Privacy and Identity Management

Overview

Digital privacy is often defined as "informational self-determination": every person should be able to control who receives what information about that person, for what purposes, and for what period of time. Supporting this notion puts many constraints on the IT infrastructure used by individuals and organizations. Privacy mandates the use of sophisticated identity and privacy management solutions, and of security technologies such as access control, encryption, data leakage prevention and trust infrastructures. In addition technology and clever business process design can help minimizing the amount of data collected: often applications do not need to identify users or store personally identifiable information. Instead they may work with non-identifying and short-lived aliases (aka pseudonyms), and may base decisions not on identities but on non-identifying attributes. Specific solutions can minimize data even further, e.g., for anonymous communication or voting.

Collectively these technologies are called "Privacy Enhancing Technologies". Many technical problems related to PETs are still without satisfying solutions. But the most critical and challenging privacy problems are actually those related to the definition and the limitations of privacy: The purpose of many social networking applications, e.g., Facebook, is sharing personal information with a large, open group of people -- which seemingly contradicts the basic idea of privacy as informational self-determination. Many believe that public security requires the proactive collection and sharing of personal information. At the same time experiments have repeatedly demonstrated that anonymization technologies (e.g., removing identifiers from data, aggregating data of multiple persons into single records) are not very effective.

Other interesting areas of research are usability of privacy enhancing technologies, user-centric identity management, the economics of privacy, and privacy and identity in the context of specific technologies, e.g., federated identity in cloud computing, identity in resource-constrained systems (e.g., sensor networks, RFID applications), correlation of identities and attributes in multi-layer systems (e.g., all layers of a software stack). 

More information

 

SIT Research Group

Security in Information Technology

Sicherheit in der Informationstechnik

Prof. Dr. Michael Waidner

Upcoming Events

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt
zum Seitenanfangzum Seitenanfang