Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2015 | Book

ABC4Trust: Protecting Privacy in Identity Management by Bringing Privacy-ABCs into Real-Life Read chapter Read first chapter

Privacy and Identity Management for the Future Internet in the Age of Globalisation

9th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Patras, Greece, September 7-12, 2014, Revised Selected Papers

Editors: Jan Camenisch, Simone Fischer-Hübner, Marit Hansen

Publisher: Springer International Publishing

Book Series : IFIP Advances in Information and Communication Technology

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book contains a range of keynote papers and submitted papers presented at the 9th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, held in Patras, Greece, in September 2014. The 9 revised full papers and 3 workshop papers included in this volume were carefully selected from a total of 29 submissions and were subject to a two-step review process. In addition, the volume contains 5 invited keynote papers. The regular papers are organized in topical sections on legal privacy aspects and technical concepts, privacy by design and privacy patterns and privacy technologies and protocols.

Table of Contents

Frontmatter

Invited Keynote Papers

Frontmatter
ABC4Trust: Protecting Privacy in Identity Management by Bringing Privacy-ABCs into Real-Life
Abstract
Security of the Identity Management system or privacy of the users? Why not both? Privacy-preserving Attribute-based Credentials (Privacy-ABCs) can cope with this dilemma and offer a basis for privacy-respecting Identity Management systems.
This paper explains the distinct features of Privacy-ABCs as implemented in the EU-sponsored ABC4Trust project via example usage scenarios from the ABC4Trust pilot trials. In particular, it aims for a deeper insight from the application perspective on how Privacy-ABCs can support addressing real-life Identity Management requirements while users’ privacy is protected.
Ahmad Sabouri, Kai Rannenberg
Towards an Engineering Model of Privacy-Related Decisions
Abstract
People make numerous decisions that affect their own or others’ privacy, including the decisions to engage in certain activities, to reveal and share information or to allow access to information. These decisions depend on properties of the information to be revealed, the situation in which the decision is made, the possible recipients of the information, and characteristics of the individual person. System design should ideally protect users from unwanted consequences by allowing them to make informed decisions, at times blocking users’ ability to perform certain actions (e.g., when the user is a minor). The development of alerting and blocking mechanisms should be based on predictive models of user behavior, similar to engineering models in other domains. These models can be used to evaluate different design alternatives and to assess the required system specifications. Predictive models of privacy decisions will have to combine elements from normative decision making and from behavioral, descriptive research on decision making. Some major issues in the development and validation of such models are presented.
Joachim Meyer
The Value of Personal Data
Abstract
This chapter discusses the value of personal data from two complementary perspectives: the value of personal data for firms and the value of personal data for individuals. The chapter starts with a short introduction into the rise of personal data markets – markets basically driven by the economic exploitation of personal data. Then the chapter discusses how firms asses the value of personal data. This can be done from different angles, such as stock value and revenues. Another inroad is the costs of data breaches. A second perspective which is discussed is the valuation of personal data by individuals. Some empirical studies are presented that show how individuals value their personal data and what choices they tend to make. The chapter concludes with placing these developments in the frame of the upcoming data protection regulation. Data protection by default has relevance when taking the empirical studies seriously.
Marc van Lieshout
Privacy and Security Perceptions of European Citizens: A Test of the Trade-Off Model
Abstract
This paper considers the relationship between privacy and security and, in particular, the traditional “trade-off” paradigm that argues that citizens might be willing to sacrifice some privacy for more security. Academics have long argued against the trade-off paradigm, but these arguments have often fallen on deaf ears. Based on data gathered in a pan-European survey we show that both privacy and security are important to European citizens and that there is no significant correlation between people’s valuation of privacy and security.
Michael Friedewald, Marc van Lieshout, Sven Rung, Merel Ooms, Jelmer Ypma
Privacy and Confidentiality in Service Science and Big Data Analytics
Abstract
Vast amounts of data are now being collected from census and surveys, scientific research, instruments, observation of consumer and internet activities, and sensors of many kinds. These data hold a wealth of information, however there is a risk that personal privacy will not be protected when they are accessed and used.
This paper provides an overview of current and emerging approaches to balancing use and analysis of data with confidentiality protection in the research use of data, where the need for privacy protection is widely-recognised. These approaches were generally developed in the context of national statistical agencies and other data custodians releasing social and survey data for research, but are increasingly being adapted in the context of the globalisation of our information society. As examples, the paper contributes to a discussion of some of the issues regarding confidentiality in the service science and big data analytics contexts.
Christine M. O’Keefe

