BibSonomy publications for /user/dawinci/privacyMon Sep 22 08:51:08 CEST 2008Security Protocols Workshopconf/spw/200420--42A Cryptographic Framework for the Controlled Release of Certified Data.39572004credential_system privacy cryptography credential It is usually the case that before a transaction can take place, some mutual trust must be established between the participants. On-line, doing so requires the exchange of some certified information about the participants. The easy solution is to disclose one’s identity and reveal all of one’s certificates to establish such a trust relationship. However, it is clear that such an approach is unsatisfactory from a privacy point of view. In fact, often revealing any information that uniquely corresponds to a given individual is a bad idea from the privacy point of view. In this survey paper we describe a framework where for each transaction there is a precise specification of what pieces of certified data is revealed to each participant. We show how to specify transactions in this framework, give examples of transactions that use it, and describe the cryptographic building blocks that this framework is built upon. We conclude with bibliographic notes on the state-of-the-art in this area.Thu Aug 14 19:41:57 CEST 2008Berlin/HeidelbergTrust ManagementMay252--266Lecture Notes in Computer ScienceTowards Automated Evaluation of Trust Constraints3986/20062006assurance PRIME trust trust_management privacy In this paper we explore a mechanism for, and the limitations of, automation of assessment of trustworthiness of systems. We have implemented a system for checking trust constraints expressed within privacy policies as part of an integrated prototype developed within the EU Framework VI Privacy and Identity Management for Europe (PRIME) project [1]. Trusted computing information [2,3] may be taken into account as part of this analysis. This is the first stage of ongoing research and development within PRIME in this area.Wed Aug 06 10:58:46 CEST 2008Version 3electronicallyMayPRIME White Paper2008identity PRIME privacy identity_management The PRIME project demonstrates the viability of privacy-enhancing identity management. By this we mean identity management solutions that manage the individual's identity online and that also empower the individual to actively protect their own privacy. The guiding principle in the PRIME project is to put individuals in control of their personal data. The notion of user control has been adopted in many recent user-centric identity management initiatives. However, most of these initiatives only takes the first steps on the way to a new generation of identity management systems. They do not provide adequate safeguards for personal data and are limited in giving individuals control over their personal data. Effective management of information privacy requires new tools starting with the minimisation of personal data disclosure. Furthermore, users can be empowered with tools that allow them to negotiate privacy policies with service providers. This would require systems that enforce agreed policies by technical means, and keep track of data collection and usage. In addition to user side applications, service providers will be required to put adequate protection mechanisms in place and align business processes to take advantage of these mechanisms. This white paper describes our vision of privacy-enhancing identity management and how it can be realised in software. It also shows where work remains to be done.Wed Jul 30 18:55:01 CEST 2008Harward Law ReviewDecember5193--220The Right to Privacy41890law privacy right Thu Jul 17 17:52:24 CEST 2008Public Key Cryptography402-415Lecture Notes in Computer ScienceA First Approach to Provide Anonymity in Attribute Certificates.29472004pmi x.509 privacy anonymity ac pki privilige_management_infrastructure attribute_certificates This paper focus on two security services for internet applications: authorization and anonymity. Traditional authorization solutions are not very helpful for many of the Internet applications; however, attribute certificates proposed by ITU-T seems to be well suited and provide adequate solution. On the other hand, special attention is paid to the fact that many of the operations and transactions that are part of Internet applications can be easily recorded and collected. Consequently, anonymity has become a desirable feature to be added in many cases. In this work we propose a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. Moreover, we present a protocol to obtain such certificates in a way that respects users' anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems.Thu Jul 17 17:52:01 CEST 2008Cryptology and Network Security265-281Lecture Notes in Computer ScienceAnonymity 2.0 - X.509 Extensions Supporting Privacy-Friendly Authentication.48562007pmi certificate attribute_certificate privacy anonymity ac X.509 We present a semantic extension to X.509 certificates that allows incorporating new anonymity signature schemes into the X.509 framework. This fact entails advantages to both components. On the one hand, anonymous signature schemes benefit from all the protocols and infrastructure that the X.509 framework provides. On the other hand, the X.509 framework incorporates anonymity as a very interesting new feature. This semantic extension is part of a system that provides user’s controlled anonymous authorization under the X.509 framework. Additionally, the proposal directly fits the much active Identity 2.0 effort, where anonymity is a major supplementary feature that increases the self-control of one’s identity and privacy which is at the center of the activity.Thu Jul 17 17:50:32 CEST 2008AugustGiving Gossips their Due: Information Provision in Games with Private Monitoring2005gossip reputation privacy reputation_systems The ability of a long-lived