Date post: | 13-Apr-2017 |
Category: |
Internet |
Upload: | sven-wohlgemuth |
View: | 368 times |
Download: | 0 times |
PrivacyPrivacy in Business in Business ProcessesProcesses bybyIdentityIdentity ManagementManagement
IST 2006, Helsinki, November 23IST 2006, Helsinki, November 23rdrd, 2006, 2006
Sven WohlgemuthProf. Dr. Günter Müller
Albert-Ludwig University of Freiburg, GermanyInstitute of Computer Science and Social Studies
Department of Telematicshttp://www.telematik.uni-freiburg.de
http://www.telematik.uni-freiburg.de 2Sven Wohlgemuth <[email protected]>
IIG TelematicsProf. Dr. Günter Müller
Computer science(7 assistants)
Privacy &security E-Commerce Economics
(7 assistants)
• iManager: Security and usability by identity management (CeBIT 2003, doIT Software-Award2003)
• Int. Conference on Emerging Trends in Information and Communication Security (ETRICS)2006
• Editor of CACM special issue “Privacy and Security in Highly Dynamic Systems”, Sept. 2006
• Electronic Commerce Enquête 2005: Use of IT in German enterprises
• Coordination of German Priority Programme “Security in the Information and CommunicationTechnology”
• Coordination of FIDIS NoE work package “Privacy in Business Processes”
http://www.telematik.uni-freiburg.de 3Sven Wohlgemuth <[email protected]>
43,6%37,3% 34,4% 34,2%
22,6% 20,9%
44,3%46,8% 49,8% 47,7%
56,7% 58,4%
12,0% 16,0% 15,8% 18,1% 20,7% 20,7%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
no
medium
high
Costly integrationin processes
Expected neg.reaction since
privacyviolation
Doubts wrt.data
protectionlaws
Low customeracceptance
Other legaldoubts
Pot. lossof reputation
http://www.telematik.uni-freiburg.de/ece.php
SurveySurvey forfor Germany (ECE IV)Germany (ECE IV)Most Most ImportantImportant BarriersBarriers forfor PersonalizedPersonalized ServicesServices
http://www.telematik.uni-freiburg.de 4Sven Wohlgemuth <[email protected]>
I want a car
Car
Service 1
Service 2
Challenge: User-controlled disclosure of personal data
I need money
Money
Profile 1
Profile 2
Jendricke, U., Gerd tom Markotten, D.: Usability meets Security - The Identity-Manager as your Personal Security Assistant for the Internet, ACSAC, 2000
Problem 1: Linkability of Problem 1: Linkability of ProfilesProfiles
Personalised services:Conscious data collection
Creating profiles
Tracing an user byidentifying data
U=
profile
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Identity management (e.g. Freiburg iManager)
http://www.telematik.uni-freiburg.de 5Sven Wohlgemuth <[email protected]>
Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, LNCS 3995, 2006
Need medicalhelp
TherapyService 1
Blood analysis of P
ResultService 2 …
Person
Person
Profile 2Profile1+2+…
Big Brother
Loss of control• All-or-nothing delegation
• DREISAM: Protocol for unlinkable delegation of rights on personal data
Problem 2: Delegation of Problem 2: Delegation of ProfilesProfilesChallenge: User-controlled disclosure and use of personal data
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
Drivinglicence
Stella FreiburgerClasses: ABEFriedrichstr. 50D-79098 FreiburgGermanyIP: 132.15.16.3
http://www.telematik.uni-freiburg.de 6Sven Wohlgemuth <[email protected]>
Service 1
Profile 1
RFID data
Sensordata
Policydata
Video data
AmI changes collection:Conscious communication
Unawarehuman-machinecommunication
User has no control on disclosureof personal data
…
Sackmann, S., Strüker, J., Accorsi, R.: Personalization in Privacy-Aware Highly Dynamic Systems, CACM 49(9), 2006
Challenge: Avoidance of loss of control on personal data
Problem 3: Unaware Collection of ProfilesProblem 3: Unaware Collection of Profiles
http://www.telematik.uni-freiburg.de 7Sven Wohlgemuth <[email protected]>
OurOur Approach: Approach: PrivacyPrivacy EvidenceEvidence
Accorsi, R.: On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems, IFIP/SEC 2006
http://www.telematik.uni-freiburg.de 8Sven Wohlgemuth <[email protected]>
Contact me!
Sven WohlgemuthE-Mail [email protected] http://www.telematik.uni-freiburg.de
LookingLooking forfor PartnersPartnersChallenge: Avoidance of loss of control on personal data
Privacy evidences
Flexible privacy policy
Usable secureinterfaces
Delegation
Secure logging & audit
Watch this space!