| 1. |
- Berthold, Stefan
(författare)
-
Inter-temporal Privacy Metrics
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied, distributed, and long-term stored at negligible costs. This has dramatic consequences for individuals that leave traces in the form of personal data whenever they interact with information technology, for instance, computers and phones; or even when information technology is recording the personal data of aware or unaware individuals. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology.The objective of this thesis is to study the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party which uses this data for re-identifying the individual within a set of other individuals. We contribute with privacy metrics for several instances of this scenario in the publications included in this thesis, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. The result is a new framework for inter-temporal privacy metrics.
|
|
| 2. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
On the Internet of Things, Trust is Relative
- 2012
-
Ingår i: CONSTRUCTURING AMBIENT INTELLIGENCE. - : Springer Berlin/Heidelberg. - 9783642314780 ; , s. 267-273
-
Konferensbidrag (refereegranskat)abstract
- End-users on the Internet of Things (IoT) will encounter many different devices and services; they will need to decide whether or not they can trust these devices and services with their information. We identify three items of trust information that end-users will need to determine if they should trust something on the IoT. We create a taxonomy of the likely scenarios end-users will encounter on the IoT and present five trust strategies for obtaining this trust information. Upon applying these strategies to our scenarios, we find that there is no strategy that can work efficiently and effectively in every situations; end-users will need to apply the strategy that best fits their current situation. Offering multiple trust strategies in parallel and having this information transparent to end-users will ensure a sustainable IoT.
|
|
| 3. |
|
|
| 4. |
- Fritsch, Lothar, 1970-
(författare)
-
The Clean Privacy Ecosystem of the Future Internet
- 2013
-
Ingår i: Future Internet. - : MDPI. - 1999-5903. ; 5:1, s. 34-45
-
Tidskriftsartikel (refereegranskat)abstract
- This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.
|
|
| 5. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Towards Inclusive Identity Management : 1st IDIS workshop 2008
- 2010
-
Ingår i: Identity in the Information Society. - : Springer. - 1876-0678. ; 3:3, s. 515-538
-
Tidskriftsartikel (refereegranskat)abstract
- The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.
|
|
| 6. |
|
|
| 7. |
- Josang, Audun, et al.
(författare)
-
Privacy Policy Referencing
- 2010
-
Ingår i: Trust, Privacy and Security in Digital Business. - Berlin, Heidelberg : Springer. - 9783642151514 ; , s. 129-140
-
Konferensbidrag (refereegranskat)abstract
- Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.
|
|
| 8. |
- Kohlweiss, Markulf, et al.
(författare)
-
Privatsphäre trotz intelligenter Zähler
- 2012
-
Ingår i: digma - Zeitschrift für Datenrecht und Informationssicherheit. - 1424-9944. ; 12:1, s. 22-26
-
Tidskriftsartikel (refereegranskat)
|
|
| 9. |
|
|
| 10. |
- Paintsil, Ebenezer, et al.
(författare)
-
A Taxonomy of Privacy and Security Risks Contributing Factors
- 2011
-
Ingår i: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE. - : Springer. - 9783642207686 ; , s. 52-63
-
Konferensbidrag (refereegranskat)abstract
- Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the privacy and security risks in IDMS. In this article, we introduce a taxonomy of privacy and security risks contributing factors to improve our understanding of how tokens affect privacy and security in ID MS. The taxonomy is based on a survey of IDMS articles. We observed that our taxonomy can form the basis for a risk assessment model.
|
|
| 11. |
- Paintsil, Ebenezer, et al.
(författare)
-
Executable Model-Based Risk Analysis Method for Identity Management Systems : Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems
- 2013
-
Ingår i: Trust, Privacy, and Security in Digital Business. - Berlin, Heidelberg : Springer. - 9783642403422 - 9783642372827 ; , s. 48-61
-
Konferensbidrag (refereegranskat)abstract
- Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.
|
|
| 12. |
|
|
| 13. |
|
|
| 14. |
- Røssvoll, Till Halbach, et al.
(författare)
-
Reducing the User Burden of Identity Management : A Prototype Based Case Study for a Social-Media Payment Application Trustworthy and Inclusive Identity Management for Applications in Social Media
- 2013
-
Ingår i: ACHI 2013, The Sixth International Conference on Advances in Computer-Human Interactions. - : International Academy, Research and Industry Association (IARIA). - 9781612082509 - 9783642392641
-
Konferensbidrag (refereegranskat)abstract
- We describe a prototype for inclusive and secure identity management regarding a bill sharing application in social media. Beginning with the principals of universal design, and involving groups of users with impairments, we designed a set of alternative authentication methods based on OpenID. This work explains the scenario and the particularities of designing a trust, security, and privacy infrastructure with a high degree of usability for diverse user groups, and which is aligned with the requirements from regulatory frameworks. The user trials show that several authentication alternatives in multiple modalities are welcomed by impaired users, but many have restrictions when it comes to payments in the context of social media.
|
|
| 15. |
- Scherner, Tobias, et al.
