PETWeb II – Privacy-respecting Identity Management for e-Norge

PETWeb II – Privacy-respecting Identity Management for e-Norge

The project addresses societal challenges concerning the future of electronic identifiers and electronic identities. The implication of such identities range from today’s crime (identity theft) to long-term privacy implications and fundamental rights such as informational self-determination. Electronic identifiers penetrate all aspects of information systems and their contact with society – ranging from e-mail addresses up to social security numbers and electronic passports.The computerization of administration and private business requires management of various aspects of people’s identities on information systems. Identifiers, passwords, personal profiles, pseudonyms, person numbers, social security numbers, patient numbers and various other identifiers such as e-mail addresses, credit card numbers, passport numbers and bank account numbers are used to uniquely identify information system users or citizens. Some of these identifiers and their attached authentication and identity information are very mobile, and spread into many information systems and purposes. As recently discussed concerning the Norwegian citizen person number, such a function shift can pose serious risk to government and citizens, and open opportunities for criminals, such as:

  • Identity theft and fraud based on stolen electronic identifiers are growing;
  • Person number schemes likely to have sufficient flaws in combination with networked application;
  • Several Norwegian governmental organizations are searching for new electronic identifier schemes and identity management approaches;
  • The privacy implications of a life-long electronic citizen identifier in the social and health system are vast;
  • Societal security and administrative/economic efficiency are dependent on efficient use of the identity management scheme.

NR’s contribution

NR’s research in the area of ICT has a main basis in security, privacy and interactive, network-based technology. NR has previously run several RCN funded projects on privacy, e.g. PETweb. NR will contribute with a broad range of research capabilities within risk assessment, modeling and simualation, and assist one PhD student. NR will also contribute towards co-ordination of the project.

  1. Building of an interdisciplinary framework for privacy-respecting identity management pri-marily targeted to web services;
  2. Design of a reference model for privacy-respecting identity management;
  3. Provide and validate methods and tools for the evaluation of requirements and approaches to privacy-respecting identity management.

Benefit for society

Identity management is the gatekeeper to the electronic society. It penetrates all aspects of society, from public administration to financial transactions. The privacy of citizens as well as the correct functioning of the administration and the efficiency of the economy in the e-Society are all depend-ent on IDM. IDM can be considered a critical long-time infrastructure for public archives, the health system and other aspects of society. Its failure opens the doors to injustice, crime and inefficiency.

Publications

Reviewed journals

Other journals or specialist magazines

  • 2012
    • Fritsch, Lothar; Kohlweiss, Markulf: Privatsphäre trotz intelligenter Zähler, digma Zeitschrift für Datenrecht und Informationssicherheit, Switzerland, 1/2012 (12), April 2012, p.22-26.
    • John Borking: PRIVACY PROTECTION BY DESIGN and DATA PROTECTION BY DEFAULT in Privacy & Compliance Magazine, 03/04/2012
  • 2010
    • Tobias Mahler, Malin Renate Ranheim: Datalagringsdirektivet og den tyske grunnloven. Lov & Data : Tidsskrift for Rettsinformatikk 2010 (102) p. 19-23.

Published books and book chapters

  • 2013
    • Simone Fischer-Hübner, Stefan Berthold: Privacy-enhancing Technologies, in: Computer and Information Security Handbook, 2nd Edition, Morgan Kaufmann/Elsevier Inc. To appear January 2013.
  • 2011
    • Jan Camenisch, Bruno Crispo, Simone Fischer-Hübner, Ronald Leenes and Giovanni Russello: Privacy and Identity Management for Life: 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School, Trento, Italy, September 5-9, 2011, Springer.
  • 2010
    • de Leeuw, Elisabeth; Fischer-Hübner, Simone; Fritsch, Lothar (Eds.): Policies and Research in Identity Management, Proceedings of the IFIP IDMAN 2010 conference. IFIP Advances in Information and Communication Technology, Vol. 343, Springer, ISBN 978-3-642-17302-8, November 05, 2010.
    • John Borking, Profitable Investments Mitigating Privacy Risk in de Leeuw, Elisabeth; Fischer-Hübner, Simone; Fritsch, Lothar (Eds.): Policies and Research in Identity Management, Proceedings of the IFIP IDMAN 2010 conference. IFIP Advances in Information and Communication Technology, Vol. 343, Springer, ISBN 978-3-642-17302-8, November 05, 2010.
    • Borking J.J., Assessing Investments Mitigating Privacy Risks; in Mommers L., Franken H., Van den Herik J., Van der Klauw F., G-J Zwenne, Het Binnenste Buiten, Liber Amicorum ter gelegenheid van het emeritaat van prof. dr. H.J. Schmidt, hoogleraar Recht en Informatica te Leiden, Leiden University Press, Leiden 2010
    • Tobias Mahler, Malin Renate Ranheim: Hvordan vurderer nasjonale domstoler datalagringsdirektivet opp mot grunn- og menneskerettigheter? In: Dag Wiese Schartum (ed.): Overvåkning i en rettsstat (forthcoming book).
    • Tobias Mahler: The Lawyer in 2020. In: Dag Wiese Schartum, Anne Gunn Berge Bekken (ed.): Yulex 2010.
    • Stefan Berthold and Rainer Böhme: Valuating Privacy with Option Pricing Theory. In: Tyler Moore, David Pym, Christos Ioannidis (Eds.): Economics of Information Security and Privacy, Springer, 2010.

