Rüdiger Grimm

Can P3P help to protect privacy worldwide

Privacy is a basic cultural requirement, often regulated by national law, but not everywhere in the same way. Privacy protection must be effective across national borders. Technical tools and procedures can help to enforce and propagate privacy protection for Internet communication worldwide. The “Platform for Privacy Preferences Project (P3P)” is a standardization approach of the World Wide Web Consortium for privacy protection of the Web. This article describes the history and current state of P3P and evaluates the effect of P3P against legal requirements, particularly against those strict laws in Germany and Europe. This article is an interdisciplinary cooperation with technical and legal background.

Determine the Resilience of Evaluated Internet Voting Systems

Internet voting gets more and more popular. It is generally accepted that an Internet voting system needs to be evaluated. The existing evaluation frameworks try to be as system-independent as possible. Because of that distributed trust concepts like separation of duty for the voting servers, four eyes principle for administrators and the election commission, as well as the multiplicity of control functions like for the counting of votes cannot be demanded precisely. This article proposes to extend the evaluation of Internet voting systems by the computation of a so called k-resilience value. This value defines the robustness of a system and helps to identify vulnerabilities. Besides the introduction and discussion of this value, it is computed for existing Internet voting

Potato System and signed media format - an alternative approach to online music business

Thanks to modern compression techniques and increased bandwidth, the distribution of digital music via Internet has become affordable and easy. Many peer-to-peer (P2P) systems show this effect spectacularly. Therefore music publishers rely on so-called strong digital rights management (DRM) systems which restrict and control the usage of their content. We want to discuss a different approach. We introduce a new business model as well as a new file format. The system that we propose is called Potato. In Potato System the users play an active distribution part. Our approach motivates the users to re-distribute content they have paid for and earn money with it. The Potato System pays for any re-distributed file a defined percentage on commission. This allows a fast distribution of new content. The Potato System provides its own P2P clients which contact a central Web service. In the standard Potato System the identity of the last buyer is simply added to the file name. This is sufficient to reward redistributing users. For well known major music we provide the so called signed media format (SMF). In SMF files the user identity is signcrypted into the media content.

Binding telecooperation---a formal model for electronic commerce

Abstract This paper formally defines the concept “electronic contract” and identifies its “goals”, “obligations” and “binding phase”. The definitions obtained here are used first for the specification of electronic contracts and secondly for the verification of local implementations of electronic cooperation contracts. The local representation of contracts and the communication between them, multiple and overlapping runs through a binding phase and the role of proofs are treated separately. The definitions are based on the theory of formal languages and automata. They are demonstrated by a simple example of a bilateral offer-order-deliver-pay cooperation.

A Friendly Peer-to-Peer File Sharing System with Profit but without Copy Protection

Content providers try to restrict the usage of their products by their customers in order to prevent unlicensed distribution. On the other hand, customers ignore these restrictions and share files for free (Gnutella). Content providers and content users treat one another as enemies with conflicting interests. In this paper we bring customers and providers of content back together to a common economic interest. Content providers support their customers to redistribute their products in that they pay for any re-distributed multimedia product a small percentage on commission. Customers have a choice to pay for a received copy or to use it freely. If they use it for free, they will get no commission on re-distribution. If they pay, they will become licensed redistributors automatically. This paper describes a friendly peer-to-peer file-sharing model of customers, which brings profit to both, content providers and their customers. We will also specify a protocol for payment and re-distribution. We will describe open interfaces and file formats, which are needed for implementation.

Privacy protection for signed media files: a separation-of-duty approach to the lightweight DRM (LWDRM) system

The aim of strong digital rights management (DRM) is to enforce usage rules in end-user devices on behalf of content providers. Strong DRM is not well accepted by customers. Moreover, strong DRM is repeatedly circumvented and broken. Since Napster (and all its Peer-to-Peer follow-ups), the Internet is flooded with illegal digital content. We introduce the LWDRM technology as an alternative model. LWDRM relies on responsible behavior of customers. However, LWDRM contains a privacy problem, in that users sign media files which they wish to transfer freely from one place to the other. In this paper, we will explain the basic idea of the LWDRM technology and we will discuss the related privacy problem. We will show that there are methods to use LWDRM technology in compliance with privacy requirements of the users. A simple approach to harmonize LWDRM with privacy is separation-of-duty between certification authorities and content providers. Other, even more advanced models can be realized as well.