seller to maintain and profit from a good reputation may induce her to provide high quality or effort despite short-run incentives to the contrary. This incentive remains in place with private monitoring, provided that buyers share their information. However, this assumption is unrealistic in environments where information sharing is costly or the beneficiaries of a buyer’s sharing are strangers. I study a simple mechanism that induces costly information provision, and may explain such behavior in environments where the incentives are not overt. Agents who possess information may share it with the community and acquire a reputation for gossiping. Reputations function in tandem: sellers provide high effort because they face agents with reputations for information sharing, and expect the outcome of their dealings will be made public, while information holders share their information as a reputation for doing so results in higher effort from sellers.Tue Jul 01 10:56:01 CEST 2008Oktober95/46/EGRichtlinie zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten und zum freien Datenverkehr1995europe privacy policy Tue Jun 24 10:38:53 CEST 2008Ontaria, CanadaOctober7 Laws of Identity - The Case for Privacy-Embedded Laws of Identity in the Digital Age2006identity canada privacy laws security internet identity_management data_minimization Privacy is at risk in a networked world of interoperable digital identifiers. This paper advocates embedding privacy early into identity management systems and technologies. Adoption of the 7 Laws of Identity offers strong potential for computer users to combat online fraud, minimize disclosure of their personal information, and assume greater control over their privacy when online. The result is a win-win for both consumers and e-commerce.Wed Jun 18 15:20:40 CEST 2008New York, NY, USAWPES '07: Proceedings of the 2007 ACM workshop on Privacy in electronic society60-63Enhancing Privacy in Identity Management Systems2007privacy credentials security identity_management User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper introduces privacy enhanced claim URIs which enable to request personal data in a privacy friendly way. We show how many private credential capabilities can be achieved in current IMS without using private credentials and continue by showing how these URIs allow integration of private credential systems in Microsoft Cardspace. Since our approach is very simple and widely applicable, it allows to enhance privacy friendliness of today's online transactions.Wed Jun 18 15:17:11 CEST 2008New York, NY, USACCS '02: Proceedings of the 9th ACM conference on Computer and communications security21-30Design and Implementation of the {idemix} Anonymous Credential System2002privacy anonymity credentials security cryptography Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet transactions. In this paper, we describe the design and implementation of an anonymous credential system based on the protocols developed by [6]. The system is based on new high-level primitives and interfaces allowing for easy integration into access control systems. The prototype was realized in Java. We demonstrate its use and some deployment issues with the description of an operational demonstration scenario.Wed Jun 18 15:13:52 CEST 2008New York, NY, USADIM '06: Proceedings of the second ACM workshop on Digital identity management1-10User Centricity: A Taxonomy and Open Issues2006delegation user_centric privacy taxonomy security user_centriciy identity_management User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. On the systems layer, we discuss user-centric FIM systems and classify them into two predominant variants with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship-focused systems, which rely on the relationships between users and online identity providers that create short-term credentials during transactions. Note that these two notions of credentials are quite different. The further one encompasses cryptographic credentials as defined by Lysyanskaya et al. [30], the latter one federation tokens as used in today's FIM protocols like Liberty.We raise the question where user-centric FIM systems may go--within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both pre-dominant classes. Secondly, we explore the feasibility of reaching beyond user-centricity, that is, allowing a user of a user-centric FIM system to again give away user-control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries ventures by leveraging the properties of a credential-focused FIM system.Mon Jun 09 15:03:38 CEST 20081AugustRethinking Public Key Infrastructures and Digital Certificates: Building in Privacy2000privacy anonymity u-prove security cryptography PKI credentica Paper-based communication and transaction mechanisms are being replaced by electronic mechanisms at a breath-taking pace. On the one hand, this transition improves security and efficiency, and opens up a mind-boggling range of new opportunities. On the other, it greatly increases the scope for identity fraud and erodes privacy in a manner unimaginable just a couple of decades ago. If the prevailing ideas about how to secure the global information highway are left unchallenged, then it will not take long before everyone is forced to communicate and transact in what will be the most pervasive electronic surveillance tool ever built.Fri May 16 16:50:46 CEST 2008JanuarySecurity in IT Networks: Multilateral Security in Distributed and by Distributed Systems2008networks multilateral_security lecture privacy security tu_dresden script cryptography Fri Apr 18 11:46:38 CEST 2008DecemberFundamental Models and Algorithms for a Distributed Reputation System2007systems protection models model trust reputation privacy distributed recommendation algorithms With the increased significance of the Internet in our everyday