Hans Hedbom

A Survey on Transparency Tools for Enhancing Privacy

This paper provides a short survey on transparency tools for privacy purposes. It defines the term transparency tools, argues why they are important and gives examples for transparency tools. A classification of transparency tools is suggested and some example tools are analyzed with the help of the classification.

Trust and Assurance HCI

In this chapter, we present our HCI (Human Computer Interaction) work for mediating the degree of trustworthiness of services sides to end users and for enhancing their trust in PrimeLife-enabled applications. For this, we will present the user interface development work of a trust evaluation function and the PrimeLife Data Track.

Adding Secure Transparency Logging to the PRIME Core

This paper presents a secure privacy preserving log. These types of logs are useful (if not necessary) when constructing transparency services for privacy enhancement. The solution builds on and extends previous work within the area and tries to address the shortcomings of previous solutions regarding privacy issues.

Benefits of Privacy-Enhancing Identity Management

Privacy-enhancing identity management systems allow users to act securely in the information society while keeping sovereignty over their personal spheres. This paper elaborates the benefits that privacy-enhancing identity management can provide for both end users and services sides. These benefits include increased privacy protection for end users and enhanced trust relations between users and services sides. The PRIME system developed within the EU project PRIME (Privacy and Identity Management for Europe) and a PRIME-enable e-shopping application scenario are used to illustrate these benefits. Besides, also potential business drivers for services sides to deploy privacy-enhancing identity management systems are discussed.

Protecting Security Policies in Ubiquitous Environments Using One-Way Functions

This paper addresses the problem of protecting security policies and other security-related information in security mechanisms, such as the detection policy of an Intrusion Detection System or the filtering policy of a firewall. Unauthorized disclosure of such information can reveal the fundamental principles and methods for the protection of the whole network, especially in ubiquitous environments where a large number of nodes store knowledge about the security policy of their domain. To avoid this risk we suggest a scheme for protecting stateless security policies using one-way functions. A stateless policy is one that only takes into consideration, the current event, and not the preceding chain of events, when decisions are made. The scheme has a simple and basic design but can still be used for practical implementations, as illustrated in two examples in real-life enviroments. Further research aims to extend the scheme to stateful policies.

Unlinking database entries: Implementation issues in privacy preserving secure logging

This paper discusses implementation issues related to using relational databases as storage when implementing privacy preserving secure logs. In these types of logs it is important to keep the unlinkability properties of log entries intact when the entries are stored. We briefly describe the concept of privacy preserving secure logging and give the rational for it. The problems of using relational database systems as storage is discussed and we suggest three solutions to the problem. Two of the solutions are analyzed and compared and we show that at least one of the solutions is feasible in a real live setting and that the added overhead of the solution is very small.

Contributions to Standardisation

Standardisation has many goals and facets: Standards are used for consumer protection to achieve a minimum quality of certain products and services. Standards lead to lower cost because of a unified higher volume market. Standards also support interoperability that is vitally needed in ICT.

Privacy Impact Assessment Template for Provenance

Provenance data can be expressed as a graph with links informing who and which activities created, used and modified entities. The semantics of these links and domain specific reasoning can support the inference of additional information about the elements in the graph. If such elements include personal identifiers and/or personal identifiable information, then inferences may reveal unexpected links between elements, thus exposing personal data beyond an individuals intentions. Provenance graphs often entangle data relating to multiple individuals. It is therefore a challenge to protect personal data from unintended disclosure in provenance graphs. In this paper, we provide a Privacy Impact Assessment (PIA) template for identifying imminent privacy threats that arise from provenance graphs in an application-agnostic setting. The PIA template identifies privacy threats, lists potential countermeasures, helps to manage personal data protection risks, and maintains compliance with privacy data protection laws and regulations.

Experiences from Educating Practitioners in Vulnerability Analysis

This paper presents a vulnerability analysis course especially developed for practitioners and experiences gained from it. The described course is a compact three days course initially aimed to educate practitioners in the process of finding security weaknesses in their own products. After giving an overview of the course, the paper presents results from two different types of course evaluations. One evaluation was done on-site at the last day of the course, while the other was made 3–18 months after the participants had finished the course. Conclusions drawn from it with regard to recommended content for vulnerability analysis courses for practitioners are also provided.