Legal Privacy Aspects and Technical Concepts

Frontmatter
The Court of Justice of the European Union, Data Retention and the Rights to Data Protection and Privacy – Where Are We Now?
Abstract
In a recent judgment the CJEU found the Data Retention Directive to be incompatible with the rights to privacy and data protection under the EU Charter of Fundamental Rights. However, the Court’s interpretation of these fundamental rights needs further development, especially with regard to their respective scopes. While the Court declared the EU Directive to be invalid, there remain questions with regard to the Member States’ national implementation measures, which remain in force. Nevertheless, they do no longer comply with EU law and therefore need to be repealed or altered substantively. While it should be for the national legislator to achieve this, it might be necessary for service providers and citizens to challenge these provisions before the competent national courts.
Felix Bieker
EUROSUR – A Sci-fi Border Zone Patrolled by Drones?
Abstract
In the context of the smart border initiative, the European Union also established a mass surveillance and data exchange programme, called European External Border Surveillance System (EUROSUR). This paper will look at the compliance of the respective European regulation and the implementation of the system with Article 8 ECHR (European Convention on Human Rights, hereinafter: ECHR.) as well as Articles 7 & 8 EUFRCh (Charter of Fundamental Rights of the European Union (2000/C 364/01), hereinafter: EUFRCh.). This paper will argue that due to the concrete circumstances of the data processing and the large scale of the surveillance, the EUROSUR system constitutes a serious interference with the right to data protection and privacy. While the necessity of such an additional and intrusive border management tool is already highly questionable, in the end, the interference is not justified. In particular, the vagueness in most parts of the regulation and the lack of specific privacy protecting safeguards preclude the fulfilment of the ‘quality of law’ requirements. Furthermore, it will be shown that a more privacy preserving version is conceivable. As a result, EUROSUR is neither in accordance with law, nor necessary, nor proportionate, and therefore violates Article 8 ECHR as well as Articles 7 & 8 EUFRCh.
Daniel Deibler
Anonymous ePetitions – Another Step Towards eDemocracy
Abstract
This paper addresses the possibility to implement an online petition platform which allows citizens to petition the public authorities anonymously. The advantages and possible obstacles of anonymity are discussed. We focus on the legal admissibility of anonymous petitions in Europe and Germany and conclude that all related legal requirements could be met by implementing Privacy-enhancing Attribute-based Credentials.
Hannah Obersteller
A Brief Evaluation of Icons in the First Reading of the European Parliament on COM (2012) 0011
Abstract
We present the result of a small-scale test in which the participants failed to understand the graphic scheme as well as the pictographic parts of the icons appearing in the Annex to Article 13a of the European Parliament legislative resolution of 12 March 2014 on the Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM (2012) 0011.
John Sören Pettersson

Privacy by Design and Privacy Patterns

Frontmatter
Privacy by Design – The Case of Automated Border Control
Abstract
Function creep, i.e. when the purpose specification principle is breached, is a major challenge for personal data processing operations. This is especially a clear risk in the field of Identity Management when biometric data are deployed. The concept of privacy by design, set forth in the data protection reform, could, in principle, contribute to mitigating function creep. An implementation is discussed hereunder in relation to Automated Border Control (‘ABC’).
Pagona Tsormpatzoudi, Diana Dimitrova, Jessica Schroers, Els Kindt
Patterns in Privacy - A Pattern-Based Approach for Assessments
Abstract
The concept of patterns was first developed in the context of architecture and is now widely used in different fields such as software design or workflow design. In the last years the idea of patterns is also used to incorporate privacy in the life-cycle of Information Technology (IT) services. Concerning privacy and security, patterns are mainly used in the design phase of IT services in the form of design patterns. In this paper we propose a pattern-based approach to assess the compliance with privacy regulations continuously during the operation phase of an IT service. The central idea of patterns in this area is to provide an abstract representation of typical automated processing procedures for the processing of personal data. Since these patterns represent abstracted versions of workflows, we use as an illustration diagrams with a notation derived from Business Process Management Notation (BPMN). The aim of the approach presented here is to increase the transparency of assessments for all participants and to allow an easy adjustment of existing assessment results when changes occur.
Jörn Kahrmann, Ina Schiering