Published conference/workshop contributions

  • 2012
    • Jan Zibuschka, Lothar Fritsch: A Hybrid Approach for Highly Available & Secure Storage of Pseudo-SSO Credentials, to appear on NordSec 2012, Nov. 2012, in Springer LNCS.
    • Rajbhandari, L., Snekkenes, E.: Intended actions: Risk is conflicting incentives. In Gollmann, D., Freiling, F., eds.: Information Security. Volume 7483 of Lecture Notes in Computer Science, pages 370-386. Springer Berlin / Heidelberg (2012)
    • Ebenezer Paintsil: A model for privacy and security risks analysis, New Technologies, Mobility and Security (NTMS), 2012 5th International Conference, Istanbul, May 2012, IEEE publication, doi:10.1109/NTMS.2012.6208713.
  • 2011
    • John J. Borking, Why adopting privacy enhancing technologies (PETs) takes so much time; in Gurwirth S., Poullet Y., De Hert P., Leenes R. (eds.) Computers, Privacy and Data Protection: An Element of Choice, CPDP conference 2011, Heidelberg 2011
    • Ebenezer Paintsil: Towards Legal Privacy Risk Assessment Specification, Trust, Privacy and Security in Digital Business - 8th International Conference, TrustBus 2011, Springer isbn 978-3-642-22889-6 Vol LNCS 6863, Sept 2, 2011.
    • Stefan Berthold: Towards a Formal Language for Privacy Options. In post-proceedings of the PrimeLife/IFIP Summer School 2010, Springer Boston.
    • Lisa Rajbhandari and Einar Snekkenes. Using game theory to analyze risk to privacy: An initial insight. In Simone Fischer-Hübner, Penny Duquenoy,Marit Hansen, Ronald Leenes, and Ge Zhang, editors, Privacy and Identity Management for Life, volume 352 of IFIP Advances in Information and Communication Technology, pages 41-51. Springer Boston, 2011.
    • Paintsil, Ebenezer; Fritsch, Lothar: A Taxonomy of Privacy and Security Risks Contributing Factors . IFIP Advances in Information and Communication Technology, 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, Au, Privacy and Identity Management for Life, Fischer-Hübner, Simone; Duquenoy, Penny; Hansen, Marit; Leenes, Ronald; Zhang, Ge, International Federation for Information Processing IFIP, ISBN 978-3642207686, Vol. 352, pp. 52-63, March 24, 2011.
    • Lisa Rajbhandari and Einar Snekkenes. Mapping between classical risk management and game theoretical approaches. In Bart De Decker, Jorn Lapon, Vincent Naessens, and Andreas Uhl, editors, Communications and Multimedia Security, volume 7025 of Lecture Notes in Computer Science, pages 147-154. Springer Berlin / Heidelberg, 2011.
    • Ebenezer Painstil and Lothar Fritsch: Towards Legal Privacy Risk Assessment Automation in Social Media, has been accepted for publication at the workshop "DICCDI - Datenschutz und Identitätsmanagement für Communities - Communities für Datenschutz und Identitätsmanagement" at INFORMATIK 2011. Camera ready is submitted. Conference: October 2011.
  • 2010
    • Lothar Fritsch, Ebenezer Paintsil: Privacy and Security Side effects of Identity Management Choices, submitted to (and rejected on) SICHERHEIT 2010.
    • Jøsang, Audun; Fritsch, Lothar; Mahler, Tobias: Privacy Policy Referencing. 7th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2010), Trust, Privacy and Security in Digital Business, Katsikas, Sokratis; Lopez, Javier; Soriano, Miguel , Springer, ISBN 978-3-642-15151-4, Vol. LNCS 6264, August 30, 2010.
  • 2009
    • Stefan Berthold, Rainer Böhme: Valuating Privacy with Option Pricing; WEIS workshop 2009.

