
Print ISBN
978-3-642-14281-9
DOI
https://doi.org/10.1007/978-3-642-14282-6

Premium Partner

    Image Credits