|
Data Protection and Security is one of the main issues of the
institute. Since the end of the 90s, appropriate activities have been
financed by different haulage constitutions.
Service based IT architecture like ASP (Application Service
Providers) or web services are increasingly gaining importance in the
modern enterprise. In fact this architecture is also of interest to
small and medium scale enterprises as it is possible for them to use
complex IT applications without having to install them locally. The
downside of these applications is that there may be an issue regarding
confidentiality since the data is temporarily accessible by the service
provider. While problems of access control and communication security
are solved using protocols like SSL to the extent possible, the main
problematic area seems to be when the data is a priori in the computer
of the service provider. In such a case the data is exposed to attack.
Incapable and corrupt employees of the service provider are also
dangers with respect to data abuse. The potential sale of the service
provider to a third party also raises questions regarding data
security. According to American law, the buyer of a company owns the
database of the bought company.
With this in the background, perhaps its not pertinent to allow the
relationship between service provider and service user to be based
solely on trust. Technical solutions to provide a certain required
level of data protection and security are becoming more and more
important. One solution was suggested by Rivest et al. and it was
developed further by us: Privacy Homomorphisms (PH). PHs allow certain
operations to be conducted on coded information. This means that a
customer is able to carry out his activities without the service
provider having any access to decoded personal data. We have looked at
the searches on PH coded data as well as operations of relational
algebra whereby the borders of these approaches became apparent. A
clear example is that the PH maintains specific orders. If the server
could sort coded data, it would be immediately which object would be
bigger.
This naturally results in a large number of open-ended questions.
What is the potential capacity of PHs and what are the fundamental
barriers? With regard to potential: where can PHs be used pragmatically
in existing software systems and applications? What is their
performance like when being compared to the costs required for usage?
With regard to barriers: How secure are current PHs or PH similar
procedures, in particular those that are already in use? Can the
security of these procedures be improved and if so, how? What evidence
can be used to deal with problems regarding the existence and
non-existence of PHs?
Another current research topic in the area of data protection and
security refers to questions regarding anonymity and identity
management. In general online traders value the continuance of customer
data quite highly. However there is that shows that consumers are
becoming increasingly reluctant to disclose personal information in
online business transactions. Moreover here are legal aspects to be
considered from both sides. We examine how PH similar procedures can be
used to clear customer data and user profiles from information relevant
to data security provided that they are not needed.
On an abstract level, these considerations leads to the problems
associated with asymmetric information in the market for net based
services. This is a major reason why during the last few years there
has been partial market failure especially in the ASP area. In the
areas of configuration, representation, and communication of net based
services, the service providers are often unable to react to consumer
needs. Security and trust attributes are insufficiently reflected in
the services provided so far. We examine the so called information
substitute application (e.g. guarantees) to reduce informational
asymmetry and transaction costs in this application context.
Finally, in recent times powerful anonymisation tools have made
their way to the market and have demonstrated the practicality of their
use. These tools refer in particular to the so called "mix networks" or
"mix cascades" in the context of P2P networks. We examine the economics
of anonymity in the different forms of communication. How can mix
networks be marketed? What is the real willingness to pay of 'mix'
users and the reaction to different payment models/schemes (with
different anonymity levels)? How can content providers be convinced to
put up their contents on domains which are structured stronger than the
public web? Is anonymity tradable? In this case the question examined
is whether a peer can publish his knowledge about the behavior of his
partner without an initial trust net in place. Specifically: Given a
net of peers all of whom have one equivocal address, how can
information about the behavior of single peers can be published so that
the sum of the subjective statements about Peer A is very similar to
the objective behavior of A. We develop cryptographic protocols on the
basis of distributed hash tables, and then analyze their security and
theoretical borders.
Researchers involved in
the project
Prof. Dr. Bettina Berendt
Matthias Fischmann
Prof. Oliver Günther, Ph.D.
Dr. Sarah Spiekermann
Maximilian Teltzrow
Selected
Publications
Berendt, B., Günther, O., Spiekermann, S.: Privacy in E-Commerce:
Stated preferences vs. actual behaviour. Erscheint demnächst in
Communications of the ACM.
Boyens, C., Günther, O.: Trust is Not Enough: Privacy and Security in
ASP and Web Service Environments. Proc. Sixth East-European Conference
on Advances in Databases and Information Systems, Lecture Notes in
Computer Science, Springer-Verlag, Berlin/Heidelberg/New York,
2002.
Boyens, C., Günther, O., Teltzrow, M.: Privacy Conflicts in CRM
Services for Online Shops: A Case Study, Proc. IEEE Workshop on
Privacy, Security, and Data Mining, Volume 14 of the Conferences in
Research and Practice in Information Technology, 2002.
Günther, O., Tamm, G., Hansen, L., Meseg, T.: Application Service
Providers: Angebot, Nachfrage und langfristige Perspektiven,
Wirtschaftsinformatik 43(6), 2001
Spiekermann, S.: Die Konsumenten der Anonymität - Wer nutzt
Anonymisierungsdienste?, Zeitschrift für Datenschutz und
Datensicherheit, Heft 3, 2003
Spiekermann, S., Grossklags, J., Berendt, B.: Stated Privacy
Preferences versus actual behaviour in EC environments: A Reality
Check. In Proceedings of the 3rd ACM Conference on Electronic Commerce,
2001
|
|