 

Papers submitted to journals or conferences, currently under review

  • 2012
    • Fritsch, Lothar: The Clean Privacy Ecosystem of the Future Internet, Essay, Future Internet Journal, 2012, 4, 1-x, doi:10.3390/fi40x000x, ISSN 1999-5903, www.mdpi.com/journal/futureinternet, 2nd review round.
    • Ebenezer Paintsil: Evaluation of Privacy and Security Risks Analysis Construct for Identity Management Systems, IEEE Systems Journal - Special Issue on Security and Privacy in Complex Systems (Accepted).
    • Ebenezer Paintsil: Executable Model-Based Risk Assessment Method, NISK 2012 conference.
    • Lisa Rajbhandari and Einar Snekkenes. Using CIRA for the Analysis of Accidental Risks. (submitted to NISK 2012)
  • 2011
    • Borking, John and Kruijff, Joost C.: Organizational Maturity, a sine qua non for Privacy Enhancing Identity Mangement Systems: File:Privacy Enhan Identity Mgt SystMaturity final.pdf
    • Ebenezer Painstil and Lothar Fritsch: Towards Legal Privacy Risk Assessment Automation in Social Media, has been accepted for publication at the workshop "DICCDI - Datenschutz und Identitätsmanagement für Communities - Communities für Datenschutz und Identitätsmanagement" at INFORMATIK 2011. Camera ready is submitted. Conference: October 2011.

Reports, presentations to specialist audiences, lectures

  • 2012
    • Abie, Habtamu; Borking, John: Risk Analysis Methods and Practices - Privacy Risk Analysis Methodology; Deliverable 4.1 of the PETweb II project; NR note DART/05/2012, 4.Sep.2012
    • Abie, Habtamu: State of the Art Privacy Risk Analysis - Survey and Classification, Deliverable 3 of the PETweb II project; NR note DART/05/2010, revised 24.Aug.2012
    • J. J. Borking, Legal Based Vulnerabilities/Threats In Relation To Identity Management, PETWEB 2 – Contribution, January 17, 2012
    • J. J. Borking, Analysis of Five PIAs, PETWEB 2 – Contribution, June/July 2012.
  • 2011
    • Fritsch, Lothar: Economics of Cybersecurity - Economic perspectives on Information Security. Workshop "Socio-economics in Trustworthy ICT", Bruxelles, European Commission, 22.Jun. 2011, June 22, 2011.
    • Tobias Mahler: Rettslige krav til sikkerhetsanalyser for identitetsforvaltning. Konferansen Risiko og sikkerhet i IKT-systemer, Oslo, March 9, 2011.
    • Fritsch, Lothar: Economics of Cybersecurity - Economic perspectives on Information Security. Workshop "Socio-economics in Trustworthy ICT", Bruxelles, European Commission, 22.Jun. 2011, June 22, 2011.
  • 2010
    • Tobias Mahler: Juridisk risikostyring i ID-systemer: Verktøybasert kontraktanalyse, Idtyverikonferansen 2010, Oslo, October 11, 2010.
    • Fritsch, Lothar: Location Privacy by Design - Technology & Business Incentives. .SE Internetdargana 2010, Stockholm, Vol. Session "Privacy Enhancing Technology", October 26, 2010.
    • J. J. Borking, Legal requirements for Privacy Enhancing Identity Management Systems, PETWEB 2, August 11 2010.
    • Fritsch, Lothar: Technology and Methods for Information Privacy. ID tyverikonferansen 2010, Oslo, 11.-12.Oct. 2010, October 11, 2010.
    • Fritsch, Lothar: PETweb II – Privacy in Identity Management, presentation as part of the "Identity Management throughout life - solutions, trends, side effects" networking session on Sep. 29, 2010. EU ICT Event 2010, Sep. 27-29, 2010, Brussels, Belgium, September 29, 2010.
    • Ebenezer Paintsil, Lothar Fritsch: Survey of privacy and security in identity management systems, Abstract accepted for presentation on IFIP/PrimeLife Summer School 2010 (will be updated and then reviewed for proceedings publishing after August 2010).
    • Fritsch, Lothar: Business Security and Privacy Risk of RFID. On: Are you ready for the Internet of Things?, RFID-RNET Resource Network Workshop , 10-11.5.2010, Oslo, pp. 30, May 10, 2010.
    • Tobias Mahler: Juristisches Risikomanagement -- Eine Methode zur Ergänzung rechtlicher Analysen? Invited guest lecture, Institut für Informations- Telekommunikations- und Medienrecht, Westfälische Wilhelms-Universität Münster, 10.05.10.
    • Paintsil, Ebenezer; Fritsch, Lothar: A taxonomy of Privacy and Security risk contributing factors in Identity Management. Privacy and Identity Management for Life - 6. Int. IFIP/PrimeLife Summer School , August 02, 2010.
    • Rajbhandari, Lisa; Snekkenes, Einar Arthur: Using Game Theory to analyze Risk to Privacy. Privacy and Identity Management for Life - 6. Int. IFIP/PrimeLife Summer School , August 02, 2010.
    • Tobias Mahler: Tysk dom om datalagring. Tirsdagskaffeseminar, Senter for rettsinformatikk, April 27, 2010.
    • Stefan Berthold: Towards a Formal Language for Privacy Options. In the pre-proceedings of the PrimeLife/IFIP Summer School, Helsingborg, Sweden, 2–6 August 2010.
  • 2009
    • Fritsch, Lothar: PhD recruiting - PETweb II recruitment activities and results. NR Note No. DART/09/2009, pp. 16, December 18, 2009. File:Note PhD recruiting DART092009.pdf
    • Fritsch, Lothar: Business risks from RFID in tracking, tracing and logistics. "Privacy and Identity Management for Life", Fifth International Summer School by the PrimeLife EU pr, September 11, 2009.
    • Fritsch, Lothar: Privacy technology as a key enabler for person-centric Location-based Services. Workshop on "LBS og sporingstjenster", Trådløs Framtid, Oslo, 3. Sep. 2009, September 03, 2009.

