Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. One of the key principles in protecting privacy is data minimisation. This principle requires that only the minimum amount of information necessary to accomplish a certain goal is collected and processed. "Privacy-enhancing" communication protocols have been proposed to guarantee data minimisation in a wide range of applications. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal framework to analyse and compare communication protocols with respect to privacy by data minimisation. Privacy requirements are formalised independent of a particular protocol in terms of the knowledge of (coalitions of) actors in a three-layer model of personal information. These requirements are then verified automatically for particular protocols by computing this knowledge from a description of their communication. We validate our framework in an identity management (IdM) case study. As IdM systems are used more and more to satisfy the increasing need for reliable on-line identification and authentication, privacy is becoming an increasingly critical issue. We use our framework to analyse and compare four identity management systems. Finally, we discuss the completeness and (re)usability of the proposed framework

Secure & trusted communication in emergency situations

In this paper we propose SETS, a protocol with main aim to provide secure and private communication during emergency situations. SETS achieves security of the exchanged information, attack resilience and user’s privacy. In addition, SETS can be easily adapted for mobile devices, since field experimental results show the effectiveness of the protocol on actual smart-phone platforms

Privacy-preserving and accountable on-the-road prosecution of invalid vehicular mandatory authorizations

Nowadays, improving road safety is one of the major challenges in developed countries and, to this regard, attaining more effectiveness in the enforcement of road safety policies has become a key target. In particular, enforcing the requirements related to the technical and administrative mandatory documentation of on-the-road motor vehicles is one of the critical issues. The use of modern technologies in the context of Intelligent Transportation Systems (ITS) could enable the design of a more convenient, frequent and effective enforcement system compared to the traditional human patrol controls. In this article we propose a novel system for the on-the-fly verification of mandatory technical and administrative documentation of motor vehicles. Vehicles not complying with the required regulations will be identified and sanctioned whereas those vehicles, observant of the mandatory regulations, will maintain anonymity and non-traceability of their whereabouts. The proposed system is based on the use of anonymous credentials which will be loaded onto the vehicle to automatically and on-the-fly prove holdership of required credentials without requiring the vehicle to stop beside the road. We also implement a prototype of the credential system and analyze the feasibility of our solution in terms of computational cost and time to perform such telematic controls.This work has been funded by grant CCG10-UC3M/TIC-5174 (project PRECIOUS) and partially by grant TIN2009-13461 (project E-SAVE).En prens

Decentralized Identities for Self-sovereign End-users (DISSENS)

This paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases

Handling privacy and concurrency in an online educational evaluation system

Nowadays, all academic institutions exhibit and distribute their material over Internet. Moreover, e-learning and e-evaluation products is one of the most rapidly expanding areas of education and training, with nearly 30% of U.S. college and university students now taking at least one online course. However, Internet increases the vulnerability of digital educational content exploitation since it is a potential hostile environment for secure data management. The challenge is that providing current online educational tools that are accessible by a large number of users, these educational environments handle data of varying sensitivity thus it is increasingly important to reason about and enforce information privacy guarantees in the presence of concurrency. The present paper provides a privacy preserving approach in a concurrent online educational evaluation system. It introduces a privacy preserving approach for utilizing online concurrent evaluation of acquired student competencies that handles the increasingly complex issues of designing, developing and e-competence evaluation systems suitable for educational and e-learning environments. The proposed architecture for an online competence evaluation system offers access control and protect users' private data while, it provides concurrent procedures for evaluating competencies. © 2019 International Press of Boston, Inc. All rights reserved.European Commission, ECThis work has been partially supported by the “Implementation of Software Engineering Com-petence Remote Evaluation for Master Program Graduates (iSECRET)” project No 2015-1-LVo1-KA203-013439 funded by ERASMUS+ of the European Commission

Towards a privacy-respectful telematic verification system for vehicle & driver authorizations

Poster of: Eighth Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2011), Copenhagen, Denmark, 2011The use of ubiquitous technologies to implement a telematic on-the-road verification of driver and vehicle authorizations would provide significant benefits regarding road safety, economic costs and convenience. Privacy-aware digital credentials would enable such a service although some challenges exist. The goal of this on-going work is to address these challenges. The first contribution herein presented is an enhanced data model of driver and vehicle authorizations. Secondly, we provide an analysis of existing privacy-aware digital credential systems that may support the implementation of the system.This work is partially supported by Ministerio de Ciencia e Innovacion of Spain, project E-SAVE, under grant TIN2009-13461.Publicad

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

A trust-driven privacy architecture for vehicular ad-hoc networks

Vehicular Ad-Hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they remain a number of security and privacy related research challenges that must be addressed. A common approach to security issues widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication, authorization and confidentiality. These approaches usually rely on a large set of regional Certification Authorities (CAs). Despite the advantages of PKI-based approaches, there are two main problems that arise, i) the secure interoperability among the different and usually unknown- issuing CAs, and ii) the sole use of PKI in a VANET environment cannot prevent privacy related attacks, such as, linking a vehicle with an identifier, tracking vehicles ¿big brother scenario" and user profiling. Additionally, since vehicles in VANETs will be able to store great amounts of information including private information, unauthorized access to such information should be carefully considered. This thesis addresses authentication and interoperability issues in vehicular communications, considering an inter-regional scenario where mutual authentication between nodes is needed. To provide interoperability between vehicles and services among different domains, an Inter-domain Authentication System (AS) is proposed. The AS supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-y if an interoperability relationship can be created. This research work also contributes with a Privacy Enhancing Model (PEM) to deal with important privacy issues in VANETs. The PEM consists of two PKI-based privacy protocols: i) the Attribute-Based Privacy (ABP) protocol, and ii) the Anonymous Information Retrieval (AIR) protocol. The ABP introduces Attribute-Based Credentials (ABC) to provide conditional anonymity and minimal information disclosure, which overcome with the privacy issues related to linkability (linking a vehicle with an identifier) and vehicle tracking (big brother scenario). The AIR protocol addresses user profiling when querying Service Providers (SPs), by relying in a user collaboration privacy protocol based on query forgery and permutation; and assuming that neither participant nodes nor SPs could be completely trusted. Finally, the Trust Validation Model (TVM) is proposed. The TVM supports decision making by evaluating entities trust based on context information, in order to provide i) access control to driver and vehicle's private information, and ii) public information trust validation

First Class: Pioneering Students at San José State University’s School of Library and Information Science, 1928-1940

This article examines the backgrounds, education, and careers of the first group of students in San José State University’s School of Library and Information Science. It finds that the 1928-1929 cohort were typical of the students attending teacher’s colleges in the early 1900s and represented the first generation of women pursuing higher education and professional careers following the passage of the 19th amendment in 1920. The study also explores the challenges working women faced during the 1930s, particularly the Great Depression’s impact California librarians