Holistic and Law compatible IT Security Evaluation: Integration of Common Criteria, ISO 27001/IT-Grundschutz and KORA

Common Criteria and ISO 27001/IT-Grundschutz are well acknowledged evaluation standards for the security of IT systems and the organisation they are embedded in. These standards take a technical point of view. In legally sensitive areas, such as processing of personal information or online voting, compliance with the legal specifications is of high importance, however, for the users’ trust in an IT system and thus for the success of this system. This article shows how standards for the evaluation of IT security may be integrated with the KORA approach for law compatible technology design to the benefit of both – increasing confidence IT systems and their conformity with the law on one hand and a concrete possibility for legal requirements to be integrated into technology design from the start. The soundness of this interdisciplinary work will be presented in an exemplary application to online voting.

Technische Sicherheit und Informationssicherheit

Einführung Unsere Gesellschaft hängt in umfassendem Maße vom zuverlässigen Funktionieren technischer Systeme und vom jederzeit möglichen Zugriff auf authentische und korrekte Informationen ab. Innerhalb dieser technischen Systeme spielen informationsspeichernde bzw. -verarbeitende Systeme eine immer größere Rolle; in einzelnen Branchen tragen sie mittlerweile über 50 % zur Wertschöpfung bei [1]. Diese Systeme, egal wo sie eingesetzt werden (z. B. in Rechenzentren, Banken, Autos usw.) sollen im Folgenden als IT-Systeme (kurz für: informationstechnische Systeme) bezeichnet werden. Durch ihre Funktion können sich technische Systeme in allen Lebensbereichen und auf alle vorstellbaren Werte auswirken, die sämtliche für Nutzer bedeutsame Aspekte umfassen, etwa menschliches Leben, Gesundheit und Unversehrtheit, Vermögen, Wissen, Gegenstände und persönliche Daten beteiligter ebenso wie nur mittelbar beteiligter Personen. Im Allgemeinen muss man davon ausgehen, dass technische Systeme nicht immer fehlerlos sind und arbeiten, sondern dass sie von Beginn an bestehende oder erst mit der Zeit auftretende Schwachstellen enthalten. Schwachstellen können selbst bei bestimmungsgemäßem Gebrauch eines technischen Systems zu Fehlfunktionen führen, durch die Personen, Umwelt, Infrastruktur oder Daten geschädigt werden. Erst recht kann die funktional falsch verstandene oder grundsätzlich unsachgemäße Benutzung technischer, auch korrekt funktionierender Systeme die oben genannten Werte beeinträchtigen. Die vielfältigen Probleme und Aspekte bezüglich der Sicherung von IT-Systemen gegen derartige Effekte gewinnen zunehmend an Bedeutung. Im Arbeitskreis ,,Begriffsbildung“ des GIFachbereichs ,,Sicherheit“ ist in den letzten Jahren in intensiven Diskussionen versucht worden, Grundbegriffe zur Charakterisierung dieses Problembereichs, die in der Fachöffentlichkeit mit

Verbindung von CC-Schutzprofilen mit der Methode rechtlicher IT-Gestaltung KORA

ZusammenfassungDie Common Criteria sind ein in der Praxis anerkannter, internationaler Kriterienkatalog zur Evaluierung und Zertifizierung von IT-Systemen. Im Fokus der Common Criteria steht dabei die Sicherheit eines IT-Systems aus technischer Sicht. In juristisch sensiblen Bereichen, wie zum Beispiel bei Internetwahlen, ist jedoch überdies die Erfüllung der rechtlichen Vorgaben von zentraler Bedeutung. Der Beitrag zeigt, wie mittels der Methode KORA die rechtlichen Vorgaben so in Common Criteria-Schutzprofile eingebunden werden können, dass damit zugleich eine Evaluierung der rechtsgemäßen Gestaltung möglich erscheint.

A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs

This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called “weak” fair exchange. “Weak” refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a “continuous balance of obligations and their proofs”. This idea was proposed 1993 by Grimm, but never since formalized properly.