 

Popular articles, teaching, "Formidling"

  • 2012
    • Fritsch, Lothar: Documentation of the 3rd PETweb II PhD student workshop - Joint PhD student workshop of the VERDIKT PETweb II and ASSET projects in Gjøvik, 13.9.2012. Oslo: Norsk Regnesentral 2012 NR Notat(DART/08/2012)
    • Fritsch, Lothar: Documentation of the 2nd PETweb II PhD student workshop - 2-day PhD student workshop of the VERDIKT PETweb II projects in Rømskog, 19.3.2012. Oslo: Norsk Regnesentral 2012 11 s. NR Notat(DART/09/2012)
  • 2011
    • Fritsch, Lothar: Identifisering, Autentisering, Autorisering - Identifisering, Autentisering, Autorisering . ID tyveri konferanse 2011, Oslo, 13.-14. September 2011, September 13, 2011.
    • Fritsch, Lothar: Management of Privacy Risks in Information Systems. Invited lecture, Gjøvik University College, Norwegian Information Security Lab (NISlab), March 28, 2011.
    • Fritsch, Lothar: Privacy and Regulatory Requirements. Lecture 12 in INF3510 - Information Security, University of Oslo, Oslo, April 28, 2011.
    • Moen-Hagalisletto, Anders;, Fritsch, Lothar: Mobilnett-kollapsen: Vi må leve med risikoen. Kronikk på forskning.no, No. http://www.forskning.no/artikler/2011/juni/291877, June 21, 2011.
  • 2010
    • Lothar Fritsch, Ebenezer Paintsil: 1st PhD retreat documentation - Minutes of the PETweb II PhD workshop, April 15-16, 2010, NR note DART/04/2010, 22.Apr.2010
    • -Lagringsdirektivet kan koste to milliarder. Computerworld.no[1], May 18, 2010, discussing a presentation given by Tobias Mahler.
    • Aina Johnsen Rønning: Tysk nei til implementering av datadirektiv. Advokatbladet[2] nr. 5, 2010, discussing a presentation given by Tobias Mahler.
  • 2009
    • Fritsch, Lothar: Radio interview: GPS-peiling av eldre - utfordringer i sikkerhet og personvern, September 22, 2009, NRK P1 Oppland, Distriktsprogramm, 16:05-16:15

This page was last modified on 27 September 2012, at 11:42.

Research areas

Project period

June 2009 - May 2013
Department

Financing

Research Council of Norway (Grant agreement no: 193030)