(författare)
-
Technology Assurance
- 2011
-
Ingår i: Digital Privacy. - Heidelberg : Springer Berlin/Heidelberg. - 9783642190490
-
Bokkapitel (refereegranskat)abstract
- This chapter documents the experiences of assurance evaluation during the early stage of a large software development project. The PRIME project researches, contracts and integrates privacy-respecting software to business environments. There exist several approaches to ensure the quality of secure software. Some of these approaches have the focus of quality assurance at a very early stage of the development process and have weaknesses to ensure the quality of this process until the product is ready to enter the market. Other approaches, like the CC, focus on inspection, or more concrete evaluation, of ready-to-market products.
|
|
| 16. |
- Schulz, Trenton, et al.
(författare)
-
Accessibility and Inclusion Requirements for Future e-Identity Solutions
- 2014
-
Ingår i: Computers Helping People with Special Needs. - Berlin, Heidelberg : Springer. - 9783319085982 ; , s. 316-323
-
Konferensbidrag (refereegranskat)abstract
- Future e-identity services will need to be accessible for people with different types of abilities. We review current sets of accessibility guidelines and standards, current assistive technology, and current e-identity technology to determine accessibility and inclusion requirements for a future e-identity solution. For our project, we found that the area we could influence the most was the development of user interface for the client for e-identity and focused on these areas with the assumption that users would have access to inclusive cards and card readers. The requirements are divided into content and presentation, control and operation, legal requirements, testing, and help and support. We also provide possible areas for future research.
|
|
| 17. |
- Schulz, Trenton, et al.
(författare)
-
Identifying Trust Strategies in the Internet of Things
- 2013
-
Ingår i: Proceedings of the User-Centered Trust in Interactive Systems Workshop: a Workshop from NordiCHI 2012. - : Norsk Regnesentral. - 9788253905389 ; , s. 19-25
-
Konferensbidrag (refereegranskat)
|
|
| 18. |
- Schulz, Trenton, et al.
(författare)
-
Identifying Trust Strategies in the Internet of Things FutureID Deliverable D22.7 Accessibility and Inclusion Requirements
- 2013
-
Rapport (refereegranskat)abstract
- Users in the Internet of Things (IoT) use strategies to determine if they should trust a system or service. These strategies are not actively declared, but it can be useful to know which strategy is being used. We provide possible actions that users may perform when using different trust strategies and possible ways these can be captured for user studies. This document defines the accessibility and inclusion requirements to be taken into account when developing the different prototypes in the FutureID project. It also serves as a back- ground document in informing project partners about different aspects of accessibility when dealing with ICT. This includes looking at definitions, different types of users, assistive tech- nology, and other existing work in the field. Legal requirements, including storing of personal information for making systems accessible, are also covered. The document includes the accessibility and inclusion requirements for both developing and testing the client.
|
|
| 19. |
- Schulz, Trenton, et al.
(författare)
-
uTRUSTit : Deliverable D2.2 Definition of User Scenarios
- 2011
-
Rapport (refereegranskat)abstract
- We present scenarios in the three domains of smart home, smart office, and e-voting. The smart home consists of five scenarios; the smart office includes nine scenarios; e-voting has five scenarios. These scenarios cover a variety of situations that people may encounter in their everyday life and help to illustrate the trust issues that can show up when working with the Internet of Things (IoT). The scenarios form a foundation for many of the tasks and activities in the other work packages since the scenarios capture the functionality that we will work on. We also include a list of potential devices that may be used to realize these scenarios.
|
|
| 20. |
- Zibuschka, Jan, et al.
(författare)
-
A hybrid approach for highly available & secure storage of pseudo-SSO credentials
- 2012
-
Ingår i: Secure IT Systems. - Berlin, Heidelberg : Springer. - 9783642342097 ; , s. 169-183
-
Konferensbidrag (refereegranskat)abstract
- Abstract: We present a novel approach for password/credential storage in Pseudo-SSO scenarios based on a hybrid password hashing/password syncing approach that is directly applicable to the contemporary Web. The approach supports passwords without requiring modification of the server side and thus is immediately useful; however, it may still prove useful for storing more advanced credentials in future SSO and identity management scenarios, and offers a high level of security. Keywords. Single sign-on, authentication, syncing, hashing.
|
|
