PETWeb II ― Privacy-respecting Identity Management for e-Norge
Period: June 2009 - May 2013
Web site: petweb2.projects.nislab.no
Project manager: Prof. Einar Snekkenes, Gjøvik University College
Assistant project manager: Dr. Lothar Fritsch, Norwegian Computing Center
Funding: Research Council of Norway in the VERDIKT program (Grant agreement no: 193030)
- Gjøvik University College (Coordinator)
- Norwegian Computing Center (Norsk Regnesentral)
- University of Oslo - AFIN
- Direktoratet for forvalting og IKT - DIFI (Agency for Public Management and eGovernment)
- Karlstad University, Sweden
- Borking Consultancy, The Netherlands
The project addresses societal challenges concerning the future of electronic identifiers and electronic identities. The implication of such identities range from today's crime ("identity theft") to long-term privacy implications and fundamental rights such as informational self-determination. Electronic identifiers penetrate all aspects of information systems and their contact with society - ranging from e-mail addresses up to social security numbers and electronic passports. The computerization of administration and private business requires management of various aspects of people's identities on information systems. Identifiers, passwords, personal profiles, pseudonyms, person numbers, social security numbers, patient numbers and various other identifiers such as e-mail addresses, credit card numbers, passport numbers and bank account numbers are used to uniquely identify information system users or citizens. Some of these identifiers and their attached authentication and identity information are very mobile, and spread into many information systems and purposes. As recently discussed concerning the Norwegian citizen person number, such a function shift can pose serious risk to government and citizens, and open opportunities for criminals, such as:
- Identity theft and fraud based on stolen electronic identifiers are growing;
- Person number schemes likely to have sufficient flaws in combination with networked application;
- Several Norwegian governmental organizations are searching for new electronic identifier schemes and identity management approaches;
- The privacy implications of a life-long electronic citizen identifier in the social and health system are vast;
- Societal security and administrative/economic efficiency are dependent on efficient use of the identity management scheme.
- Building of an interdisciplinary framework for privacy-respecting identity management pri-marily targeted to web services;
- Design of a reference model for privacy-respecting identity management;
- Provide and validate methods and tools for the evaluation of requirements and approaches to privacy-respecting identity management.
Benefit for society
Identity management is the gatekeeper to the electronic society. It penetrates all aspects of society, from public administration to financial transactions. The privacy of citizens as well as the correct functioning of the administration and the efficiency of the economy in the e-Society are all depend-ent on IDM. IDM can be considered a critical long-time infrastructure for public archives, the health system and other aspects of society. Its failure opens the doors to injustice, crime and inefficiency.
Project results (preliminary)
Popular presentations and press
- Fritsch, Lothar: Business Security and Privacy Risk of RFID,on Are you ready for the Internet of Things?, RFID-RNET Resource Network Workshop , 10-11.5.2010, Oslo
- Fritsch, Lothar: Radio interview: GPS-peiling av eldre - utfordringer i sikkerhet og personvern, September 22, 2009, NRK P1 Oppland, Distriktsprogramm, 16:05-16:15
- Fritsch, Lothar: Privacy technology as a key enabler for person-centric Location-based Services, September 03, 2009, Workshop on "LBS og sporingstjenster", Trådløs Framtid, Oslo, 3. Sep. 2009
- Stefan Berthold, Rainer Böhme: Valuating Privacy with Option Pricing; WEIS workshop 2009, will be printed in LNCS proceedings in 2010.
- Lothar Fritsch, Ebenezer Paintsil: Privacy and Security Side effects of Identity Management Choices, submitted to (and rejected on) SICHERHEIT 2010.
- Ebenezer Paintsil, Lothar Fritsch: Survey of privacy and security in identity management systems, Presentation on IFIP/PrimeLife Summer School 2010
- Øystein Dale, Kristin S. Fuglerud: Secure and Inclusive Authentication with a Talking Mobile One-time-password Client, submitted to IEEE Security & Privacy magazine, special issue on usable security (under submitted July 2010, article under review)
- Tobias Mahler, Malin Renate Ranheim: Datalagringsdirektivet og den tyske grunnloven. Lov & Data : Tidsskrift for Rettsinformatikk 2010 (102) p. 19-23.
- Tobias Mahler, Malin Renate Ranheim: Hvordan vurderer nasjonale domstoler datalagringsdirektivet opp mot grunn- og menneskerettigheter? In: Dag Wiese Schartum (ed.): Overvåkning i en rettsstat (forthcoming book).
- The two project PhD students are hired, and began their work in the 1st quarter of 2010.
- 1st internal PhD training event, Håfjell, April 2010. Focus: Publication strategy.
- One project PhD student participated in the [www.nisnet.no/filer/Finse10/Program.pdf NISnet Winter School on Information Security] in Fine, April 2010.
- Both project PhD students have participated in the IFIP/PrimeLife Summer School 2010 on "Privacy and identity Management for Life", Helsingborg, Sweden, August 2010.
Dissemination and networking activities
- NR hosts the international IFIP IDMAN 2010 conference in Oslo. Registration is open, early brid rate until 15.9.2010!
- PETweb II provides several presentation on e-ID and Identity Management issues to ID-tyveri 2010 in cooperation with NorSIS (Oct. 11-12, 2010, Oslo).
- PETweb II presents at the ICT 2010 event in Brussels on September 29, 2010 as part of the networking session on Identity management throughout life – solutions, trends, side effects.