lifes, we embrace its benefits as seemingly unlimited information source, warehouse and general communication medium, but sometimes fall prey to its predators. Outside the online world, social network structures of friends or colleagues allow to identify malicious and reputable entities and to communicate recommendations or warnings accordingly. When interacting through open computer networks, these traditional mechanisms used in the physical world for establishing trust are adapted by reputation systems that allow to build trust in entities and create social network structures on a much larger scale. In this dissertation, we investigate various models and algorithms required for realizing a fully decentralized reputation system with enhanced privacy properties and fine-grained trust modeling. To ensure the former, we bind trust to virtual identities instead of real identities and present extended destination routing, an approach that allows anonymous communication between pseudonyms without exposing any link to a real identity. To enable the latter, we introduce a generic trust model that allows to model trust in various context areas in addition to expressing context area dependencies that are taken into account when updating trust. The model definition permits incorporating several well-known trust update algorithms from the related work. Subjecting the algorithms to a set of evaluation scenarios gives valuable inputs regarding their specific performance. In order to capture the transitivity of trust, we present algorithms to simplify trust networks and then compute the transitive trust with subjective logic operators. Finally, we propose mechanisms to protect trust by firstly laying its foundation in trusted hardware and secondly ensuring the authenticity of recommendations through the integration of an originality statement. This reputation system can be utilized by users and relying applications alike to determine the trustworthiness of other entities. While these building blocks are all essential for our system, many contributions can be applied to other reputation systems and even to other research areas as well.Tue Apr 15 16:08:59 CEST 2008San Diego Law Review745 pp.'I've Got Nothing to Hide' and Other Misunderstandings of Privacy442007protection identity privacy web wide world Tue Apr 15 15:51:43 CEST 2008Signal Processing and Information Technology, 2005. Proceedings of the Fifth IEEE International Symposium onDecember 552-559Trust in PRIME2005identity PRIME trust privacy management The PRIME project develops privacy enhancing identity management systems that allow users in various application areas such as e-commerce to regain control over their personal spheres. This paper introduces the PRIME technical architecture that also includes special trust-enhancing mechanisms, and shows how PRIME technologies can enhance privacy and trust of e-shopping customers. It also discusses the socio-psychological factors and HCI aspects influencing the end user's trust in privacy enhancing identity management, and shows why HCI research, user studies, and socio-psychological research, are necessary efforts to accompany system design.Tue Apr 15 12:51:54 CEST 2008New York, NY, USADIM '05: Proceedings of the 2005 workshop on Digital identity management20--27Privacy and Identity Management for Everyone2005identity europe PRIME privacy management Mon Apr 14 15:47:32 CEST 2008University of Pennsylvania Law ReviewJanuaryGWU Law School Public Law Research Paper No. 1293477 pp.A Taxonomy of Privacy1542006identity philosophy privacy taxonomy Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from an embarrassment of meanings. Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of privacy do not fare well when pitted against more concretely-stated countervailing interests. In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms. A new taxonomy to understand privacy violations is thus sorely needed. This article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.Mon Apr 14 15:32:00 CEST 2008Version 3.0GWU Law School Public Law Research Paper132Accepted Paper SeriesA Model Regime of Privacy Protection2006theft protection identity databases regulation privacy legislation databrokers A series of major security breaches at companies with sensitive personal information has sparked significant attention to the problems with privacy protection in the United States. Currently, the privacy protections in the United States are riddled with gaps and weak spots. Although most industrialized nations have comprehensive data protection laws, the United States has maintained a sectoral approach where certain industries are covered and others are not. In particular, emerging companies known as "commercial data brokers" have frequently slipped through the cracks of U.S. privacy law. In this article, the authors propose a Model Privacy Regime to address the problems in the privacy protection in the United States, with a particular focus on commercial data brokers. Since the United States is unlikely to shift radically from its sectoral approach to a comprehensive data protection regime, the Model Regime aims to patch up the holes in existing privacy regulation and improve and extend it. In other words, the goal of the Model Regime is to build upon the existing foundation of U.S. privacy law, not to propose an alternative foundation. The authors believe that the sectoral approach in the United States can be improved by applying the Fair Information Practices - principles that require the entities that collect personal data to extend certain rights to data subjects. The Fair Information Practices are very general principles, and they are often spoken about in a rather abstract manner. In contrast, the Model Regime demonstrates specific ways that they can be incorporated into privacy regulation in the United States.