Abstract. We conduct more and more of our daily interactions over electronic media. The EC-funded project PRIME (Privacy and Identity Management for Europe) envisions that individuals will be able to interact in this information society in a secure and safe way while retaining control of their privacy. The project had set out to prove that existing privacy-enhancing technologies allow for the construction of a user-controlled identity management system that comes surprisingly close to this vision. This paper describes two key elements of the PRIME identity management systems: anonymous credentials and policy languages that fully exploit the advanced functionality offered by anonymous credentials. These two key elements enable the users to carry out transactions, e.g., over the Internet, revealing only the strictly necessary personal information. Apart from presenting for the first time these two key results, this paper also motivates the need for privacy enhancing identity management, gives concrete requirements for such a system and then describes the key principles of the PRIME identity management solution. 1.

Modern geographic databases can contain a large volume of data that need to be distributed to subscribed customers. The data can be modeled as a cube, where typical dimensions include latitude, longitude, and time. One way of distributing the data consists of making freely available encrypted versions of selected subsets of the data, and giving each paying customer the decryption keys for their authorized subsets only. The total space for these encrypted versions should be close to linear in the size of the data, yet the subset for a customer can be an arbitrary orthogonal range of the data; there is a quadratic number of such subsets, and we do not know ahead of time which subset will be subscribed (so the almost linear, and a priori selected subsets, must be enough to exactly express any of the quadratic number of ranges that could possibly interest a customer). This is mainly a data structuring and algorithmic problem. For a geo-spatial database in which the geography is modeled as an m × n grid of cells (with m ≥ n), we provide a novel scheme that: (i) assigns a constant number of keys to a user; (ii) allows the user to derive the decryption key of her authorized rectangular area by using a constant number of inexpensive cryptographic operations (hash function computations); (iii) uses O(mn log ∗ m) public storage. This improves by a factor of (log log m) 2 the space complexity of the best previous result, while matching all its other performance characteristics. Our approach can also handle higher dimensional data efficiently, as long as each authorized region is an orthogonal range. The improved bounds are achieved using a combinatorial approach, and the only cryptographic notion we use is that of a one-way hash function.

specifications

Abstract. The proliferation of mobile devices has given rise to novel user-centric applications and services. In current mobile systems, users gain access to remote servers over mobile network operators. These operators are typically assumed to be trusted and to manage the information they collect in a privacy-preserving way. Such information, however, is extremely sensitive and coveted by many companies, which may use it to improve their business. In this context, safeguarding the users ’ privacy against the prying eyes of the network operators is an emerging requirement. In this chapter, we first present a survey of existing state-of-the-art protection mechanisms and their challenges when deployed in the context of wired and wireless networks. Moreover, we illustrate recent and ongoing research that attempts to address different aspects of privacy in mobile applications. Furthermore, we present a new proposal to ensure private communication in the context of hybrid mobile networks, which integrate wired, wireless and cellular technologies. We conclude by outlining open problems and possible future research directions. 1

Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.

The pervasive diffusion of mobile communication devices and the technical improvements of location techniques are fostering the development of new applications that use the physical position of users to offer location-based services for business, social, or informational purposes. In such a context, privacy concerns are increasing and call for sophisticated solutions able to guarantee different levels of location privacy to the users. In this paper, we address this problem and present a solution based on different obfuscation operators that, when used individually or in combination, protect the privacy of the location information of users. We also introduce an adversary model and provide an analysis of the proposed obfuscation operators to evaluate their robustness against adversaries aiming to reverse the obfuscation effects to retrieve a location that better approximates the location of the users. Finally, we present some experimental results that validate our solution.

Recent technological advances have made it feasible to measure and track the location of users, vehicles, and practically any mobile object. Positioning and tracking systems are then collecting a huge amount of potentially sensitive location information, which is a set of data describing a user’s location over a period of time. Since the activities of a user are often related to the locations where such activities are performed, it is natural for users to demand privacy, that is, to require control over the access to their location information. In this chapter, we focus on the privacy aspects of using location information in location-based services (LBSs). LBSs are services that take the current position of the user into consideration when performing their tasks. These services can be accessed from mobile phones, PDA, and any other mobile device. We start the chapter by characterizing the location privacy protection problem and introducing a classification of the main techniques that have been proposed to protect the location privacy. We also survey and discuss recent proposals and ongoing work in the location-based systems area. 1

Abstract. Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications introduces new aspects of access control which should be addressed. On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with conditions based on the physical position of users. On the other side, location information of users can be considered sensitive and access control solutions should be developed to protect it against unauthorized accesses and disclosures. In this chapter, we address these two aspects related to the use and protection of location information, discussing existing solutions, open issues, and some research directions. 1

As the global information infrastructure is becoming more ubiquitous, digital business transactions are increasingly performed using a variety of mobile devices and across multiple communication channels. This new service-oriented paradigm is making the protection of privacy an increasing concern, as it relies on rich context representations (e.g., of location and purpose) and requires users to provide a vast amount of information about themselves and their behavior. This information is likely to be protected by a privacy policy, but restrictions to be enforced may come from different input requirements, possibly under the control of different authorities. In addition, users retain little control over their personal information once it has been disclosed to third parties. Secondary usage regulations are therefore increasingly demanding attention. In this paper, we present the emerging trends in the data protection field to address the new needs and desiderata of today’s systems. Today’s digital business processes increasingly rely on services accessed via a variety

Abstract not found