Privacy Technologies and Protocols

Frontmatter
A Survey on Multimodal Biometrics and the Protection of Their Templates
Abstract
In order to guarantee better user-friendliness and higher accuracy, beyond the existing traditional single-factor biometric systems, the multimodal ones appear to be more promising. Two or more biometric measurements for the same identity are extracted, stored and compared during the enrollment, authentication and identification processes. Deployed multimodal biometric systems also referred to as multibiometrics or even as multimodalities are commonly found and used in electronic chips, embedded in travel documents. The widespread use of such systems, the nature of the shared data and the importance of applications introduce privacy risks. A significant number of approaches and very recent advances to the relevant protection technologies have been published. This paper illustrates a comprehensive overview of research in multibiometrics, the protection of their templates and the privacy issues that arise. Up-to-date review of the existing literature revealing the current state-of-art suggestions is provided, based on the different levels of fusion and the employed protection algorithms, while an outlook to future prospects is also discussed.
Christina-Angeliki Toli, Bart Preneel
Event Invitations in Privacy-Preserving DOSNs
Formalization and Protocol Design
Abstract
Online Social Networks (OSNs) have an infamous history of privacy and security issues. One approach to avoid the massive collection of sensitive data of all users at a central point is a decentralized architecture.
An event invitation feature – allowing a user to create an event and invite other users who then can confirm their attendance – is part of the standard functionality of OSNs. We formalize security and privacy properties of such a feature like allowing different types of information related to the event (e.g., how many people are invited/attending, who is invited/attending) to be shared with different groups of users (e.g., only invited/attending users).
Implementing this feature in a Privacy-Preserving Decentralized Online Decentralized Online is non-trivial because there is no fully trusted broker to guarantee fairness to all parties involved. We propose a secure decentralized protocol for implementing this feature, using tools such as storage location indirection, ciphertext inferences and a disclose-secret-if-committed mechanism, derived from standard cryptographic primitives.
The results can be applied in the context of Privacy-Preserving DOSNs, but might also be useful in other domains that need mechanisms for cooperation and coordination, e.g., Collaborative Working Environment and the corresponding collaborative-specific tools, i.e., groupware, or Computer-Supported Collaborative Learning.
Guillermo Rodríguez-Cano, Benjamin Greschbach, Sonja Buchegger
Blank Digital Signatures: Optimization and Practical Experiences
Abstract
Blank Digital Signatures (\(\mathsf{BDS}\)) [18] enable an originator to delegate the signing rights for a template, containing fixed and exchangeable elements, to a proxy. The proxy is then able to choose one of the predefined values for each exchangeable element and issue a signature for such an instantiation of the template on behalf of the originator. In this paper, we propose optimizations for the \(\mathsf{BDS}\) scheme from [18] and present a library, integrating this optimized version within the Java Cryptography Architecture and the keying material into X.509 certificates. To illustrate the flexibility of the proposed library, we introduce two proof-of-concept implementations building up on XML and PDF, respectively. Finally, we give a detailed insight in the performance of the protocol and our implementation.
David Derler, Christian Hanser, Daniel Slamanig

Project Workshops and Tutorial Papers

Frontmatter
Tools for Cloud Accountability: A4Cloud Tutorial
Abstract
Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).
Carmen Fernandez-Gago, Vasilis Tountopoulos, Simone Fischer-Hübner, Rehab Alnemr, David Nuñez, Julio Angulo, Tobias Pulls, Theo Koulouris
Privacy for Peer Profiling in Collective Adaptive Systems
Abstract
In this paper, we introduce a privacy-enhanced Peer Manager, which is a fundamental building block for the implementation of a privacy-preserving collective adaptive systems computing platform. The Peer Manager is a user-centered identity management platform that keeps information owned by a user private and is built upon an attribute-based privacy policy. Furthermore, this paper explores the ethical, privacy and social values aspects of collective adaptive systems and their extensive capacity to transform lives. We discuss the privacy, social and ethical issues around profiles and present their legal privacy requirements from the European legislation perspective.
Mark Hartswood, Marina Jirotka, Ronald Chenu-Abente, Alethia Hume, Fausto Giunchiglia, Leonardo A. Martucci, Simone Fischer-Hübner
ABC4Trust Workshop on Core Features of Privacy-ABCs, Practical Use, and Legal Issues
Abstract
The project “ABC4Trust – Attribute-based Credentials for Trust” presented its two pilot trials in a workshop and engaged participants in discussions on the two existing as well as potential future application scenarios. Participants were asked to assess several different scenarios in order to determine when an inspection could be carried out without jeopardizing the potential of Privacy-ABCs to protect users’ rights. Their findings have been incorporated in a model inspection process that can be adapted to arbitrary scenarios.
Felix Bieker, Marit Hansen, Gert Læssøe Mikkelsen, Hannah Obersteller
Backmatter
Metadata
Title
Privacy and Identity Management for the Future Internet in the Age of Globalisation
Editors
Jan Camenisch
Simone Fischer-Hübner
Marit Hansen
Copyright Year
2015
Electronic ISBN
978-3-319-18621-4
Print ISBN
978-3-319-18620-7
DOI
https://doi.org/10.1007/978-3-319-18621-4

Premium Partner

    Image Credits